Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(100)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_impl.cc

Issue 2822283002: Remove SSLPrivateKey metadata hooks. (Closed)
Patch Set: emaxx comment Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_impl.h ('k') | net/ssl/openssl_client_key_store_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_impl.h" 5 #include "net/socket/ssl_client_socket_impl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <string.h> 8 #include <string.h>
9 9
10 #include <algorithm> 10 #include <algorithm>
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after
101 return true; 101 return true;
102 case NID_sha512: 102 case NID_sha512:
103 *hash = SSLPrivateKey::Hash::SHA512; 103 *hash = SSLPrivateKey::Hash::SHA512;
104 return true; 104 return true;
105 default: 105 default:
106 return false; 106 return false;
107 } 107 }
108 } 108 }
109 109
110 std::unique_ptr<base::Value> NetLogPrivateKeyOperationCallback( 110 std::unique_ptr<base::Value> NetLogPrivateKeyOperationCallback(
111 SSLPrivateKey::Type type,
112 SSLPrivateKey::Hash hash, 111 SSLPrivateKey::Hash hash,
113 NetLogCaptureMode mode) { 112 NetLogCaptureMode mode) {
114 std::string type_str;
115 switch (type) {
116 case SSLPrivateKey::Type::RSA:
117 type_str = "RSA";
118 break;
119 case SSLPrivateKey::Type::ECDSA_P256:
120 type_str = "ECDSA_P256";
121 break;
122 case SSLPrivateKey::Type::ECDSA_P384:
123 type_str = "ECDSA_P384";
124 break;
125 case SSLPrivateKey::Type::ECDSA_P521:
126 type_str = "ECDSA_P521";
127 break;
128 }
129
130 std::string hash_str; 113 std::string hash_str;
131 switch (hash) { 114 switch (hash) {
132 case SSLPrivateKey::Hash::MD5_SHA1: 115 case SSLPrivateKey::Hash::MD5_SHA1:
133 hash_str = "MD5_SHA1"; 116 hash_str = "MD5_SHA1";
134 break; 117 break;
135 case SSLPrivateKey::Hash::SHA1: 118 case SSLPrivateKey::Hash::SHA1:
136 hash_str = "SHA1"; 119 hash_str = "SHA1";
137 break; 120 break;
138 case SSLPrivateKey::Hash::SHA256: 121 case SSLPrivateKey::Hash::SHA256:
139 hash_str = "SHA256"; 122 hash_str = "SHA256";
140 break; 123 break;
141 case SSLPrivateKey::Hash::SHA384: 124 case SSLPrivateKey::Hash::SHA384:
142 hash_str = "SHA384"; 125 hash_str = "SHA384";
143 break; 126 break;
144 case SSLPrivateKey::Hash::SHA512: 127 case SSLPrivateKey::Hash::SHA512:
145 hash_str = "SHA512"; 128 hash_str = "SHA512";
146 break; 129 break;
147 } 130 }
148 131
149 std::unique_ptr<base::DictionaryValue> value(new base::DictionaryValue); 132 std::unique_ptr<base::DictionaryValue> value(new base::DictionaryValue);
150 value->SetString("type", type_str);
151 value->SetString("hash", hash_str); 133 value->SetString("hash", hash_str);
152 return std::move(value); 134 return std::move(value);
153 } 135 }
154 136
155 std::unique_ptr<base::Value> NetLogChannelIDLookupCallback( 137 std::unique_ptr<base::Value> NetLogChannelIDLookupCallback(
156 ChannelIDService* channel_id_service, 138 ChannelIDService* channel_id_service,
157 NetLogCaptureMode capture_mode) { 139 NetLogCaptureMode capture_mode) {
158 ChannelIDStore* store = channel_id_service->GetChannelIDStore(); 140 ChannelIDStore* store = channel_id_service->GetChannelIDStore();
159 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); 141 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
160 dict->SetBoolean("ephemeral", store->IsEphemeral()); 142 dict->SetBoolean("ephemeral", store->IsEphemeral());
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after
361 SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); 343 SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
362 DCHECK(socket); 344 DCHECK(socket);
363 return socket->ClientCertRequestCallback(ssl); 345 return socket->ClientCertRequestCallback(ssl);
364 } 346 }
365 347
366 static int NewSessionCallback(SSL* ssl, SSL_SESSION* session) { 348 static int NewSessionCallback(SSL* ssl, SSL_SESSION* session) {
367 SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); 349 SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
368 return socket->NewSessionCallback(session); 350 return socket->NewSessionCallback(session);
369 } 351 }
370 352
371 static int PrivateKeyTypeCallback(SSL* ssl) {
372 SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
373 return socket->PrivateKeyTypeCallback();
374 }
375
376 static size_t PrivateKeyMaxSignatureLenCallback(SSL* ssl) {
377 SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
378 return socket->PrivateKeyMaxSignatureLenCallback();
379 }
380
381 static ssl_private_key_result_t PrivateKeySignDigestCallback( 353 static ssl_private_key_result_t PrivateKeySignDigestCallback(
382 SSL* ssl, 354 SSL* ssl,
383 uint8_t* out, 355 uint8_t* out,
384 size_t* out_len, 356 size_t* out_len,
385 size_t max_out, 357 size_t max_out,
386 const EVP_MD* md, 358 const EVP_MD* md,
387 const uint8_t* in, 359 const uint8_t* in,
388 size_t in_len) { 360 size_t in_len) {
389 SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); 361 SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
390 return socket->PrivateKeySignDigestCallback(out, out_len, max_out, md, in, 362 return socket->PrivateKeySignDigestCallback(out, out_len, max_out, md, in,
(...skipping 28 matching lines...) Expand all
419 // https://crbug.com/458365 391 // https://crbug.com/458365
420 // 392 //
421 // TODO(davidben): Sessions should be invalidated on fatal 393 // TODO(davidben): Sessions should be invalidated on fatal
422 // alerts. https://crbug.com/466352 394 // alerts. https://crbug.com/466352
423 SSLClientSessionCache session_cache_; 395 SSLClientSessionCache session_cache_;
424 }; 396 };
425 397
426 // TODO(davidben): Switch from sign_digest to sign. 398 // TODO(davidben): Switch from sign_digest to sign.
427 const SSL_PRIVATE_KEY_METHOD 399 const SSL_PRIVATE_KEY_METHOD
428 SSLClientSocketImpl::SSLContext::kPrivateKeyMethod = { 400 SSLClientSocketImpl::SSLContext::kPrivateKeyMethod = {
429 &SSLClientSocketImpl::SSLContext::PrivateKeyTypeCallback, 401 nullptr /* type (unused) */,
430 &SSLClientSocketImpl::SSLContext::PrivateKeyMaxSignatureLenCallback, 402 nullptr /* max_signature_len (unused) */,
431 nullptr /* sign */, 403 nullptr /* sign */,
432 &SSLClientSocketImpl::SSLContext::PrivateKeySignDigestCallback, 404 &SSLClientSocketImpl::SSLContext::PrivateKeySignDigestCallback,
433 nullptr /* decrypt */, 405 nullptr /* decrypt */,
434 &SSLClientSocketImpl::SSLContext::PrivateKeyCompleteCallback, 406 &SSLClientSocketImpl::SSLContext::PrivateKeyCompleteCallback,
435 }; 407 };
436 408
437 // static 409 // static
438 void SSLClientSocket::ClearSessionCache() { 410 void SSLClientSocket::ClearSessionCache() {
439 SSLClientSocketImpl::SSLContext* context = 411 SSLClientSocketImpl::SSLContext* context =
440 SSLClientSocketImpl::SSLContext::GetInstance(); 412 SSLClientSocketImpl::SSLContext::GetInstance();
(...skipping 1274 matching lines...) Expand 10 before | Expand all | Expand 10 after
1715 if (negotiated_protocol_ == kProtoUnknown) 1687 if (negotiated_protocol_ == kProtoUnknown)
1716 return ssl_config_.renego_allowed_default; 1688 return ssl_config_.renego_allowed_default;
1717 1689
1718 for (NextProto allowed : ssl_config_.renego_allowed_for_protos) { 1690 for (NextProto allowed : ssl_config_.renego_allowed_for_protos) {
1719 if (negotiated_protocol_ == allowed) 1691 if (negotiated_protocol_ == allowed)
1720 return true; 1692 return true;
1721 } 1693 }
1722 return false; 1694 return false;
1723 } 1695 }
1724 1696
1725 int SSLClientSocketImpl::PrivateKeyTypeCallback() {
1726 switch (ssl_config_.client_private_key->GetType()) {
1727 case SSLPrivateKey::Type::RSA:
1728 return NID_rsaEncryption;
1729 case SSLPrivateKey::Type::ECDSA_P256:
1730 return NID_X9_62_prime256v1;
1731 case SSLPrivateKey::Type::ECDSA_P384:
1732 return NID_secp384r1;
1733 case SSLPrivateKey::Type::ECDSA_P521:
1734 return NID_secp521r1;
1735 }
1736 NOTREACHED();
1737 return NID_undef;
1738 }
1739
1740 size_t SSLClientSocketImpl::PrivateKeyMaxSignatureLenCallback() {
1741 return ssl_config_.client_private_key->GetMaxSignatureLengthInBytes();
1742 }
1743
1744 ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignDigestCallback( 1697 ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignDigestCallback(
1745 uint8_t* out, 1698 uint8_t* out,
1746 size_t* out_len, 1699 size_t* out_len,
1747 size_t max_out, 1700 size_t max_out,
1748 const EVP_MD* md, 1701 const EVP_MD* md,
1749 const uint8_t* in, 1702 const uint8_t* in,
1750 size_t in_len) { 1703 size_t in_len) {
1751 DCHECK_EQ(kNoPendingResult, signature_result_); 1704 DCHECK_EQ(kNoPendingResult, signature_result_);
1752 DCHECK(signature_.empty()); 1705 DCHECK(signature_.empty());
1753 DCHECK(ssl_config_.client_private_key); 1706 DCHECK(ssl_config_.client_private_key);
1754 1707
1755 SSLPrivateKey::Hash hash; 1708 SSLPrivateKey::Hash hash;
1756 if (!EVP_MDToPrivateKeyHash(md, &hash)) { 1709 if (!EVP_MDToPrivateKeyHash(md, &hash)) {
1757 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); 1710 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
1758 return ssl_private_key_failure; 1711 return ssl_private_key_failure;
1759 } 1712 }
1760 1713
1761 net_log_.BeginEvent( 1714 net_log_.BeginEvent(NetLogEventType::SSL_PRIVATE_KEY_OP,
1762 NetLogEventType::SSL_PRIVATE_KEY_OP, 1715 base::Bind(&NetLogPrivateKeyOperationCallback, hash));
1763 base::Bind(&NetLogPrivateKeyOperationCallback,
1764 ssl_config_.client_private_key->GetType(), hash));
1765 1716
1766 signature_result_ = ERR_IO_PENDING; 1717 signature_result_ = ERR_IO_PENDING;
1767 ssl_config_.client_private_key->SignDigest( 1718 ssl_config_.client_private_key->SignDigest(
1768 hash, base::StringPiece(reinterpret_cast<const char*>(in), in_len), 1719 hash, base::StringPiece(reinterpret_cast<const char*>(in), in_len),
1769 base::Bind(&SSLClientSocketImpl::OnPrivateKeyComplete, 1720 base::Bind(&SSLClientSocketImpl::OnPrivateKeyComplete,
1770 weak_factory_.GetWeakPtr())); 1721 weak_factory_.GetWeakPtr()));
1771 return ssl_private_key_retry; 1722 return ssl_private_key_retry;
1772 } 1723 }
1773 1724
1774 ssl_private_key_result_t SSLClientSocketImpl::PrivateKeyCompleteCallback( 1725 ssl_private_key_result_t SSLClientSocketImpl::PrivateKeyCompleteCallback(
(...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after
1960 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && 1911 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED &&
1961 !certificate_requested_) { 1912 !certificate_requested_) {
1962 net_error = ERR_SSL_PROTOCOL_ERROR; 1913 net_error = ERR_SSL_PROTOCOL_ERROR;
1963 } 1914 }
1964 } 1915 }
1965 1916
1966 return net_error; 1917 return net_error;
1967 } 1918 }
1968 1919
1969 } // namespace net 1920 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_impl.h ('k') | net/ssl/openssl_client_key_store_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698