Implement SSL renegotiation....

net/base/ssl_client_socket_win.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/ssl_client_socket_win.h"
 
 #include <schnlsp.h>
 
 #include "base/lock.h"
 #include "base/singleton.h"
@@ skipping 198 matching lines @@
 #pragma warning(suppress: 4355)
     : io_callback_(this, &SSLClientSocketWin::OnIOComplete),
       transport_(transport_socket),
       hostname_(hostname),
       ssl_config_(ssl_config),
       user_callback_(NULL),
       user_buf_(NULL),
       user_buf_len_(0),
       next_state_(STATE_NONE),
       creds_(NULL),
+      isc_status_(SEC_E_OK),
       payload_send_buffer_len_(0),
       bytes_sent_(0),
       decrypted_ptr_(NULL),
       bytes_decrypted_(0),
       received_ptr_(NULL),
       bytes_received_(0),
+      writing_first_token_(false),
       completed_handshake_(false),
-      complete_handshake_on_write_complete_(false),
       ignore_ok_result_(false),
-      no_client_cert_(false) {
+      no_client_cert_(false),
+      renegotiating_(false) {
   memset(&stream_sizes_, 0, sizeof(stream_sizes_));
+  memset(in_buffers_, 0, sizeof(in_buffers_));
   memset(&send_buffer_, 0, sizeof(send_buffer_));
   memset(&ctxt_, 0, sizeof(ctxt_));
 }
 
 SSLClientSocketWin::~SSLClientSocketWin() {
   Disconnect();
 }
 
 void SSLClientSocketWin::GetSSLInfo(SSLInfo* ssl_info) {
   if (!server_cert_)
@@ skipping 41 matching lines @@
     CompletionCallback* callback) {
   // TODO(darin): implement me!
   return ERR_FAILED;
 }
 
 void SSLClientSocketWin::Disconnect() {
   // TODO(wtc): Send SSL close_notify alert.
   completed_handshake_ = false;
   transport_->Disconnect();
 
-  if (send_buffer_.pvBuffer) {
-    FreeContextBuffer(send_buffer_.pvBuffer);
-    memset(&send_buffer_, 0, sizeof(send_buffer_));
-  }
+  if (send_buffer_.pvBuffer)
+    FreeSendBuffer();
   if (ctxt_.dwLower || ctxt_.dwUpper) {
     DeleteSecurityContext(&ctxt_);
     memset(&ctxt_, 0, sizeof(ctxt_));
   }
   if (server_cert_)
     server_cert_ = NULL;
 
   // TODO(wtc): reset more members?
   bytes_decrypted_ = 0;
   bytes_received_ = 0;
+  writing_first_token_ = false;
+  renegotiating_ = false;
 }
 
 bool SSLClientSocketWin::IsConnected() const {
   // Ideally, we should also check if we have received the close_notify alert
   // message from the server, and return false in that case.  We're not doing
   // that, so this function may return a false positive.  Since the upper
   // layer (HttpNetworkTransaction) needs to handle a persistent connection
   // closed by the server when we send a request anyway, a false positive in
   // exchange for simpler code is a good trade-off.
   return completed_handshake_ && transport_->IsConnected();
@@ skipping 29 matching lines @@
         memmove(recv_buffer_.get(), received_ptr_, bytes_received_);
         received_ptr_ = recv_buffer_.get();
       }
     }
     return len;
   }
 
   user_buf_ = buf;
   user_buf_len_ = buf_len;
 
-  if (bytes_received_ == 0) {
-    next_state_ = STATE_PAYLOAD_READ;
-  } else {
-    next_state_ = STATE_PAYLOAD_READ_COMPLETE;
-    ignore_ok_result_ = true;  // OK doesn't mean EOF.
-  }
+  SetNextStateForRead();
   int rv = DoLoop(OK);
   if (rv == ERR_IO_PENDING)
     user_callback_ = callback;
   return rv;
 }
 
 int SSLClientSocketWin::Write(const char* buf, int buf_len,
                               CompletionCallback* callback) {
   DCHECK(completed_handshake_);
   DCHECK(next_state_ == STATE_NONE);
@@ skipping 122 matching lines @@
       0,  // Reserved
       &ctxt_,  // Receives the new context handle
       &buffer_desc,
       &out_flags,
       &expiry);
   if (status != SEC_I_CONTINUE_NEEDED) {
     DLOG(ERROR) << "InitializeSecurityContext failed: " << status;
     return MapSecurityError(status);
   }
 
+  writing_first_token_ = true;
   next_state_ = STATE_HANDSHAKE_WRITE;
   return OK;
 }
 
 int SSLClientSocketWin::DoHandshakeRead() {
   next_state_ = STATE_HANDSHAKE_READ_COMPLETE;
 
   if (!recv_buffer_.get())
     recv_buffer_.reset(new char[kRecvBufferSize]);
 
@@ skipping 12 matching lines @@
   if (result < 0)
     return result;
   if (result == 0 && !ignore_ok_result_)
     return ERR_SSL_PROTOCOL_ERROR;  // Incomplete response :(
 
   ignore_ok_result_ = false;
 
   bytes_received_ += result;
 
   // Process the contents of recv_buffer_.
-  SECURITY_STATUS status;
   TimeStamp expiry;
   DWORD out_flags;
 
   DWORD flags = ISC_REQ_SEQUENCE_DETECT |
                 ISC_REQ_REPLAY_DETECT |
                 ISC_REQ_CONFIDENTIALITY |
                 ISC_RET_EXTENDED_ERROR |
                 ISC_REQ_ALLOCATE_MEMORY |
                 ISC_REQ_STREAM;
 
   // When InitializeSecurityContext returns SEC_I_INCOMPLETE_CREDENTIALS,
   // John Banes (a Microsoft security developer) said we need to pass in the
   // ISC_REQ_USE_SUPPLIED_CREDS flag if we skip finding a client certificate
   // and just call InitializeSecurityContext again.  (See
   // (http://www.derkeiler.com/Newsgroups/microsoft.public.platformsdk.security/2004-08/0187.html.)
   // My testing on XP SP2 and Vista SP1 shows that it still works without
   // passing in this flag, but I pass it in to be safe.
   if (no_client_cert_)
     flags |= ISC_REQ_USE_SUPPLIED_CREDS;
 
   SecBufferDesc in_buffer_desc, out_buffer_desc;
-  SecBuffer in_buffers[2];
 
   in_buffer_desc.cBuffers = 2;
-  in_buffer_desc.pBuffers = in_buffers;
+  in_buffer_desc.pBuffers = in_buffers_;
   in_buffer_desc.ulVersion = SECBUFFER_VERSION;
 
-  in_buffers[0].pvBuffer = &recv_buffer_[0];
-  in_buffers[0].cbBuffer = bytes_received_;
-  in_buffers[0].BufferType = SECBUFFER_TOKEN;
+  in_buffers_[0].pvBuffer = recv_buffer_.get();
+  in_buffers_[0].cbBuffer = bytes_received_;
+  in_buffers_[0].BufferType = SECBUFFER_TOKEN;
 
-  in_buffers[1].pvBuffer = NULL;
-  in_buffers[1].cbBuffer = 0;
-  in_buffers[1].BufferType = SECBUFFER_EMPTY;
+  in_buffers_[1].pvBuffer = NULL;
+  in_buffers_[1].cbBuffer = 0;
+  in_buffers_[1].BufferType = SECBUFFER_EMPTY;
 
   out_buffer_desc.cBuffers = 1;
   out_buffer_desc.pBuffers = &send_buffer_;
   out_buffer_desc.ulVersion = SECBUFFER_VERSION;
 
   send_buffer_.pvBuffer = NULL;
   send_buffer_.BufferType = SECBUFFER_TOKEN;
   send_buffer_.cbBuffer = 0;
 
-  status = InitializeSecurityContext(
+  isc_status_ = InitializeSecurityContext(
       creds_,
       &ctxt_,
       NULL,
       flags,
       0,
       SECURITY_NATIVE_DREP,
       &in_buffer_desc,
       0,
       NULL,
       &out_buffer_desc,
       &out_flags,
       &expiry);
 
-  if (status == SEC_E_INCOMPLETE_MESSAGE) {
-    DCHECK(FAILED(status));
-    DCHECK(send_buffer_.cbBuffer == 0 ||
-           !(out_flags & ISC_RET_EXTENDED_ERROR));
+  if (send_buffer_.cbBuffer != 0 &&
+      (isc_status_ == SEC_E_OK ||
+       isc_status_ == SEC_I_CONTINUE_NEEDED ||
+      (FAILED(isc_status_) && (out_flags & ISC_RET_EXTENDED_ERROR)))) {
+    next_state_ = STATE_HANDSHAKE_WRITE;
+    return OK;
+  }
+  return DidCallInitializeSecurityContext();
+}
+
+int SSLClientSocketWin::DidCallInitializeSecurityContext() {
+  if (isc_status_ == SEC_E_INCOMPLETE_MESSAGE) {
     next_state_ = STATE_HANDSHAKE_READ;
     return OK;
   }
 
-  if (send_buffer_.cbBuffer != 0 &&
-      (status == SEC_E_OK ||
-       status == SEC_I_CONTINUE_NEEDED ||
-       FAILED(status) && (out_flags & ISC_RET_EXTENDED_ERROR))) {
-    // If FAILED(status) is true, we should terminate the connection after
-    // sending send_buffer_.
-    if (status == SEC_E_OK)
-      complete_handshake_on_write_complete_ = true;
-    // We only handle these cases correctly.
-    DCHECK(status == SEC_E_OK || status == SEC_I_CONTINUE_NEEDED);
-    next_state_ = STATE_HANDSHAKE_WRITE;
-    bytes_received_ = 0;
-    return OK;
-  }
-
-  if (status == SEC_E_OK) {
-    if (in_buffers[1].BufferType == SECBUFFER_EXTRA) {
-      // TODO(darin) need to save this data for later.
-      NOTREACHED() << "should not occur for HTTPS traffic";
-      return ERR_FAILED;
+  if (isc_status_ == SEC_E_OK) {
+    if (in_buffers_[1].BufferType == SECBUFFER_EXTRA) {
+      // Save this data for later.
+      memmove(recv_buffer_.get(),
+              recv_buffer_.get() + (bytes_received_ - in_buffers_[1].cbBuffer),
+              in_buffers_[1].cbBuffer);
+      bytes_received_ = in_buffers_[1].cbBuffer;
+    } else {
+      bytes_received_ = 0;
     }
-    bytes_received_ = 0;
     return DidCompleteHandshake();
   }
 
-  if (FAILED(status))
-    return MapSecurityError(status);
+  if (FAILED(isc_status_))
+    return MapSecurityError(isc_status_);
 
-  if (status == SEC_I_INCOMPLETE_CREDENTIALS) {
+  if (isc_status_ == SEC_I_INCOMPLETE_CREDENTIALS) {
     // We don't support SSL client authentication yet.  For now we just set
     // no_client_cert_ to true and call InitializeSecurityContext again.
     no_client_cert_ = true;
     next_state_ = STATE_HANDSHAKE_READ_COMPLETE;
     ignore_ok_result_ = true;  // OK doesn't mean EOF.
     return OK;
   }
 
-  DCHECK(status == SEC_I_CONTINUE_NEEDED);
-  if (in_buffers[1].BufferType == SECBUFFER_EXTRA) {
-    memmove(&recv_buffer_[0],
-            &recv_buffer_[0] + (bytes_received_ - in_buffers[1].cbBuffer),
-            in_buffers[1].cbBuffer);
-    bytes_received_ = in_buffers[1].cbBuffer;
+  DCHECK(isc_status_ == SEC_I_CONTINUE_NEEDED);
+  if (in_buffers_[1].BufferType == SECBUFFER_EXTRA) {
+    memmove(recv_buffer_.get(),
+            recv_buffer_.get() + (bytes_received_ - in_buffers_[1].cbBuffer),
+            in_buffers_[1].cbBuffer);
+    bytes_received_ = in_buffers_[1].cbBuffer;
     next_state_ = STATE_HANDSHAKE_READ_COMPLETE;
     ignore_ok_result_ = true;  // OK doesn't mean EOF.
     return OK;
   }
 
   bytes_received_ = 0;
   next_state_ = STATE_HANDSHAKE_READ;
   return OK;
 }
 
@@ skipping 14 matching lines @@
   if (result < 0)
     return result;
 
   DCHECK(result != 0);
 
   bytes_sent_ += result;
   DCHECK(bytes_sent_ <= static_cast<int>(send_buffer_.cbBuffer));
 
   if (bytes_sent_ >= static_cast<int>(send_buffer_.cbBuffer)) {
     bool overflow = (bytes_sent_ > static_cast<int>(send_buffer_.cbBuffer));
-    SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer);
-    DCHECK(status == SEC_E_OK);
-    memset(&send_buffer_, 0, sizeof(send_buffer_));
+    FreeSendBuffer();
     bytes_sent_ = 0;
     if (overflow)  // Bug!
       return ERR_UNEXPECTED;
-    if (complete_handshake_on_write_complete_)
-      return DidCompleteHandshake();
-    next_state_ = STATE_HANDSHAKE_READ;
-  } else {
-    // Send the remaining bytes.
-    next_state_ = STATE_HANDSHAKE_WRITE;
+    if (writing_first_token_) {
+      writing_first_token_ = false;
+      DCHECK(bytes_received_ == 0);
+      next_state_ = STATE_HANDSHAKE_READ;
+      return OK;
+    }
+    return DidCallInitializeSecurityContext();
   }
 
+  // Send the remaining bytes.
+  next_state_ = STATE_HANDSHAKE_WRITE;
   return OK;
 }
 
 // Set server_cert_status_ and return OK or a network error.
 int SSLClientSocketWin::DoVerifyCert() {
   next_state_ = STATE_VERIFY_CERT_COMPLETE;
 
   DCHECK(server_cert_);
   return verifier_.Verify(server_cert_, hostname_,
                           ssl_config_.rev_checking_enabled,
                           &server_cert_verify_result_, &io_callback_);
 }
 
 int SSLClientSocketWin::DoVerifyCertComplete(int result) {
   LogConnectionTypeMetrics();
+  if (renegotiating_) {
+    renegotiating_ = false;
+    // Pick up where we left off.  Go back to reading data.
+    if (result == OK)
+      SetNextStateForRead();
+  }
   return result;
 }
 
 int SSLClientSocketWin::DoPayloadRead() {
   next_state_ = STATE_PAYLOAD_READ_COMPLETE;
 
   DCHECK(recv_buffer_.get());
 
   char* buf = recv_buffer_.get() + bytes_received_;
   int buf_len = kRecvBufferSize - bytes_received_;
@@ skipping 83 matching lines @@
   }
   if (bytes_decrypted_ == 0) {
     decrypted_ptr_ = NULL;
     if (bytes_received_ != 0) {
       memmove(recv_buffer_.get(), received_ptr_, bytes_received_);
       received_ptr_ = recv_buffer_.get();
     }
   }
 
   if (status == SEC_I_RENEGOTIATE) {
-    // TODO(wtc): support renegotiation.
-    // Should ideally send a no_renegotiation alert to the server.
-    return ERR_SSL_RENEGOTIATION_REQUESTED;
+    if (bytes_received_ != 0) {
+      // The server requested renegotiation, but there are some data yet to
+      // be decrypted.  The Platform SDK WebClient.c sample doesn't handle
+      // this, so we don't know how to handle this.  Assume this cannot
+      // happen.
+      LOG(ERROR) << "DecryptMessage returned SEC_I_RENEGOTIATE with a buffer "
+                 << "of type SECBUFFER_EXTRA.";
+      return ERR_SSL_RENEGOTIATION_REQUESTED;
+    }
+    if (len != 0) {
+      // The server requested renegotiation, but there are some decrypted
+      // data.  We can't start renegotiation until we have returned all
+      // decrypted data to the caller.
+      //
+      // This hasn't happened during testing.  Assume this cannot happen even
+      // though we know how to handle this.
+      LOG(ERROR) << "DecryptMessage returned SEC_I_RENEGOTIATE with a buffer "
+                 << "of type SECBUFFER_DATA.";
+      return ERR_SSL_RENEGOTIATION_REQUESTED;
+    }
+    // Jump to the handshake sequence.  Will come back when the rehandshake is
+    // done.
+    renegotiating_ = true;
+    next_state_ = STATE_HANDSHAKE_READ_COMPLETE;
+    ignore_ok_result_ = true;  // OK doesn't mean EOF.
+    return len;
   }
 
   // If we decrypted 0 bytes, don't report 0 bytes read, which would be
   // mistaken for EOF.  Continue decrypting or read more.
-  if (len == 0) {
-    if (bytes_received_ == 0) {
-      next_state_ = STATE_PAYLOAD_READ;
-    } else {
-      next_state_ = STATE_PAYLOAD_READ_COMPLETE;
-      ignore_ok_result_ = true;  // OK doesn't mean EOF.
-    }
-  }
+  if (len == 0)
+    SetNextStateForRead();
   return len;
 }
 
 int SSLClientSocketWin::DoPayloadEncrypt() {
   DCHECK(user_buf_);
   DCHECK(user_buf_len_ > 0);
 
   ULONG message_len = std::min(
       stream_sizes_.cbMaximumMessage, static_cast<ULONG>(user_buf_len_));
   ULONG alloc_len =
@@ skipping 77 matching lines @@
   return OK;
 }
 
 int SSLClientSocketWin::DidCompleteHandshake() {
   SECURITY_STATUS status = QueryContextAttributes(
       &ctxt_, SECPKG_ATTR_STREAM_SIZES, &stream_sizes_);
   if (status != SEC_E_OK) {
     DLOG(ERROR) << "QueryContextAttributes failed: " << status;
     return MapSecurityError(status);
   }
-  DCHECK(!server_cert_);
+  DCHECK(!server_cert_ || renegotiating_);
   PCCERT_CONTEXT server_cert_handle = NULL;
   status = QueryContextAttributes(
       &ctxt_, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &server_cert_handle);
   if (status != SEC_E_OK) {
     DLOG(ERROR) << "QueryContextAttributes failed: " << status;
     return MapSecurityError(status);
   }
   server_cert_ = X509Certificate::CreateFromHandle(
       server_cert_handle, X509Certificate::SOURCE_FROM_NETWORK);
 
   completed_handshake_ = true;
   next_state_ = STATE_VERIFY_CERT;
   return OK;
 }
 
 void SSLClientSocketWin::LogConnectionTypeMetrics() const {
   UpdateConnectionTypeHistograms(CONNECTION_SSL);
   if (server_cert_verify_result_.has_md5)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5);
   if (server_cert_verify_result_.has_md2)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2);
   if (server_cert_verify_result_.has_md4)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4);
   if (server_cert_verify_result_.has_md5_ca)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA);
   if (server_cert_verify_result_.has_md2_ca)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
 }
 
+void SSLClientSocketWin::SetNextStateForRead() {
+  if (bytes_received_ == 0) {
+    next_state_ = STATE_PAYLOAD_READ;
+  } else {
+    next_state_ = STATE_PAYLOAD_READ_COMPLETE;
+    ignore_ok_result_ = true;  // OK doesn't mean EOF.
+  }
+}
+
+void SSLClientSocketWin::FreeSendBuffer() {
+  SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer);
+  DCHECK(status == SEC_E_OK);
+  memset(&send_buffer_, 0, sizeof(send_buffer_));
+}
+
 }  // namespace net