Merge 70858 - Disable SSL renegotiation on OS X when using system SSL and on ...

net/socket/ssl_client_socket_mac.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_mac.h"
 
 #include <CoreServices/CoreServices.h>
 #include <netdb.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 
 #include <algorithm>
 
+#include "base/lazy_instance.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/singleton.h"
 #include "base/string_util.h"
+#include "base/sys_info.h"
 #include "net/base/address_list.h"
 #include "net/base/cert_verifier.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 #include "net/base/ssl_cert_request_info.h"
 #include "net/base/ssl_connection_status_flags.h"
 #include "net/base/ssl_info.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/ssl_error_params.h"
@@ skipping 106 matching lines @@
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA     = 0xC013,
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA     = 0xC014,
   TLS_ECDH_anon_WITH_NULL_SHA            = 0xC015,
   TLS_ECDH_anon_WITH_RC4_128_SHA         = 0xC016,
   TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA    = 0xC017,
   TLS_ECDH_anon_WITH_AES_128_CBC_SHA     = 0xC018,
   TLS_ECDH_anon_WITH_AES_256_CBC_SHA     = 0xC019,
 };
 #endif
 
+// On OS X 10.5.x, SSLHandshake() is broken with respect to renegotiation
+// handshakes, and the only way to advance the handshake state machine is
+// to use SSLRead(), which transparently re-handshakes and then reads
+// application data. Using SSLRead() to pump the handshake, rather than
+// SSLHandshake(), is not presently implemented, so on 10.5.x, SSL
+// renegotiation is disabled entirely. On 10.6.x, SSLHandshake() behaves as
+// expected/documented, so renegotiation is supported.
+struct RenegotiationBroken {
+  RenegotiationBroken() : broken(false) {
+    int32 major, minor, bugfix;
+    base::SysInfo::OperatingSystemVersionNumbers(&major, &minor, &bugfix);
+    if (major < 10 || (major == 10 && minor < 6))
+      broken = true;
+  }
+
+  bool broken;
+};
+
+base::LazyInstance<RenegotiationBroken> g_renegotiation_broken(
+    base::LINKER_INITIALIZED);
+
 // For an explanation of the Mac OS X error codes, please refer to:
 // http://developer.apple.com/mac/library/documentation/Security/Reference/secureTransportRef/Reference/reference.html
 int NetErrorFromOSStatus(OSStatus status) {
   switch (status) {
     case errSSLWouldBlock:
       return ERR_IO_PENDING;
     case paramErr:
     case errSSLBadCipherSuite:
     case errSSLBadConfiguration:
       return ERR_INVALID_ARGUMENT;
@@ skipping 954 matching lines @@
   if (result)
     LOG(ERROR) << "SSLSetCertificate returned OSStatus " << result;
   return result;
 }
 
 int SSLClientSocketMac::DoPayloadRead() {
   size_t processed = 0;
   OSStatus status = SSLRead(ssl_context_, user_read_buf_->data(),
                             user_read_buf_len_, &processed);
   if (status == errSSLWouldBlock && renegotiating_) {
+    if (g_renegotiation_broken.Get().broken)
+      return ERR_SSL_RENEGOTIATION_REQUESTED;
+
     CHECK_EQ(static_cast<size_t>(0), processed);
     next_handshake_state_ = STATE_HANDSHAKE;
     return DoHandshakeLoop(OK);
   }
   // There's a subtle difference here in semantics of the "would block" errors.
   // In our code, ERR_IO_PENDING means the whole operation is async, while
   // errSSLWouldBlock means that the stream isn't ending (and is often returned
   // along with partial data). So even though "would block" is returned, if we
   // have data, let's just return it. This is further complicated by the fact
   // that errSSLWouldBlock is also used to short-circuit SSLRead()'s
@@ skipping 192 matching lines @@
   if (rv < 0 && rv != ERR_IO_PENDING) {
     us->write_io_buf_ = NULL;
     return OSStatusFromNetError(rv);
   }
 
   // always lie to our caller
   return noErr;
 }
 
 }  // namespace net