| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| 11 #include <openssl/bio.h> | 11 #include <openssl/bio.h> |
| 12 #include <openssl/bytestring.h> |
| 12 #include <openssl/err.h> | 13 #include <openssl/err.h> |
| 14 #include <openssl/evp.h> |
| 13 #include <openssl/mem.h> | 15 #include <openssl/mem.h> |
| 14 #include <openssl/ssl.h> | 16 #include <openssl/ssl.h> |
| 15 #include <string.h> | 17 #include <string.h> |
| 16 | 18 |
| 17 #include "base/bind.h" | 19 #include "base/bind.h" |
| 18 #include "base/callback_helpers.h" | 20 #include "base/callback_helpers.h" |
| 19 #include "base/lazy_instance.h" | 21 #include "base/lazy_instance.h" |
| 20 #include "base/memory/singleton.h" | 22 #include "base/memory/singleton.h" |
| 21 #include "base/metrics/histogram_macros.h" | 23 #include "base/metrics/histogram_macros.h" |
| 22 #include "base/profiler/scoped_tracker.h" | 24 #include "base/profiler/scoped_tracker.h" |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 75 // overlap with any value of the net::Error range, including net::OK). | 77 // overlap with any value of the net::Error range, including net::OK). |
| 76 const int kNoPendingResult = 1; | 78 const int kNoPendingResult = 1; |
| 77 | 79 |
| 78 // If a client doesn't have a list of protocols that it supports, but | 80 // If a client doesn't have a list of protocols that it supports, but |
| 79 // the server supports NPN, choosing "http/1.1" is the best answer. | 81 // the server supports NPN, choosing "http/1.1" is the best answer. |
| 80 const char kDefaultSupportedNPNProtocol[] = "http/1.1"; | 82 const char kDefaultSupportedNPNProtocol[] = "http/1.1"; |
| 81 | 83 |
| 82 // Default size of the internal BoringSSL buffers. | 84 // Default size of the internal BoringSSL buffers. |
| 83 const int KDefaultOpenSSLBufferSize = 17 * 1024; | 85 const int KDefaultOpenSSLBufferSize = 17 * 1024; |
| 84 | 86 |
| 87 // TLS extension number use for Token Binding. |
| 88 const unsigned int kTbExtNum = 30033; |
| 89 |
| 90 // Token Binding ProtocolVersions supported. |
| 91 const uint8_t kTbProtocolVersionMajor = 0; |
| 92 const uint8_t kTbProtocolVersionMinor = 3; |
| 93 const uint8_t kTbMinProtocolVersionMajor = 0; |
| 94 const uint8_t kTbMinProtocolVersionMinor = 2; |
| 95 |
| 85 void FreeX509Stack(STACK_OF(X509)* ptr) { | 96 void FreeX509Stack(STACK_OF(X509)* ptr) { |
| 86 sk_X509_pop_free(ptr, X509_free); | 97 sk_X509_pop_free(ptr, X509_free); |
| 87 } | 98 } |
| 88 | 99 |
| 89 using ScopedX509Stack = crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>; | 100 using ScopedX509Stack = crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>; |
| 90 | 101 |
| 91 // Used for encoding the |connection_status| field of an SSLInfo object. | 102 // Used for encoding the |connection_status| field of an SSLInfo object. |
| 92 int EncodeSSLConnectionStatus(uint16 cipher_suite, | 103 int EncodeSSLConnectionStatus(uint16 cipher_suite, |
| 93 int compression, | 104 int compression, |
| 94 int version) { | 105 int version) { |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 187 scoped_refptr<base::SequencedWorkerPool> worker_pool_; | 198 scoped_refptr<base::SequencedWorkerPool> worker_pool_; |
| 188 scoped_refptr<base::SequencedTaskRunner> task_runner_; | 199 scoped_refptr<base::SequencedTaskRunner> task_runner_; |
| 189 | 200 |
| 190 DISALLOW_COPY_AND_ASSIGN(PlatformKeyTaskRunner); | 201 DISALLOW_COPY_AND_ASSIGN(PlatformKeyTaskRunner); |
| 191 }; | 202 }; |
| 192 | 203 |
| 193 base::LazyInstance<PlatformKeyTaskRunner>::Leaky g_platform_key_task_runner = | 204 base::LazyInstance<PlatformKeyTaskRunner>::Leaky g_platform_key_task_runner = |
| 194 LAZY_INSTANCE_INITIALIZER; | 205 LAZY_INSTANCE_INITIALIZER; |
| 195 #endif | 206 #endif |
| 196 | 207 |
| 208 class ScopedCBB { |
| 209 public: |
| 210 ScopedCBB() { CBB_zero(&cbb_); } |
| 211 ~ScopedCBB() { CBB_cleanup(&cbb_); } |
| 212 |
| 213 CBB* get() { return &cbb_; } |
| 214 |
| 215 private: |
| 216 CBB cbb_; |
| 217 DISALLOW_COPY_AND_ASSIGN(ScopedCBB); |
| 218 }; |
| 219 |
| 197 } // namespace | 220 } // namespace |
| 198 | 221 |
| 199 class SSLClientSocketOpenSSL::SSLContext { | 222 class SSLClientSocketOpenSSL::SSLContext { |
| 200 public: | 223 public: |
| 201 static SSLContext* GetInstance() { | 224 static SSLContext* GetInstance() { |
| 202 return base::Singleton<SSLContext>::get(); | 225 return base::Singleton<SSLContext>::get(); |
| 203 } | 226 } |
| 204 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } | 227 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } |
| 205 SSLClientSessionCacheOpenSSL* session_cache() { return &session_cache_; } | 228 SSLClientSessionCacheOpenSSL* session_cache() { return &session_cache_; } |
| 206 | 229 |
| (...skipping 29 matching lines...) Expand all Loading... |
| 236 // Note that SSL_OP_DISABLE_NPN is used to disable NPN if | 259 // Note that SSL_OP_DISABLE_NPN is used to disable NPN if |
| 237 // ssl_config_.next_proto is empty. | 260 // ssl_config_.next_proto is empty. |
| 238 SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback, | 261 SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback, |
| 239 NULL); | 262 NULL); |
| 240 | 263 |
| 241 // Disable the internal session cache. Session caching is handled | 264 // Disable the internal session cache. Session caching is handled |
| 242 // externally (i.e. by SSLClientSessionCacheOpenSSL). | 265 // externally (i.e. by SSLClientSessionCacheOpenSSL). |
| 243 SSL_CTX_set_session_cache_mode( | 266 SSL_CTX_set_session_cache_mode( |
| 244 ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); | 267 ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); |
| 245 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback); | 268 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback); |
| 269 |
| 270 if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum, |
| 271 &TokenBindingAddCallback, |
| 272 &TokenBindingFreeCallback, nullptr, |
| 273 &TokenBindingParseCallback, nullptr)) { |
| 274 NOTREACHED(); |
| 275 } |
| 276 } |
| 277 |
| 278 static int TokenBindingAddCallback(SSL* ssl, |
| 279 unsigned int extension_value, |
| 280 const uint8_t** out, |
| 281 size_t* out_len, |
| 282 int* out_alert_value, |
| 283 void* add_arg) { |
| 284 DCHECK_EQ(extension_value, kTbExtNum); |
| 285 SSLClientSocketOpenSSL* socket = |
| 286 SSLClientSocketOpenSSL::SSLContext::GetInstance() |
| 287 ->GetClientSocketFromSSL(ssl); |
| 288 return socket->TokenBindingAdd(out, out_len, out_alert_value); |
| 289 } |
| 290 |
| 291 static void TokenBindingFreeCallback(SSL* ssl, |
| 292 unsigned extension_value, |
| 293 const uint8_t* out, |
| 294 void* add_arg) { |
| 295 DCHECK_EQ(extension_value, kTbExtNum); |
| 296 OPENSSL_free(const_cast<unsigned char*>(out)); |
| 297 } |
| 298 |
| 299 static int TokenBindingParseCallback(SSL* ssl, |
| 300 unsigned int extension_value, |
| 301 const uint8_t* contents, |
| 302 size_t contents_len, |
| 303 int* out_alert_value, |
| 304 void* parse_arg) { |
| 305 DCHECK_EQ(extension_value, kTbExtNum); |
| 306 SSLClientSocketOpenSSL* socket = |
| 307 SSLClientSocketOpenSSL::SSLContext::GetInstance() |
| 308 ->GetClientSocketFromSSL(ssl); |
| 309 return socket->TokenBindingParse(contents, contents_len, out_alert_value); |
| 246 } | 310 } |
| 247 | 311 |
| 248 static int ClientCertRequestCallback(SSL* ssl, void* arg) { | 312 static int ClientCertRequestCallback(SSL* ssl, void* arg) { |
| 249 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); | 313 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| 250 DCHECK(socket); | 314 DCHECK(socket); |
| 251 return socket->ClientCertRequestCallback(ssl); | 315 return socket->ClientCertRequestCallback(ssl); |
| 252 } | 316 } |
| 253 | 317 |
| 254 static int CertVerifyCallback(X509_STORE_CTX *store_ctx, void *arg) { | 318 static int CertVerifyCallback(X509_STORE_CTX *store_ctx, void *arg) { |
| 255 SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data( | 319 SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data( |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 424 pending_read_error_(kNoPendingResult), | 488 pending_read_error_(kNoPendingResult), |
| 425 pending_read_ssl_error_(SSL_ERROR_NONE), | 489 pending_read_ssl_error_(SSL_ERROR_NONE), |
| 426 transport_read_error_(OK), | 490 transport_read_error_(OK), |
| 427 transport_write_error_(OK), | 491 transport_write_error_(OK), |
| 428 server_cert_chain_(new PeerCertificateChain(NULL)), | 492 server_cert_chain_(new PeerCertificateChain(NULL)), |
| 429 completed_connect_(false), | 493 completed_connect_(false), |
| 430 was_ever_used_(false), | 494 was_ever_used_(false), |
| 431 cert_verifier_(context.cert_verifier), | 495 cert_verifier_(context.cert_verifier), |
| 432 cert_transparency_verifier_(context.cert_transparency_verifier), | 496 cert_transparency_verifier_(context.cert_transparency_verifier), |
| 433 channel_id_service_(context.channel_id_service), | 497 channel_id_service_(context.channel_id_service), |
| 498 tb_was_negotiated_(false), |
| 499 tb_negotiated_param_(TB_PARAM_ECDSAP256), |
| 434 ssl_(NULL), | 500 ssl_(NULL), |
| 435 transport_bio_(NULL), | 501 transport_bio_(NULL), |
| 436 transport_(transport_socket.Pass()), | 502 transport_(transport_socket.Pass()), |
| 437 host_and_port_(host_and_port), | 503 host_and_port_(host_and_port), |
| 438 ssl_config_(ssl_config), | 504 ssl_config_(ssl_config), |
| 439 ssl_session_cache_shard_(context.ssl_session_cache_shard), | 505 ssl_session_cache_shard_(context.ssl_session_cache_shard), |
| 440 next_handshake_state_(STATE_NONE), | 506 next_handshake_state_(STATE_NONE), |
| 441 disconnected_(false), | 507 disconnected_(false), |
| 442 npn_status_(kNextProtoUnsupported), | 508 npn_status_(kNextProtoUnsupported), |
| 443 channel_id_sent_(false), | 509 channel_id_sent_(false), |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 600 | 666 |
| 601 cert_authorities_.clear(); | 667 cert_authorities_.clear(); |
| 602 cert_key_types_.clear(); | 668 cert_key_types_.clear(); |
| 603 | 669 |
| 604 start_cert_verification_time_ = base::TimeTicks(); | 670 start_cert_verification_time_ = base::TimeTicks(); |
| 605 | 671 |
| 606 npn_status_ = kNextProtoUnsupported; | 672 npn_status_ = kNextProtoUnsupported; |
| 607 npn_proto_.clear(); | 673 npn_proto_.clear(); |
| 608 | 674 |
| 609 channel_id_sent_ = false; | 675 channel_id_sent_ = false; |
| 676 tb_was_negotiated_ = false; |
| 610 session_pending_ = false; | 677 session_pending_ = false; |
| 611 certificate_verified_ = false; | 678 certificate_verified_ = false; |
| 612 channel_id_request_.Cancel(); | 679 channel_id_request_.Cancel(); |
| 613 ssl_failure_state_ = SSL_FAILURE_NONE; | 680 ssl_failure_state_ = SSL_FAILURE_NONE; |
| 614 | 681 |
| 615 private_key_.reset(); | 682 private_key_.reset(); |
| 616 signature_result_ = kNoPendingResult; | 683 signature_result_ = kNoPendingResult; |
| 617 signature_.clear(); | 684 signature_.clear(); |
| 618 } | 685 } |
| 619 | 686 |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 697 ssl_info->cert = server_cert_verify_result_.verified_cert; | 764 ssl_info->cert = server_cert_verify_result_.verified_cert; |
| 698 ssl_info->unverified_cert = server_cert_; | 765 ssl_info->unverified_cert = server_cert_; |
| 699 ssl_info->cert_status = server_cert_verify_result_.cert_status; | 766 ssl_info->cert_status = server_cert_verify_result_.cert_status; |
| 700 ssl_info->is_issued_by_known_root = | 767 ssl_info->is_issued_by_known_root = |
| 701 server_cert_verify_result_.is_issued_by_known_root; | 768 server_cert_verify_result_.is_issued_by_known_root; |
| 702 ssl_info->public_key_hashes = | 769 ssl_info->public_key_hashes = |
| 703 server_cert_verify_result_.public_key_hashes; | 770 server_cert_verify_result_.public_key_hashes; |
| 704 ssl_info->client_cert_sent = | 771 ssl_info->client_cert_sent = |
| 705 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); | 772 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
| 706 ssl_info->channel_id_sent = channel_id_sent_; | 773 ssl_info->channel_id_sent = channel_id_sent_; |
| 774 ssl_info->token_binding_negotiated = tb_was_negotiated_; |
| 775 ssl_info->token_binding_key_param = tb_negotiated_param_; |
| 707 ssl_info->pinning_failure_log = pinning_failure_log_; | 776 ssl_info->pinning_failure_log = pinning_failure_log_; |
| 708 | 777 |
| 709 AddSCTInfoToSSLInfo(ssl_info); | 778 AddSCTInfoToSSLInfo(ssl_info); |
| 710 | 779 |
| 711 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); | 780 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); |
| 712 CHECK(cipher); | 781 CHECK(cipher); |
| 713 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); | 782 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); |
| 714 ssl_info->key_exchange_info = | 783 ssl_info->key_exchange_info = |
| 715 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); | 784 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); |
| 716 | 785 |
| (...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1092 | 1161 |
| 1093 int SSLClientSocketOpenSSL::DoHandshakeComplete(int result) { | 1162 int SSLClientSocketOpenSSL::DoHandshakeComplete(int result) { |
| 1094 if (result < 0) | 1163 if (result < 0) |
| 1095 return result; | 1164 return result; |
| 1096 | 1165 |
| 1097 if (ssl_config_.version_fallback && | 1166 if (ssl_config_.version_fallback && |
| 1098 ssl_config_.version_max < ssl_config_.version_fallback_min) { | 1167 ssl_config_.version_max < ssl_config_.version_fallback_min) { |
| 1099 return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; | 1168 return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; |
| 1100 } | 1169 } |
| 1101 | 1170 |
| 1171 // Check that if token binding was negotiated, then extended master secret |
| 1172 // must also be negotiated. |
| 1173 if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_)) |
| 1174 return ERR_SSL_PROTOCOL_ERROR; |
| 1175 |
| 1102 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. | 1176 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. |
| 1103 if (npn_status_ == kNextProtoUnsupported) { | 1177 if (npn_status_ == kNextProtoUnsupported) { |
| 1104 const uint8_t* alpn_proto = NULL; | 1178 const uint8_t* alpn_proto = NULL; |
| 1105 unsigned alpn_len = 0; | 1179 unsigned alpn_len = 0; |
| 1106 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); | 1180 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); |
| 1107 if (alpn_len > 0) { | 1181 if (alpn_len > 0) { |
| 1108 npn_proto_.assign(reinterpret_cast<const char*>(alpn_proto), alpn_len); | 1182 npn_proto_.assign(reinterpret_cast<const char*>(alpn_proto), alpn_len); |
| 1109 npn_status_ = kNextProtoNegotiated; | 1183 npn_status_ = kNextProtoNegotiated; |
| 1110 set_negotiation_extension(kExtensionALPN); | 1184 set_negotiation_extension(kExtensionALPN); |
| 1111 } | 1185 } |
| (...skipping 942 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2054 result.append("deprecated"); | 2128 result.append("deprecated"); |
| 2055 | 2129 |
| 2056 result.append("/"); | 2130 result.append("/"); |
| 2057 if (ssl_config_.channel_id_enabled) | 2131 if (ssl_config_.channel_id_enabled) |
| 2058 result.append("channelid"); | 2132 result.append("channelid"); |
| 2059 | 2133 |
| 2060 return result; | 2134 return result; |
| 2061 } | 2135 } |
| 2062 | 2136 |
| 2063 bool SSLClientSocketOpenSSL::IsRenegotiationAllowed() const { | 2137 bool SSLClientSocketOpenSSL::IsRenegotiationAllowed() const { |
| 2138 if (tb_was_negotiated_) |
| 2139 return false; |
| 2140 |
| 2064 if (npn_status_ == kNextProtoUnsupported) | 2141 if (npn_status_ == kNextProtoUnsupported) |
| 2065 return ssl_config_.renego_allowed_default; | 2142 return ssl_config_.renego_allowed_default; |
| 2066 | 2143 |
| 2067 NextProto next_proto = NextProtoFromString(npn_proto_); | 2144 NextProto next_proto = NextProtoFromString(npn_proto_); |
| 2068 for (NextProto allowed : ssl_config_.renego_allowed_for_protos) { | 2145 for (NextProto allowed : ssl_config_.renego_allowed_for_protos) { |
| 2069 if (next_proto == allowed) | 2146 if (next_proto == allowed) |
| 2070 return true; | 2147 return true; |
| 2071 } | 2148 } |
| 2072 return false; | 2149 return false; |
| 2073 } | 2150 } |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2154 if (next_handshake_state_ == STATE_HANDSHAKE) { | 2231 if (next_handshake_state_ == STATE_HANDSHAKE) { |
| 2155 OnHandshakeIOComplete(signature_result_); | 2232 OnHandshakeIOComplete(signature_result_); |
| 2156 return; | 2233 return; |
| 2157 } | 2234 } |
| 2158 | 2235 |
| 2159 // During a renegotiation, either Read or Write calls may be blocked on an | 2236 // During a renegotiation, either Read or Write calls may be blocked on an |
| 2160 // asynchronous private key operation. | 2237 // asynchronous private key operation. |
| 2161 PumpReadWriteEvents(); | 2238 PumpReadWriteEvents(); |
| 2162 } | 2239 } |
| 2163 | 2240 |
| 2241 int SSLClientSocketOpenSSL::TokenBindingAdd(const uint8_t** out, |
| 2242 size_t* out_len, |
| 2243 int* out_alert_value) { |
| 2244 if (ssl_config_.token_binding_params.empty()) { |
| 2245 return 0; |
| 2246 } |
| 2247 ScopedCBB output; |
| 2248 CBB parameters_list; |
| 2249 if (!CBB_init(output.get(), 7) || |
| 2250 !CBB_add_u8(output.get(), kTbProtocolVersionMajor) || |
| 2251 !CBB_add_u8(output.get(), kTbProtocolVersionMinor) || |
| 2252 !CBB_add_u8_length_prefixed(output.get(), ¶meters_list)) { |
| 2253 *out_alert_value = SSL_AD_INTERNAL_ERROR; |
| 2254 return -1; |
| 2255 } |
| 2256 for (size_t i = 0; i < ssl_config_.token_binding_params.size(); ++i) { |
| 2257 if (!CBB_add_u8(¶meters_list, ssl_config_.token_binding_params[i])) { |
| 2258 *out_alert_value = SSL_AD_INTERNAL_ERROR; |
| 2259 return -1; |
| 2260 } |
| 2261 } |
| 2262 // |*out| will be freed by TokenBindingFreeCallback. |
| 2263 if (!CBB_finish(output.get(), const_cast<uint8_t**>(out), out_len)) { |
| 2264 *out_alert_value = SSL_AD_INTERNAL_ERROR; |
| 2265 return -1; |
| 2266 } |
| 2267 |
| 2268 return 1; |
| 2269 } |
| 2270 |
| 2271 int SSLClientSocketOpenSSL::TokenBindingParse(const uint8_t* contents, |
| 2272 size_t contents_len, |
| 2273 int* out_alert_value) { |
| 2274 if (completed_connect_) { |
| 2275 // Token Binding may only be negotiated on the initial handshake. |
| 2276 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; |
| 2277 return 0; |
| 2278 } |
| 2279 |
| 2280 CBS extension; |
| 2281 CBS_init(&extension, contents, contents_len); |
| 2282 |
| 2283 CBS parameters_list; |
| 2284 uint8_t version_major, version_minor, param; |
| 2285 if (!CBS_get_u8(&extension, &version_major) || |
| 2286 !CBS_get_u8(&extension, &version_minor) || |
| 2287 !CBS_get_u8_length_prefixed(&extension, ¶meters_list) || |
| 2288 !CBS_get_u8(¶meters_list, ¶m) || CBS_len(¶meters_list) > 0 || |
| 2289 CBS_len(&extension) > 0) { |
| 2290 *out_alert_value = SSL_AD_DECODE_ERROR; |
| 2291 return 0; |
| 2292 } |
| 2293 // The server-negotiated version must be less than or equal to our version. |
| 2294 if (version_major > kTbProtocolVersionMajor || |
| 2295 (version_minor > kTbProtocolVersionMinor && |
| 2296 version_major == kTbProtocolVersionMajor)) { |
| 2297 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; |
| 2298 return 0; |
| 2299 } |
| 2300 // If the version the server negotiated is older than we support, don't fail |
| 2301 // parsing the extension, but also don't set |negotiated_|. |
| 2302 if (version_major < kTbMinProtocolVersionMajor || |
| 2303 (version_minor < kTbMinProtocolVersionMinor && |
| 2304 version_major == kTbMinProtocolVersionMajor)) { |
| 2305 return 1; |
| 2306 } |
| 2307 |
| 2308 for (size_t i = 0; i < ssl_config_.token_binding_params.size(); ++i) { |
| 2309 if (param == ssl_config_.token_binding_params[i]) { |
| 2310 tb_negotiated_param_ = ssl_config_.token_binding_params[i]; |
| 2311 tb_was_negotiated_ = true; |
| 2312 return 1; |
| 2313 } |
| 2314 } |
| 2315 |
| 2316 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; |
| 2317 return 0; |
| 2318 } |
| 2319 |
| 2164 } // namespace net | 2320 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1360633002:
Implement Token Binding negotiation TLS extension (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags