ssl_client_socket_impl.cc | Explore in Territory

// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40284755): Remove this and spanify to fix the errors.
#pragma allow_unsafe_buffers
#endif

#include "net/socket/ssl_client_socket_impl.h"

#include <errno.h>
#include <string.h>

#include <algorithm>
#include <cstring>
#include <map>
#include <memory>
#include <string_view>
#include <utility>

#include "base/containers/span.h"
#include "base/feature_list.h"
#include "base/functional/bind.h"
#include "base/functional/callback_helpers.h"
#include "base/lazy_instance.h"
#include "base/location.h"
#include "base/memory/singleton.h"
#include "base/metrics/field_trial.h"
#include "base/metrics/histogram_functions.h"
#include "base/metrics/histogram_macros.h"
#include "base/notreached.h"
#include "base/rand_util.h"
#include "base/synchronization/lock.h"
#include "base/task/sequenced_task_runner.h"
#include "base/values.h"
#include "build/build_config.h"
#include "components/miracle_parameter/common/public/miracle_parameter.h"
#include "crypto/ec_private_key.h"
#include "crypto/openssl_util.h"
#include "net/base/features.h"
#include "net/base/ip_address.h"
#include "net/base/ip_endpoint.h"
#include "net/base/net_errors.h"
#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
#include "net/base/trace_constants.h"
#include "net/base/tracing.h"
#include "net/base/url_util.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/ct_verifier.h"
#include "net/cert/sct_auditing_delegate.h"
#include "net/cert/sct_status_flags.h"
#include "net/cert/x509_certificate_net_log_param.h"
#include "net/cert/x509_util.h"
#include "net/http/transport_security_state.h"
#include "net/log/net_log_event_type.h"
#include "net/log/net_log_values.h"
#include "net/ssl/cert_compression.h"
#include "net/ssl/ssl_cert_request_info.h"
#include "net/ssl/ssl_cipher_suite_names.h"
#include "net/ssl/ssl_connection_status_flags.h"
#include "net/ssl/ssl_handshake_details.h"
#include "net/ssl/ssl_info.h"
#include "net/ssl/ssl_key_logger.h"
#include "net/ssl/ssl_private_key.h"
#include "net/traffic_annotation/network_traffic_annotation.h"
#include "third_party/boringssl/src/include/openssl/bio.h"
#include "third_party/boringssl/src/include/openssl/bytestring.h"
#include "third_party/boringssl/src/include/openssl/err.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
#include "third_party/boringssl/src/include/openssl/mem.h"
#include "third_party/boringssl/src/include/openssl/ssl.h"

namespace net {

namespace {

// This constant can be any non-negative/non-zero value (eg: it does not
// overlap with any value of the net::Error range, including net::OK).
const int kSSLClientSocketNoPendingResult = …;
// This constant can be any non-negative/non-zero value (eg: it does not
// overlap with any value of the net::Error range, including net::OK).
const int kCertVerifyPending = …;

BASE_FEATURE(…);

// Default size of the internal BoringSSL buffers.
MIRACLE_PARAMETER_FOR_INT(GetDefaultOpenSSLBufferSize,
                          kDefaultOpenSSLBufferSizeFeature,
                          "DefaultOpenSSLBufferSize",
                          17 * 1024)

base::Value::Dict NetLogPrivateKeyOperationParams(uint16_t algorithm,
                                                  SSLPrivateKey* key) { … }

base::Value::Dict NetLogSSLInfoParams(SSLClientSocketImpl* socket) { … }

base::Value::Dict NetLogSSLAlertParams(const void* bytes, size_t len) { … }

base::Value::Dict NetLogSSLMessageParams(bool is_write,
                                         const void* bytes,
                                         size_t len,
                                         NetLogCaptureMode capture_mode) { … }

bool HostIsIPAddressNoBrackets(std::string_view host) { … }

}  // namespace

class SSLClientSocketImpl::SSLContext { … };

const SSL_PRIVATE_KEY_METHOD
    SSLClientSocketImpl::SSLContext::kPrivateKeyMethod = …;

SSLClientSocketImpl::SSLClientSocketImpl(
    SSLClientContext* context,
    std::unique_ptr<StreamSocket> stream_socket,
    const HostPortPair& host_and_port,
    const SSLConfig& ssl_config)
    : … { … }

SSLClientSocketImpl::~SSLClientSocketImpl() { … }

void SSLClientSocketImpl::SetSSLKeyLogger(
    std::unique_ptr<SSLKeyLogger> logger) { … }

std::vector<uint8_t> SSLClientSocketImpl::GetECHRetryConfigs() { … }

int SSLClientSocketImpl::ExportKeyingMaterial(std::string_view label,
                                              bool has_context,
                                              std::string_view context,
                                              unsigned char* out,
                                              unsigned int outlen) { … }

int SSLClientSocketImpl::Connect(CompletionOnceCallback callback) { … }

void SSLClientSocketImpl::Disconnect() { … }

// ConfirmHandshake may only be called on a connected socket and, like other
// socket methods, there may only be one ConfirmHandshake operation in progress
// at once.
int SSLClientSocketImpl::ConfirmHandshake(CompletionOnceCallback callback) { … }

bool SSLClientSocketImpl::IsConnected() const { … }

bool SSLClientSocketImpl::IsConnectedAndIdle() const { … }

int SSLClientSocketImpl::GetPeerAddress(IPEndPoint* addressList) const { … }

int SSLClientSocketImpl::GetLocalAddress(IPEndPoint* addressList) const { … }

const NetLogWithSource& SSLClientSocketImpl::NetLog() const { … }

bool SSLClientSocketImpl::WasEverUsed() const { … }

NextProto SSLClientSocketImpl::GetNegotiatedProtocol() const { … }

std::optional<std::string_view>
SSLClientSocketImpl::GetPeerApplicationSettings() const { … }

bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) { … }

int64_t SSLClientSocketImpl::GetTotalReceivedBytes() const { … }

void SSLClientSocketImpl::GetSSLCertRequestInfo(
    SSLCertRequestInfo* cert_request_info) const { … }

void SSLClientSocketImpl::ApplySocketTag(const SocketTag& tag) { … }

int SSLClientSocketImpl::Read(IOBuffer* buf,
                              int buf_len,
                              CompletionOnceCallback callback) { … }

int SSLClientSocketImpl::ReadIfReady(IOBuffer* buf,
                                     int buf_len,
                                     CompletionOnceCallback callback) { … }

int SSLClientSocketImpl::CancelReadIfReady() { … }

int SSLClientSocketImpl::Write(
    IOBuffer* buf,
    int buf_len,
    CompletionOnceCallback callback,
    const NetworkTrafficAnnotationTag& traffic_annotation) { … }

int SSLClientSocketImpl::SetReceiveBufferSize(int32_t size) { … }

int SSLClientSocketImpl::SetSendBufferSize(int32_t size) { … }

void SSLClientSocketImpl::OnReadReady() { … }

void SSLClientSocketImpl::OnWriteReady() { … }

int SSLClientSocketImpl::Init() { … }

void SSLClientSocketImpl::DoReadCallback(int rv) { … }

void SSLClientSocketImpl::DoWriteCallback(int rv) { … }

int SSLClientSocketImpl::DoHandshake() { … }

int SSLClientSocketImpl::DoHandshakeComplete(int result) { … }

ssl_verify_result_t SSLClientSocketImpl::VerifyCertCallback(
    SSL* ssl,
    uint8_t* out_alert) { … }

// This function is called by BoringSSL, so it has to return an
// ssl_verify_result_t. When specific //net errors need to be
// returned, use OpenSSLPutNetError to add them directly to the
// OpenSSL error queue.
ssl_verify_result_t SSLClientSocketImpl::VerifyCert() { … }

void SSLClientSocketImpl::OnVerifyComplete(int result) { … }

ssl_verify_result_t SSLClientSocketImpl::HandleVerifyResult() { … }

int SSLClientSocketImpl::CheckCTRequirements() { … }

void SSLClientSocketImpl::DoConnectCallback(int rv) { … }

void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { … }

int SSLClientSocketImpl::DoHandshakeLoop(int last_io_result) { … }

int SSLClientSocketImpl::DoPayloadRead(IOBuffer* buf, int buf_len) { … }

int SSLClientSocketImpl::DoPayloadWrite() { … }

void SSLClientSocketImpl::DoPeek() { … }

void SSLClientSocketImpl::RetryAllOperations() { … }

int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) { … }

int SSLClientSocketImpl::NewSessionCallback(SSL_SESSION* session) { … }

SSLClientSessionCache::Key SSLClientSocketImpl::GetSessionCacheKey(
    std::optional<IPAddress> dest_ip_addr) const { … }

bool SSLClientSocketImpl::IsRenegotiationAllowed() const { … }

bool SSLClientSocketImpl::IsCachingEnabled() const { … }

ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCallback(
    uint8_t* out,
    size_t* out_len,
    size_t max_out,
    uint16_t algorithm,
    const uint8_t* in,
    size_t in_len) { … }

ssl_private_key_result_t SSLClientSocketImpl::PrivateKeyCompleteCallback(
    uint8_t* out,
    size_t* out_len,
    size_t max_out) { … }

void SSLClientSocketImpl::OnPrivateKeyComplete(
    Error error,
    const std::vector<uint8_t>& signature) { … }

void SSLClientSocketImpl::MessageCallback(int is_write,
                                          int content_type,
                                          const void* buf,
                                          size_t len) { … }

void SSLClientSocketImpl::LogConnectEndEvent(int rv) { … }

void SSLClientSocketImpl::RecordNegotiatedProtocol() const { … }

int SSLClientSocketImpl::MapLastOpenSSLError(
    int ssl_error,
    const crypto::OpenSSLErrStackTracer& tracer,
    OpenSSLErrorInfo* info) { … }

std::string_view SSLClientSocketImpl::GetECHNameOverride() const { … }

bool SSLClientSocketImpl::IsAllowedBadCert(X509Certificate* cert,
                                           CertStatus* cert_status) const { … }

}  // namespace net
chromium/net/socket/ssl_client_socket_impl.cc
