Roll OpenSSL deps, implement keying material exporter and test

Changes included: 1. OpenSSL deps to include support for keying material exporter. 2. Implement keying material exported in SSLClientSocket. 3. Add unit test to make the feature runs. BUG=None TEST=net_unittests Review URL: http://codereview.chromium.org/9648005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@125720 0039d316-1c4b-4281-b951-d872f2087c98
author: hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-03-08 23:20:42 +0000
committer: hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-03-08 23:20:42 +0000
commit: dffa687e47421fd9d74a78edaeb26b27f64974b3 (patch)
tree: 2906fb1dd4586dca474944aacac11b44096ffd13 /net/socket
parent: 328e0b4565b9ecb8138ab7b197507f8ab129e02e (diff)
download: chromium_src-dffa687e47421fd9d74a78edaeb26b27f64974b3.zip
chromium_src-dffa687e47421fd9d74a78edaeb26b27f64974b3.tar.gz
chromium_src-dffa687e47421fd9d74a78edaeb26b27f64974b3.tar.bz2
2 files changed, 68 insertions, 1 deletions
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index 1c03105..c599d58 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -626,7 +626,23 @@ void SSLClientSocketOpenSSL::GetSSLCertRequestInfo(
 int SSLClientSocketOpenSSL::ExportKeyingMaterial(
     const base::StringPiece& label, const base::StringPiece& context,
     unsigned char *out, unsigned int outlen) {
-  return ERR_NOT_IMPLEMENTED;
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+
+  int rv = SSL_export_keying_material(
+      ssl_, out, outlen, const_cast<char*>(label.data()),
+      label.size(),
+      reinterpret_cast<unsigned char*>(const_cast<char*>(context.data())),
+      context.length(),
+      context.length() > 0);
+
+  if (rv != 1) {
+    int ssl_error = SSL_get_error(ssl_, rv);
+    LOG(ERROR) << "Failed to export keying material;"
+               << " returned " << rv
+               << ", SSL error code " << ssl_error;
+    return MapOpenSSLError(ssl_error, err_tracer);
+  }
+  return OK;
 }
 
 SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto(
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 30997fe..f74b71c 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -773,6 +773,57 @@ TEST_F(SSLClientSocketTest, ClientSocketHandleNotFromPool) {
   EXPECT_EQ(net::OK, rv);
 }
 
+// Verifies that SSLClientSocket::ExportKeyingMaterial return a success
+// code and different keying label results in different keying material.
+TEST_F(SSLClientSocketTest, ExportKeyingMaterial) {
+  net::TestServer test_server(net::TestServer::TYPE_HTTPS,
+                              net::TestServer::kLocalhost,
+                              FilePath());
+  ASSERT_TRUE(test_server.Start());
+
+  net::AddressList addr;
+  ASSERT_TRUE(test_server.GetAddressList(&addr));
+
+  net::TestCompletionCallback callback;
+
+  net::StreamSocket* transport = new net::TCPClientSocket(
+      addr, NULL, net::NetLog::Source());
+  int rv = transport->Connect(callback.callback());
+  if (rv == net::ERR_IO_PENDING)
+    rv = callback.WaitForResult();
+  EXPECT_EQ(net::OK, rv);
+
+  net::SSLClientSocketContext context;
+  context.cert_verifier = cert_verifier_.get();
+  scoped_ptr<net::SSLClientSocket> sock(
+      socket_factory_->CreateSSLClientSocket(
+          transport, test_server.host_port_pair(), kDefaultSSLConfig,
+          NULL, context));
+
+  rv = sock->Connect(callback.callback());
+  if (rv == net::ERR_IO_PENDING)
+    rv = callback.WaitForResult();
+  EXPECT_EQ(net::OK, rv);
+  EXPECT_TRUE(sock->IsConnected());
+
+  const int kKeyingMaterialSize = 32;
+  const char* kKeyingLabel1 = "client-socket-test-1";
+  const char* kKeyingContext = "";
+  unsigned char client_out1[kKeyingMaterialSize];
+  memset(client_out1, 0, sizeof(client_out1));
+  rv = sock->ExportKeyingMaterial(kKeyingLabel1, kKeyingContext,
+                                  client_out1, sizeof(client_out1));
+  EXPECT_EQ(rv, net::OK);
+
+  const char* kKeyingLabel2 = "client-socket-test-2";
+  unsigned char client_out2[kKeyingMaterialSize];
+  memset(client_out2, 0, sizeof(client_out2));
+  rv = sock->ExportKeyingMaterial(kKeyingLabel2, kKeyingContext,
+                                  client_out2, sizeof(client_out2));
+  EXPECT_EQ(rv, net::OK);
+  EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
+}
+
 // Verifies that SSLClientSocket::ClearSessionCache can be called without
 // explicit NSS initialization.
 TEST(SSLClientSocket, ClearSessionCache) {
author	hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-03-08 23:20:42 +0000
committer	hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-03-08 23:20:42 +0000
commit	dffa687e47421fd9d74a78edaeb26b27f64974b3 (patch)
tree	2906fb1dd4586dca474944aacac11b44096ffd13 /net/socket
parent	328e0b4565b9ecb8138ab7b197507f8ab129e02e (diff)
download	chromium_src-dffa687e47421fd9d74a78edaeb26b27f64974b3.zip chromium_src-dffa687e47421fd9d74a78edaeb26b27f64974b3.tar.gz chromium_src-dffa687e47421fd9d74a78edaeb26b27f64974b3.tar.bz2