Enable TLS Client Hello extension permutation by default
similar to the previous change for DTLS. This affects native TURN/TLS
connections which are already using this in Chromium.
BUG=webrtc:422225803
Change-Id: I605f106371f2dbe23b1ad5f8385e0e01abe7c48f
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/357903
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Danil Chapovalov <danilchap@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#42688}
diff --git a/p2p/base/turn_server.cc b/p2p/base/turn_server.cc
index 4fd899e..2ab6528 100644
--- a/p2p/base/turn_server.cc
+++ b/p2p/base/turn_server.cc
@@ -140,8 +140,8 @@
if (accepted_socket != NULL) {
const ServerSocketInfo& info = server_listen_sockets_[server_socket];
if (info.ssl_adapter_factory) {
- rtc::SSLAdapter* ssl_adapter =
- info.ssl_adapter_factory->CreateAdapter(accepted_socket);
+ rtc::SSLAdapter* ssl_adapter = info.ssl_adapter_factory->CreateAdapter(
+ accepted_socket, /*permute_extensions=*/true);
ssl_adapter->StartSSL("");
accepted_socket = ssl_adapter;
}
diff --git a/rtc_base/openssl_adapter.cc b/rtc_base/openssl_adapter.cc
index 2743859..98c5fe7 100644
--- a/rtc_base/openssl_adapter.cc
+++ b/rtc_base/openssl_adapter.cc
@@ -47,6 +47,7 @@
#include "rtc_base/strings/str_join.h"
#include "rtc_base/strings/string_builder.h"
#include "rtc_base/thread.h"
+#include "system_wrappers/include/field_trial.h"
//////////////////////////////////////////////////////////////////////
// SocketBIO
@@ -196,6 +197,10 @@
ssl_ctx_(nullptr),
ssl_mode_(SSL_MODE_TLS),
ignore_bad_cert_(false),
+#ifdef OPENSSL_IS_BORINGSSL
+ permute_extension_(
+ !webrtc::field_trial::IsDisabled("WebRTC-PermuteTlsClientHello")),
+#endif
custom_cert_verifier_status_(false) {
// If a factory is used, take a reference on the factory's SSL_CTX.
// Otherwise, we'll create our own later.
@@ -283,7 +288,7 @@
// need to create one, and specify `false` to disable session caching.
if (ssl_session_cache_ == nullptr) {
RTC_DCHECK(!ssl_ctx_);
- ssl_ctx_ = CreateContext(ssl_mode_, false);
+ ssl_ctx_ = CreateContext(ssl_mode_, false, permute_extension_);
}
if (!ssl_ctx_) {
@@ -949,7 +954,9 @@
return 1; // We've taken ownership of the session; OpenSSL shouldn't free it.
}
-SSL_CTX* OpenSSLAdapter::CreateContext(SSLMode mode, bool enable_cache) {
+SSL_CTX* OpenSSLAdapter::CreateContext(SSLMode mode,
+ bool enable_cache,
+ bool permute_extension) {
#ifdef WEBRTC_USE_CRYPTO_BUFFER_CALLBACK
// If X509 objects aren't used, we can use these methods to avoid
// linking the sizable crypto/x509 code.
@@ -1011,6 +1018,9 @@
SSL_CTX_sess_set_new_cb(ctx, &OpenSSLAdapter::NewSSLSessionCallback);
}
+#ifdef OPENSSL_IS_BORINGSSL
+ SSL_CTX_set_permute_extensions(ctx, permute_extension);
+#endif
return ctx;
}
@@ -1069,9 +1079,11 @@
ignore_bad_cert_ = ignore;
}
-OpenSSLAdapter* OpenSSLAdapterFactory::CreateAdapter(Socket* socket) {
+OpenSSLAdapter* OpenSSLAdapterFactory::CreateAdapter(Socket* socket,
+ bool permute_extension) {
if (ssl_session_cache_ == nullptr) {
- SSL_CTX* ssl_ctx = OpenSSLAdapter::CreateContext(ssl_mode_, true);
+ SSL_CTX* ssl_ctx =
+ OpenSSLAdapter::CreateContext(ssl_mode_, true, permute_extension);
if (ssl_ctx == nullptr) {
return nullptr;
}
diff --git a/rtc_base/openssl_adapter.h b/rtc_base/openssl_adapter.h
index 4c05471..a758db5 100644
--- a/rtc_base/openssl_adapter.h
+++ b/rtc_base/openssl_adapter.h
@@ -78,7 +78,9 @@
// OpenSSLAdapterFactory will call this method to create its own internal
// SSL_CTX, and OpenSSLAdapter will also call this when used without a
// factory.
- static SSL_CTX* CreateContext(SSLMode mode, bool enable_cache);
+ static SSL_CTX* CreateContext(SSLMode mode,
+ bool enable_cache,
+ bool permute_extension);
protected:
void OnConnectEvent(Socket* socket) override;
@@ -170,6 +172,9 @@
std::vector<std::string> alpn_protocols_;
// List of elliptic curves to be used in the TLS elliptic curves extension.
std::vector<std::string> elliptic_curves_;
+#ifdef OPENSSL_IS_BORINGSSL
+ const bool permute_extension_;
+#endif
// Holds the result of the call to run of the ssl_cert_verify_->Verify()
bool custom_cert_verifier_status_;
// Flag to cancel pending timeout task.
@@ -206,7 +211,8 @@
// Constructs a new socket using the shared OpenSSLSessionCache. This means
// existing SSLSessions already in the cache will be reused instead of
// re-created for improved performance.
- OpenSSLAdapter* CreateAdapter(Socket* socket) override;
+ OpenSSLAdapter* CreateAdapter(Socket* socket,
+ bool permute_extensions) override;
private:
// Holds the SSLMode (DTLS,TLS) that will be used to set the session cache.
@@ -219,7 +225,7 @@
// Holds a cache of existing SSL Sessions.
std::unique_ptr<OpenSSLSessionCache> ssl_session_cache_;
// Provides an optional custom callback for verifying SSL certificates, this
- // in currently only used for TLS-TURN connections.
+ // in currently only used for TURN/TLS connections.
SSLCertificateVerifier* ssl_cert_verifier_ = nullptr;
// TODO(benwright): Remove this when context is moved to OpenSSLCommon.
// Hold a friend class to the OpenSSLAdapter to retrieve the context.
diff --git a/rtc_base/openssl_adapter_unittest.cc b/rtc_base/openssl_adapter_unittest.cc
index 5b59a80..3a4877b 100644
--- a/rtc_base/openssl_adapter_unittest.cc
+++ b/rtc_base/openssl_adapter_unittest.cc
@@ -22,6 +22,8 @@
namespace rtc {
namespace {
+constexpr bool kPermuteExtensions = true;
+
class MockAsyncSocket : public Socket {
public:
virtual ~MockAsyncSocket() = default;
@@ -96,7 +98,7 @@
OpenSSLAdapterFactory adapter_factory;
Socket* async_socket = new MockAsyncSocket();
auto simple_adapter = std::unique_ptr<OpenSSLAdapter>(
- adapter_factory.CreateAdapter(async_socket));
+ adapter_factory.CreateAdapter(async_socket, kPermuteExtensions));
EXPECT_NE(simple_adapter, nullptr);
}
@@ -112,7 +114,7 @@
adapter_factory.SetCertVerifier(cert_verifier.get());
Socket* async_socket = new MockAsyncSocket();
auto simple_adapter = std::unique_ptr<OpenSSLAdapter>(
- adapter_factory.CreateAdapter(async_socket));
+ adapter_factory.CreateAdapter(async_socket, kPermuteExtensions));
EXPECT_NE(simple_adapter, nullptr);
}
diff --git a/rtc_base/ssl_adapter.h b/rtc_base/ssl_adapter.h
index 4b8b9c7..9322f7a 100644
--- a/rtc_base/ssl_adapter.h
+++ b/rtc_base/ssl_adapter.h
@@ -52,7 +52,8 @@
virtual void SetIgnoreBadCert(bool ignore) = 0;
// Creates a new SSL adapter, but from a shared context.
- virtual SSLAdapter* CreateAdapter(Socket* socket) = 0;
+ virtual SSLAdapter* CreateAdapter(Socket* socket,
+ bool permute_extensions) = 0;
static std::unique_ptr<SSLAdapterFactory> Create();
};
