Gitiles
Code Review Sign In
gerrit.openfyde.cn / webrtc.googlesource.com / src / 43166b8adf749c6672eca0cd4a39399cf27d4761 / . / webrtc / base / opensslstreamadapter.cc
blob: 3e911987e556764292183ce02f98f875b853ff8a [file] [log] [blame]
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1/*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11#if HAVE_CONFIG_H
12#include "config.h"
13#endif // HAVE_CONFIG_H
14
15#if HAVE_OPENSSL_SSL_H
16
17#include "webrtc/base/opensslstreamadapter.h"
18
19#include <openssl/bio.h>
20#include <openssl/crypto.h>
21#include <openssl/err.h>
22#include <openssl/rand.h>
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]23#include <openssl/tls1.h>
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]24#include <openssl/x509v3.h>
25
26#include <vector>
27
28#include "webrtc/base/common.h"
29#include "webrtc/base/logging.h"
hbosde1c81b2016-03-08 04:46:00 -0800[diff] [blame]30#include "webrtc/base/numerics/safe_conversions.h"
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]31#include "webrtc/base/stream.h"
32#include "webrtc/base/openssl.h"
33#include "webrtc/base/openssladapter.h"
34#include "webrtc/base/openssldigest.h"
35#include "webrtc/base/opensslidentity.h"
36#include "webrtc/base/stringutils.h"
37#include "webrtc/base/thread.h"
38
39namespace rtc {
40
41#if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
42#define HAVE_DTLS_SRTP
43#endif
44
45#ifdef HAVE_DTLS_SRTP
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]46// SRTP cipher suite table. |internal_name| is used to construct a
47// colon-separated profile strings which is needed by
48// SSL_CTX_set_tlsext_use_srtp().
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]49struct SrtpCipherMapEntry {
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]50 const char* internal_name;
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]51 const int id;
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]52};
53
54// This isn't elegant, but it's better than an external reference
55static SrtpCipherMapEntry SrtpCipherMap[] = {
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]56 {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80},
57 {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32},
58 {nullptr, 0}};
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]59#endif
60
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame]61#ifndef OPENSSL_IS_BORINGSSL
Guo-wei Shieh456696a2015-09-30 21:48:54 -0700[diff] [blame]62
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]63// Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.
64struct SslCipherMapEntry {
65 uint32_t openssl_id;
66 const char* rfc_name;
67};
68
69#define DEFINE_CIPHER_ENTRY_SSL3(name) {SSL3_CK_##name, "TLS_"#name}
70#define DEFINE_CIPHER_ENTRY_TLS1(name) {TLS1_CK_##name, "TLS_"#name}
71
72// There currently is no method available to get a RFC-compliant name for a
73// cipher suite from BoringSSL, so we need to define the mapping manually here.
74// This should go away once BoringSSL supports "SSL_CIPHER_standard_name"
75// (as available in OpenSSL if compiled with tracing enabled) or a similar
76// method.
77static const SslCipherMapEntry kSslCipherMap[] = {
78 // TLS v1.0 ciphersuites from RFC2246.
79 DEFINE_CIPHER_ENTRY_SSL3(RSA_RC4_128_SHA),
80 {SSL3_CK_RSA_DES_192_CBC3_SHA,
81 "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
82
83 // AES ciphersuites from RFC3268.
84 {TLS1_CK_RSA_WITH_AES_128_SHA,
85 "TLS_RSA_WITH_AES_128_CBC_SHA"},
86 {TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
87 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
88 {TLS1_CK_RSA_WITH_AES_256_SHA,
89 "TLS_RSA_WITH_AES_256_CBC_SHA"},
90 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
91 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
92
93 // ECC ciphersuites from RFC4492.
94 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_RC4_128_SHA),
95 {TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
96 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},
97 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_CBC_SHA),
98 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_CBC_SHA),
99
100 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_RC4_128_SHA),
101 {TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
102 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},
103 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_CBC_SHA),
104 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_CBC_SHA),
105
106 // TLS v1.2 ciphersuites.
107 {TLS1_CK_RSA_WITH_AES_128_SHA256,
108 "TLS_RSA_WITH_AES_128_CBC_SHA256"},
109 {TLS1_CK_RSA_WITH_AES_256_SHA256,
110 "TLS_RSA_WITH_AES_256_CBC_SHA256"},
111 {TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
112 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
113 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
114 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
115
116 // TLS v1.2 GCM ciphersuites from RFC5288.
117 DEFINE_CIPHER_ENTRY_TLS1(RSA_WITH_AES_128_GCM_SHA256),
118 DEFINE_CIPHER_ENTRY_TLS1(RSA_WITH_AES_256_GCM_SHA384),
119 DEFINE_CIPHER_ENTRY_TLS1(DHE_RSA_WITH_AES_128_GCM_SHA256),
120 DEFINE_CIPHER_ENTRY_TLS1(DHE_RSA_WITH_AES_256_GCM_SHA384),
121 DEFINE_CIPHER_ENTRY_TLS1(DH_RSA_WITH_AES_128_GCM_SHA256),
122 DEFINE_CIPHER_ENTRY_TLS1(DH_RSA_WITH_AES_256_GCM_SHA384),
123
124 // ECDH HMAC based ciphersuites from RFC5289.
125 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
126 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},
127 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
128 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},
129 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
130 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
131 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
132 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
133
134 // ECDH GCM based ciphersuites from RFC5289.
135 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
136 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384),
137 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256),
138 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384),
139
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]140 {0, NULL}
141};
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame]142#endif // #ifndef OPENSSL_IS_BORINGSSL
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]143
Guo-wei Shieh456696a2015-09-30 21:48:54 -0700[diff] [blame]144#if defined(_MSC_VER)
145#pragma warning(push)
146#pragma warning(disable : 4309)
147#pragma warning(disable : 4310)
148#endif // defined(_MSC_VER)
149
Guo-wei Shieh456696a2015-09-30 21:48:54 -0700[diff] [blame]150#if defined(_MSC_VER)
151#pragma warning(pop)
152#endif // defined(_MSC_VER)
153
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]154//////////////////////////////////////////////////////////////////////
155// StreamBIO
156//////////////////////////////////////////////////////////////////////
157
158static int stream_write(BIO* h, const char* buf, int num);
159static int stream_read(BIO* h, char* buf, int size);
160static int stream_puts(BIO* h, const char* str);
161static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2);
162static int stream_new(BIO* h);
163static int stream_free(BIO* data);
164
davidben@webrtc.org36d5c3c2015-01-22 23:06:17 +0000[diff] [blame]165// TODO(davidben): This should be const once BoringSSL is assumed.
166static BIO_METHOD methods_stream = {
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]167 BIO_TYPE_BIO,
168 "stream",
169 stream_write,
170 stream_read,
171 stream_puts,
172 0,
173 stream_ctrl,
174 stream_new,
175 stream_free,
176 NULL,
177};
178
davidben@webrtc.org36d5c3c2015-01-22 23:06:17 +0000[diff] [blame]179static BIO_METHOD* BIO_s_stream() { return(&methods_stream); }
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]180
181static BIO* BIO_new_stream(StreamInterface* stream) {
182 BIO* ret = BIO_new(BIO_s_stream());
183 if (ret == NULL)
184 return NULL;
185 ret->ptr = stream;
186 return ret;
187}
188
189// bio methods return 1 (or at least non-zero) on success and 0 on failure.
190
191static int stream_new(BIO* b) {
192 b->shutdown = 0;
193 b->init = 1;
194 b->num = 0; // 1 means end-of-stream
195 b->ptr = 0;
196 return 1;
197}
198
199static int stream_free(BIO* b) {
200 if (b == NULL)
201 return 0;
202 return 1;
203}
204
205static int stream_read(BIO* b, char* out, int outl) {
206 if (!out)
207 return -1;
208 StreamInterface* stream = static_cast<StreamInterface*>(b->ptr);
209 BIO_clear_retry_flags(b);
210 size_t read;
211 int error;
212 StreamResult result = stream->Read(out, outl, &read, &error);
213 if (result == SR_SUCCESS) {
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]214 return checked_cast<int>(read);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]215 } else if (result == SR_EOS) {
216 b->num = 1;
217 } else if (result == SR_BLOCK) {
218 BIO_set_retry_read(b);
219 }
220 return -1;
221}
222
223static int stream_write(BIO* b, const char* in, int inl) {
224 if (!in)
225 return -1;
226 StreamInterface* stream = static_cast<StreamInterface*>(b->ptr);
227 BIO_clear_retry_flags(b);
228 size_t written;
229 int error;
230 StreamResult result = stream->Write(in, inl, &written, &error);
231 if (result == SR_SUCCESS) {
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]232 return checked_cast<int>(written);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]233 } else if (result == SR_BLOCK) {
234 BIO_set_retry_write(b);
235 }
236 return -1;
237}
238
239static int stream_puts(BIO* b, const char* str) {
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]240 return stream_write(b, str, checked_cast<int>(strlen(str)));
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]241}
242
243static long stream_ctrl(BIO* b, int cmd, long num, void* ptr) {
henrike@webrtc.org14abcc72014-05-16 16:54:44 +0000[diff] [blame]244 RTC_UNUSED(num);
245 RTC_UNUSED(ptr);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]246
247 switch (cmd) {
248 case BIO_CTRL_RESET:
249 return 0;
250 case BIO_CTRL_EOF:
251 return b->num;
252 case BIO_CTRL_WPENDING:
253 case BIO_CTRL_PENDING:
254 return 0;
255 case BIO_CTRL_FLUSH:
256 return 1;
Henrik Lundinf4baca52015-06-10 09:45:58 +0200[diff] [blame]257 case BIO_CTRL_DGRAM_QUERY_MTU:
258 // openssl defaults to mtu=256 unless we return something here.
259 // The handshake doesn't actually need to send packets above 1k,
260 // so this seems like a sensible value that should work in most cases.
261 // Webrtc uses the same value for video packets.
262 return 1200;
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]263 default:
264 return 0;
265 }
266}
267
268/////////////////////////////////////////////////////////////////////////////
269// OpenSSLStreamAdapter
270/////////////////////////////////////////////////////////////////////////////
271
272OpenSSLStreamAdapter::OpenSSLStreamAdapter(StreamInterface* stream)
273 : SSLStreamAdapter(stream),
274 state_(SSL_NONE),
275 role_(SSL_CLIENT),
Guo-wei Shieha7446d22016-01-11 15:27:03 -0800[diff] [blame]276 ssl_read_needs_write_(false),
277 ssl_write_needs_read_(false),
278 ssl_(NULL),
279 ssl_ctx_(NULL),
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]280 custom_verification_succeeded_(false),
Joachim Bauch831c5582015-05-20 12:48:41 +0200[diff] [blame]281 ssl_mode_(SSL_MODE_TLS),
Guo-wei Shieha7446d22016-01-11 15:27:03 -0800[diff] [blame]282 ssl_max_version_(SSL_PROTOCOL_TLS_12) {}
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]283
284OpenSSLStreamAdapter::~OpenSSLStreamAdapter() {
285 Cleanup();
286}
287
288void OpenSSLStreamAdapter::SetIdentity(SSLIdentity* identity) {
289 ASSERT(!identity_);
290 identity_.reset(static_cast<OpenSSLIdentity*>(identity));
291}
292
293void OpenSSLStreamAdapter::SetServerRole(SSLRole role) {
294 role_ = role;
295}
296
297bool OpenSSLStreamAdapter::GetPeerCertificate(SSLCertificate** cert) const {
298 if (!peer_certificate_)
299 return false;
300
301 *cert = peer_certificate_->GetReference();
302 return true;
303}
304
305bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string
306 &digest_alg,
307 const unsigned char*
308 digest_val,
309 size_t digest_len) {
310 ASSERT(!peer_certificate_);
311 ASSERT(peer_certificate_digest_algorithm_.size() == 0);
312 ASSERT(ssl_server_name_.empty());
313 size_t expected_len;
314
315 if (!OpenSSLDigest::GetDigestSize(digest_alg, &expected_len)) {
316 LOG(LS_WARNING) << "Unknown digest algorithm: " << digest_alg;
317 return false;
318 }
319 if (expected_len != digest_len)
320 return false;
321
322 peer_certificate_digest_value_.SetData(digest_val, digest_len);
323 peer_certificate_digest_algorithm_ = digest_alg;
324
325 return true;
326}
327
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]328std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
Guo-wei Shieh456696a2015-09-30 21:48:54 -0700[diff] [blame]329#ifdef OPENSSL_IS_BORINGSSL
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]330 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite);
Guo-wei Shieh456696a2015-09-30 21:48:54 -0700[diff] [blame]331 if (!ssl_cipher) {
332 return std::string();
333 }
334 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher);
335 std::string rfc_name = std::string(cipher_name);
336 OPENSSL_free(cipher_name);
337 return rfc_name;
338#else
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]339 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name;
340 ++entry) {
guoweisefb047d2015-12-17 13:44:57 -0800[diff] [blame]341 if (cipher_suite == static_cast<int>(entry->openssl_id)) {
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]342 return entry->rfc_name;
343 }
344 }
Guo-wei Shieh456696a2015-09-30 21:48:54 -0700[diff] [blame]345 return std::string();
guoweis27dc29b2015-09-30 19:23:09 -0700[diff] [blame]346#endif
Guo-wei Shieh456696a2015-09-30 21:48:54 -0700[diff] [blame]347}
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]348
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]349bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) {
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]350 if (state_ != SSL_CONNECTED)
351 return false;
352
353 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_);
354 if (current_cipher == NULL) {
355 return false;
356 }
357
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]358 *cipher_suite = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]359 return true;
360}
361
torbjorng43166b82016-03-11 00:06:47 -0800[diff] [blame^]362int OpenSSLStreamAdapter::GetSslVersion() const {
363 if (state_ != SSL_CONNECTED)
364 return -1;
365
366 int ssl_version = SSL_version(ssl_);
367 if (ssl_mode_ == SSL_MODE_DTLS) {
368 if (ssl_version == DTLS1_VERSION)
369 return SSL_PROTOCOL_DTLS_10;
370 else if (ssl_version == DTLS1_2_VERSION)
371 return SSL_PROTOCOL_DTLS_12;
372 } else {
373 if (ssl_version == TLS1_VERSION)
374 return SSL_PROTOCOL_TLS_10;
375 else if (ssl_version == TLS1_1_VERSION)
376 return SSL_PROTOCOL_TLS_11;
377 else if (ssl_version == TLS1_2_VERSION)
378 return SSL_PROTOCOL_TLS_12;
379 }
380
381 return -1;
382}
383
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]384// Key Extractor interface
385bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
Peter Boström0c4e06b2015-10-07 12:23:21 +0200[diff] [blame]386 const uint8_t* context,
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]387 size_t context_len,
388 bool use_context,
Peter Boström0c4e06b2015-10-07 12:23:21 +0200[diff] [blame]389 uint8_t* result,
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]390 size_t result_len) {
391#ifdef HAVE_DTLS_SRTP
392 int i;
393
Peter Boström0c4e06b2015-10-07 12:23:21 +0200[diff] [blame]394 i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(),
395 label.length(), const_cast<uint8_t*>(context),
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]396 context_len, use_context);
397
398 if (i != 1)
399 return false;
400
401 return true;
402#else
403 return false;
404#endif
405}
406
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]407bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
408 const std::vector<int>& ciphers) {
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]409#ifdef HAVE_DTLS_SRTP
410 std::string internal_ciphers;
411
412 if (state_ != SSL_NONE)
413 return false;
414
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]415 for (std::vector<int>::const_iterator cipher = ciphers.begin();
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]416 cipher != ciphers.end(); ++cipher) {
417 bool found = false;
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]418 for (SrtpCipherMapEntry* entry = SrtpCipherMap; entry->internal_name;
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]419 ++entry) {
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]420 if (*cipher == entry->id) {
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]421 found = true;
422 if (!internal_ciphers.empty())
423 internal_ciphers += ":";
424 internal_ciphers += entry->internal_name;
425 break;
426 }
427 }
428
429 if (!found) {
430 LOG(LS_ERROR) << "Could not find cipher: " << *cipher;
431 return false;
432 }
433 }
434
435 if (internal_ciphers.empty())
436 return false;
437
438 srtp_ciphers_ = internal_ciphers;
439 return true;
440#else
441 return false;
442#endif
443}
444
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]445bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]446#ifdef HAVE_DTLS_SRTP
447 ASSERT(state_ == SSL_CONNECTED);
448 if (state_ != SSL_CONNECTED)
449 return false;
450
henrike@webrtc.orgc10ecea2015-01-07 17:59:28 +0000[diff] [blame]451 const SRTP_PROTECTION_PROFILE *srtp_profile =
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]452 SSL_get_selected_srtp_profile(ssl_);
453
454 if (!srtp_profile)
455 return false;
456
Guo-wei Shieh521ed7b2015-11-18 19:41:53 -0800[diff] [blame]457 *crypto_suite = srtp_profile->id;
458 ASSERT(!SrtpCryptoSuiteToName(*crypto_suite).empty());
459 return true;
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]460#else
461 return false;
462#endif
463}
464
465int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) {
466 ASSERT(server_name != NULL && server_name[0] != '\0');
467 ssl_server_name_ = server_name;
468 return StartSSL();
469}
470
471int OpenSSLStreamAdapter::StartSSLWithPeer() {
472 ASSERT(ssl_server_name_.empty());
473 // It is permitted to specify peer_certificate_ only later.
474 return StartSSL();
475}
476
477void OpenSSLStreamAdapter::SetMode(SSLMode mode) {
478 ASSERT(state_ == SSL_NONE);
479 ssl_mode_ = mode;
480}
481
Joachim Bauch831c5582015-05-20 12:48:41 +0200[diff] [blame]482void OpenSSLStreamAdapter::SetMaxProtocolVersion(SSLProtocolVersion version) {
483 ASSERT(ssl_ctx_ == NULL);
484 ssl_max_version_ = version;
485}
486
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]487//
488// StreamInterface Implementation
489//
490
491StreamResult OpenSSLStreamAdapter::Write(const void* data, size_t data_len,
492 size_t* written, int* error) {
493 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::Write(" << data_len << ")";
494
495 switch (state_) {
496 case SSL_NONE:
497 // pass-through in clear text
498 return StreamAdapterInterface::Write(data, data_len, written, error);
499
500 case SSL_WAIT:
501 case SSL_CONNECTING:
502 return SR_BLOCK;
503
504 case SSL_CONNECTED:
505 break;
506
507 case SSL_ERROR:
508 case SSL_CLOSED:
509 default:
510 if (error)
511 *error = ssl_error_code_;
512 return SR_ERROR;
513 }
514
515 // OpenSSL will return an error if we try to write zero bytes
516 if (data_len == 0) {
517 if (written)
518 *written = 0;
519 return SR_SUCCESS;
520 }
521
522 ssl_write_needs_read_ = false;
523
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]524 int code = SSL_write(ssl_, data, checked_cast<int>(data_len));
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]525 int ssl_error = SSL_get_error(ssl_, code);
526 switch (ssl_error) {
527 case SSL_ERROR_NONE:
528 LOG(LS_VERBOSE) << " -- success";
529 ASSERT(0 < code && static_cast<unsigned>(code) <= data_len);
530 if (written)
531 *written = code;
532 return SR_SUCCESS;
533 case SSL_ERROR_WANT_READ:
534 LOG(LS_VERBOSE) << " -- error want read";
535 ssl_write_needs_read_ = true;
536 return SR_BLOCK;
537 case SSL_ERROR_WANT_WRITE:
538 LOG(LS_VERBOSE) << " -- error want write";
539 return SR_BLOCK;
540
541 case SSL_ERROR_ZERO_RETURN:
542 default:
543 Error("SSL_write", (ssl_error ? ssl_error : -1), false);
544 if (error)
545 *error = ssl_error_code_;
546 return SR_ERROR;
547 }
548 // not reached
549}
550
551StreamResult OpenSSLStreamAdapter::Read(void* data, size_t data_len,
552 size_t* read, int* error) {
553 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::Read(" << data_len << ")";
554 switch (state_) {
555 case SSL_NONE:
556 // pass-through in clear text
557 return StreamAdapterInterface::Read(data, data_len, read, error);
558
559 case SSL_WAIT:
560 case SSL_CONNECTING:
561 return SR_BLOCK;
562
563 case SSL_CONNECTED:
564 break;
565
566 case SSL_CLOSED:
567 return SR_EOS;
568
569 case SSL_ERROR:
570 default:
571 if (error)
572 *error = ssl_error_code_;
573 return SR_ERROR;
574 }
575
576 // Don't trust OpenSSL with zero byte reads
577 if (data_len == 0) {
578 if (read)
579 *read = 0;
580 return SR_SUCCESS;
581 }
582
583 ssl_read_needs_write_ = false;
584
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]585 int code = SSL_read(ssl_, data, checked_cast<int>(data_len));
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]586 int ssl_error = SSL_get_error(ssl_, code);
587 switch (ssl_error) {
588 case SSL_ERROR_NONE:
589 LOG(LS_VERBOSE) << " -- success";
590 ASSERT(0 < code && static_cast<unsigned>(code) <= data_len);
591 if (read)
592 *read = code;
593
594 if (ssl_mode_ == SSL_MODE_DTLS) {
595 // Enforce atomic reads -- this is a short read
596 unsigned int pending = SSL_pending(ssl_);
597
598 if (pending) {
599 LOG(LS_INFO) << " -- short DTLS read. flushing";
600 FlushInput(pending);
601 if (error)
602 *error = SSE_MSG_TRUNC;
603 return SR_ERROR;
604 }
605 }
606 return SR_SUCCESS;
607 case SSL_ERROR_WANT_READ:
608 LOG(LS_VERBOSE) << " -- error want read";
609 return SR_BLOCK;
610 case SSL_ERROR_WANT_WRITE:
611 LOG(LS_VERBOSE) << " -- error want write";
612 ssl_read_needs_write_ = true;
613 return SR_BLOCK;
614 case SSL_ERROR_ZERO_RETURN:
615 LOG(LS_VERBOSE) << " -- remote side closed";
guoweis4cc9f982016-02-24 11:10:06 -0800[diff] [blame]616 // When we're closed at SSL layer, also close the stream level which
617 // performs necessary clean up. Otherwise, a new incoming packet after
618 // this could overflow the stream buffer.
619 this->stream()->Close();
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]620 return SR_EOS;
621 break;
622 default:
623 LOG(LS_VERBOSE) << " -- error " << code;
624 Error("SSL_read", (ssl_error ? ssl_error : -1), false);
625 if (error)
626 *error = ssl_error_code_;
627 return SR_ERROR;
628 }
629 // not reached
630}
631
632void OpenSSLStreamAdapter::FlushInput(unsigned int left) {
633 unsigned char buf[2048];
634
635 while (left) {
636 // This should always succeed
637 int toread = (sizeof(buf) < left) ? sizeof(buf) : left;
638 int code = SSL_read(ssl_, buf, toread);
639
640 int ssl_error = SSL_get_error(ssl_, code);
641 ASSERT(ssl_error == SSL_ERROR_NONE);
642
643 if (ssl_error != SSL_ERROR_NONE) {
644 LOG(LS_VERBOSE) << " -- error " << code;
645 Error("SSL_read", (ssl_error ? ssl_error : -1), false);
646 return;
647 }
648
649 LOG(LS_VERBOSE) << " -- flushed " << code << " bytes";
650 left -= code;
651 }
652}
653
654void OpenSSLStreamAdapter::Close() {
655 Cleanup();
656 ASSERT(state_ == SSL_CLOSED || state_ == SSL_ERROR);
657 StreamAdapterInterface::Close();
658}
659
660StreamState OpenSSLStreamAdapter::GetState() const {
661 switch (state_) {
662 case SSL_WAIT:
663 case SSL_CONNECTING:
664 return SS_OPENING;
665 case SSL_CONNECTED:
666 return SS_OPEN;
667 default:
668 return SS_CLOSED;
669 };
670 // not reached
671}
672
673void OpenSSLStreamAdapter::OnEvent(StreamInterface* stream, int events,
674 int err) {
675 int events_to_signal = 0;
676 int signal_error = 0;
677 ASSERT(stream == this->stream());
678 if ((events & SE_OPEN)) {
679 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent SE_OPEN";
680 if (state_ != SSL_WAIT) {
681 ASSERT(state_ == SSL_NONE);
682 events_to_signal |= SE_OPEN;
683 } else {
684 state_ = SSL_CONNECTING;
685 if (int err = BeginSSL()) {
686 Error("BeginSSL", err, true);
687 return;
688 }
689 }
690 }
691 if ((events & (SE_READ|SE_WRITE))) {
692 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent"
693 << ((events & SE_READ) ? " SE_READ" : "")
694 << ((events & SE_WRITE) ? " SE_WRITE" : "");
695 if (state_ == SSL_NONE) {
696 events_to_signal |= events & (SE_READ|SE_WRITE);
697 } else if (state_ == SSL_CONNECTING) {
698 if (int err = ContinueSSL()) {
699 Error("ContinueSSL", err, true);
700 return;
701 }
702 } else if (state_ == SSL_CONNECTED) {
703 if (((events & SE_READ) && ssl_write_needs_read_) ||
704 (events & SE_WRITE)) {
705 LOG(LS_VERBOSE) << " -- onStreamWriteable";
706 events_to_signal |= SE_WRITE;
707 }
708 if (((events & SE_WRITE) && ssl_read_needs_write_) ||
709 (events & SE_READ)) {
710 LOG(LS_VERBOSE) << " -- onStreamReadable";
711 events_to_signal |= SE_READ;
712 }
713 }
714 }
715 if ((events & SE_CLOSE)) {
716 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent(SE_CLOSE, " << err << ")";
717 Cleanup();
718 events_to_signal |= SE_CLOSE;
719 // SE_CLOSE is the only event that uses the final parameter to OnEvent().
720 ASSERT(signal_error == 0);
721 signal_error = err;
722 }
723 if (events_to_signal)
724 StreamAdapterInterface::OnEvent(stream, events_to_signal, signal_error);
725}
726
727int OpenSSLStreamAdapter::StartSSL() {
728 ASSERT(state_ == SSL_NONE);
729
730 if (StreamAdapterInterface::GetState() != SS_OPEN) {
731 state_ = SSL_WAIT;
732 return 0;
733 }
734
735 state_ = SSL_CONNECTING;
736 if (int err = BeginSSL()) {
737 Error("BeginSSL", err, false);
738 return err;
739 }
740
741 return 0;
742}
743
744int OpenSSLStreamAdapter::BeginSSL() {
745 ASSERT(state_ == SSL_CONNECTING);
746 // The underlying stream has open. If we are in peer-to-peer mode
747 // then a peer certificate must have been specified by now.
748 ASSERT(!ssl_server_name_.empty() ||
749 !peer_certificate_digest_algorithm_.empty());
750 LOG(LS_INFO) << "BeginSSL: "
751 << (!ssl_server_name_.empty() ? ssl_server_name_ :
752 "with peer");
753
754 BIO* bio = NULL;
755
756 // First set up the context
757 ASSERT(ssl_ctx_ == NULL);
758 ssl_ctx_ = SetupSSLContext();
759 if (!ssl_ctx_)
760 return -1;
761
762 bio = BIO_new_stream(static_cast<StreamInterface*>(stream()));
763 if (!bio)
764 return -1;
765
766 ssl_ = SSL_new(ssl_ctx_);
767 if (!ssl_) {
768 BIO_free(bio);
769 return -1;
770 }
771
772 SSL_set_app_data(ssl_, this);
773
774 SSL_set_bio(ssl_, bio, bio); // the SSL object owns the bio now.
Joachim Baucha3980202015-06-02 23:07:43 +0200[diff] [blame]775#ifndef OPENSSL_IS_BORINGSSL
Joachim Bauch5ca688b2015-05-20 10:40:15 +0200[diff] [blame]776 if (ssl_mode_ == SSL_MODE_DTLS) {
777 // Enable read-ahead for DTLS so whole packets are read from internal BIO
Joachim Baucha3980202015-06-02 23:07:43 +0200[diff] [blame]778 // before parsing. This is done internally by BoringSSL for DTLS.
Joachim Bauch5ca688b2015-05-20 10:40:15 +0200[diff] [blame]779 SSL_set_read_ahead(ssl_, 1);
780 }
Joachim Baucha3980202015-06-02 23:07:43 +0200[diff] [blame]781#endif
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]782
783 SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE |
784 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
785
jiayl@webrtc.org11c6bde2014-08-28 16:14:38 +0000[diff] [blame]786 // Specify an ECDH group for ECDHE ciphers, otherwise they cannot be
787 // negotiated when acting as the server. Use NIST's P-256 which is commonly
788 // supported.
789 EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
790 if (ecdh == NULL)
791 return -1;
792 SSL_set_options(ssl_, SSL_OP_SINGLE_ECDH_USE);
793 SSL_set_tmp_ecdh(ssl_, ecdh);
794 EC_KEY_free(ecdh);
795
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]796 // Do the connect
797 return ContinueSSL();
798}
799
800int OpenSSLStreamAdapter::ContinueSSL() {
801 LOG(LS_VERBOSE) << "ContinueSSL";
802 ASSERT(state_ == SSL_CONNECTING);
803
804 // Clear the DTLS timer
805 Thread::Current()->Clear(this, MSG_TIMEOUT);
806
807 int code = (role_ == SSL_CLIENT) ? SSL_connect(ssl_) : SSL_accept(ssl_);
808 int ssl_error;
809 switch (ssl_error = SSL_get_error(ssl_, code)) {
810 case SSL_ERROR_NONE:
811 LOG(LS_VERBOSE) << " -- success";
812
813 if (!SSLPostConnectionCheck(ssl_, ssl_server_name_.c_str(), NULL,
814 peer_certificate_digest_algorithm_)) {
815 LOG(LS_ERROR) << "TLS post connection check failed";
816 return -1;
817 }
818
819 state_ = SSL_CONNECTED;
820 StreamAdapterInterface::OnEvent(stream(), SE_OPEN|SE_READ|SE_WRITE, 0);
821 break;
822
823 case SSL_ERROR_WANT_READ: {
824 LOG(LS_VERBOSE) << " -- error want read";
825 struct timeval timeout;
826 if (DTLSv1_get_timeout(ssl_, &timeout)) {
827 int delay = timeout.tv_sec * 1000 + timeout.tv_usec/1000;
828
829 Thread::Current()->PostDelayed(delay, this, MSG_TIMEOUT, 0);
830 }
831 }
832 break;
833
834 case SSL_ERROR_WANT_WRITE:
835 LOG(LS_VERBOSE) << " -- error want write";
836 break;
837
838 case SSL_ERROR_ZERO_RETURN:
839 default:
840 LOG(LS_VERBOSE) << " -- error " << code;
841 return (ssl_error != 0) ? ssl_error : -1;
842 }
843
844 return 0;
845}
846
847void OpenSSLStreamAdapter::Error(const char* context, int err, bool signal) {
848 LOG(LS_WARNING) << "OpenSSLStreamAdapter::Error("
849 << context << ", " << err << ")";
850 state_ = SSL_ERROR;
851 ssl_error_code_ = err;
852 Cleanup();
853 if (signal)
854 StreamAdapterInterface::OnEvent(stream(), SE_CLOSE, err);
855}
856
857void OpenSSLStreamAdapter::Cleanup() {
858 LOG(LS_INFO) << "Cleanup";
859
860 if (state_ != SSL_ERROR) {
861 state_ = SSL_CLOSED;
862 ssl_error_code_ = 0;
863 }
864
865 if (ssl_) {
jiayl@webrtc.orgf1d751c2014-09-25 16:38:46 +0000[diff] [blame]866 int ret = SSL_shutdown(ssl_);
867 if (ret < 0) {
868 LOG(LS_WARNING) << "SSL_shutdown failed, error = "
869 << SSL_get_error(ssl_, ret);
870 }
871
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]872 SSL_free(ssl_);
873 ssl_ = NULL;
874 }
875 if (ssl_ctx_) {
876 SSL_CTX_free(ssl_ctx_);
877 ssl_ctx_ = NULL;
878 }
879 identity_.reset();
880 peer_certificate_.reset();
881
882 // Clear the DTLS timer
883 Thread::Current()->Clear(this, MSG_TIMEOUT);
884}
885
886
887void OpenSSLStreamAdapter::OnMessage(Message* msg) {
888 // Process our own messages and then pass others to the superclass
889 if (MSG_TIMEOUT == msg->message_id) {
890 LOG(LS_INFO) << "DTLS timeout expired";
891 DTLSv1_handle_timeout(ssl_);
892 ContinueSSL();
893 } else {
894 StreamInterface::OnMessage(msg);
895 }
896}
897
898SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
899 SSL_CTX *ctx = NULL;
900
Joachim Bauch831c5582015-05-20 12:48:41 +0200[diff] [blame]901#ifdef OPENSSL_IS_BORINGSSL
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]902 ctx = SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ?
Joachim Bauch831c5582015-05-20 12:48:41 +0200[diff] [blame]903 DTLS_method() : TLS_method());
904 // Version limiting for BoringSSL will be done below.
905#else
906 const SSL_METHOD* method;
907 switch (ssl_max_version_) {
908 case SSL_PROTOCOL_TLS_10:
909 case SSL_PROTOCOL_TLS_11:
910 // OpenSSL doesn't support setting min/max versions, so we always use
911 // (D)TLS 1.0 if a max. version below the max. available is requested.
912 if (ssl_mode_ == SSL_MODE_DTLS) {
913 if (role_ == SSL_CLIENT) {
914 method = DTLSv1_client_method();
915 } else {
916 method = DTLSv1_server_method();
917 }
918 } else {
919 if (role_ == SSL_CLIENT) {
920 method = TLSv1_client_method();
921 } else {
922 method = TLSv1_server_method();
923 }
924 }
925 break;
926 case SSL_PROTOCOL_TLS_12:
927 default:
928 if (ssl_mode_ == SSL_MODE_DTLS) {
929#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
930 // DTLS 1.2 only available starting from OpenSSL 1.0.2
931 if (role_ == SSL_CLIENT) {
932 method = DTLS_client_method();
933 } else {
934 method = DTLS_server_method();
935 }
936#else
937 if (role_ == SSL_CLIENT) {
938 method = DTLSv1_client_method();
939 } else {
940 method = DTLSv1_server_method();
941 }
942#endif
943 } else {
944#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
945 // New API only available starting from OpenSSL 1.1.0
946 if (role_ == SSL_CLIENT) {
947 method = TLS_client_method();
948 } else {
949 method = TLS_server_method();
950 }
951#else
952 if (role_ == SSL_CLIENT) {
953 method = SSLv23_client_method();
954 } else {
955 method = SSLv23_server_method();
956 }
957#endif
958 }
959 break;
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]960 }
Joachim Bauch831c5582015-05-20 12:48:41 +0200[diff] [blame]961 ctx = SSL_CTX_new(method);
962#endif // OPENSSL_IS_BORINGSSL
963
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]964 if (ctx == NULL)
965 return NULL;
966
Joachim Bauch831c5582015-05-20 12:48:41 +0200[diff] [blame]967#ifdef OPENSSL_IS_BORINGSSL
968 SSL_CTX_set_min_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?
969 DTLS1_VERSION : TLS1_VERSION);
970 switch (ssl_max_version_) {
971 case SSL_PROTOCOL_TLS_10:
972 SSL_CTX_set_max_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?
973 DTLS1_VERSION : TLS1_VERSION);
974 break;
975 case SSL_PROTOCOL_TLS_11:
976 SSL_CTX_set_max_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?
977 DTLS1_VERSION : TLS1_1_VERSION);
978 break;
979 case SSL_PROTOCOL_TLS_12:
980 default:
981 SSL_CTX_set_max_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?
982 DTLS1_2_VERSION : TLS1_2_VERSION);
983 break;
984 }
985#endif
986
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]987 if (identity_ && !identity_->ConfigureIdentity(ctx)) {
988 SSL_CTX_free(ctx);
989 return NULL;
990 }
991
tfarinaa41ab932015-10-30 16:08:48 -0700[diff] [blame]992#if !defined(NDEBUG)
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]993 SSL_CTX_set_info_callback(ctx, OpenSSLAdapter::SSLInfoCallback);
994#endif
995
tkchin@webrtc.orgc569a492014-09-23 05:56:44 +0000[diff] [blame]996 int mode = SSL_VERIFY_PEER;
997 if (client_auth_enabled()) {
998 // Require a certificate from the client.
999 // Note: Normally this is always true in production, but it may be disabled
1000 // for testing purposes (e.g. SSLAdapter unit tests).
1001 mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
1002 }
1003
1004 SSL_CTX_set_verify(ctx, mode, SSLVerifyCallback);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1005 SSL_CTX_set_verify_depth(ctx, 4);
Joachim Bauch831c5582015-05-20 12:48:41 +0200[diff] [blame]1006 // Select list of available ciphers. Note that !SHA256 and !SHA384 only
1007 // remove HMAC-SHA256 and HMAC-SHA384 cipher suites, not GCM cipher suites
1008 // with SHA256 or SHA384 as the handshake hash.
1009 // This matches the list of SSLClientSocketOpenSSL in Chromium.
1010 SSL_CTX_set_cipher_list(ctx,
1011 "DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK");
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1012
1013#ifdef HAVE_DTLS_SRTP
1014 if (!srtp_ciphers_.empty()) {
1015 if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {
1016 SSL_CTX_free(ctx);
1017 return NULL;
1018 }
1019 }
1020#endif
1021
1022 return ctx;
1023}
1024
1025int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
1026 // Get our SSL structure from the store
1027 SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(
1028 store,
1029 SSL_get_ex_data_X509_STORE_CTX_idx()));
1030 OpenSSLStreamAdapter* stream =
1031 reinterpret_cast<OpenSSLStreamAdapter*>(SSL_get_app_data(ssl));
1032
1033 if (stream->peer_certificate_digest_algorithm_.empty()) {
1034 return 0;
1035 }
1036 X509* cert = X509_STORE_CTX_get_current_cert(store);
henrike@webrtc.org4e5f65a2014-06-05 20:40:11 +0000[diff] [blame]1037 int depth = X509_STORE_CTX_get_error_depth(store);
1038
1039 // For now We ignore the parent certificates and verify the leaf against
1040 // the digest.
1041 //
1042 // TODO(jiayl): Verify the chain is a proper chain and report the chain to
torbjorng07d09362015-09-22 11:58:04 -0700[diff] [blame]1043 // |stream->peer_certificate_|.
henrike@webrtc.org4e5f65a2014-06-05 20:40:11 +0000[diff] [blame]1044 if (depth > 0) {
1045 LOG(LS_INFO) << "Ignored chained certificate at depth " << depth;
1046 return 1;
1047 }
1048
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1049 unsigned char digest[EVP_MAX_MD_SIZE];
1050 size_t digest_length;
1051 if (!OpenSSLCertificate::ComputeDigest(
1052 cert,
1053 stream->peer_certificate_digest_algorithm_,
1054 digest, sizeof(digest),
1055 &digest_length)) {
1056 LOG(LS_WARNING) << "Failed to compute peer cert digest.";
1057 return 0;
1058 }
henrike@webrtc.org4e5f65a2014-06-05 20:40:11 +0000[diff] [blame]1059
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1060 Buffer computed_digest(digest, digest_length);
1061 if (computed_digest != stream->peer_certificate_digest_value_) {
1062 LOG(LS_WARNING) << "Rejected peer certificate due to mismatched digest.";
1063 return 0;
1064 }
1065 // Ignore any verification error if the digest matches, since there is no
1066 // value in checking the validity of a self-signed cert issued by untrusted
1067 // sources.
1068 LOG(LS_INFO) << "Accepted peer certificate.";
henrike@webrtc.org4e5f65a2014-06-05 20:40:11 +0000[diff] [blame]1069
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1070 // Record the peer's certificate.
1071 stream->peer_certificate_.reset(new OpenSSLCertificate(cert));
1072 return 1;
1073}
1074
1075// This code is taken from the "Network Security with OpenSSL"
1076// sample in chapter 5
1077bool OpenSSLStreamAdapter::SSLPostConnectionCheck(SSL* ssl,
1078 const char* server_name,
1079 const X509* peer_cert,
1080 const std::string
1081 &peer_digest) {
1082 ASSERT(server_name != NULL);
1083 bool ok;
1084 if (server_name[0] != '\0') { // traditional mode
1085 ok = OpenSSLAdapter::VerifyServerName(ssl, server_name, ignore_bad_cert());
1086
1087 if (ok) {
1088 ok = (SSL_get_verify_result(ssl) == X509_V_OK ||
1089 custom_verification_succeeded_);
1090 }
1091 } else { // peer-to-peer mode
1092 ASSERT((peer_cert != NULL) || (!peer_digest.empty()));
1093 // no server name validation
1094 ok = true;
1095 }
1096
1097 if (!ok && ignore_bad_cert()) {
1098 LOG(LS_ERROR) << "SSL_get_verify_result(ssl) = "
1099 << SSL_get_verify_result(ssl);
1100 LOG(LS_INFO) << "Other TLS post connection checks failed.";
1101 ok = true;
1102 }
1103
1104 return ok;
1105}
1106
1107bool OpenSSLStreamAdapter::HaveDtls() {
1108 return true;
1109}
1110
1111bool OpenSSLStreamAdapter::HaveDtlsSrtp() {
1112#ifdef HAVE_DTLS_SRTP
1113 return true;
1114#else
1115 return false;
1116#endif
1117}
1118
1119bool OpenSSLStreamAdapter::HaveExporter() {
1120#ifdef HAVE_DTLS_SRTP
1121 return true;
1122#else
1123 return false;
1124#endif
1125}
1126
torbjorng43166b82016-03-11 00:06:47 -0800[diff] [blame^]1127#define CDEF(X) \
1128 { static_cast<uint16_t>(TLS1_CK_##X & 0xffff), "TLS_" #X }
1129
1130struct cipher_list {
1131 uint16_t cipher;
1132 const char* cipher_str;
1133};
1134
1135// TODO(torbjorng): Perhaps add more cipher suites to these lists.
1136static const cipher_list OK_RSA_ciphers[] = {
1137 CDEF(ECDHE_RSA_WITH_AES_128_CBC_SHA),
1138 CDEF(ECDHE_RSA_WITH_AES_256_CBC_SHA),
1139 CDEF(ECDHE_RSA_WITH_AES_128_GCM_SHA256),
1140#ifdef TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA256
1141 CDEF(ECDHE_RSA_WITH_AES_256_GCM_SHA256),
1142#endif
1143 CDEF(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256),
1144};
1145
1146static const cipher_list OK_ECDSA_ciphers[] = {
1147 CDEF(ECDHE_ECDSA_WITH_AES_128_CBC_SHA),
1148 CDEF(ECDHE_ECDSA_WITH_AES_256_CBC_SHA),
1149 CDEF(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
1150#ifdef TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256
1151 CDEF(ECDHE_ECDSA_WITH_AES_256_GCM_SHA256),
1152#endif
1153 CDEF(ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256),
1154};
1155#undef CDEF
1156
1157bool OpenSSLStreamAdapter::IsAcceptableCipher(int cipher, KeyType key_type) {
Torbjorn Granlundb6d4ec42015-08-17 14:08:59 +0200[diff] [blame]1158 if (key_type == KT_RSA) {
torbjorng43166b82016-03-11 00:06:47 -0800[diff] [blame^]1159 for (const cipher_list& c : OK_RSA_ciphers) {
1160 if (cipher == c.cipher)
1161 return true;
Torbjorn Granlundb6d4ec42015-08-17 14:08:59 +0200[diff] [blame]1162 }
Joachim Bauch831c5582015-05-20 12:48:41 +0200[diff] [blame]1163 }
torbjorng43166b82016-03-11 00:06:47 -0800[diff] [blame^]1164
1165 if (key_type == KT_ECDSA) {
1166 for (const cipher_list& c : OK_ECDSA_ciphers) {
1167 if (cipher == c.cipher)
1168 return true;
1169 }
1170 }
1171
1172 return false;
1173}
1174
1175bool OpenSSLStreamAdapter::IsAcceptableCipher(const std::string& cipher,
1176 KeyType key_type) {
1177 if (key_type == KT_RSA) {
1178 for (const cipher_list& c : OK_RSA_ciphers) {
1179 if (cipher == c.cipher_str)
1180 return true;
1181 }
1182 }
1183
1184 if (key_type == KT_ECDSA) {
1185 for (const cipher_list& c : OK_ECDSA_ciphers) {
1186 if (cipher == c.cipher_str)
1187 return true;
1188 }
1189 }
1190
1191 return false;
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]1192}
1193
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1194} // namespace rtc
1195
1196#endif // HAVE_OPENSSL_SSL_H