Gitiles
Code Review Sign In
gerrit.openfyde.cn / webrtc.googlesource.com / src / 5ca688b3da35ea2a8da6e915c503b12d4d814bb2 / . / webrtc / base / opensslstreamadapter.cc
blob: f3ad599f1b3a2d42beea50db6fa417edbf47de2c [file] [log] [blame]
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1/*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11#if HAVE_CONFIG_H
12#include "config.h"
13#endif // HAVE_CONFIG_H
14
15#if HAVE_OPENSSL_SSL_H
16
17#include "webrtc/base/opensslstreamadapter.h"
18
19#include <openssl/bio.h>
20#include <openssl/crypto.h>
21#include <openssl/err.h>
22#include <openssl/rand.h>
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]23#include <openssl/tls1.h>
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]24#include <openssl/x509v3.h>
25
26#include <vector>
27
28#include "webrtc/base/common.h"
29#include "webrtc/base/logging.h"
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]30#include "webrtc/base/safe_conversions.h"
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]31#include "webrtc/base/stream.h"
32#include "webrtc/base/openssl.h"
33#include "webrtc/base/openssladapter.h"
34#include "webrtc/base/openssldigest.h"
35#include "webrtc/base/opensslidentity.h"
36#include "webrtc/base/stringutils.h"
37#include "webrtc/base/thread.h"
38
39namespace rtc {
40
41#if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
42#define HAVE_DTLS_SRTP
43#endif
44
45#ifdef HAVE_DTLS_SRTP
46// SRTP cipher suite table
47struct SrtpCipherMapEntry {
48 const char* external_name;
49 const char* internal_name;
50};
51
52// This isn't elegant, but it's better than an external reference
53static SrtpCipherMapEntry SrtpCipherMap[] = {
54 {"AES_CM_128_HMAC_SHA1_80", "SRTP_AES128_CM_SHA1_80"},
55 {"AES_CM_128_HMAC_SHA1_32", "SRTP_AES128_CM_SHA1_32"},
56 {NULL, NULL}
57};
58#endif
59
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame]60#ifndef OPENSSL_IS_BORINGSSL
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]61// Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.
62struct SslCipherMapEntry {
63 uint32_t openssl_id;
64 const char* rfc_name;
65};
66
67#define DEFINE_CIPHER_ENTRY_SSL3(name) {SSL3_CK_##name, "TLS_"#name}
68#define DEFINE_CIPHER_ENTRY_TLS1(name) {TLS1_CK_##name, "TLS_"#name}
69
70// There currently is no method available to get a RFC-compliant name for a
71// cipher suite from BoringSSL, so we need to define the mapping manually here.
72// This should go away once BoringSSL supports "SSL_CIPHER_standard_name"
73// (as available in OpenSSL if compiled with tracing enabled) or a similar
74// method.
75static const SslCipherMapEntry kSslCipherMap[] = {
76 // TLS v1.0 ciphersuites from RFC2246.
77 DEFINE_CIPHER_ENTRY_SSL3(RSA_RC4_128_SHA),
78 {SSL3_CK_RSA_DES_192_CBC3_SHA,
79 "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
80
81 // AES ciphersuites from RFC3268.
82 {TLS1_CK_RSA_WITH_AES_128_SHA,
83 "TLS_RSA_WITH_AES_128_CBC_SHA"},
84 {TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
85 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
86 {TLS1_CK_RSA_WITH_AES_256_SHA,
87 "TLS_RSA_WITH_AES_256_CBC_SHA"},
88 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
89 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
90
91 // ECC ciphersuites from RFC4492.
92 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_RC4_128_SHA),
93 {TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
94 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},
95 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_CBC_SHA),
96 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_CBC_SHA),
97
98 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_RC4_128_SHA),
99 {TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
100 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},
101 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_CBC_SHA),
102 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_CBC_SHA),
103
104 // TLS v1.2 ciphersuites.
105 {TLS1_CK_RSA_WITH_AES_128_SHA256,
106 "TLS_RSA_WITH_AES_128_CBC_SHA256"},
107 {TLS1_CK_RSA_WITH_AES_256_SHA256,
108 "TLS_RSA_WITH_AES_256_CBC_SHA256"},
109 {TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
110 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
111 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
112 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
113
114 // TLS v1.2 GCM ciphersuites from RFC5288.
115 DEFINE_CIPHER_ENTRY_TLS1(RSA_WITH_AES_128_GCM_SHA256),
116 DEFINE_CIPHER_ENTRY_TLS1(RSA_WITH_AES_256_GCM_SHA384),
117 DEFINE_CIPHER_ENTRY_TLS1(DHE_RSA_WITH_AES_128_GCM_SHA256),
118 DEFINE_CIPHER_ENTRY_TLS1(DHE_RSA_WITH_AES_256_GCM_SHA384),
119 DEFINE_CIPHER_ENTRY_TLS1(DH_RSA_WITH_AES_128_GCM_SHA256),
120 DEFINE_CIPHER_ENTRY_TLS1(DH_RSA_WITH_AES_256_GCM_SHA384),
121
122 // ECDH HMAC based ciphersuites from RFC5289.
123 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
124 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},
125 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
126 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},
127 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
128 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
129 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
130 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
131
132 // ECDH GCM based ciphersuites from RFC5289.
133 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
134 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384),
135 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256),
136 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384),
137
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]138 {0, NULL}
139};
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame]140#endif // #ifndef OPENSSL_IS_BORINGSSL
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]141
142// Default cipher used between OpenSSL/BoringSSL stream adapters.
143// This needs to be updated when the default of the SSL library changes.
144static const char kDefaultSslCipher[] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
145
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]146//////////////////////////////////////////////////////////////////////
147// StreamBIO
148//////////////////////////////////////////////////////////////////////
149
150static int stream_write(BIO* h, const char* buf, int num);
151static int stream_read(BIO* h, char* buf, int size);
152static int stream_puts(BIO* h, const char* str);
153static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2);
154static int stream_new(BIO* h);
155static int stream_free(BIO* data);
156
davidben@webrtc.org36d5c3c2015-01-22 23:06:17 +0000[diff] [blame]157// TODO(davidben): This should be const once BoringSSL is assumed.
158static BIO_METHOD methods_stream = {
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]159 BIO_TYPE_BIO,
160 "stream",
161 stream_write,
162 stream_read,
163 stream_puts,
164 0,
165 stream_ctrl,
166 stream_new,
167 stream_free,
168 NULL,
169};
170
davidben@webrtc.org36d5c3c2015-01-22 23:06:17 +0000[diff] [blame]171static BIO_METHOD* BIO_s_stream() { return(&methods_stream); }
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]172
173static BIO* BIO_new_stream(StreamInterface* stream) {
174 BIO* ret = BIO_new(BIO_s_stream());
175 if (ret == NULL)
176 return NULL;
177 ret->ptr = stream;
178 return ret;
179}
180
181// bio methods return 1 (or at least non-zero) on success and 0 on failure.
182
183static int stream_new(BIO* b) {
184 b->shutdown = 0;
185 b->init = 1;
186 b->num = 0; // 1 means end-of-stream
187 b->ptr = 0;
188 return 1;
189}
190
191static int stream_free(BIO* b) {
192 if (b == NULL)
193 return 0;
194 return 1;
195}
196
197static int stream_read(BIO* b, char* out, int outl) {
198 if (!out)
199 return -1;
200 StreamInterface* stream = static_cast<StreamInterface*>(b->ptr);
201 BIO_clear_retry_flags(b);
202 size_t read;
203 int error;
204 StreamResult result = stream->Read(out, outl, &read, &error);
205 if (result == SR_SUCCESS) {
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]206 return checked_cast<int>(read);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]207 } else if (result == SR_EOS) {
208 b->num = 1;
209 } else if (result == SR_BLOCK) {
210 BIO_set_retry_read(b);
211 }
212 return -1;
213}
214
215static int stream_write(BIO* b, const char* in, int inl) {
216 if (!in)
217 return -1;
218 StreamInterface* stream = static_cast<StreamInterface*>(b->ptr);
219 BIO_clear_retry_flags(b);
220 size_t written;
221 int error;
222 StreamResult result = stream->Write(in, inl, &written, &error);
223 if (result == SR_SUCCESS) {
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]224 return checked_cast<int>(written);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]225 } else if (result == SR_BLOCK) {
226 BIO_set_retry_write(b);
227 }
228 return -1;
229}
230
231static int stream_puts(BIO* b, const char* str) {
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]232 return stream_write(b, str, checked_cast<int>(strlen(str)));
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]233}
234
235static long stream_ctrl(BIO* b, int cmd, long num, void* ptr) {
henrike@webrtc.org14abcc72014-05-16 16:54:44 +0000[diff] [blame]236 RTC_UNUSED(num);
237 RTC_UNUSED(ptr);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]238
239 switch (cmd) {
240 case BIO_CTRL_RESET:
241 return 0;
242 case BIO_CTRL_EOF:
243 return b->num;
244 case BIO_CTRL_WPENDING:
245 case BIO_CTRL_PENDING:
246 return 0;
247 case BIO_CTRL_FLUSH:
248 return 1;
249 default:
250 return 0;
251 }
252}
253
254/////////////////////////////////////////////////////////////////////////////
255// OpenSSLStreamAdapter
256/////////////////////////////////////////////////////////////////////////////
257
258OpenSSLStreamAdapter::OpenSSLStreamAdapter(StreamInterface* stream)
259 : SSLStreamAdapter(stream),
260 state_(SSL_NONE),
261 role_(SSL_CLIENT),
262 ssl_read_needs_write_(false), ssl_write_needs_read_(false),
263 ssl_(NULL), ssl_ctx_(NULL),
264 custom_verification_succeeded_(false),
265 ssl_mode_(SSL_MODE_TLS) {
266}
267
268OpenSSLStreamAdapter::~OpenSSLStreamAdapter() {
269 Cleanup();
270}
271
272void OpenSSLStreamAdapter::SetIdentity(SSLIdentity* identity) {
273 ASSERT(!identity_);
274 identity_.reset(static_cast<OpenSSLIdentity*>(identity));
275}
276
277void OpenSSLStreamAdapter::SetServerRole(SSLRole role) {
278 role_ = role;
279}
280
281bool OpenSSLStreamAdapter::GetPeerCertificate(SSLCertificate** cert) const {
282 if (!peer_certificate_)
283 return false;
284
285 *cert = peer_certificate_->GetReference();
286 return true;
287}
288
289bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string
290 &digest_alg,
291 const unsigned char*
292 digest_val,
293 size_t digest_len) {
294 ASSERT(!peer_certificate_);
295 ASSERT(peer_certificate_digest_algorithm_.size() == 0);
296 ASSERT(ssl_server_name_.empty());
297 size_t expected_len;
298
299 if (!OpenSSLDigest::GetDigestSize(digest_alg, &expected_len)) {
300 LOG(LS_WARNING) << "Unknown digest algorithm: " << digest_alg;
301 return false;
302 }
303 if (expected_len != digest_len)
304 return false;
305
306 peer_certificate_digest_value_.SetData(digest_val, digest_len);
307 peer_certificate_digest_algorithm_ = digest_alg;
308
309 return true;
310}
311
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame]312#ifndef OPENSSL_IS_BORINGSSL
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]313const char* OpenSSLStreamAdapter::GetRfcSslCipherName(
314 const SSL_CIPHER* cipher) {
315 ASSERT(cipher != NULL);
316 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name;
317 ++entry) {
318 if (cipher->id == entry->openssl_id) {
319 return entry->rfc_name;
320 }
321 }
322 return NULL;
323}
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame]324#endif
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]325
326bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) {
327 if (state_ != SSL_CONNECTED)
328 return false;
329
330 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_);
331 if (current_cipher == NULL) {
332 return false;
333 }
334
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame]335#ifdef OPENSSL_IS_BORINGSSL
336 char* cipher_name = SSL_CIPHER_get_rfc_name(current_cipher);
337#else
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]338 const char* cipher_name = GetRfcSslCipherName(current_cipher);
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame]339#endif
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]340 if (cipher_name == NULL) {
341 return false;
342 }
343
344 *cipher = cipher_name;
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame]345#ifdef OPENSSL_IS_BORINGSSL
346 OPENSSL_free(cipher_name);
347#endif
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]348 return true;
349}
350
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]351// Key Extractor interface
352bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
353 const uint8* context,
354 size_t context_len,
355 bool use_context,
356 uint8* result,
357 size_t result_len) {
358#ifdef HAVE_DTLS_SRTP
359 int i;
360
361 i = SSL_export_keying_material(ssl_, result, result_len,
362 label.c_str(), label.length(),
363 const_cast<uint8 *>(context),
364 context_len, use_context);
365
366 if (i != 1)
367 return false;
368
369 return true;
370#else
371 return false;
372#endif
373}
374
375bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers(
376 const std::vector<std::string>& ciphers) {
377#ifdef HAVE_DTLS_SRTP
378 std::string internal_ciphers;
379
380 if (state_ != SSL_NONE)
381 return false;
382
383 for (std::vector<std::string>::const_iterator cipher = ciphers.begin();
384 cipher != ciphers.end(); ++cipher) {
385 bool found = false;
386 for (SrtpCipherMapEntry *entry = SrtpCipherMap; entry->internal_name;
387 ++entry) {
388 if (*cipher == entry->external_name) {
389 found = true;
390 if (!internal_ciphers.empty())
391 internal_ciphers += ":";
392 internal_ciphers += entry->internal_name;
393 break;
394 }
395 }
396
397 if (!found) {
398 LOG(LS_ERROR) << "Could not find cipher: " << *cipher;
399 return false;
400 }
401 }
402
403 if (internal_ciphers.empty())
404 return false;
405
406 srtp_ciphers_ = internal_ciphers;
407 return true;
408#else
409 return false;
410#endif
411}
412
413bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) {
414#ifdef HAVE_DTLS_SRTP
415 ASSERT(state_ == SSL_CONNECTED);
416 if (state_ != SSL_CONNECTED)
417 return false;
418
henrike@webrtc.orgc10ecea2015-01-07 17:59:28 +0000[diff] [blame]419 const SRTP_PROTECTION_PROFILE *srtp_profile =
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]420 SSL_get_selected_srtp_profile(ssl_);
421
422 if (!srtp_profile)
423 return false;
424
425 for (SrtpCipherMapEntry *entry = SrtpCipherMap;
426 entry->internal_name; ++entry) {
427 if (!strcmp(entry->internal_name, srtp_profile->name)) {
428 *cipher = entry->external_name;
429 return true;
430 }
431 }
432
433 ASSERT(false); // This should never happen
434
435 return false;
436#else
437 return false;
438#endif
439}
440
441int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) {
442 ASSERT(server_name != NULL && server_name[0] != '\0');
443 ssl_server_name_ = server_name;
444 return StartSSL();
445}
446
447int OpenSSLStreamAdapter::StartSSLWithPeer() {
448 ASSERT(ssl_server_name_.empty());
449 // It is permitted to specify peer_certificate_ only later.
450 return StartSSL();
451}
452
453void OpenSSLStreamAdapter::SetMode(SSLMode mode) {
454 ASSERT(state_ == SSL_NONE);
455 ssl_mode_ = mode;
456}
457
458//
459// StreamInterface Implementation
460//
461
462StreamResult OpenSSLStreamAdapter::Write(const void* data, size_t data_len,
463 size_t* written, int* error) {
464 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::Write(" << data_len << ")";
465
466 switch (state_) {
467 case SSL_NONE:
468 // pass-through in clear text
469 return StreamAdapterInterface::Write(data, data_len, written, error);
470
471 case SSL_WAIT:
472 case SSL_CONNECTING:
473 return SR_BLOCK;
474
475 case SSL_CONNECTED:
476 break;
477
478 case SSL_ERROR:
479 case SSL_CLOSED:
480 default:
481 if (error)
482 *error = ssl_error_code_;
483 return SR_ERROR;
484 }
485
486 // OpenSSL will return an error if we try to write zero bytes
487 if (data_len == 0) {
488 if (written)
489 *written = 0;
490 return SR_SUCCESS;
491 }
492
493 ssl_write_needs_read_ = false;
494
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]495 int code = SSL_write(ssl_, data, checked_cast<int>(data_len));
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]496 int ssl_error = SSL_get_error(ssl_, code);
497 switch (ssl_error) {
498 case SSL_ERROR_NONE:
499 LOG(LS_VERBOSE) << " -- success";
500 ASSERT(0 < code && static_cast<unsigned>(code) <= data_len);
501 if (written)
502 *written = code;
503 return SR_SUCCESS;
504 case SSL_ERROR_WANT_READ:
505 LOG(LS_VERBOSE) << " -- error want read";
506 ssl_write_needs_read_ = true;
507 return SR_BLOCK;
508 case SSL_ERROR_WANT_WRITE:
509 LOG(LS_VERBOSE) << " -- error want write";
510 return SR_BLOCK;
511
512 case SSL_ERROR_ZERO_RETURN:
513 default:
514 Error("SSL_write", (ssl_error ? ssl_error : -1), false);
515 if (error)
516 *error = ssl_error_code_;
517 return SR_ERROR;
518 }
519 // not reached
520}
521
522StreamResult OpenSSLStreamAdapter::Read(void* data, size_t data_len,
523 size_t* read, int* error) {
524 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::Read(" << data_len << ")";
525 switch (state_) {
526 case SSL_NONE:
527 // pass-through in clear text
528 return StreamAdapterInterface::Read(data, data_len, read, error);
529
530 case SSL_WAIT:
531 case SSL_CONNECTING:
532 return SR_BLOCK;
533
534 case SSL_CONNECTED:
535 break;
536
537 case SSL_CLOSED:
538 return SR_EOS;
539
540 case SSL_ERROR:
541 default:
542 if (error)
543 *error = ssl_error_code_;
544 return SR_ERROR;
545 }
546
547 // Don't trust OpenSSL with zero byte reads
548 if (data_len == 0) {
549 if (read)
550 *read = 0;
551 return SR_SUCCESS;
552 }
553
554 ssl_read_needs_write_ = false;
555
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]556 int code = SSL_read(ssl_, data, checked_cast<int>(data_len));
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]557 int ssl_error = SSL_get_error(ssl_, code);
558 switch (ssl_error) {
559 case SSL_ERROR_NONE:
560 LOG(LS_VERBOSE) << " -- success";
561 ASSERT(0 < code && static_cast<unsigned>(code) <= data_len);
562 if (read)
563 *read = code;
564
565 if (ssl_mode_ == SSL_MODE_DTLS) {
566 // Enforce atomic reads -- this is a short read
567 unsigned int pending = SSL_pending(ssl_);
568
569 if (pending) {
570 LOG(LS_INFO) << " -- short DTLS read. flushing";
571 FlushInput(pending);
572 if (error)
573 *error = SSE_MSG_TRUNC;
574 return SR_ERROR;
575 }
576 }
577 return SR_SUCCESS;
578 case SSL_ERROR_WANT_READ:
579 LOG(LS_VERBOSE) << " -- error want read";
580 return SR_BLOCK;
581 case SSL_ERROR_WANT_WRITE:
582 LOG(LS_VERBOSE) << " -- error want write";
583 ssl_read_needs_write_ = true;
584 return SR_BLOCK;
585 case SSL_ERROR_ZERO_RETURN:
586 LOG(LS_VERBOSE) << " -- remote side closed";
587 return SR_EOS;
588 break;
589 default:
590 LOG(LS_VERBOSE) << " -- error " << code;
591 Error("SSL_read", (ssl_error ? ssl_error : -1), false);
592 if (error)
593 *error = ssl_error_code_;
594 return SR_ERROR;
595 }
596 // not reached
597}
598
599void OpenSSLStreamAdapter::FlushInput(unsigned int left) {
600 unsigned char buf[2048];
601
602 while (left) {
603 // This should always succeed
604 int toread = (sizeof(buf) < left) ? sizeof(buf) : left;
605 int code = SSL_read(ssl_, buf, toread);
606
607 int ssl_error = SSL_get_error(ssl_, code);
608 ASSERT(ssl_error == SSL_ERROR_NONE);
609
610 if (ssl_error != SSL_ERROR_NONE) {
611 LOG(LS_VERBOSE) << " -- error " << code;
612 Error("SSL_read", (ssl_error ? ssl_error : -1), false);
613 return;
614 }
615
616 LOG(LS_VERBOSE) << " -- flushed " << code << " bytes";
617 left -= code;
618 }
619}
620
621void OpenSSLStreamAdapter::Close() {
622 Cleanup();
623 ASSERT(state_ == SSL_CLOSED || state_ == SSL_ERROR);
624 StreamAdapterInterface::Close();
625}
626
627StreamState OpenSSLStreamAdapter::GetState() const {
628 switch (state_) {
629 case SSL_WAIT:
630 case SSL_CONNECTING:
631 return SS_OPENING;
632 case SSL_CONNECTED:
633 return SS_OPEN;
634 default:
635 return SS_CLOSED;
636 };
637 // not reached
638}
639
640void OpenSSLStreamAdapter::OnEvent(StreamInterface* stream, int events,
641 int err) {
642 int events_to_signal = 0;
643 int signal_error = 0;
644 ASSERT(stream == this->stream());
645 if ((events & SE_OPEN)) {
646 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent SE_OPEN";
647 if (state_ != SSL_WAIT) {
648 ASSERT(state_ == SSL_NONE);
649 events_to_signal |= SE_OPEN;
650 } else {
651 state_ = SSL_CONNECTING;
652 if (int err = BeginSSL()) {
653 Error("BeginSSL", err, true);
654 return;
655 }
656 }
657 }
658 if ((events & (SE_READ|SE_WRITE))) {
659 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent"
660 << ((events & SE_READ) ? " SE_READ" : "")
661 << ((events & SE_WRITE) ? " SE_WRITE" : "");
662 if (state_ == SSL_NONE) {
663 events_to_signal |= events & (SE_READ|SE_WRITE);
664 } else if (state_ == SSL_CONNECTING) {
665 if (int err = ContinueSSL()) {
666 Error("ContinueSSL", err, true);
667 return;
668 }
669 } else if (state_ == SSL_CONNECTED) {
670 if (((events & SE_READ) && ssl_write_needs_read_) ||
671 (events & SE_WRITE)) {
672 LOG(LS_VERBOSE) << " -- onStreamWriteable";
673 events_to_signal |= SE_WRITE;
674 }
675 if (((events & SE_WRITE) && ssl_read_needs_write_) ||
676 (events & SE_READ)) {
677 LOG(LS_VERBOSE) << " -- onStreamReadable";
678 events_to_signal |= SE_READ;
679 }
680 }
681 }
682 if ((events & SE_CLOSE)) {
683 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent(SE_CLOSE, " << err << ")";
684 Cleanup();
685 events_to_signal |= SE_CLOSE;
686 // SE_CLOSE is the only event that uses the final parameter to OnEvent().
687 ASSERT(signal_error == 0);
688 signal_error = err;
689 }
690 if (events_to_signal)
691 StreamAdapterInterface::OnEvent(stream, events_to_signal, signal_error);
692}
693
694int OpenSSLStreamAdapter::StartSSL() {
695 ASSERT(state_ == SSL_NONE);
696
697 if (StreamAdapterInterface::GetState() != SS_OPEN) {
698 state_ = SSL_WAIT;
699 return 0;
700 }
701
702 state_ = SSL_CONNECTING;
703 if (int err = BeginSSL()) {
704 Error("BeginSSL", err, false);
705 return err;
706 }
707
708 return 0;
709}
710
711int OpenSSLStreamAdapter::BeginSSL() {
712 ASSERT(state_ == SSL_CONNECTING);
713 // The underlying stream has open. If we are in peer-to-peer mode
714 // then a peer certificate must have been specified by now.
715 ASSERT(!ssl_server_name_.empty() ||
716 !peer_certificate_digest_algorithm_.empty());
717 LOG(LS_INFO) << "BeginSSL: "
718 << (!ssl_server_name_.empty() ? ssl_server_name_ :
719 "with peer");
720
721 BIO* bio = NULL;
722
723 // First set up the context
724 ASSERT(ssl_ctx_ == NULL);
725 ssl_ctx_ = SetupSSLContext();
726 if (!ssl_ctx_)
727 return -1;
728
729 bio = BIO_new_stream(static_cast<StreamInterface*>(stream()));
730 if (!bio)
731 return -1;
732
733 ssl_ = SSL_new(ssl_ctx_);
734 if (!ssl_) {
735 BIO_free(bio);
736 return -1;
737 }
738
739 SSL_set_app_data(ssl_, this);
740
741 SSL_set_bio(ssl_, bio, bio); // the SSL object owns the bio now.
Joachim Bauch5ca688b2015-05-20 10:40:15 +0200[diff] [blame^]742 if (ssl_mode_ == SSL_MODE_DTLS) {
743 // Enable read-ahead for DTLS so whole packets are read from internal BIO
744 // before parsing.
745 // TODO(jbauch): Remove for BoringSSL when this is handled internally.
746 SSL_set_read_ahead(ssl_, 1);
747 }
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]748
749 SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE |
750 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
751
jiayl@webrtc.org11c6bde2014-08-28 16:14:38 +0000[diff] [blame]752 // Specify an ECDH group for ECDHE ciphers, otherwise they cannot be
753 // negotiated when acting as the server. Use NIST's P-256 which is commonly
754 // supported.
755 EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
756 if (ecdh == NULL)
757 return -1;
758 SSL_set_options(ssl_, SSL_OP_SINGLE_ECDH_USE);
759 SSL_set_tmp_ecdh(ssl_, ecdh);
760 EC_KEY_free(ecdh);
761
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]762 // Do the connect
763 return ContinueSSL();
764}
765
766int OpenSSLStreamAdapter::ContinueSSL() {
767 LOG(LS_VERBOSE) << "ContinueSSL";
768 ASSERT(state_ == SSL_CONNECTING);
769
770 // Clear the DTLS timer
771 Thread::Current()->Clear(this, MSG_TIMEOUT);
772
773 int code = (role_ == SSL_CLIENT) ? SSL_connect(ssl_) : SSL_accept(ssl_);
774 int ssl_error;
775 switch (ssl_error = SSL_get_error(ssl_, code)) {
776 case SSL_ERROR_NONE:
777 LOG(LS_VERBOSE) << " -- success";
778
779 if (!SSLPostConnectionCheck(ssl_, ssl_server_name_.c_str(), NULL,
780 peer_certificate_digest_algorithm_)) {
781 LOG(LS_ERROR) << "TLS post connection check failed";
782 return -1;
783 }
784
785 state_ = SSL_CONNECTED;
786 StreamAdapterInterface::OnEvent(stream(), SE_OPEN|SE_READ|SE_WRITE, 0);
787 break;
788
789 case SSL_ERROR_WANT_READ: {
790 LOG(LS_VERBOSE) << " -- error want read";
791 struct timeval timeout;
792 if (DTLSv1_get_timeout(ssl_, &timeout)) {
793 int delay = timeout.tv_sec * 1000 + timeout.tv_usec/1000;
794
795 Thread::Current()->PostDelayed(delay, this, MSG_TIMEOUT, 0);
796 }
797 }
798 break;
799
800 case SSL_ERROR_WANT_WRITE:
801 LOG(LS_VERBOSE) << " -- error want write";
802 break;
803
804 case SSL_ERROR_ZERO_RETURN:
805 default:
806 LOG(LS_VERBOSE) << " -- error " << code;
807 return (ssl_error != 0) ? ssl_error : -1;
808 }
809
810 return 0;
811}
812
813void OpenSSLStreamAdapter::Error(const char* context, int err, bool signal) {
814 LOG(LS_WARNING) << "OpenSSLStreamAdapter::Error("
815 << context << ", " << err << ")";
816 state_ = SSL_ERROR;
817 ssl_error_code_ = err;
818 Cleanup();
819 if (signal)
820 StreamAdapterInterface::OnEvent(stream(), SE_CLOSE, err);
821}
822
823void OpenSSLStreamAdapter::Cleanup() {
824 LOG(LS_INFO) << "Cleanup";
825
826 if (state_ != SSL_ERROR) {
827 state_ = SSL_CLOSED;
828 ssl_error_code_ = 0;
829 }
830
831 if (ssl_) {
jiayl@webrtc.orgf1d751c2014-09-25 16:38:46 +0000[diff] [blame]832 int ret = SSL_shutdown(ssl_);
833 if (ret < 0) {
834 LOG(LS_WARNING) << "SSL_shutdown failed, error = "
835 << SSL_get_error(ssl_, ret);
836 }
837
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]838 SSL_free(ssl_);
839 ssl_ = NULL;
840 }
841 if (ssl_ctx_) {
842 SSL_CTX_free(ssl_ctx_);
843 ssl_ctx_ = NULL;
844 }
845 identity_.reset();
846 peer_certificate_.reset();
847
848 // Clear the DTLS timer
849 Thread::Current()->Clear(this, MSG_TIMEOUT);
850}
851
852
853void OpenSSLStreamAdapter::OnMessage(Message* msg) {
854 // Process our own messages and then pass others to the superclass
855 if (MSG_TIMEOUT == msg->message_id) {
856 LOG(LS_INFO) << "DTLS timeout expired";
857 DTLSv1_handle_timeout(ssl_);
858 ContinueSSL();
859 } else {
860 StreamInterface::OnMessage(msg);
861 }
862}
863
864SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
865 SSL_CTX *ctx = NULL;
866
867 if (role_ == SSL_CLIENT) {
868 ctx = SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ?
869 DTLSv1_client_method() : TLSv1_client_method());
870 } else {
871 ctx = SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ?
872 DTLSv1_server_method() : TLSv1_server_method());
873 }
874 if (ctx == NULL)
875 return NULL;
876
877 if (identity_ && !identity_->ConfigureIdentity(ctx)) {
878 SSL_CTX_free(ctx);
879 return NULL;
880 }
881
882#ifdef _DEBUG
883 SSL_CTX_set_info_callback(ctx, OpenSSLAdapter::SSLInfoCallback);
884#endif
885
tkchin@webrtc.orgc569a492014-09-23 05:56:44 +0000[diff] [blame]886 int mode = SSL_VERIFY_PEER;
887 if (client_auth_enabled()) {
888 // Require a certificate from the client.
889 // Note: Normally this is always true in production, but it may be disabled
890 // for testing purposes (e.g. SSLAdapter unit tests).
891 mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
892 }
893
894 SSL_CTX_set_verify(ctx, mode, SSLVerifyCallback);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]895 SSL_CTX_set_verify_depth(ctx, 4);
896 SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
897
898#ifdef HAVE_DTLS_SRTP
899 if (!srtp_ciphers_.empty()) {
900 if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {
901 SSL_CTX_free(ctx);
902 return NULL;
903 }
904 }
905#endif
906
907 return ctx;
908}
909
910int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
911 // Get our SSL structure from the store
912 SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(
913 store,
914 SSL_get_ex_data_X509_STORE_CTX_idx()));
915 OpenSSLStreamAdapter* stream =
916 reinterpret_cast<OpenSSLStreamAdapter*>(SSL_get_app_data(ssl));
917
918 if (stream->peer_certificate_digest_algorithm_.empty()) {
919 return 0;
920 }
921 X509* cert = X509_STORE_CTX_get_current_cert(store);
henrike@webrtc.org4e5f65a2014-06-05 20:40:11 +0000[diff] [blame]922 int depth = X509_STORE_CTX_get_error_depth(store);
923
924 // For now We ignore the parent certificates and verify the leaf against
925 // the digest.
926 //
927 // TODO(jiayl): Verify the chain is a proper chain and report the chain to
928 // |stream->peer_certificate_|, like what NSS does.
929 if (depth > 0) {
930 LOG(LS_INFO) << "Ignored chained certificate at depth " << depth;
931 return 1;
932 }
933
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]934 unsigned char digest[EVP_MAX_MD_SIZE];
935 size_t digest_length;
936 if (!OpenSSLCertificate::ComputeDigest(
937 cert,
938 stream->peer_certificate_digest_algorithm_,
939 digest, sizeof(digest),
940 &digest_length)) {
941 LOG(LS_WARNING) << "Failed to compute peer cert digest.";
942 return 0;
943 }
henrike@webrtc.org4e5f65a2014-06-05 20:40:11 +0000[diff] [blame]944
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]945 Buffer computed_digest(digest, digest_length);
946 if (computed_digest != stream->peer_certificate_digest_value_) {
947 LOG(LS_WARNING) << "Rejected peer certificate due to mismatched digest.";
948 return 0;
949 }
950 // Ignore any verification error if the digest matches, since there is no
951 // value in checking the validity of a self-signed cert issued by untrusted
952 // sources.
953 LOG(LS_INFO) << "Accepted peer certificate.";
henrike@webrtc.org4e5f65a2014-06-05 20:40:11 +0000[diff] [blame]954
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]955 // Record the peer's certificate.
956 stream->peer_certificate_.reset(new OpenSSLCertificate(cert));
957 return 1;
958}
959
960// This code is taken from the "Network Security with OpenSSL"
961// sample in chapter 5
962bool OpenSSLStreamAdapter::SSLPostConnectionCheck(SSL* ssl,
963 const char* server_name,
964 const X509* peer_cert,
965 const std::string
966 &peer_digest) {
967 ASSERT(server_name != NULL);
968 bool ok;
969 if (server_name[0] != '\0') { // traditional mode
970 ok = OpenSSLAdapter::VerifyServerName(ssl, server_name, ignore_bad_cert());
971
972 if (ok) {
973 ok = (SSL_get_verify_result(ssl) == X509_V_OK ||
974 custom_verification_succeeded_);
975 }
976 } else { // peer-to-peer mode
977 ASSERT((peer_cert != NULL) || (!peer_digest.empty()));
978 // no server name validation
979 ok = true;
980 }
981
982 if (!ok && ignore_bad_cert()) {
983 LOG(LS_ERROR) << "SSL_get_verify_result(ssl) = "
984 << SSL_get_verify_result(ssl);
985 LOG(LS_INFO) << "Other TLS post connection checks failed.";
986 ok = true;
987 }
988
989 return ok;
990}
991
992bool OpenSSLStreamAdapter::HaveDtls() {
993 return true;
994}
995
996bool OpenSSLStreamAdapter::HaveDtlsSrtp() {
997#ifdef HAVE_DTLS_SRTP
998 return true;
999#else
1000 return false;
1001#endif
1002}
1003
1004bool OpenSSLStreamAdapter::HaveExporter() {
1005#ifdef HAVE_DTLS_SRTP
1006 return true;
1007#else
1008 return false;
1009#endif
1010}
1011
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]1012std::string OpenSSLStreamAdapter::GetDefaultSslCipher() {
1013 return kDefaultSslCipher;
1014}
1015
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1016} // namespace rtc
1017
1018#endif // HAVE_OPENSSL_SSL_H