Gitiles
Code Review Sign In
gerrit.openfyde.cn / webrtc.googlesource.com / src / f7bb6e723bea160b11060c16d8a57f97eb57bb90 / . / webrtc / base / opensslstreamadapter.cc
blob: 619f3e1ea4954321446eeb0814c7c5cce35d51cd [file] [log] [blame]
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1/*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11#if HAVE_CONFIG_H
12#include "config.h"
13#endif // HAVE_CONFIG_H
14
15#if HAVE_OPENSSL_SSL_H
16
17#include "webrtc/base/opensslstreamadapter.h"
18
19#include <openssl/bio.h>
20#include <openssl/crypto.h>
21#include <openssl/err.h>
22#include <openssl/rand.h>
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]23#include <openssl/tls1.h>
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]24#include <openssl/x509v3.h>
25
26#include <vector>
27
28#include "webrtc/base/common.h"
29#include "webrtc/base/logging.h"
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]30#include "webrtc/base/safe_conversions.h"
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]31#include "webrtc/base/stream.h"
32#include "webrtc/base/openssl.h"
33#include "webrtc/base/openssladapter.h"
34#include "webrtc/base/openssldigest.h"
35#include "webrtc/base/opensslidentity.h"
36#include "webrtc/base/stringutils.h"
37#include "webrtc/base/thread.h"
38
39namespace rtc {
40
41#if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
42#define HAVE_DTLS_SRTP
43#endif
44
45#ifdef HAVE_DTLS_SRTP
46// SRTP cipher suite table
47struct SrtpCipherMapEntry {
48 const char* external_name;
49 const char* internal_name;
50};
51
52// This isn't elegant, but it's better than an external reference
53static SrtpCipherMapEntry SrtpCipherMap[] = {
54 {"AES_CM_128_HMAC_SHA1_80", "SRTP_AES128_CM_SHA1_80"},
55 {"AES_CM_128_HMAC_SHA1_32", "SRTP_AES128_CM_SHA1_32"},
56 {NULL, NULL}
57};
58#endif
59
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame^]60#ifndef OPENSSL_IS_BORINGSSL
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]61// Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.
62struct SslCipherMapEntry {
63 uint32_t openssl_id;
64 const char* rfc_name;
65};
66
67#define DEFINE_CIPHER_ENTRY_SSL3(name) {SSL3_CK_##name, "TLS_"#name}
68#define DEFINE_CIPHER_ENTRY_TLS1(name) {TLS1_CK_##name, "TLS_"#name}
69
70// There currently is no method available to get a RFC-compliant name for a
71// cipher suite from BoringSSL, so we need to define the mapping manually here.
72// This should go away once BoringSSL supports "SSL_CIPHER_standard_name"
73// (as available in OpenSSL if compiled with tracing enabled) or a similar
74// method.
75static const SslCipherMapEntry kSslCipherMap[] = {
76 // TLS v1.0 ciphersuites from RFC2246.
77 DEFINE_CIPHER_ENTRY_SSL3(RSA_RC4_128_SHA),
78 {SSL3_CK_RSA_DES_192_CBC3_SHA,
79 "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
80
81 // AES ciphersuites from RFC3268.
82 {TLS1_CK_RSA_WITH_AES_128_SHA,
83 "TLS_RSA_WITH_AES_128_CBC_SHA"},
84 {TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
85 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
86 {TLS1_CK_RSA_WITH_AES_256_SHA,
87 "TLS_RSA_WITH_AES_256_CBC_SHA"},
88 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
89 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
90
91 // ECC ciphersuites from RFC4492.
92 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_RC4_128_SHA),
93 {TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
94 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},
95 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_CBC_SHA),
96 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_CBC_SHA),
97
98 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_RC4_128_SHA),
99 {TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
100 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},
101 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_CBC_SHA),
102 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_CBC_SHA),
103
104 // TLS v1.2 ciphersuites.
105 {TLS1_CK_RSA_WITH_AES_128_SHA256,
106 "TLS_RSA_WITH_AES_128_CBC_SHA256"},
107 {TLS1_CK_RSA_WITH_AES_256_SHA256,
108 "TLS_RSA_WITH_AES_256_CBC_SHA256"},
109 {TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
110 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
111 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
112 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
113
114 // TLS v1.2 GCM ciphersuites from RFC5288.
115 DEFINE_CIPHER_ENTRY_TLS1(RSA_WITH_AES_128_GCM_SHA256),
116 DEFINE_CIPHER_ENTRY_TLS1(RSA_WITH_AES_256_GCM_SHA384),
117 DEFINE_CIPHER_ENTRY_TLS1(DHE_RSA_WITH_AES_128_GCM_SHA256),
118 DEFINE_CIPHER_ENTRY_TLS1(DHE_RSA_WITH_AES_256_GCM_SHA384),
119 DEFINE_CIPHER_ENTRY_TLS1(DH_RSA_WITH_AES_128_GCM_SHA256),
120 DEFINE_CIPHER_ENTRY_TLS1(DH_RSA_WITH_AES_256_GCM_SHA384),
121
122 // ECDH HMAC based ciphersuites from RFC5289.
123 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
124 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},
125 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
126 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},
127 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
128 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
129 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
130 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
131
132 // ECDH GCM based ciphersuites from RFC5289.
133 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
134 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384),
135 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256),
136 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384),
137
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]138 {0, NULL}
139};
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame^]140#endif // #ifndef OPENSSL_IS_BORINGSSL
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]141
142// Default cipher used between OpenSSL/BoringSSL stream adapters.
143// This needs to be updated when the default of the SSL library changes.
144static const char kDefaultSslCipher[] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
145
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]146//////////////////////////////////////////////////////////////////////
147// StreamBIO
148//////////////////////////////////////////////////////////////////////
149
150static int stream_write(BIO* h, const char* buf, int num);
151static int stream_read(BIO* h, char* buf, int size);
152static int stream_puts(BIO* h, const char* str);
153static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2);
154static int stream_new(BIO* h);
155static int stream_free(BIO* data);
156
davidben@webrtc.org36d5c3c2015-01-22 23:06:17 +0000[diff] [blame]157// TODO(davidben): This should be const once BoringSSL is assumed.
158static BIO_METHOD methods_stream = {
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]159 BIO_TYPE_BIO,
160 "stream",
161 stream_write,
162 stream_read,
163 stream_puts,
164 0,
165 stream_ctrl,
166 stream_new,
167 stream_free,
168 NULL,
169};
170
davidben@webrtc.org36d5c3c2015-01-22 23:06:17 +0000[diff] [blame]171static BIO_METHOD* BIO_s_stream() { return(&methods_stream); }
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]172
173static BIO* BIO_new_stream(StreamInterface* stream) {
174 BIO* ret = BIO_new(BIO_s_stream());
175 if (ret == NULL)
176 return NULL;
177 ret->ptr = stream;
178 return ret;
179}
180
181// bio methods return 1 (or at least non-zero) on success and 0 on failure.
182
183static int stream_new(BIO* b) {
184 b->shutdown = 0;
185 b->init = 1;
186 b->num = 0; // 1 means end-of-stream
187 b->ptr = 0;
188 return 1;
189}
190
191static int stream_free(BIO* b) {
192 if (b == NULL)
193 return 0;
194 return 1;
195}
196
197static int stream_read(BIO* b, char* out, int outl) {
198 if (!out)
199 return -1;
200 StreamInterface* stream = static_cast<StreamInterface*>(b->ptr);
201 BIO_clear_retry_flags(b);
202 size_t read;
203 int error;
204 StreamResult result = stream->Read(out, outl, &read, &error);
205 if (result == SR_SUCCESS) {
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]206 return checked_cast<int>(read);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]207 } else if (result == SR_EOS) {
208 b->num = 1;
209 } else if (result == SR_BLOCK) {
210 BIO_set_retry_read(b);
211 }
212 return -1;
213}
214
215static int stream_write(BIO* b, const char* in, int inl) {
216 if (!in)
217 return -1;
218 StreamInterface* stream = static_cast<StreamInterface*>(b->ptr);
219 BIO_clear_retry_flags(b);
220 size_t written;
221 int error;
222 StreamResult result = stream->Write(in, inl, &written, &error);
223 if (result == SR_SUCCESS) {
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]224 return checked_cast<int>(written);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]225 } else if (result == SR_BLOCK) {
226 BIO_set_retry_write(b);
227 }
228 return -1;
229}
230
231static int stream_puts(BIO* b, const char* str) {
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]232 return stream_write(b, str, checked_cast<int>(strlen(str)));
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]233}
234
235static long stream_ctrl(BIO* b, int cmd, long num, void* ptr) {
henrike@webrtc.org14abcc72014-05-16 16:54:44 +0000[diff] [blame]236 RTC_UNUSED(num);
237 RTC_UNUSED(ptr);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]238
239 switch (cmd) {
240 case BIO_CTRL_RESET:
241 return 0;
242 case BIO_CTRL_EOF:
243 return b->num;
244 case BIO_CTRL_WPENDING:
245 case BIO_CTRL_PENDING:
246 return 0;
247 case BIO_CTRL_FLUSH:
248 return 1;
249 default:
250 return 0;
251 }
252}
253
254/////////////////////////////////////////////////////////////////////////////
255// OpenSSLStreamAdapter
256/////////////////////////////////////////////////////////////////////////////
257
258OpenSSLStreamAdapter::OpenSSLStreamAdapter(StreamInterface* stream)
259 : SSLStreamAdapter(stream),
260 state_(SSL_NONE),
261 role_(SSL_CLIENT),
262 ssl_read_needs_write_(false), ssl_write_needs_read_(false),
263 ssl_(NULL), ssl_ctx_(NULL),
264 custom_verification_succeeded_(false),
265 ssl_mode_(SSL_MODE_TLS) {
266}
267
268OpenSSLStreamAdapter::~OpenSSLStreamAdapter() {
269 Cleanup();
270}
271
272void OpenSSLStreamAdapter::SetIdentity(SSLIdentity* identity) {
273 ASSERT(!identity_);
274 identity_.reset(static_cast<OpenSSLIdentity*>(identity));
275}
276
277void OpenSSLStreamAdapter::SetServerRole(SSLRole role) {
278 role_ = role;
279}
280
281bool OpenSSLStreamAdapter::GetPeerCertificate(SSLCertificate** cert) const {
282 if (!peer_certificate_)
283 return false;
284
285 *cert = peer_certificate_->GetReference();
286 return true;
287}
288
289bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string
290 &digest_alg,
291 const unsigned char*
292 digest_val,
293 size_t digest_len) {
294 ASSERT(!peer_certificate_);
295 ASSERT(peer_certificate_digest_algorithm_.size() == 0);
296 ASSERT(ssl_server_name_.empty());
297 size_t expected_len;
298
299 if (!OpenSSLDigest::GetDigestSize(digest_alg, &expected_len)) {
300 LOG(LS_WARNING) << "Unknown digest algorithm: " << digest_alg;
301 return false;
302 }
303 if (expected_len != digest_len)
304 return false;
305
306 peer_certificate_digest_value_.SetData(digest_val, digest_len);
307 peer_certificate_digest_algorithm_ = digest_alg;
308
309 return true;
310}
311
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame^]312#ifndef OPENSSL_IS_BORINGSSL
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]313const char* OpenSSLStreamAdapter::GetRfcSslCipherName(
314 const SSL_CIPHER* cipher) {
315 ASSERT(cipher != NULL);
316 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name;
317 ++entry) {
318 if (cipher->id == entry->openssl_id) {
319 return entry->rfc_name;
320 }
321 }
322 return NULL;
323}
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame^]324#endif
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]325
326bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) {
327 if (state_ != SSL_CONNECTED)
328 return false;
329
330 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_);
331 if (current_cipher == NULL) {
332 return false;
333 }
334
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame^]335#ifdef OPENSSL_IS_BORINGSSL
336 char* cipher_name = SSL_CIPHER_get_rfc_name(current_cipher);
337#else
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]338 const char* cipher_name = GetRfcSslCipherName(current_cipher);
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame^]339#endif
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]340 if (cipher_name == NULL) {
341 return false;
342 }
343
344 *cipher = cipher_name;
pthatcher@webrtc.orgf7bb6e72015-02-28 01:41:07 +0000[diff] [blame^]345#ifdef OPENSSL_IS_BORINGSSL
346 OPENSSL_free(cipher_name);
347#endif
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]348 return true;
349}
350
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]351// Key Extractor interface
352bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
353 const uint8* context,
354 size_t context_len,
355 bool use_context,
356 uint8* result,
357 size_t result_len) {
358#ifdef HAVE_DTLS_SRTP
359 int i;
360
361 i = SSL_export_keying_material(ssl_, result, result_len,
362 label.c_str(), label.length(),
363 const_cast<uint8 *>(context),
364 context_len, use_context);
365
366 if (i != 1)
367 return false;
368
369 return true;
370#else
371 return false;
372#endif
373}
374
375bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers(
376 const std::vector<std::string>& ciphers) {
377#ifdef HAVE_DTLS_SRTP
378 std::string internal_ciphers;
379
380 if (state_ != SSL_NONE)
381 return false;
382
383 for (std::vector<std::string>::const_iterator cipher = ciphers.begin();
384 cipher != ciphers.end(); ++cipher) {
385 bool found = false;
386 for (SrtpCipherMapEntry *entry = SrtpCipherMap; entry->internal_name;
387 ++entry) {
388 if (*cipher == entry->external_name) {
389 found = true;
390 if (!internal_ciphers.empty())
391 internal_ciphers += ":";
392 internal_ciphers += entry->internal_name;
393 break;
394 }
395 }
396
397 if (!found) {
398 LOG(LS_ERROR) << "Could not find cipher: " << *cipher;
399 return false;
400 }
401 }
402
403 if (internal_ciphers.empty())
404 return false;
405
406 srtp_ciphers_ = internal_ciphers;
407 return true;
408#else
409 return false;
410#endif
411}
412
413bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) {
414#ifdef HAVE_DTLS_SRTP
415 ASSERT(state_ == SSL_CONNECTED);
416 if (state_ != SSL_CONNECTED)
417 return false;
418
henrike@webrtc.orgc10ecea2015-01-07 17:59:28 +0000[diff] [blame]419 const SRTP_PROTECTION_PROFILE *srtp_profile =
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]420 SSL_get_selected_srtp_profile(ssl_);
421
422 if (!srtp_profile)
423 return false;
424
425 for (SrtpCipherMapEntry *entry = SrtpCipherMap;
426 entry->internal_name; ++entry) {
427 if (!strcmp(entry->internal_name, srtp_profile->name)) {
428 *cipher = entry->external_name;
429 return true;
430 }
431 }
432
433 ASSERT(false); // This should never happen
434
435 return false;
436#else
437 return false;
438#endif
439}
440
441int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) {
442 ASSERT(server_name != NULL && server_name[0] != '\0');
443 ssl_server_name_ = server_name;
444 return StartSSL();
445}
446
447int OpenSSLStreamAdapter::StartSSLWithPeer() {
448 ASSERT(ssl_server_name_.empty());
449 // It is permitted to specify peer_certificate_ only later.
450 return StartSSL();
451}
452
453void OpenSSLStreamAdapter::SetMode(SSLMode mode) {
454 ASSERT(state_ == SSL_NONE);
455 ssl_mode_ = mode;
456}
457
458//
459// StreamInterface Implementation
460//
461
462StreamResult OpenSSLStreamAdapter::Write(const void* data, size_t data_len,
463 size_t* written, int* error) {
464 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::Write(" << data_len << ")";
465
466 switch (state_) {
467 case SSL_NONE:
468 // pass-through in clear text
469 return StreamAdapterInterface::Write(data, data_len, written, error);
470
471 case SSL_WAIT:
472 case SSL_CONNECTING:
473 return SR_BLOCK;
474
475 case SSL_CONNECTED:
476 break;
477
478 case SSL_ERROR:
479 case SSL_CLOSED:
480 default:
481 if (error)
482 *error = ssl_error_code_;
483 return SR_ERROR;
484 }
485
486 // OpenSSL will return an error if we try to write zero bytes
487 if (data_len == 0) {
488 if (written)
489 *written = 0;
490 return SR_SUCCESS;
491 }
492
493 ssl_write_needs_read_ = false;
494
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]495 int code = SSL_write(ssl_, data, checked_cast<int>(data_len));
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]496 int ssl_error = SSL_get_error(ssl_, code);
497 switch (ssl_error) {
498 case SSL_ERROR_NONE:
499 LOG(LS_VERBOSE) << " -- success";
500 ASSERT(0 < code && static_cast<unsigned>(code) <= data_len);
501 if (written)
502 *written = code;
503 return SR_SUCCESS;
504 case SSL_ERROR_WANT_READ:
505 LOG(LS_VERBOSE) << " -- error want read";
506 ssl_write_needs_read_ = true;
507 return SR_BLOCK;
508 case SSL_ERROR_WANT_WRITE:
509 LOG(LS_VERBOSE) << " -- error want write";
510 return SR_BLOCK;
511
512 case SSL_ERROR_ZERO_RETURN:
513 default:
514 Error("SSL_write", (ssl_error ? ssl_error : -1), false);
515 if (error)
516 *error = ssl_error_code_;
517 return SR_ERROR;
518 }
519 // not reached
520}
521
522StreamResult OpenSSLStreamAdapter::Read(void* data, size_t data_len,
523 size_t* read, int* error) {
524 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::Read(" << data_len << ")";
525 switch (state_) {
526 case SSL_NONE:
527 // pass-through in clear text
528 return StreamAdapterInterface::Read(data, data_len, read, error);
529
530 case SSL_WAIT:
531 case SSL_CONNECTING:
532 return SR_BLOCK;
533
534 case SSL_CONNECTED:
535 break;
536
537 case SSL_CLOSED:
538 return SR_EOS;
539
540 case SSL_ERROR:
541 default:
542 if (error)
543 *error = ssl_error_code_;
544 return SR_ERROR;
545 }
546
547 // Don't trust OpenSSL with zero byte reads
548 if (data_len == 0) {
549 if (read)
550 *read = 0;
551 return SR_SUCCESS;
552 }
553
554 ssl_read_needs_write_ = false;
555
henrike@webrtc.orgd89b69a2014-11-06 17:23:09 +0000[diff] [blame]556 int code = SSL_read(ssl_, data, checked_cast<int>(data_len));
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]557 int ssl_error = SSL_get_error(ssl_, code);
558 switch (ssl_error) {
559 case SSL_ERROR_NONE:
560 LOG(LS_VERBOSE) << " -- success";
561 ASSERT(0 < code && static_cast<unsigned>(code) <= data_len);
562 if (read)
563 *read = code;
564
565 if (ssl_mode_ == SSL_MODE_DTLS) {
566 // Enforce atomic reads -- this is a short read
567 unsigned int pending = SSL_pending(ssl_);
568
569 if (pending) {
570 LOG(LS_INFO) << " -- short DTLS read. flushing";
571 FlushInput(pending);
572 if (error)
573 *error = SSE_MSG_TRUNC;
574 return SR_ERROR;
575 }
576 }
577 return SR_SUCCESS;
578 case SSL_ERROR_WANT_READ:
579 LOG(LS_VERBOSE) << " -- error want read";
580 return SR_BLOCK;
581 case SSL_ERROR_WANT_WRITE:
582 LOG(LS_VERBOSE) << " -- error want write";
583 ssl_read_needs_write_ = true;
584 return SR_BLOCK;
585 case SSL_ERROR_ZERO_RETURN:
586 LOG(LS_VERBOSE) << " -- remote side closed";
587 return SR_EOS;
588 break;
589 default:
590 LOG(LS_VERBOSE) << " -- error " << code;
591 Error("SSL_read", (ssl_error ? ssl_error : -1), false);
592 if (error)
593 *error = ssl_error_code_;
594 return SR_ERROR;
595 }
596 // not reached
597}
598
599void OpenSSLStreamAdapter::FlushInput(unsigned int left) {
600 unsigned char buf[2048];
601
602 while (left) {
603 // This should always succeed
604 int toread = (sizeof(buf) < left) ? sizeof(buf) : left;
605 int code = SSL_read(ssl_, buf, toread);
606
607 int ssl_error = SSL_get_error(ssl_, code);
608 ASSERT(ssl_error == SSL_ERROR_NONE);
609
610 if (ssl_error != SSL_ERROR_NONE) {
611 LOG(LS_VERBOSE) << " -- error " << code;
612 Error("SSL_read", (ssl_error ? ssl_error : -1), false);
613 return;
614 }
615
616 LOG(LS_VERBOSE) << " -- flushed " << code << " bytes";
617 left -= code;
618 }
619}
620
621void OpenSSLStreamAdapter::Close() {
622 Cleanup();
623 ASSERT(state_ == SSL_CLOSED || state_ == SSL_ERROR);
624 StreamAdapterInterface::Close();
625}
626
627StreamState OpenSSLStreamAdapter::GetState() const {
628 switch (state_) {
629 case SSL_WAIT:
630 case SSL_CONNECTING:
631 return SS_OPENING;
632 case SSL_CONNECTED:
633 return SS_OPEN;
634 default:
635 return SS_CLOSED;
636 };
637 // not reached
638}
639
640void OpenSSLStreamAdapter::OnEvent(StreamInterface* stream, int events,
641 int err) {
642 int events_to_signal = 0;
643 int signal_error = 0;
644 ASSERT(stream == this->stream());
645 if ((events & SE_OPEN)) {
646 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent SE_OPEN";
647 if (state_ != SSL_WAIT) {
648 ASSERT(state_ == SSL_NONE);
649 events_to_signal |= SE_OPEN;
650 } else {
651 state_ = SSL_CONNECTING;
652 if (int err = BeginSSL()) {
653 Error("BeginSSL", err, true);
654 return;
655 }
656 }
657 }
658 if ((events & (SE_READ|SE_WRITE))) {
659 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent"
660 << ((events & SE_READ) ? " SE_READ" : "")
661 << ((events & SE_WRITE) ? " SE_WRITE" : "");
662 if (state_ == SSL_NONE) {
663 events_to_signal |= events & (SE_READ|SE_WRITE);
664 } else if (state_ == SSL_CONNECTING) {
665 if (int err = ContinueSSL()) {
666 Error("ContinueSSL", err, true);
667 return;
668 }
669 } else if (state_ == SSL_CONNECTED) {
670 if (((events & SE_READ) && ssl_write_needs_read_) ||
671 (events & SE_WRITE)) {
672 LOG(LS_VERBOSE) << " -- onStreamWriteable";
673 events_to_signal |= SE_WRITE;
674 }
675 if (((events & SE_WRITE) && ssl_read_needs_write_) ||
676 (events & SE_READ)) {
677 LOG(LS_VERBOSE) << " -- onStreamReadable";
678 events_to_signal |= SE_READ;
679 }
680 }
681 }
682 if ((events & SE_CLOSE)) {
683 LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent(SE_CLOSE, " << err << ")";
684 Cleanup();
685 events_to_signal |= SE_CLOSE;
686 // SE_CLOSE is the only event that uses the final parameter to OnEvent().
687 ASSERT(signal_error == 0);
688 signal_error = err;
689 }
690 if (events_to_signal)
691 StreamAdapterInterface::OnEvent(stream, events_to_signal, signal_error);
692}
693
694int OpenSSLStreamAdapter::StartSSL() {
695 ASSERT(state_ == SSL_NONE);
696
697 if (StreamAdapterInterface::GetState() != SS_OPEN) {
698 state_ = SSL_WAIT;
699 return 0;
700 }
701
702 state_ = SSL_CONNECTING;
703 if (int err = BeginSSL()) {
704 Error("BeginSSL", err, false);
705 return err;
706 }
707
708 return 0;
709}
710
711int OpenSSLStreamAdapter::BeginSSL() {
712 ASSERT(state_ == SSL_CONNECTING);
713 // The underlying stream has open. If we are in peer-to-peer mode
714 // then a peer certificate must have been specified by now.
715 ASSERT(!ssl_server_name_.empty() ||
716 !peer_certificate_digest_algorithm_.empty());
717 LOG(LS_INFO) << "BeginSSL: "
718 << (!ssl_server_name_.empty() ? ssl_server_name_ :
719 "with peer");
720
721 BIO* bio = NULL;
722
723 // First set up the context
724 ASSERT(ssl_ctx_ == NULL);
725 ssl_ctx_ = SetupSSLContext();
726 if (!ssl_ctx_)
727 return -1;
728
729 bio = BIO_new_stream(static_cast<StreamInterface*>(stream()));
730 if (!bio)
731 return -1;
732
733 ssl_ = SSL_new(ssl_ctx_);
734 if (!ssl_) {
735 BIO_free(bio);
736 return -1;
737 }
738
739 SSL_set_app_data(ssl_, this);
740
741 SSL_set_bio(ssl_, bio, bio); // the SSL object owns the bio now.
742
743 SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE |
744 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
745
jiayl@webrtc.org11c6bde2014-08-28 16:14:38 +0000[diff] [blame]746 // Specify an ECDH group for ECDHE ciphers, otherwise they cannot be
747 // negotiated when acting as the server. Use NIST's P-256 which is commonly
748 // supported.
749 EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
750 if (ecdh == NULL)
751 return -1;
752 SSL_set_options(ssl_, SSL_OP_SINGLE_ECDH_USE);
753 SSL_set_tmp_ecdh(ssl_, ecdh);
754 EC_KEY_free(ecdh);
755
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]756 // Do the connect
757 return ContinueSSL();
758}
759
760int OpenSSLStreamAdapter::ContinueSSL() {
761 LOG(LS_VERBOSE) << "ContinueSSL";
762 ASSERT(state_ == SSL_CONNECTING);
763
764 // Clear the DTLS timer
765 Thread::Current()->Clear(this, MSG_TIMEOUT);
766
767 int code = (role_ == SSL_CLIENT) ? SSL_connect(ssl_) : SSL_accept(ssl_);
768 int ssl_error;
769 switch (ssl_error = SSL_get_error(ssl_, code)) {
770 case SSL_ERROR_NONE:
771 LOG(LS_VERBOSE) << " -- success";
772
773 if (!SSLPostConnectionCheck(ssl_, ssl_server_name_.c_str(), NULL,
774 peer_certificate_digest_algorithm_)) {
775 LOG(LS_ERROR) << "TLS post connection check failed";
776 return -1;
777 }
778
779 state_ = SSL_CONNECTED;
780 StreamAdapterInterface::OnEvent(stream(), SE_OPEN|SE_READ|SE_WRITE, 0);
781 break;
782
783 case SSL_ERROR_WANT_READ: {
784 LOG(LS_VERBOSE) << " -- error want read";
785 struct timeval timeout;
786 if (DTLSv1_get_timeout(ssl_, &timeout)) {
787 int delay = timeout.tv_sec * 1000 + timeout.tv_usec/1000;
788
789 Thread::Current()->PostDelayed(delay, this, MSG_TIMEOUT, 0);
790 }
791 }
792 break;
793
794 case SSL_ERROR_WANT_WRITE:
795 LOG(LS_VERBOSE) << " -- error want write";
796 break;
797
798 case SSL_ERROR_ZERO_RETURN:
799 default:
800 LOG(LS_VERBOSE) << " -- error " << code;
801 return (ssl_error != 0) ? ssl_error : -1;
802 }
803
804 return 0;
805}
806
807void OpenSSLStreamAdapter::Error(const char* context, int err, bool signal) {
808 LOG(LS_WARNING) << "OpenSSLStreamAdapter::Error("
809 << context << ", " << err << ")";
810 state_ = SSL_ERROR;
811 ssl_error_code_ = err;
812 Cleanup();
813 if (signal)
814 StreamAdapterInterface::OnEvent(stream(), SE_CLOSE, err);
815}
816
817void OpenSSLStreamAdapter::Cleanup() {
818 LOG(LS_INFO) << "Cleanup";
819
820 if (state_ != SSL_ERROR) {
821 state_ = SSL_CLOSED;
822 ssl_error_code_ = 0;
823 }
824
825 if (ssl_) {
jiayl@webrtc.orgf1d751c2014-09-25 16:38:46 +0000[diff] [blame]826 int ret = SSL_shutdown(ssl_);
827 if (ret < 0) {
828 LOG(LS_WARNING) << "SSL_shutdown failed, error = "
829 << SSL_get_error(ssl_, ret);
830 }
831
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]832 SSL_free(ssl_);
833 ssl_ = NULL;
834 }
835 if (ssl_ctx_) {
836 SSL_CTX_free(ssl_ctx_);
837 ssl_ctx_ = NULL;
838 }
839 identity_.reset();
840 peer_certificate_.reset();
841
842 // Clear the DTLS timer
843 Thread::Current()->Clear(this, MSG_TIMEOUT);
844}
845
846
847void OpenSSLStreamAdapter::OnMessage(Message* msg) {
848 // Process our own messages and then pass others to the superclass
849 if (MSG_TIMEOUT == msg->message_id) {
850 LOG(LS_INFO) << "DTLS timeout expired";
851 DTLSv1_handle_timeout(ssl_);
852 ContinueSSL();
853 } else {
854 StreamInterface::OnMessage(msg);
855 }
856}
857
858SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
859 SSL_CTX *ctx = NULL;
860
861 if (role_ == SSL_CLIENT) {
862 ctx = SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ?
863 DTLSv1_client_method() : TLSv1_client_method());
864 } else {
865 ctx = SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ?
866 DTLSv1_server_method() : TLSv1_server_method());
867 }
868 if (ctx == NULL)
869 return NULL;
870
871 if (identity_ && !identity_->ConfigureIdentity(ctx)) {
872 SSL_CTX_free(ctx);
873 return NULL;
874 }
875
876#ifdef _DEBUG
877 SSL_CTX_set_info_callback(ctx, OpenSSLAdapter::SSLInfoCallback);
878#endif
879
tkchin@webrtc.orgc569a492014-09-23 05:56:44 +0000[diff] [blame]880 int mode = SSL_VERIFY_PEER;
881 if (client_auth_enabled()) {
882 // Require a certificate from the client.
883 // Note: Normally this is always true in production, but it may be disabled
884 // for testing purposes (e.g. SSLAdapter unit tests).
885 mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
886 }
887
888 SSL_CTX_set_verify(ctx, mode, SSLVerifyCallback);
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]889 SSL_CTX_set_verify_depth(ctx, 4);
890 SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
891
892#ifdef HAVE_DTLS_SRTP
893 if (!srtp_ciphers_.empty()) {
894 if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {
895 SSL_CTX_free(ctx);
896 return NULL;
897 }
898 }
899#endif
900
901 return ctx;
902}
903
904int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
905 // Get our SSL structure from the store
906 SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(
907 store,
908 SSL_get_ex_data_X509_STORE_CTX_idx()));
909 OpenSSLStreamAdapter* stream =
910 reinterpret_cast<OpenSSLStreamAdapter*>(SSL_get_app_data(ssl));
911
912 if (stream->peer_certificate_digest_algorithm_.empty()) {
913 return 0;
914 }
915 X509* cert = X509_STORE_CTX_get_current_cert(store);
henrike@webrtc.org4e5f65a2014-06-05 20:40:11 +0000[diff] [blame]916 int depth = X509_STORE_CTX_get_error_depth(store);
917
918 // For now We ignore the parent certificates and verify the leaf against
919 // the digest.
920 //
921 // TODO(jiayl): Verify the chain is a proper chain and report the chain to
922 // |stream->peer_certificate_|, like what NSS does.
923 if (depth > 0) {
924 LOG(LS_INFO) << "Ignored chained certificate at depth " << depth;
925 return 1;
926 }
927
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]928 unsigned char digest[EVP_MAX_MD_SIZE];
929 size_t digest_length;
930 if (!OpenSSLCertificate::ComputeDigest(
931 cert,
932 stream->peer_certificate_digest_algorithm_,
933 digest, sizeof(digest),
934 &digest_length)) {
935 LOG(LS_WARNING) << "Failed to compute peer cert digest.";
936 return 0;
937 }
henrike@webrtc.org4e5f65a2014-06-05 20:40:11 +0000[diff] [blame]938
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]939 Buffer computed_digest(digest, digest_length);
940 if (computed_digest != stream->peer_certificate_digest_value_) {
941 LOG(LS_WARNING) << "Rejected peer certificate due to mismatched digest.";
942 return 0;
943 }
944 // Ignore any verification error if the digest matches, since there is no
945 // value in checking the validity of a self-signed cert issued by untrusted
946 // sources.
947 LOG(LS_INFO) << "Accepted peer certificate.";
henrike@webrtc.org4e5f65a2014-06-05 20:40:11 +0000[diff] [blame]948
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]949 // Record the peer's certificate.
950 stream->peer_certificate_.reset(new OpenSSLCertificate(cert));
951 return 1;
952}
953
954// This code is taken from the "Network Security with OpenSSL"
955// sample in chapter 5
956bool OpenSSLStreamAdapter::SSLPostConnectionCheck(SSL* ssl,
957 const char* server_name,
958 const X509* peer_cert,
959 const std::string
960 &peer_digest) {
961 ASSERT(server_name != NULL);
962 bool ok;
963 if (server_name[0] != '\0') { // traditional mode
964 ok = OpenSSLAdapter::VerifyServerName(ssl, server_name, ignore_bad_cert());
965
966 if (ok) {
967 ok = (SSL_get_verify_result(ssl) == X509_V_OK ||
968 custom_verification_succeeded_);
969 }
970 } else { // peer-to-peer mode
971 ASSERT((peer_cert != NULL) || (!peer_digest.empty()));
972 // no server name validation
973 ok = true;
974 }
975
976 if (!ok && ignore_bad_cert()) {
977 LOG(LS_ERROR) << "SSL_get_verify_result(ssl) = "
978 << SSL_get_verify_result(ssl);
979 LOG(LS_INFO) << "Other TLS post connection checks failed.";
980 ok = true;
981 }
982
983 return ok;
984}
985
986bool OpenSSLStreamAdapter::HaveDtls() {
987 return true;
988}
989
990bool OpenSSLStreamAdapter::HaveDtlsSrtp() {
991#ifdef HAVE_DTLS_SRTP
992 return true;
993#else
994 return false;
995#endif
996}
997
998bool OpenSSLStreamAdapter::HaveExporter() {
999#ifdef HAVE_DTLS_SRTP
1000 return true;
1001#else
1002 return false;
1003#endif
1004}
1005
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36 +0000[diff] [blame]1006std::string OpenSSLStreamAdapter::GetDefaultSslCipher() {
1007 return kDefaultSslCipher;
1008}
1009
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1010} // namespace rtc
1011
1012#endif // HAVE_OPENSSL_SSL_H