1 /*
2 * Copyright 2008 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #if HAVE_OPENSSL_SSL_H
12
13 #include "webrtc/base/openssladapter.h"
14
15 #if defined(WEBRTC_POSIX)
16 #include <unistd.h>
17 #endif
18
19 // Must be included first before openssl headers.
20 #include "webrtc/base/win32.h" // NOLINT
21
22 #include <openssl/bio.h>
23 #include <openssl/crypto.h>
24 #include <openssl/err.h>
25 #include <openssl/opensslv.h>
26 #include <openssl/rand.h>
27 #include <openssl/x509.h>
28 #include <openssl/x509v3.h>
29
30 #if HAVE_CONFIG_H
31 #include "config.h"
32 #endif // HAVE_CONFIG_H
33
34 #include "webrtc/base/common.h"
35 #include "webrtc/base/logging.h"
36 #include "webrtc/base/openssl.h"
37 #include "webrtc/base/safe_conversions.h"
38 #include "webrtc/base/sslroots.h"
39 #include "webrtc/base/stringutils.h"
40 #include "webrtc/base/thread.h"
41
42 #ifndef OPENSSL_IS_BORINGSSL
43
44 // TODO: Use a nicer abstraction for mutex.
45
46 #if defined(WEBRTC_WIN)
47 #define MUTEX_TYPE HANDLE
48 #define MUTEX_SETUP(x) (x) = CreateMutex(NULL, FALSE, NULL)
49 #define MUTEX_CLEANUP(x) CloseHandle(x)
50 #define MUTEX_LOCK(x) WaitForSingleObject((x), INFINITE)
51 #define MUTEX_UNLOCK(x) ReleaseMutex(x)
52 #define THREAD_ID GetCurrentThreadId()
53 #elif defined(WEBRTC_POSIX)
54 #define MUTEX_TYPE pthread_mutex_t
55 #define MUTEX_SETUP(x) pthread_mutex_init(&(x), NULL)
56 #define MUTEX_CLEANUP(x) pthread_mutex_destroy(&(x))
57 #define MUTEX_LOCK(x) pthread_mutex_lock(&(x))
58 #define MUTEX_UNLOCK(x) pthread_mutex_unlock(&(x))
59 #define THREAD_ID pthread_self()
60 #else
61 #error You must define mutex operations appropriate for your platform!
62 #endif
63
64 struct CRYPTO_dynlock_value {
65 MUTEX_TYPE mutex;
66 };
67
68 #endif // #ifndef OPENSSL_IS_BORINGSSL
69
70 //////////////////////////////////////////////////////////////////////
71 // SocketBIO
72 //////////////////////////////////////////////////////////////////////
73
74 static int socket_write(BIO* h, const char* buf, int num);
75 static int socket_read(BIO* h, char* buf, int size);
76 static int socket_puts(BIO* h, const char* str);
77 static long socket_ctrl(BIO* h, int cmd, long arg1, void* arg2);
78 static int socket_new(BIO* h);
79 static int socket_free(BIO* data);
80
81 // TODO(davidben): This should be const once BoringSSL is assumed.
82 static BIO_METHOD methods_socket = {
83 BIO_TYPE_BIO,
84 "socket",
85 socket_write,
86 socket_read,
87 socket_puts,
88 0,
89 socket_ctrl,
90 socket_new,
91 socket_free,
92 NULL,
93 };
94
BIO_s_socket2()95 static BIO_METHOD* BIO_s_socket2() { return(&methods_socket); }
96
BIO_new_socket(rtc::AsyncSocket * socket)97 static BIO* BIO_new_socket(rtc::AsyncSocket* socket) {
98 BIO* ret = BIO_new(BIO_s_socket2());
99 if (ret == NULL) {
100 return NULL;
101 }
102 ret->ptr = socket;
103 return ret;
104 }
105
socket_new(BIO * b)106 static int socket_new(BIO* b) {
107 b->shutdown = 0;
108 b->init = 1;
109 b->num = 0; // 1 means socket closed
110 b->ptr = 0;
111 return 1;
112 }
113
socket_free(BIO * b)114 static int socket_free(BIO* b) {
115 if (b == NULL)
116 return 0;
117 return 1;
118 }
119
socket_read(BIO * b,char * out,int outl)120 static int socket_read(BIO* b, char* out, int outl) {
121 if (!out)
122 return -1;
123 rtc::AsyncSocket* socket = static_cast<rtc::AsyncSocket*>(b->ptr);
124 BIO_clear_retry_flags(b);
125 int result = socket->Recv(out, outl);
126 if (result > 0) {
127 return result;
128 } else if (result == 0) {
129 b->num = 1;
130 } else if (socket->IsBlocking()) {
131 BIO_set_retry_read(b);
132 }
133 return -1;
134 }
135
socket_write(BIO * b,const char * in,int inl)136 static int socket_write(BIO* b, const char* in, int inl) {
137 if (!in)
138 return -1;
139 rtc::AsyncSocket* socket = static_cast<rtc::AsyncSocket*>(b->ptr);
140 BIO_clear_retry_flags(b);
141 int result = socket->Send(in, inl);
142 if (result > 0) {
143 return result;
144 } else if (socket->IsBlocking()) {
145 BIO_set_retry_write(b);
146 }
147 return -1;
148 }
149
socket_puts(BIO * b,const char * str)150 static int socket_puts(BIO* b, const char* str) {
151 return socket_write(b, str, rtc::checked_cast<int>(strlen(str)));
152 }
153
socket_ctrl(BIO * b,int cmd,long num,void * ptr)154 static long socket_ctrl(BIO* b, int cmd, long num, void* ptr) {
155 RTC_UNUSED(num);
156 RTC_UNUSED(ptr);
157
158 switch (cmd) {
159 case BIO_CTRL_RESET:
160 return 0;
161 case BIO_CTRL_EOF:
162 return b->num;
163 case BIO_CTRL_WPENDING:
164 case BIO_CTRL_PENDING:
165 return 0;
166 case BIO_CTRL_FLUSH:
167 return 1;
168 default:
169 return 0;
170 }
171 }
172
173 /////////////////////////////////////////////////////////////////////////////
174 // OpenSSLAdapter
175 /////////////////////////////////////////////////////////////////////////////
176
177 namespace rtc {
178
179 #ifndef OPENSSL_IS_BORINGSSL
180
181 // This array will store all of the mutexes available to OpenSSL.
182 static MUTEX_TYPE* mutex_buf = NULL;
183
locking_function(int mode,int n,const char * file,int line)184 static void locking_function(int mode, int n, const char * file, int line) {
185 if (mode & CRYPTO_LOCK) {
186 MUTEX_LOCK(mutex_buf[n]);
187 } else {
188 MUTEX_UNLOCK(mutex_buf[n]);
189 }
190 }
191
id_function()192 static unsigned long id_function() { // NOLINT
193 // Use old-style C cast because THREAD_ID's type varies with the platform,
194 // in some cases requiring static_cast, and in others requiring
195 // reinterpret_cast.
196 return (unsigned long)THREAD_ID; // NOLINT
197 }
198
dyn_create_function(const char * file,int line)199 static CRYPTO_dynlock_value* dyn_create_function(const char* file, int line) {
200 CRYPTO_dynlock_value* value = new CRYPTO_dynlock_value;
201 if (!value)
202 return NULL;
203 MUTEX_SETUP(value->mutex);
204 return value;
205 }
206
dyn_lock_function(int mode,CRYPTO_dynlock_value * l,const char * file,int line)207 static void dyn_lock_function(int mode, CRYPTO_dynlock_value* l,
208 const char* file, int line) {
209 if (mode & CRYPTO_LOCK) {
210 MUTEX_LOCK(l->mutex);
211 } else {
212 MUTEX_UNLOCK(l->mutex);
213 }
214 }
215
dyn_destroy_function(CRYPTO_dynlock_value * l,const char * file,int line)216 static void dyn_destroy_function(CRYPTO_dynlock_value* l,
217 const char* file, int line) {
218 MUTEX_CLEANUP(l->mutex);
219 delete l;
220 }
221
222 #endif // #ifndef OPENSSL_IS_BORINGSSL
223
224 VerificationCallback OpenSSLAdapter::custom_verify_callback_ = NULL;
225
InitializeSSL(VerificationCallback callback)226 bool OpenSSLAdapter::InitializeSSL(VerificationCallback callback) {
227 if (!InitializeSSLThread() || !SSL_library_init())
228 return false;
229 #if !defined(ADDRESS_SANITIZER) || !defined(WEBRTC_MAC) || defined(WEBRTC_IOS)
230 // Loading the error strings crashes mac_asan. Omit this debugging aid there.
231 SSL_load_error_strings();
232 #endif
233 ERR_load_BIO_strings();
234 OpenSSL_add_all_algorithms();
235 RAND_poll();
236 custom_verify_callback_ = callback;
237 return true;
238 }
239
InitializeSSLThread()240 bool OpenSSLAdapter::InitializeSSLThread() {
241 // BoringSSL is doing the locking internally, so the callbacks are not used
242 // in this case (and are no-ops anyways).
243 #ifndef OPENSSL_IS_BORINGSSL
244 mutex_buf = new MUTEX_TYPE[CRYPTO_num_locks()];
245 if (!mutex_buf)
246 return false;
247 for (int i = 0; i < CRYPTO_num_locks(); ++i)
248 MUTEX_SETUP(mutex_buf[i]);
249
250 // we need to cast our id_function to return an unsigned long -- pthread_t is
251 // a pointer
252 CRYPTO_set_id_callback(id_function);
253 CRYPTO_set_locking_callback(locking_function);
254 CRYPTO_set_dynlock_create_callback(dyn_create_function);
255 CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
256 CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
257 #endif // #ifndef OPENSSL_IS_BORINGSSL
258 return true;
259 }
260
CleanupSSL()261 bool OpenSSLAdapter::CleanupSSL() {
262 #ifndef OPENSSL_IS_BORINGSSL
263 if (!mutex_buf)
264 return false;
265 CRYPTO_set_id_callback(NULL);
266 CRYPTO_set_locking_callback(NULL);
267 CRYPTO_set_dynlock_create_callback(NULL);
268 CRYPTO_set_dynlock_lock_callback(NULL);
269 CRYPTO_set_dynlock_destroy_callback(NULL);
270 for (int i = 0; i < CRYPTO_num_locks(); ++i)
271 MUTEX_CLEANUP(mutex_buf[i]);
272 delete [] mutex_buf;
273 mutex_buf = NULL;
274 #endif // #ifndef OPENSSL_IS_BORINGSSL
275 return true;
276 }
277
OpenSSLAdapter(AsyncSocket * socket)278 OpenSSLAdapter::OpenSSLAdapter(AsyncSocket* socket)
279 : SSLAdapter(socket),
280 state_(SSL_NONE),
281 ssl_read_needs_write_(false),
282 ssl_write_needs_read_(false),
283 restartable_(false),
284 ssl_(NULL), ssl_ctx_(NULL),
285 ssl_mode_(SSL_MODE_TLS),
286 custom_verification_succeeded_(false) {
287 }
288
~OpenSSLAdapter()289 OpenSSLAdapter::~OpenSSLAdapter() {
290 Cleanup();
291 }
292
293 void
SetMode(SSLMode mode)294 OpenSSLAdapter::SetMode(SSLMode mode) {
295 ASSERT(state_ == SSL_NONE);
296 ssl_mode_ = mode;
297 }
298
299 int
StartSSL(const char * hostname,bool restartable)300 OpenSSLAdapter::StartSSL(const char* hostname, bool restartable) {
301 if (state_ != SSL_NONE)
302 return -1;
303
304 ssl_host_name_ = hostname;
305 restartable_ = restartable;
306
307 if (socket_->GetState() != Socket::CS_CONNECTED) {
308 state_ = SSL_WAIT;
309 return 0;
310 }
311
312 state_ = SSL_CONNECTING;
313 if (int err = BeginSSL()) {
314 Error("BeginSSL", err, false);
315 return err;
316 }
317
318 return 0;
319 }
320
321 int
BeginSSL()322 OpenSSLAdapter::BeginSSL() {
323 LOG(LS_INFO) << "BeginSSL: " << ssl_host_name_;
324 ASSERT(state_ == SSL_CONNECTING);
325
326 int err = 0;
327 BIO* bio = NULL;
328
329 // First set up the context
330 if (!ssl_ctx_)
331 ssl_ctx_ = SetupSSLContext();
332
333 if (!ssl_ctx_) {
334 err = -1;
335 goto ssl_error;
336 }
337
338 bio = BIO_new_socket(static_cast<AsyncSocketAdapter*>(socket_));
339 if (!bio) {
340 err = -1;
341 goto ssl_error;
342 }
343
344 ssl_ = SSL_new(ssl_ctx_);
345 if (!ssl_) {
346 err = -1;
347 goto ssl_error;
348 }
349
350 SSL_set_app_data(ssl_, this);
351
352 SSL_set_bio(ssl_, bio, bio);
353 SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE |
354 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
355
356 // the SSL object owns the bio now
357 bio = NULL;
358
359 // Do the connect
360 err = ContinueSSL();
361 if (err != 0)
362 goto ssl_error;
363
364 return err;
365
366 ssl_error:
367 Cleanup();
368 if (bio)
369 BIO_free(bio);
370
371 return err;
372 }
373
374 int
ContinueSSL()375 OpenSSLAdapter::ContinueSSL() {
376 ASSERT(state_ == SSL_CONNECTING);
377
378 // Clear the DTLS timer
379 Thread::Current()->Clear(this, MSG_TIMEOUT);
380
381 int code = SSL_connect(ssl_);
382 switch (SSL_get_error(ssl_, code)) {
383 case SSL_ERROR_NONE:
384 if (!SSLPostConnectionCheck(ssl_, ssl_host_name_.c_str())) {
385 LOG(LS_ERROR) << "TLS post connection check failed";
386 // make sure we close the socket
387 Cleanup();
388 // The connect failed so return -1 to shut down the socket
389 return -1;
390 }
391
392 state_ = SSL_CONNECTED;
393 AsyncSocketAdapter::OnConnectEvent(this);
394 #if 0 // TODO: worry about this
395 // Don't let ourselves go away during the callbacks
396 PRefPtr<OpenSSLAdapter> lock(this);
397 LOG(LS_INFO) << " -- onStreamReadable";
398 AsyncSocketAdapter::OnReadEvent(this);
399 LOG(LS_INFO) << " -- onStreamWriteable";
400 AsyncSocketAdapter::OnWriteEvent(this);
401 #endif
402 break;
403
404 case SSL_ERROR_WANT_READ:
405 LOG(LS_VERBOSE) << " -- error want read";
406 struct timeval timeout;
407 if (DTLSv1_get_timeout(ssl_, &timeout)) {
408 int delay = timeout.tv_sec * 1000 + timeout.tv_usec/1000;
409
410 Thread::Current()->PostDelayed(delay, this, MSG_TIMEOUT, 0);
411 }
412 break;
413
414 case SSL_ERROR_WANT_WRITE:
415 break;
416
417 case SSL_ERROR_ZERO_RETURN:
418 default:
419 LOG(LS_WARNING) << "ContinueSSL -- error " << code;
420 return (code != 0) ? code : -1;
421 }
422
423 return 0;
424 }
425
426 void
Error(const char * context,int err,bool signal)427 OpenSSLAdapter::Error(const char* context, int err, bool signal) {
428 LOG(LS_WARNING) << "OpenSSLAdapter::Error("
429 << context << ", " << err << ")";
430 state_ = SSL_ERROR;
431 SetError(err);
432 if (signal)
433 AsyncSocketAdapter::OnCloseEvent(this, err);
434 }
435
436 void
Cleanup()437 OpenSSLAdapter::Cleanup() {
438 LOG(LS_INFO) << "Cleanup";
439
440 state_ = SSL_NONE;
441 ssl_read_needs_write_ = false;
442 ssl_write_needs_read_ = false;
443 custom_verification_succeeded_ = false;
444
445 if (ssl_) {
446 SSL_free(ssl_);
447 ssl_ = NULL;
448 }
449
450 if (ssl_ctx_) {
451 SSL_CTX_free(ssl_ctx_);
452 ssl_ctx_ = NULL;
453 }
454
455 // Clear the DTLS timer
456 Thread::Current()->Clear(this, MSG_TIMEOUT);
457 }
458
459 //
460 // AsyncSocket Implementation
461 //
462
463 int
Send(const void * pv,size_t cb)464 OpenSSLAdapter::Send(const void* pv, size_t cb) {
465 //LOG(LS_INFO) << "OpenSSLAdapter::Send(" << cb << ")";
466
467 switch (state_) {
468 case SSL_NONE:
469 return AsyncSocketAdapter::Send(pv, cb);
470
471 case SSL_WAIT:
472 case SSL_CONNECTING:
473 SetError(EWOULDBLOCK);
474 return SOCKET_ERROR;
475
476 case SSL_CONNECTED:
477 break;
478
479 case SSL_ERROR:
480 default:
481 return SOCKET_ERROR;
482 }
483
484 // OpenSSL will return an error if we try to write zero bytes
485 if (cb == 0)
486 return 0;
487
488 ssl_write_needs_read_ = false;
489
490 int code = SSL_write(ssl_, pv, checked_cast<int>(cb));
491 switch (SSL_get_error(ssl_, code)) {
492 case SSL_ERROR_NONE:
493 //LOG(LS_INFO) << " -- success";
494 return code;
495 case SSL_ERROR_WANT_READ:
496 //LOG(LS_INFO) << " -- error want read";
497 ssl_write_needs_read_ = true;
498 SetError(EWOULDBLOCK);
499 break;
500 case SSL_ERROR_WANT_WRITE:
501 //LOG(LS_INFO) << " -- error want write";
502 SetError(EWOULDBLOCK);
503 break;
504 case SSL_ERROR_ZERO_RETURN:
505 //LOG(LS_INFO) << " -- remote side closed";
506 SetError(EWOULDBLOCK);
507 // do we need to signal closure?
508 break;
509 default:
510 //LOG(LS_INFO) << " -- error " << code;
511 Error("SSL_write", (code ? code : -1), false);
512 break;
513 }
514
515 return SOCKET_ERROR;
516 }
517
518 int
SendTo(const void * pv,size_t cb,const SocketAddress & addr)519 OpenSSLAdapter::SendTo(const void* pv, size_t cb, const SocketAddress& addr) {
520 if (socket_->GetState() == Socket::CS_CONNECTED &&
521 addr == socket_->GetRemoteAddress()) {
522 return Send(pv, cb);
523 }
524
525 SetError(ENOTCONN);
526
527 return SOCKET_ERROR;
528 }
529
530 int
Recv(void * pv,size_t cb)531 OpenSSLAdapter::Recv(void* pv, size_t cb) {
532 //LOG(LS_INFO) << "OpenSSLAdapter::Recv(" << cb << ")";
533 switch (state_) {
534
535 case SSL_NONE:
536 return AsyncSocketAdapter::Recv(pv, cb);
537
538 case SSL_WAIT:
539 case SSL_CONNECTING:
540 SetError(EWOULDBLOCK);
541 return SOCKET_ERROR;
542
543 case SSL_CONNECTED:
544 break;
545
546 case SSL_ERROR:
547 default:
548 return SOCKET_ERROR;
549 }
550
551 // Don't trust OpenSSL with zero byte reads
552 if (cb == 0)
553 return 0;
554
555 ssl_read_needs_write_ = false;
556
557 int code = SSL_read(ssl_, pv, checked_cast<int>(cb));
558 switch (SSL_get_error(ssl_, code)) {
559 case SSL_ERROR_NONE:
560 //LOG(LS_INFO) << " -- success";
561 return code;
562 case SSL_ERROR_WANT_READ:
563 //LOG(LS_INFO) << " -- error want read";
564 SetError(EWOULDBLOCK);
565 break;
566 case SSL_ERROR_WANT_WRITE:
567 //LOG(LS_INFO) << " -- error want write";
568 ssl_read_needs_write_ = true;
569 SetError(EWOULDBLOCK);
570 break;
571 case SSL_ERROR_ZERO_RETURN:
572 //LOG(LS_INFO) << " -- remote side closed";
573 SetError(EWOULDBLOCK);
574 // do we need to signal closure?
575 break;
576 default:
577 //LOG(LS_INFO) << " -- error " << code;
578 Error("SSL_read", (code ? code : -1), false);
579 break;
580 }
581
582 return SOCKET_ERROR;
583 }
584
585 int
RecvFrom(void * pv,size_t cb,SocketAddress * paddr)586 OpenSSLAdapter::RecvFrom(void* pv, size_t cb, SocketAddress* paddr) {
587 if (socket_->GetState() == Socket::CS_CONNECTED) {
588 int ret = Recv(pv, cb);
589
590 *paddr = GetRemoteAddress();
591
592 return ret;
593 }
594
595 SetError(ENOTCONN);
596
597 return SOCKET_ERROR;
598 }
599
600 int
Close()601 OpenSSLAdapter::Close() {
602 Cleanup();
603 state_ = restartable_ ? SSL_WAIT : SSL_NONE;
604 return AsyncSocketAdapter::Close();
605 }
606
607 Socket::ConnState
GetState() const608 OpenSSLAdapter::GetState() const {
609 //if (signal_close_)
610 // return CS_CONNECTED;
611 ConnState state = socket_->GetState();
612 if ((state == CS_CONNECTED)
613 && ((state_ == SSL_WAIT) || (state_ == SSL_CONNECTING)))
614 state = CS_CONNECTING;
615 return state;
616 }
617
618 void
OnMessage(Message * msg)619 OpenSSLAdapter::OnMessage(Message* msg) {
620 if (MSG_TIMEOUT == msg->message_id) {
621 LOG(LS_INFO) << "DTLS timeout expired";
622 DTLSv1_handle_timeout(ssl_);
623 ContinueSSL();
624 }
625 }
626
627 void
OnConnectEvent(AsyncSocket * socket)628 OpenSSLAdapter::OnConnectEvent(AsyncSocket* socket) {
629 LOG(LS_INFO) << "OpenSSLAdapter::OnConnectEvent";
630 if (state_ != SSL_WAIT) {
631 ASSERT(state_ == SSL_NONE);
632 AsyncSocketAdapter::OnConnectEvent(socket);
633 return;
634 }
635
636 state_ = SSL_CONNECTING;
637 if (int err = BeginSSL()) {
638 AsyncSocketAdapter::OnCloseEvent(socket, err);
639 }
640 }
641
642 void
OnReadEvent(AsyncSocket * socket)643 OpenSSLAdapter::OnReadEvent(AsyncSocket* socket) {
644 //LOG(LS_INFO) << "OpenSSLAdapter::OnReadEvent";
645
646 if (state_ == SSL_NONE) {
647 AsyncSocketAdapter::OnReadEvent(socket);
648 return;
649 }
650
651 if (state_ == SSL_CONNECTING) {
652 if (int err = ContinueSSL()) {
653 Error("ContinueSSL", err);
654 }
655 return;
656 }
657
658 if (state_ != SSL_CONNECTED)
659 return;
660
661 // Don't let ourselves go away during the callbacks
662 //PRefPtr<OpenSSLAdapter> lock(this); // TODO: fix this
663 if (ssl_write_needs_read_) {
664 //LOG(LS_INFO) << " -- onStreamWriteable";
665 AsyncSocketAdapter::OnWriteEvent(socket);
666 }
667
668 //LOG(LS_INFO) << " -- onStreamReadable";
669 AsyncSocketAdapter::OnReadEvent(socket);
670 }
671
672 void
OnWriteEvent(AsyncSocket * socket)673 OpenSSLAdapter::OnWriteEvent(AsyncSocket* socket) {
674 //LOG(LS_INFO) << "OpenSSLAdapter::OnWriteEvent";
675
676 if (state_ == SSL_NONE) {
677 AsyncSocketAdapter::OnWriteEvent(socket);
678 return;
679 }
680
681 if (state_ == SSL_CONNECTING) {
682 if (int err = ContinueSSL()) {
683 Error("ContinueSSL", err);
684 }
685 return;
686 }
687
688 if (state_ != SSL_CONNECTED)
689 return;
690
691 // Don't let ourselves go away during the callbacks
692 //PRefPtr<OpenSSLAdapter> lock(this); // TODO: fix this
693
694 if (ssl_read_needs_write_) {
695 //LOG(LS_INFO) << " -- onStreamReadable";
696 AsyncSocketAdapter::OnReadEvent(socket);
697 }
698
699 //LOG(LS_INFO) << " -- onStreamWriteable";
700 AsyncSocketAdapter::OnWriteEvent(socket);
701 }
702
703 void
OnCloseEvent(AsyncSocket * socket,int err)704 OpenSSLAdapter::OnCloseEvent(AsyncSocket* socket, int err) {
705 LOG(LS_INFO) << "OpenSSLAdapter::OnCloseEvent(" << err << ")";
706 AsyncSocketAdapter::OnCloseEvent(socket, err);
707 }
708
709 // This code is taken from the "Network Security with OpenSSL"
710 // sample in chapter 5
711
VerifyServerName(SSL * ssl,const char * host,bool ignore_bad_cert)712 bool OpenSSLAdapter::VerifyServerName(SSL* ssl, const char* host,
713 bool ignore_bad_cert) {
714 if (!host)
715 return false;
716
717 // Checking the return from SSL_get_peer_certificate here is not strictly
718 // necessary. With our setup, it is not possible for it to return
719 // NULL. However, it is good form to check the return.
720 X509* certificate = SSL_get_peer_certificate(ssl);
721 if (!certificate)
722 return false;
723
724 // Logging certificates is extremely verbose. So it is disabled by default.
725 #ifdef LOG_CERTIFICATES
726 {
727 LOG(LS_INFO) << "Certificate from server:";
728 BIO* mem = BIO_new(BIO_s_mem());
729 X509_print_ex(mem, certificate, XN_FLAG_SEP_CPLUS_SPC, X509_FLAG_NO_HEADER);
730 BIO_write(mem, "\0", 1);
731 char* buffer;
732 BIO_get_mem_data(mem, &buffer);
733 LOG(LS_INFO) << buffer;
734 BIO_free(mem);
735
736 char* cipher_description =
737 SSL_CIPHER_description(SSL_get_current_cipher(ssl), NULL, 128);
738 LOG(LS_INFO) << "Cipher: " << cipher_description;
739 OPENSSL_free(cipher_description);
740 }
741 #endif
742
743 bool ok = false;
744 int extension_count = X509_get_ext_count(certificate);
745 for (int i = 0; i < extension_count; ++i) {
746 X509_EXTENSION* extension = X509_get_ext(certificate, i);
747 int extension_nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
748
749 if (extension_nid == NID_subject_alt_name) {
750 const X509V3_EXT_METHOD* meth = X509V3_EXT_get(extension);
751 if (!meth)
752 break;
753
754 void* ext_str = NULL;
755
756 // We assign this to a local variable, instead of passing the address
757 // directly to ASN1_item_d2i.
758 // See http://readlist.com/lists/openssl.org/openssl-users/0/4761.html.
759 unsigned char* ext_value_data = extension->value->data;
760
761 const unsigned char **ext_value_data_ptr =
762 (const_cast<const unsigned char **>(&ext_value_data));
763
764 if (meth->it) {
765 ext_str = ASN1_item_d2i(NULL, ext_value_data_ptr,
766 extension->value->length,
767 ASN1_ITEM_ptr(meth->it));
768 } else {
769 ext_str = meth->d2i(NULL, ext_value_data_ptr, extension->value->length);
770 }
771
772 STACK_OF(CONF_VALUE)* value = meth->i2v(meth, ext_str, NULL);
773
774 // Cast to size_t to be compilable for both OpenSSL and BoringSSL.
775 for (size_t j = 0; j < static_cast<size_t>(sk_CONF_VALUE_num(value));
776 ++j) {
777 CONF_VALUE* nval = sk_CONF_VALUE_value(value, j);
778 // The value for nval can contain wildcards
779 if (!strcmp(nval->name, "DNS") && string_match(host, nval->value)) {
780 ok = true;
781 break;
782 }
783 }
784 sk_CONF_VALUE_pop_free(value, X509V3_conf_free);
785 value = NULL;
786
787 if (meth->it) {
788 ASN1_item_free(reinterpret_cast<ASN1_VALUE*>(ext_str),
789 ASN1_ITEM_ptr(meth->it));
790 } else {
791 meth->ext_free(ext_str);
792 }
793 ext_str = NULL;
794 }
795 if (ok)
796 break;
797 }
798
799 char data[256];
800 X509_NAME* subject;
801 if (!ok
802 && ((subject = X509_get_subject_name(certificate)) != NULL)
803 && (X509_NAME_get_text_by_NID(subject, NID_commonName,
804 data, sizeof(data)) > 0)) {
805 data[sizeof(data)-1] = 0;
806 if (_stricmp(data, host) == 0)
807 ok = true;
808 }
809
810 X509_free(certificate);
811
812 // This should only ever be turned on for debugging and development.
813 if (!ok && ignore_bad_cert) {
814 LOG(LS_WARNING) << "TLS certificate check FAILED. "
815 << "Allowing connection anyway.";
816 ok = true;
817 }
818
819 return ok;
820 }
821
SSLPostConnectionCheck(SSL * ssl,const char * host)822 bool OpenSSLAdapter::SSLPostConnectionCheck(SSL* ssl, const char* host) {
823 bool ok = VerifyServerName(ssl, host, ignore_bad_cert());
824
825 if (ok) {
826 ok = (SSL_get_verify_result(ssl) == X509_V_OK ||
827 custom_verification_succeeded_);
828 }
829
830 if (!ok && ignore_bad_cert()) {
831 LOG(LS_INFO) << "Other TLS post connection checks failed.";
832 ok = true;
833 }
834
835 return ok;
836 }
837
838 #if !defined(NDEBUG)
839
840 // We only use this for tracing and so it is only needed in debug mode
841
842 void
SSLInfoCallback(const SSL * s,int where,int ret)843 OpenSSLAdapter::SSLInfoCallback(const SSL* s, int where, int ret) {
844 const char* str = "undefined";
845 int w = where & ~SSL_ST_MASK;
846 if (w & SSL_ST_CONNECT) {
847 str = "SSL_connect";
848 } else if (w & SSL_ST_ACCEPT) {
849 str = "SSL_accept";
850 }
851 if (where & SSL_CB_LOOP) {
852 LOG(LS_INFO) << str << ":" << SSL_state_string_long(s);
853 } else if (where & SSL_CB_ALERT) {
854 str = (where & SSL_CB_READ) ? "read" : "write";
855 LOG(LS_INFO) << "SSL3 alert " << str
856 << ":" << SSL_alert_type_string_long(ret)
857 << ":" << SSL_alert_desc_string_long(ret);
858 } else if (where & SSL_CB_EXIT) {
859 if (ret == 0) {
860 LOG(LS_INFO) << str << ":failed in " << SSL_state_string_long(s);
861 } else if (ret < 0) {
862 LOG(LS_INFO) << str << ":error in " << SSL_state_string_long(s);
863 }
864 }
865 }
866
867 #endif
868
869 int
SSLVerifyCallback(int ok,X509_STORE_CTX * store)870 OpenSSLAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
871 #if !defined(NDEBUG)
872 if (!ok) {
873 char data[256];
874 X509* cert = X509_STORE_CTX_get_current_cert(store);
875 int depth = X509_STORE_CTX_get_error_depth(store);
876 int err = X509_STORE_CTX_get_error(store);
877
878 LOG(LS_INFO) << "Error with certificate at depth: " << depth;
879 X509_NAME_oneline(X509_get_issuer_name(cert), data, sizeof(data));
880 LOG(LS_INFO) << " issuer = " << data;
881 X509_NAME_oneline(X509_get_subject_name(cert), data, sizeof(data));
882 LOG(LS_INFO) << " subject = " << data;
883 LOG(LS_INFO) << " err = " << err
884 << ":" << X509_verify_cert_error_string(err);
885 }
886 #endif
887
888 // Get our stream pointer from the store
889 SSL* ssl = reinterpret_cast<SSL*>(
890 X509_STORE_CTX_get_ex_data(store,
891 SSL_get_ex_data_X509_STORE_CTX_idx()));
892
893 OpenSSLAdapter* stream =
894 reinterpret_cast<OpenSSLAdapter*>(SSL_get_app_data(ssl));
895
896 if (!ok && custom_verify_callback_) {
897 void* cert =
898 reinterpret_cast<void*>(X509_STORE_CTX_get_current_cert(store));
899 if (custom_verify_callback_(cert)) {
900 stream->custom_verification_succeeded_ = true;
901 LOG(LS_INFO) << "validated certificate using custom callback";
902 ok = true;
903 }
904 }
905
906 // Should only be used for debugging and development.
907 if (!ok && stream->ignore_bad_cert()) {
908 LOG(LS_WARNING) << "Ignoring cert error while verifying cert chain";
909 ok = 1;
910 }
911
912 return ok;
913 }
914
ConfigureTrustedRootCertificates(SSL_CTX * ctx)915 bool OpenSSLAdapter::ConfigureTrustedRootCertificates(SSL_CTX* ctx) {
916 // Add the root cert that we care about to the SSL context
917 int count_of_added_certs = 0;
918 for (int i = 0; i < ARRAY_SIZE(kSSLCertCertificateList); i++) {
919 const unsigned char* cert_buffer = kSSLCertCertificateList[i];
920 size_t cert_buffer_len = kSSLCertCertificateSizeList[i];
921 X509* cert = d2i_X509(NULL, &cert_buffer,
922 checked_cast<long>(cert_buffer_len));
923 if (cert) {
924 int return_value = X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx), cert);
925 if (return_value == 0) {
926 LOG(LS_WARNING) << "Unable to add certificate.";
927 } else {
928 count_of_added_certs++;
929 }
930 X509_free(cert);
931 }
932 }
933 return count_of_added_certs > 0;
934 }
935
936 SSL_CTX*
SetupSSLContext()937 OpenSSLAdapter::SetupSSLContext() {
938 SSL_CTX* ctx = SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ?
939 DTLSv1_client_method() : TLSv1_client_method());
940 if (ctx == NULL) {
941 unsigned long error = ERR_get_error(); // NOLINT: type used by OpenSSL.
942 LOG(LS_WARNING) << "SSL_CTX creation failed: "
943 << '"' << ERR_reason_error_string(error) << "\" "
944 << "(error=" << error << ')';
945 return NULL;
946 }
947 if (!ConfigureTrustedRootCertificates(ctx)) {
948 SSL_CTX_free(ctx);
949 return NULL;
950 }
951
952 #if !defined(NDEBUG)
953 SSL_CTX_set_info_callback(ctx, SSLInfoCallback);
954 #endif
955
956 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback);
957 SSL_CTX_set_verify_depth(ctx, 4);
958 SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
959
960 if (ssl_mode_ == SSL_MODE_DTLS) {
961 SSL_CTX_set_read_ahead(ctx, 1);
962 }
963
964 return ctx;
965 }
966
967 } // namespace rtc
968
969 #endif // HAVE_OPENSSL_SSL_H
970