1 /*
2 * Copyright 2008 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #if HAVE_OPENSSL_SSL_H
12
13 #include "webrtc/base/openssladapter.h"
14
15 #if defined(WEBRTC_POSIX)
16 #include <unistd.h>
17 #endif
18
19 // Must be included first before openssl headers.
20 #include "webrtc/base/win32.h" // NOLINT
21
22 #include <openssl/bio.h>
23 #include <openssl/crypto.h>
24 #include <openssl/err.h>
25 #include <openssl/opensslv.h>
26 #include <openssl/rand.h>
27 #include <openssl/x509.h>
28 #include <openssl/x509v3.h>
29
30 #if HAVE_CONFIG_H
31 #include "config.h"
32 #endif // HAVE_CONFIG_H
33
34 #include "webrtc/base/arraysize.h"
35 #include "webrtc/base/common.h"
36 #include "webrtc/base/logging.h"
37 #include "webrtc/base/openssl.h"
38 #include "webrtc/base/safe_conversions.h"
39 #include "webrtc/base/sslroots.h"
40 #include "webrtc/base/stringutils.h"
41 #include "webrtc/base/thread.h"
42
43 #ifndef OPENSSL_IS_BORINGSSL
44
45 // TODO: Use a nicer abstraction for mutex.
46
47 #if defined(WEBRTC_WIN)
48 #define MUTEX_TYPE HANDLE
49 #define MUTEX_SETUP(x) (x) = CreateMutex(NULL, FALSE, NULL)
50 #define MUTEX_CLEANUP(x) CloseHandle(x)
51 #define MUTEX_LOCK(x) WaitForSingleObject((x), INFINITE)
52 #define MUTEX_UNLOCK(x) ReleaseMutex(x)
53 #define THREAD_ID GetCurrentThreadId()
54 #elif defined(WEBRTC_POSIX)
55 #define MUTEX_TYPE pthread_mutex_t
56 #define MUTEX_SETUP(x) pthread_mutex_init(&(x), NULL)
57 #define MUTEX_CLEANUP(x) pthread_mutex_destroy(&(x))
58 #define MUTEX_LOCK(x) pthread_mutex_lock(&(x))
59 #define MUTEX_UNLOCK(x) pthread_mutex_unlock(&(x))
60 #define THREAD_ID pthread_self()
61 #else
62 #error You must define mutex operations appropriate for your platform!
63 #endif
64
65 struct CRYPTO_dynlock_value {
66 MUTEX_TYPE mutex;
67 };
68
69 #endif // #ifndef OPENSSL_IS_BORINGSSL
70
71 //////////////////////////////////////////////////////////////////////
72 // SocketBIO
73 //////////////////////////////////////////////////////////////////////
74
75 static int socket_write(BIO* h, const char* buf, int num);
76 static int socket_read(BIO* h, char* buf, int size);
77 static int socket_puts(BIO* h, const char* str);
78 static long socket_ctrl(BIO* h, int cmd, long arg1, void* arg2);
79 static int socket_new(BIO* h);
80 static int socket_free(BIO* data);
81
82 // TODO(davidben): This should be const once BoringSSL is assumed.
83 static BIO_METHOD methods_socket = {
84 BIO_TYPE_BIO,
85 "socket",
86 socket_write,
87 socket_read,
88 socket_puts,
89 0,
90 socket_ctrl,
91 socket_new,
92 socket_free,
93 NULL,
94 };
95
BIO_s_socket2()96 static BIO_METHOD* BIO_s_socket2() { return(&methods_socket); }
97
BIO_new_socket(rtc::AsyncSocket * socket)98 static BIO* BIO_new_socket(rtc::AsyncSocket* socket) {
99 BIO* ret = BIO_new(BIO_s_socket2());
100 if (ret == NULL) {
101 return NULL;
102 }
103 ret->ptr = socket;
104 return ret;
105 }
106
socket_new(BIO * b)107 static int socket_new(BIO* b) {
108 b->shutdown = 0;
109 b->init = 1;
110 b->num = 0; // 1 means socket closed
111 b->ptr = 0;
112 return 1;
113 }
114
socket_free(BIO * b)115 static int socket_free(BIO* b) {
116 if (b == NULL)
117 return 0;
118 return 1;
119 }
120
socket_read(BIO * b,char * out,int outl)121 static int socket_read(BIO* b, char* out, int outl) {
122 if (!out)
123 return -1;
124 rtc::AsyncSocket* socket = static_cast<rtc::AsyncSocket*>(b->ptr);
125 BIO_clear_retry_flags(b);
126 int result = socket->Recv(out, outl);
127 if (result > 0) {
128 return result;
129 } else if (result == 0) {
130 b->num = 1;
131 } else if (socket->IsBlocking()) {
132 BIO_set_retry_read(b);
133 }
134 return -1;
135 }
136
socket_write(BIO * b,const char * in,int inl)137 static int socket_write(BIO* b, const char* in, int inl) {
138 if (!in)
139 return -1;
140 rtc::AsyncSocket* socket = static_cast<rtc::AsyncSocket*>(b->ptr);
141 BIO_clear_retry_flags(b);
142 int result = socket->Send(in, inl);
143 if (result > 0) {
144 return result;
145 } else if (socket->IsBlocking()) {
146 BIO_set_retry_write(b);
147 }
148 return -1;
149 }
150
socket_puts(BIO * b,const char * str)151 static int socket_puts(BIO* b, const char* str) {
152 return socket_write(b, str, rtc::checked_cast<int>(strlen(str)));
153 }
154
socket_ctrl(BIO * b,int cmd,long num,void * ptr)155 static long socket_ctrl(BIO* b, int cmd, long num, void* ptr) {
156 RTC_UNUSED(num);
157 RTC_UNUSED(ptr);
158
159 switch (cmd) {
160 case BIO_CTRL_RESET:
161 return 0;
162 case BIO_CTRL_EOF:
163 return b->num;
164 case BIO_CTRL_WPENDING:
165 case BIO_CTRL_PENDING:
166 return 0;
167 case BIO_CTRL_FLUSH:
168 return 1;
169 default:
170 return 0;
171 }
172 }
173
174 /////////////////////////////////////////////////////////////////////////////
175 // OpenSSLAdapter
176 /////////////////////////////////////////////////////////////////////////////
177
178 namespace rtc {
179
180 #ifndef OPENSSL_IS_BORINGSSL
181
182 // This array will store all of the mutexes available to OpenSSL.
183 static MUTEX_TYPE* mutex_buf = NULL;
184
locking_function(int mode,int n,const char * file,int line)185 static void locking_function(int mode, int n, const char * file, int line) {
186 if (mode & CRYPTO_LOCK) {
187 MUTEX_LOCK(mutex_buf[n]);
188 } else {
189 MUTEX_UNLOCK(mutex_buf[n]);
190 }
191 }
192
id_function()193 static unsigned long id_function() { // NOLINT
194 // Use old-style C cast because THREAD_ID's type varies with the platform,
195 // in some cases requiring static_cast, and in others requiring
196 // reinterpret_cast.
197 return (unsigned long)THREAD_ID; // NOLINT
198 }
199
dyn_create_function(const char * file,int line)200 static CRYPTO_dynlock_value* dyn_create_function(const char* file, int line) {
201 CRYPTO_dynlock_value* value = new CRYPTO_dynlock_value;
202 if (!value)
203 return NULL;
204 MUTEX_SETUP(value->mutex);
205 return value;
206 }
207
dyn_lock_function(int mode,CRYPTO_dynlock_value * l,const char * file,int line)208 static void dyn_lock_function(int mode, CRYPTO_dynlock_value* l,
209 const char* file, int line) {
210 if (mode & CRYPTO_LOCK) {
211 MUTEX_LOCK(l->mutex);
212 } else {
213 MUTEX_UNLOCK(l->mutex);
214 }
215 }
216
dyn_destroy_function(CRYPTO_dynlock_value * l,const char * file,int line)217 static void dyn_destroy_function(CRYPTO_dynlock_value* l,
218 const char* file, int line) {
219 MUTEX_CLEANUP(l->mutex);
220 delete l;
221 }
222
223 #endif // #ifndef OPENSSL_IS_BORINGSSL
224
225 VerificationCallback OpenSSLAdapter::custom_verify_callback_ = NULL;
226
InitializeSSL(VerificationCallback callback)227 bool OpenSSLAdapter::InitializeSSL(VerificationCallback callback) {
228 if (!InitializeSSLThread() || !SSL_library_init())
229 return false;
230 #if !defined(ADDRESS_SANITIZER) || !defined(WEBRTC_MAC) || defined(WEBRTC_IOS)
231 // Loading the error strings crashes mac_asan. Omit this debugging aid there.
232 SSL_load_error_strings();
233 #endif
234 ERR_load_BIO_strings();
235 OpenSSL_add_all_algorithms();
236 RAND_poll();
237 custom_verify_callback_ = callback;
238 return true;
239 }
240
InitializeSSLThread()241 bool OpenSSLAdapter::InitializeSSLThread() {
242 // BoringSSL is doing the locking internally, so the callbacks are not used
243 // in this case (and are no-ops anyways).
244 #ifndef OPENSSL_IS_BORINGSSL
245 mutex_buf = new MUTEX_TYPE[CRYPTO_num_locks()];
246 if (!mutex_buf)
247 return false;
248 for (int i = 0; i < CRYPTO_num_locks(); ++i)
249 MUTEX_SETUP(mutex_buf[i]);
250
251 // we need to cast our id_function to return an unsigned long -- pthread_t is
252 // a pointer
253 CRYPTO_set_id_callback(id_function);
254 CRYPTO_set_locking_callback(locking_function);
255 CRYPTO_set_dynlock_create_callback(dyn_create_function);
256 CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
257 CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
258 #endif // #ifndef OPENSSL_IS_BORINGSSL
259 return true;
260 }
261
CleanupSSL()262 bool OpenSSLAdapter::CleanupSSL() {
263 #ifndef OPENSSL_IS_BORINGSSL
264 if (!mutex_buf)
265 return false;
266 CRYPTO_set_id_callback(NULL);
267 CRYPTO_set_locking_callback(NULL);
268 CRYPTO_set_dynlock_create_callback(NULL);
269 CRYPTO_set_dynlock_lock_callback(NULL);
270 CRYPTO_set_dynlock_destroy_callback(NULL);
271 for (int i = 0; i < CRYPTO_num_locks(); ++i)
272 MUTEX_CLEANUP(mutex_buf[i]);
273 delete [] mutex_buf;
274 mutex_buf = NULL;
275 #endif // #ifndef OPENSSL_IS_BORINGSSL
276 return true;
277 }
278
OpenSSLAdapter(AsyncSocket * socket)279 OpenSSLAdapter::OpenSSLAdapter(AsyncSocket* socket)
280 : SSLAdapter(socket),
281 state_(SSL_NONE),
282 ssl_read_needs_write_(false),
283 ssl_write_needs_read_(false),
284 restartable_(false),
285 ssl_(NULL), ssl_ctx_(NULL),
286 ssl_mode_(SSL_MODE_TLS),
287 custom_verification_succeeded_(false) {
288 }
289
~OpenSSLAdapter()290 OpenSSLAdapter::~OpenSSLAdapter() {
291 Cleanup();
292 }
293
294 void
SetMode(SSLMode mode)295 OpenSSLAdapter::SetMode(SSLMode mode) {
296 ASSERT(state_ == SSL_NONE);
297 ssl_mode_ = mode;
298 }
299
300 int
StartSSL(const char * hostname,bool restartable)301 OpenSSLAdapter::StartSSL(const char* hostname, bool restartable) {
302 if (state_ != SSL_NONE)
303 return -1;
304
305 ssl_host_name_ = hostname;
306 restartable_ = restartable;
307
308 if (socket_->GetState() != Socket::CS_CONNECTED) {
309 state_ = SSL_WAIT;
310 return 0;
311 }
312
313 state_ = SSL_CONNECTING;
314 if (int err = BeginSSL()) {
315 Error("BeginSSL", err, false);
316 return err;
317 }
318
319 return 0;
320 }
321
322 int
BeginSSL()323 OpenSSLAdapter::BeginSSL() {
324 LOG(LS_INFO) << "BeginSSL: " << ssl_host_name_;
325 ASSERT(state_ == SSL_CONNECTING);
326
327 int err = 0;
328 BIO* bio = NULL;
329
330 // First set up the context
331 if (!ssl_ctx_)
332 ssl_ctx_ = SetupSSLContext();
333
334 if (!ssl_ctx_) {
335 err = -1;
336 goto ssl_error;
337 }
338
339 bio = BIO_new_socket(static_cast<AsyncSocketAdapter*>(socket_));
340 if (!bio) {
341 err = -1;
342 goto ssl_error;
343 }
344
345 ssl_ = SSL_new(ssl_ctx_);
346 if (!ssl_) {
347 err = -1;
348 goto ssl_error;
349 }
350
351 SSL_set_app_data(ssl_, this);
352
353 SSL_set_bio(ssl_, bio, bio);
354 SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE |
355 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
356
357 // the SSL object owns the bio now
358 bio = NULL;
359
360 // Do the connect
361 err = ContinueSSL();
362 if (err != 0)
363 goto ssl_error;
364
365 return err;
366
367 ssl_error:
368 Cleanup();
369 if (bio)
370 BIO_free(bio);
371
372 return err;
373 }
374
375 int
ContinueSSL()376 OpenSSLAdapter::ContinueSSL() {
377 ASSERT(state_ == SSL_CONNECTING);
378
379 // Clear the DTLS timer
380 Thread::Current()->Clear(this, MSG_TIMEOUT);
381
382 int code = SSL_connect(ssl_);
383 switch (SSL_get_error(ssl_, code)) {
384 case SSL_ERROR_NONE:
385 if (!SSLPostConnectionCheck(ssl_, ssl_host_name_.c_str())) {
386 LOG(LS_ERROR) << "TLS post connection check failed";
387 // make sure we close the socket
388 Cleanup();
389 // The connect failed so return -1 to shut down the socket
390 return -1;
391 }
392
393 state_ = SSL_CONNECTED;
394 AsyncSocketAdapter::OnConnectEvent(this);
395 #if 0 // TODO: worry about this
396 // Don't let ourselves go away during the callbacks
397 PRefPtr<OpenSSLAdapter> lock(this);
398 LOG(LS_INFO) << " -- onStreamReadable";
399 AsyncSocketAdapter::OnReadEvent(this);
400 LOG(LS_INFO) << " -- onStreamWriteable";
401 AsyncSocketAdapter::OnWriteEvent(this);
402 #endif
403 break;
404
405 case SSL_ERROR_WANT_READ:
406 LOG(LS_VERBOSE) << " -- error want read";
407 struct timeval timeout;
408 if (DTLSv1_get_timeout(ssl_, &timeout)) {
409 int delay = timeout.tv_sec * 1000 + timeout.tv_usec/1000;
410
411 Thread::Current()->PostDelayed(delay, this, MSG_TIMEOUT, 0);
412 }
413 break;
414
415 case SSL_ERROR_WANT_WRITE:
416 break;
417
418 case SSL_ERROR_ZERO_RETURN:
419 default:
420 LOG(LS_WARNING) << "ContinueSSL -- error " << code;
421 return (code != 0) ? code : -1;
422 }
423
424 return 0;
425 }
426
427 void
Error(const char * context,int err,bool signal)428 OpenSSLAdapter::Error(const char* context, int err, bool signal) {
429 LOG(LS_WARNING) << "OpenSSLAdapter::Error("
430 << context << ", " << err << ")";
431 state_ = SSL_ERROR;
432 SetError(err);
433 if (signal)
434 AsyncSocketAdapter::OnCloseEvent(this, err);
435 }
436
437 void
Cleanup()438 OpenSSLAdapter::Cleanup() {
439 LOG(LS_INFO) << "Cleanup";
440
441 state_ = SSL_NONE;
442 ssl_read_needs_write_ = false;
443 ssl_write_needs_read_ = false;
444 custom_verification_succeeded_ = false;
445
446 if (ssl_) {
447 SSL_free(ssl_);
448 ssl_ = NULL;
449 }
450
451 if (ssl_ctx_) {
452 SSL_CTX_free(ssl_ctx_);
453 ssl_ctx_ = NULL;
454 }
455
456 // Clear the DTLS timer
457 Thread::Current()->Clear(this, MSG_TIMEOUT);
458 }
459
460 //
461 // AsyncSocket Implementation
462 //
463
464 int
Send(const void * pv,size_t cb)465 OpenSSLAdapter::Send(const void* pv, size_t cb) {
466 //LOG(LS_INFO) << "OpenSSLAdapter::Send(" << cb << ")";
467
468 switch (state_) {
469 case SSL_NONE:
470 return AsyncSocketAdapter::Send(pv, cb);
471
472 case SSL_WAIT:
473 case SSL_CONNECTING:
474 SetError(EWOULDBLOCK);
475 return SOCKET_ERROR;
476
477 case SSL_CONNECTED:
478 break;
479
480 case SSL_ERROR:
481 default:
482 return SOCKET_ERROR;
483 }
484
485 // OpenSSL will return an error if we try to write zero bytes
486 if (cb == 0)
487 return 0;
488
489 ssl_write_needs_read_ = false;
490
491 int code = SSL_write(ssl_, pv, checked_cast<int>(cb));
492 switch (SSL_get_error(ssl_, code)) {
493 case SSL_ERROR_NONE:
494 //LOG(LS_INFO) << " -- success";
495 return code;
496 case SSL_ERROR_WANT_READ:
497 //LOG(LS_INFO) << " -- error want read";
498 ssl_write_needs_read_ = true;
499 SetError(EWOULDBLOCK);
500 break;
501 case SSL_ERROR_WANT_WRITE:
502 //LOG(LS_INFO) << " -- error want write";
503 SetError(EWOULDBLOCK);
504 break;
505 case SSL_ERROR_ZERO_RETURN:
506 //LOG(LS_INFO) << " -- remote side closed";
507 SetError(EWOULDBLOCK);
508 // do we need to signal closure?
509 break;
510 default:
511 //LOG(LS_INFO) << " -- error " << code;
512 Error("SSL_write", (code ? code : -1), false);
513 break;
514 }
515
516 return SOCKET_ERROR;
517 }
518
519 int
SendTo(const void * pv,size_t cb,const SocketAddress & addr)520 OpenSSLAdapter::SendTo(const void* pv, size_t cb, const SocketAddress& addr) {
521 if (socket_->GetState() == Socket::CS_CONNECTED &&
522 addr == socket_->GetRemoteAddress()) {
523 return Send(pv, cb);
524 }
525
526 SetError(ENOTCONN);
527
528 return SOCKET_ERROR;
529 }
530
531 int
Recv(void * pv,size_t cb)532 OpenSSLAdapter::Recv(void* pv, size_t cb) {
533 //LOG(LS_INFO) << "OpenSSLAdapter::Recv(" << cb << ")";
534 switch (state_) {
535
536 case SSL_NONE:
537 return AsyncSocketAdapter::Recv(pv, cb);
538
539 case SSL_WAIT:
540 case SSL_CONNECTING:
541 SetError(EWOULDBLOCK);
542 return SOCKET_ERROR;
543
544 case SSL_CONNECTED:
545 break;
546
547 case SSL_ERROR:
548 default:
549 return SOCKET_ERROR;
550 }
551
552 // Don't trust OpenSSL with zero byte reads
553 if (cb == 0)
554 return 0;
555
556 ssl_read_needs_write_ = false;
557
558 int code = SSL_read(ssl_, pv, checked_cast<int>(cb));
559 switch (SSL_get_error(ssl_, code)) {
560 case SSL_ERROR_NONE:
561 //LOG(LS_INFO) << " -- success";
562 return code;
563 case SSL_ERROR_WANT_READ:
564 //LOG(LS_INFO) << " -- error want read";
565 SetError(EWOULDBLOCK);
566 break;
567 case SSL_ERROR_WANT_WRITE:
568 //LOG(LS_INFO) << " -- error want write";
569 ssl_read_needs_write_ = true;
570 SetError(EWOULDBLOCK);
571 break;
572 case SSL_ERROR_ZERO_RETURN:
573 //LOG(LS_INFO) << " -- remote side closed";
574 SetError(EWOULDBLOCK);
575 // do we need to signal closure?
576 break;
577 default:
578 //LOG(LS_INFO) << " -- error " << code;
579 Error("SSL_read", (code ? code : -1), false);
580 break;
581 }
582
583 return SOCKET_ERROR;
584 }
585
586 int
RecvFrom(void * pv,size_t cb,SocketAddress * paddr)587 OpenSSLAdapter::RecvFrom(void* pv, size_t cb, SocketAddress* paddr) {
588 if (socket_->GetState() == Socket::CS_CONNECTED) {
589 int ret = Recv(pv, cb);
590
591 *paddr = GetRemoteAddress();
592
593 return ret;
594 }
595
596 SetError(ENOTCONN);
597
598 return SOCKET_ERROR;
599 }
600
601 int
Close()602 OpenSSLAdapter::Close() {
603 Cleanup();
604 state_ = restartable_ ? SSL_WAIT : SSL_NONE;
605 return AsyncSocketAdapter::Close();
606 }
607
608 Socket::ConnState
GetState() const609 OpenSSLAdapter::GetState() const {
610 //if (signal_close_)
611 // return CS_CONNECTED;
612 ConnState state = socket_->GetState();
613 if ((state == CS_CONNECTED)
614 && ((state_ == SSL_WAIT) || (state_ == SSL_CONNECTING)))
615 state = CS_CONNECTING;
616 return state;
617 }
618
619 void
OnMessage(Message * msg)620 OpenSSLAdapter::OnMessage(Message* msg) {
621 if (MSG_TIMEOUT == msg->message_id) {
622 LOG(LS_INFO) << "DTLS timeout expired";
623 DTLSv1_handle_timeout(ssl_);
624 ContinueSSL();
625 }
626 }
627
628 void
OnConnectEvent(AsyncSocket * socket)629 OpenSSLAdapter::OnConnectEvent(AsyncSocket* socket) {
630 LOG(LS_INFO) << "OpenSSLAdapter::OnConnectEvent";
631 if (state_ != SSL_WAIT) {
632 ASSERT(state_ == SSL_NONE);
633 AsyncSocketAdapter::OnConnectEvent(socket);
634 return;
635 }
636
637 state_ = SSL_CONNECTING;
638 if (int err = BeginSSL()) {
639 AsyncSocketAdapter::OnCloseEvent(socket, err);
640 }
641 }
642
643 void
OnReadEvent(AsyncSocket * socket)644 OpenSSLAdapter::OnReadEvent(AsyncSocket* socket) {
645 //LOG(LS_INFO) << "OpenSSLAdapter::OnReadEvent";
646
647 if (state_ == SSL_NONE) {
648 AsyncSocketAdapter::OnReadEvent(socket);
649 return;
650 }
651
652 if (state_ == SSL_CONNECTING) {
653 if (int err = ContinueSSL()) {
654 Error("ContinueSSL", err);
655 }
656 return;
657 }
658
659 if (state_ != SSL_CONNECTED)
660 return;
661
662 // Don't let ourselves go away during the callbacks
663 //PRefPtr<OpenSSLAdapter> lock(this); // TODO: fix this
664 if (ssl_write_needs_read_) {
665 //LOG(LS_INFO) << " -- onStreamWriteable";
666 AsyncSocketAdapter::OnWriteEvent(socket);
667 }
668
669 //LOG(LS_INFO) << " -- onStreamReadable";
670 AsyncSocketAdapter::OnReadEvent(socket);
671 }
672
673 void
OnWriteEvent(AsyncSocket * socket)674 OpenSSLAdapter::OnWriteEvent(AsyncSocket* socket) {
675 //LOG(LS_INFO) << "OpenSSLAdapter::OnWriteEvent";
676
677 if (state_ == SSL_NONE) {
678 AsyncSocketAdapter::OnWriteEvent(socket);
679 return;
680 }
681
682 if (state_ == SSL_CONNECTING) {
683 if (int err = ContinueSSL()) {
684 Error("ContinueSSL", err);
685 }
686 return;
687 }
688
689 if (state_ != SSL_CONNECTED)
690 return;
691
692 // Don't let ourselves go away during the callbacks
693 //PRefPtr<OpenSSLAdapter> lock(this); // TODO: fix this
694
695 if (ssl_read_needs_write_) {
696 //LOG(LS_INFO) << " -- onStreamReadable";
697 AsyncSocketAdapter::OnReadEvent(socket);
698 }
699
700 //LOG(LS_INFO) << " -- onStreamWriteable";
701 AsyncSocketAdapter::OnWriteEvent(socket);
702 }
703
704 void
OnCloseEvent(AsyncSocket * socket,int err)705 OpenSSLAdapter::OnCloseEvent(AsyncSocket* socket, int err) {
706 LOG(LS_INFO) << "OpenSSLAdapter::OnCloseEvent(" << err << ")";
707 AsyncSocketAdapter::OnCloseEvent(socket, err);
708 }
709
710 // This code is taken from the "Network Security with OpenSSL"
711 // sample in chapter 5
712
VerifyServerName(SSL * ssl,const char * host,bool ignore_bad_cert)713 bool OpenSSLAdapter::VerifyServerName(SSL* ssl, const char* host,
714 bool ignore_bad_cert) {
715 if (!host)
716 return false;
717
718 // Checking the return from SSL_get_peer_certificate here is not strictly
719 // necessary. With our setup, it is not possible for it to return
720 // NULL. However, it is good form to check the return.
721 X509* certificate = SSL_get_peer_certificate(ssl);
722 if (!certificate)
723 return false;
724
725 // Logging certificates is extremely verbose. So it is disabled by default.
726 #ifdef LOG_CERTIFICATES
727 {
728 LOG(LS_INFO) << "Certificate from server:";
729 BIO* mem = BIO_new(BIO_s_mem());
730 X509_print_ex(mem, certificate, XN_FLAG_SEP_CPLUS_SPC, X509_FLAG_NO_HEADER);
731 BIO_write(mem, "\0", 1);
732 char* buffer;
733 BIO_get_mem_data(mem, &buffer);
734 LOG(LS_INFO) << buffer;
735 BIO_free(mem);
736
737 char* cipher_description =
738 SSL_CIPHER_description(SSL_get_current_cipher(ssl), NULL, 128);
739 LOG(LS_INFO) << "Cipher: " << cipher_description;
740 OPENSSL_free(cipher_description);
741 }
742 #endif
743
744 bool ok = false;
745 int extension_count = X509_get_ext_count(certificate);
746 for (int i = 0; i < extension_count; ++i) {
747 X509_EXTENSION* extension = X509_get_ext(certificate, i);
748 int extension_nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
749
750 if (extension_nid == NID_subject_alt_name) {
751 const X509V3_EXT_METHOD* meth = X509V3_EXT_get(extension);
752 if (!meth)
753 break;
754
755 void* ext_str = NULL;
756
757 // We assign this to a local variable, instead of passing the address
758 // directly to ASN1_item_d2i.
759 // See http://readlist.com/lists/openssl.org/openssl-users/0/4761.html.
760 unsigned char* ext_value_data = extension->value->data;
761
762 const unsigned char **ext_value_data_ptr =
763 (const_cast<const unsigned char **>(&ext_value_data));
764
765 if (meth->it) {
766 ext_str = ASN1_item_d2i(NULL, ext_value_data_ptr,
767 extension->value->length,
768 ASN1_ITEM_ptr(meth->it));
769 } else {
770 ext_str = meth->d2i(NULL, ext_value_data_ptr, extension->value->length);
771 }
772
773 STACK_OF(CONF_VALUE)* value = meth->i2v(meth, ext_str, NULL);
774
775 // Cast to size_t to be compilable for both OpenSSL and BoringSSL.
776 for (size_t j = 0; j < static_cast<size_t>(sk_CONF_VALUE_num(value));
777 ++j) {
778 CONF_VALUE* nval = sk_CONF_VALUE_value(value, j);
779 // The value for nval can contain wildcards
780 if (!strcmp(nval->name, "DNS") && string_match(host, nval->value)) {
781 ok = true;
782 break;
783 }
784 }
785 sk_CONF_VALUE_pop_free(value, X509V3_conf_free);
786 value = NULL;
787
788 if (meth->it) {
789 ASN1_item_free(reinterpret_cast<ASN1_VALUE*>(ext_str),
790 ASN1_ITEM_ptr(meth->it));
791 } else {
792 meth->ext_free(ext_str);
793 }
794 ext_str = NULL;
795 }
796 if (ok)
797 break;
798 }
799
800 char data[256];
801 X509_NAME* subject;
802 if (!ok
803 && ((subject = X509_get_subject_name(certificate)) != NULL)
804 && (X509_NAME_get_text_by_NID(subject, NID_commonName,
805 data, sizeof(data)) > 0)) {
806 data[sizeof(data)-1] = 0;
807 if (_stricmp(data, host) == 0)
808 ok = true;
809 }
810
811 X509_free(certificate);
812
813 // This should only ever be turned on for debugging and development.
814 if (!ok && ignore_bad_cert) {
815 LOG(LS_WARNING) << "TLS certificate check FAILED. "
816 << "Allowing connection anyway.";
817 ok = true;
818 }
819
820 return ok;
821 }
822
SSLPostConnectionCheck(SSL * ssl,const char * host)823 bool OpenSSLAdapter::SSLPostConnectionCheck(SSL* ssl, const char* host) {
824 bool ok = VerifyServerName(ssl, host, ignore_bad_cert());
825
826 if (ok) {
827 ok = (SSL_get_verify_result(ssl) == X509_V_OK ||
828 custom_verification_succeeded_);
829 }
830
831 if (!ok && ignore_bad_cert()) {
832 LOG(LS_INFO) << "Other TLS post connection checks failed.";
833 ok = true;
834 }
835
836 return ok;
837 }
838
839 #if !defined(NDEBUG)
840
841 // We only use this for tracing and so it is only needed in debug mode
842
843 void
SSLInfoCallback(const SSL * s,int where,int ret)844 OpenSSLAdapter::SSLInfoCallback(const SSL* s, int where, int ret) {
845 const char* str = "undefined";
846 int w = where & ~SSL_ST_MASK;
847 if (w & SSL_ST_CONNECT) {
848 str = "SSL_connect";
849 } else if (w & SSL_ST_ACCEPT) {
850 str = "SSL_accept";
851 }
852 if (where & SSL_CB_LOOP) {
853 LOG(LS_INFO) << str << ":" << SSL_state_string_long(s);
854 } else if (where & SSL_CB_ALERT) {
855 str = (where & SSL_CB_READ) ? "read" : "write";
856 LOG(LS_INFO) << "SSL3 alert " << str
857 << ":" << SSL_alert_type_string_long(ret)
858 << ":" << SSL_alert_desc_string_long(ret);
859 } else if (where & SSL_CB_EXIT) {
860 if (ret == 0) {
861 LOG(LS_INFO) << str << ":failed in " << SSL_state_string_long(s);
862 } else if (ret < 0) {
863 LOG(LS_INFO) << str << ":error in " << SSL_state_string_long(s);
864 }
865 }
866 }
867
868 #endif
869
870 int
SSLVerifyCallback(int ok,X509_STORE_CTX * store)871 OpenSSLAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
872 #if !defined(NDEBUG)
873 if (!ok) {
874 char data[256];
875 X509* cert = X509_STORE_CTX_get_current_cert(store);
876 int depth = X509_STORE_CTX_get_error_depth(store);
877 int err = X509_STORE_CTX_get_error(store);
878
879 LOG(LS_INFO) << "Error with certificate at depth: " << depth;
880 X509_NAME_oneline(X509_get_issuer_name(cert), data, sizeof(data));
881 LOG(LS_INFO) << " issuer = " << data;
882 X509_NAME_oneline(X509_get_subject_name(cert), data, sizeof(data));
883 LOG(LS_INFO) << " subject = " << data;
884 LOG(LS_INFO) << " err = " << err
885 << ":" << X509_verify_cert_error_string(err);
886 }
887 #endif
888
889 // Get our stream pointer from the store
890 SSL* ssl = reinterpret_cast<SSL*>(
891 X509_STORE_CTX_get_ex_data(store,
892 SSL_get_ex_data_X509_STORE_CTX_idx()));
893
894 OpenSSLAdapter* stream =
895 reinterpret_cast<OpenSSLAdapter*>(SSL_get_app_data(ssl));
896
897 if (!ok && custom_verify_callback_) {
898 void* cert =
899 reinterpret_cast<void*>(X509_STORE_CTX_get_current_cert(store));
900 if (custom_verify_callback_(cert)) {
901 stream->custom_verification_succeeded_ = true;
902 LOG(LS_INFO) << "validated certificate using custom callback";
903 ok = true;
904 }
905 }
906
907 // Should only be used for debugging and development.
908 if (!ok && stream->ignore_bad_cert()) {
909 LOG(LS_WARNING) << "Ignoring cert error while verifying cert chain";
910 ok = 1;
911 }
912
913 return ok;
914 }
915
ConfigureTrustedRootCertificates(SSL_CTX * ctx)916 bool OpenSSLAdapter::ConfigureTrustedRootCertificates(SSL_CTX* ctx) {
917 // Add the root cert that we care about to the SSL context
918 int count_of_added_certs = 0;
919 for (size_t i = 0; i < arraysize(kSSLCertCertificateList); i++) {
920 const unsigned char* cert_buffer = kSSLCertCertificateList[i];
921 size_t cert_buffer_len = kSSLCertCertificateSizeList[i];
922 X509* cert = d2i_X509(NULL, &cert_buffer,
923 checked_cast<long>(cert_buffer_len));
924 if (cert) {
925 int return_value = X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx), cert);
926 if (return_value == 0) {
927 LOG(LS_WARNING) << "Unable to add certificate.";
928 } else {
929 count_of_added_certs++;
930 }
931 X509_free(cert);
932 }
933 }
934 return count_of_added_certs > 0;
935 }
936
937 SSL_CTX*
SetupSSLContext()938 OpenSSLAdapter::SetupSSLContext() {
939 SSL_CTX* ctx = SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ?
940 DTLSv1_client_method() : TLSv1_client_method());
941 if (ctx == NULL) {
942 unsigned long error = ERR_get_error(); // NOLINT: type used by OpenSSL.
943 LOG(LS_WARNING) << "SSL_CTX creation failed: "
944 << '"' << ERR_reason_error_string(error) << "\" "
945 << "(error=" << error << ')';
946 return NULL;
947 }
948 if (!ConfigureTrustedRootCertificates(ctx)) {
949 SSL_CTX_free(ctx);
950 return NULL;
951 }
952
953 #if !defined(NDEBUG)
954 SSL_CTX_set_info_callback(ctx, SSLInfoCallback);
955 #endif
956
957 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback);
958 SSL_CTX_set_verify_depth(ctx, 4);
959 SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
960
961 if (ssl_mode_ == SSL_MODE_DTLS) {
962 SSL_CTX_set_read_ahead(ctx, 1);
963 }
964
965 return ctx;
966 }
967
968 } // namespace rtc
969
970 #endif // HAVE_OPENSSL_SSL_H
971