webrtc/base/opensslstreamadapter.cc - Issue 2877023002: Move webrtc/{base => rtc_base}

Unified Diff: webrtc/base/opensslstreamadapter.cc

Issue 2877023002: Move webrtc/{base => rtc_base} (Closed)

Patch Set: update presubmit.py and DEPS include rules Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Index: webrtc/base/opensslstreamadapter.cc

diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc

deleted file mode 100644

index d1c16a126eb9a06b8acf8c9cf842d4d9371ab8ec..0000000000000000000000000000000000000000

--- a/webrtc/base/opensslstreamadapter.cc

+++ /dev/null

@@ -1,1219 +0,0 @@

-/*

- *

- * Use of this source code is governed by a BSD-style license

- * that can be found in the LICENSE file in the root of the source

- * tree. An additional intellectual property rights grant can be found

- * in the file PATENTS. All contributing project authors may

- * be found in the AUTHORS file in the root of the source tree.

- */

-#include "webrtc/base/opensslstreamadapter.h"

-#include <openssl/bio.h>

-#include <openssl/crypto.h>

-#include <openssl/err.h>

-#include <openssl/rand.h>

-#include <openssl/tls1.h>

-#include <openssl/x509v3.h>

-#ifndef OPENSSL_IS_BORINGSSL

-#include <openssl/dtls1.h>

-#include <openssl/ssl.h>

-#endif

-#include <memory>

-#include <vector>

-#include "webrtc/base/checks.h"

-#include "webrtc/base/logging.h"

-#include "webrtc/base/safe_conversions.h"

-#include "webrtc/base/stream.h"

-#include "webrtc/base/openssl.h"

-#include "webrtc/base/openssladapter.h"

-#include "webrtc/base/openssldigest.h"

-#include "webrtc/base/opensslidentity.h"

-#include "webrtc/base/stringutils.h"

-#include "webrtc/base/timeutils.h"

-#include "webrtc/base/thread.h"

-namespace {

- bool g_use_time_callback_for_testing = false;

-namespace rtc {

-#if (OPENSSL_VERSION_NUMBER < 0x10001000L)

-#error "webrtc requires at least OpenSSL version 1.0.1, to support DTLS-SRTP"

-#endif

-// SRTP cipher suite table. |internal_name| is used to construct a

-// colon-separated profile strings which is needed by

-// SSL_CTX_set_tlsext_use_srtp().

-struct SrtpCipherMapEntry {

- const char* internal_name;

- const int id;

-};

-// This isn't elegant, but it's better than an external reference

-static SrtpCipherMapEntry SrtpCipherMap[] = {

- {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80},

- {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32},

- {"SRTP_AEAD_AES_128_GCM", SRTP_AEAD_AES_128_GCM},

- {"SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM},

- {nullptr, 0}};

-#ifdef OPENSSL_IS_BORINGSSL

-// Not used in production code. Actual time should be relative to Jan 1, 1970.

-static void TimeCallbackForTesting(const SSL* ssl, struct timeval* out_clock) {

- int64_t time = TimeNanos();

- out_clock->tv_sec = time / kNumNanosecsPerSec;

- out_clock->tv_usec = (time % kNumNanosecsPerSec) / kNumNanosecsPerMicrosec;

-#else // #ifdef OPENSSL_IS_BORINGSSL

-// Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.

-struct SslCipherMapEntry {

- uint32_t openssl_id;

- const char* rfc_name;

-};

-#define DEFINE_CIPHER_ENTRY_SSL3(name) {SSL3_CK_##name, "TLS_"#name}

-#define DEFINE_CIPHER_ENTRY_TLS1(name) {TLS1_CK_##name, "TLS_"#name}

-// There currently is no method available to get a RFC-compliant name for a

-// cipher suite from BoringSSL, so we need to define the mapping manually here.

-// This should go away once BoringSSL supports "SSL_CIPHER_standard_name"

-// (as available in OpenSSL if compiled with tracing enabled) or a similar

-// method.

-static const SslCipherMapEntry kSslCipherMap[] = {

- // TLS v1.0 ciphersuites from RFC2246.

- DEFINE_CIPHER_ENTRY_SSL3(RSA_RC4_128_SHA),

- {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},

- // AES ciphersuites from RFC3268.

- {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},

- {TLS1_CK_DHE_RSA_WITH_AES_128_SHA, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},

- {TLS1_CK_RSA_WITH_AES_256_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA"},

- {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},

- // ECC ciphersuites from RFC4492.

- DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_RC4_128_SHA),

- {TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,

- "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},

- DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_CBC_SHA),

- DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_CBC_SHA),

- DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_RC4_128_SHA),

- {TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,

- "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},

- DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_CBC_SHA),

- DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_CBC_SHA),

- // TLS v1.2 ciphersuites.

- {TLS1_CK_RSA_WITH_AES_128_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256"},

- {TLS1_CK_RSA_WITH_AES_256_SHA256, "TLS_RSA_WITH_AES_256_CBC_SHA256"},

- {TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,

- "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},

- {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,

- "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},

- // TLS v1.2 GCM ciphersuites from RFC5288.

- DEFINE_CIPHER_ENTRY_TLS1(RSA_WITH_AES_128_GCM_SHA256),

- DEFINE_CIPHER_ENTRY_TLS1(RSA_WITH_AES_256_GCM_SHA384),

- DEFINE_CIPHER_ENTRY_TLS1(DHE_RSA_WITH_AES_128_GCM_SHA256),

- DEFINE_CIPHER_ENTRY_TLS1(DHE_RSA_WITH_AES_256_GCM_SHA384),

- DEFINE_CIPHER_ENTRY_TLS1(DH_RSA_WITH_AES_128_GCM_SHA256),

- DEFINE_CIPHER_ENTRY_TLS1(DH_RSA_WITH_AES_256_GCM_SHA384),

- // ECDH HMAC based ciphersuites from RFC5289.

- {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,

- "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},

- {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,

- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},

- {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,

- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},

- {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,

- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},

- // ECDH GCM based ciphersuites from RFC5289.

- DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),

- DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384),

- DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256),

- DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384),

- {0, nullptr}};

-#endif // #ifndef OPENSSL_IS_BORINGSSL

-#if defined(_MSC_VER)

-#pragma warning(push)

-#pragma warning(disable : 4309)

-#pragma warning(disable : 4310)

-#endif // defined(_MSC_VER)

-#if defined(_MSC_VER)

-#pragma warning(pop)

-#endif // defined(_MSC_VER)

-//////////////////////////////////////////////////////////////////////

-// StreamBIO

-//////////////////////////////////////////////////////////////////////

-static int stream_write(BIO* h, const char* buf, int num);

-static int stream_read(BIO* h, char* buf, int size);

-static int stream_puts(BIO* h, const char* str);

-static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2);

-static int stream_new(BIO* h);

-static int stream_free(BIO* data);

-// TODO(davidben): This should be const once BoringSSL is assumed.

-static BIO_METHOD methods_stream = {

- BIO_TYPE_BIO, "stream", stream_write, stream_read, stream_puts, 0,

- stream_ctrl, stream_new, stream_free, nullptr,

-};

-static BIO_METHOD* BIO_s_stream() { return(&methods_stream); }

-static BIO* BIO_new_stream(StreamInterface* stream) {

- BIO* ret = BIO_new(BIO_s_stream());

- if (ret == nullptr)

- return nullptr;

- ret->ptr = stream;

- return ret;

-// bio methods return 1 (or at least non-zero) on success and 0 on failure.

-static int stream_new(BIO* b) {

- b->shutdown = 0;

- b->init = 1;

- b->num = 0; // 1 means end-of-stream

- b->ptr = 0;

- return 1;

-static int stream_free(BIO* b) {

- if (b == nullptr)

- return 0;

- return 1;

-static int stream_read(BIO* b, char* out, int outl) {

- if (!out)

- return -1;

- StreamInterface* stream = static_cast<StreamInterface*>(b->ptr);

- BIO_clear_retry_flags(b);

- size_t read;

- int error;

- StreamResult result = stream->Read(out, outl, &read, &error);

- if (result == SR_SUCCESS) {

- return checked_cast<int>(read);

- } else if (result == SR_EOS) {

- b->num = 1;

- } else if (result == SR_BLOCK) {

- BIO_set_retry_read(b);

- }

- return -1;

-static int stream_write(BIO* b, const char* in, int inl) {

- if (!in)

- return -1;

- StreamInterface* stream = static_cast<StreamInterface*>(b->ptr);

- BIO_clear_retry_flags(b);

- size_t written;

- int error;

- StreamResult result = stream->Write(in, inl, &written, &error);

- if (result == SR_SUCCESS) {

- return checked_cast<int>(written);

- } else if (result == SR_BLOCK) {

- BIO_set_retry_write(b);

- }

- return -1;

-static int stream_puts(BIO* b, const char* str) {

- return stream_write(b, str, checked_cast<int>(strlen(str)));

-static long stream_ctrl(BIO* b, int cmd, long num, void* ptr) {

- switch (cmd) {

- case BIO_CTRL_RESET:

- return 0;

- case BIO_CTRL_EOF:

- return b->num;

- case BIO_CTRL_WPENDING:

- case BIO_CTRL_PENDING:

- return 0;

- case BIO_CTRL_FLUSH:

- return 1;

- case BIO_CTRL_DGRAM_QUERY_MTU:

- // openssl defaults to mtu=256 unless we return something here.

- // The handshake doesn't actually need to send packets above 1k,

- // so this seems like a sensible value that should work in most cases.

- // Webrtc uses the same value for video packets.

- return 1200;

- default:

- return 0;

- }

-/////////////////////////////////////////////////////////////////////////////

-// OpenSSLStreamAdapter

-/////////////////////////////////////////////////////////////////////////////

-OpenSSLStreamAdapter::OpenSSLStreamAdapter(StreamInterface* stream)

- : SSLStreamAdapter(stream),

- state_(SSL_NONE),

- role_(SSL_CLIENT),

- ssl_read_needs_write_(false),

- ssl_write_needs_read_(false),

- ssl_(nullptr),

- ssl_ctx_(nullptr),

- ssl_mode_(SSL_MODE_TLS),

- ssl_max_version_(SSL_PROTOCOL_TLS_12) {}

-OpenSSLStreamAdapter::~OpenSSLStreamAdapter() {

- Cleanup(0);

-void OpenSSLStreamAdapter::SetIdentity(SSLIdentity* identity) {

- RTC_DCHECK(!identity_);

- identity_.reset(static_cast<OpenSSLIdentity*>(identity));

-void OpenSSLStreamAdapter::SetServerRole(SSLRole role) {

- role_ = role;

-std::unique_ptr<SSLCertificate> OpenSSLStreamAdapter::GetPeerCertificate()

- const {

- return peer_certificate_ ? std::unique_ptr<SSLCertificate>(

- peer_certificate_->GetReference())

- : nullptr;

-bool OpenSSLStreamAdapter::SetPeerCertificateDigest(

- const std::string& digest_alg,

- const unsigned char* digest_val,

- size_t digest_len,

- SSLPeerCertificateDigestError* error) {

- RTC_DCHECK(!peer_certificate_verified_);

- RTC_DCHECK(!has_peer_certificate_digest());

- size_t expected_len;

- if (error) {

- *error = SSLPeerCertificateDigestError::NONE;

- }

- if (!OpenSSLDigest::GetDigestSize(digest_alg, &expected_len)) {

- LOG(LS_WARNING) << "Unknown digest algorithm: " << digest_alg;

- if (error) {

- *error = SSLPeerCertificateDigestError::UNKNOWN_ALGORITHM;

- }

- return false;

- }

- if (expected_len != digest_len) {

- if (error) {

- *error = SSLPeerCertificateDigestError::INVALID_LENGTH;

- }

- return false;

- }

- peer_certificate_digest_value_.SetData(digest_val, digest_len);

- peer_certificate_digest_algorithm_ = digest_alg;

- if (!peer_certificate_) {

- // Normal case, where the digest is set before we obtain the certificate

- // from the handshake.

- return true;

- }

- if (!VerifyPeerCertificate()) {

- Error("SetPeerCertificateDigest", -1, SSL_AD_BAD_CERTIFICATE, false);

- if (error) {

- *error = SSLPeerCertificateDigestError::VERIFICATION_FAILED;

- }

- return false;

- }

- if (state_ == SSL_CONNECTED) {

- // Post the event asynchronously to unwind the stack. The caller

- // of ContinueSSL may be the same object listening for these

- // events and may not be prepared for reentrancy.

- PostEvent(SE_OPEN | SE_READ | SE_WRITE, 0);

- }

- return true;

-std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {

-#ifdef OPENSSL_IS_BORINGSSL

- const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite);

- if (!ssl_cipher) {

- return std::string();

- }

- char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher);

- std::string rfc_name = std::string(cipher_name);

- OPENSSL_free(cipher_name);

- return rfc_name;

-#else

- for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name;

- ++entry) {

- if (cipher_suite == static_cast<int>(entry->openssl_id)) {

- return entry->rfc_name;

- }

- return std::string();

-#endif

-bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) {

- if (state_ != SSL_CONNECTED)

- return false;

- const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_);

- if (current_cipher == nullptr) {

- return false;

- }

- *cipher_suite = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));

- return true;

-int OpenSSLStreamAdapter::GetSslVersion() const {

- if (state_ != SSL_CONNECTED)

- return -1;

- int ssl_version = SSL_version(ssl_);

- if (ssl_mode_ == SSL_MODE_DTLS) {

- if (ssl_version == DTLS1_VERSION)

- return SSL_PROTOCOL_DTLS_10;

- else if (ssl_version == DTLS1_2_VERSION)

- return SSL_PROTOCOL_DTLS_12;

- } else {

- if (ssl_version == TLS1_VERSION)

- return SSL_PROTOCOL_TLS_10;

- else if (ssl_version == TLS1_1_VERSION)

- return SSL_PROTOCOL_TLS_11;

- else if (ssl_version == TLS1_2_VERSION)

- return SSL_PROTOCOL_TLS_12;

- }

- return -1;

-// Key Extractor interface

-bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,

- const uint8_t* context,

- size_t context_len,

- bool use_context,

- uint8_t* result,

- size_t result_len) {

- int i;

- i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(),

- label.length(), const_cast<uint8_t*>(context),

- context_len, use_context);

- if (i != 1)

- return false;

- return true;

-bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(

- const std::vector<int>& ciphers) {

- std::string internal_ciphers;

- if (state_ != SSL_NONE)

- return false;

- for (std::vector<int>::const_iterator cipher = ciphers.begin();

- cipher != ciphers.end(); ++cipher) {

- bool found = false;

- for (SrtpCipherMapEntry* entry = SrtpCipherMap; entry->internal_name;

- ++entry) {

- if (*cipher == entry->id) {

- found = true;

- if (!internal_ciphers.empty())

- internal_ciphers += ":";

- internal_ciphers += entry->internal_name;

- break;

- }

- if (!found) {

- LOG(LS_ERROR) << "Could not find cipher: " << *cipher;

- return false;

- }

- if (internal_ciphers.empty())

- return false;

- srtp_ciphers_ = internal_ciphers;

- return true;

-bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {

- RTC_DCHECK(state_ == SSL_CONNECTED);

- if (state_ != SSL_CONNECTED)

- return false;

- const SRTP_PROTECTION_PROFILE *srtp_profile =

- SSL_get_selected_srtp_profile(ssl_);

- if (!srtp_profile)

- return false;

- *crypto_suite = srtp_profile->id;

- RTC_DCHECK(!SrtpCryptoSuiteToName(*crypto_suite).empty());

- return true;

-bool OpenSSLStreamAdapter::IsTlsConnected() {

- return state_ == SSL_CONNECTED;

-int OpenSSLStreamAdapter::StartSSL() {

- if (state_ != SSL_NONE) {

- // Don't allow StartSSL to be called twice.

- return -1;

- }

- if (StreamAdapterInterface::GetState() != SS_OPEN) {

- state_ = SSL_WAIT;

- return 0;

- }

- state_ = SSL_CONNECTING;

- if (int err = BeginSSL()) {

- Error("BeginSSL", err, 0, false);

- return err;

- }

- return 0;

-void OpenSSLStreamAdapter::SetMode(SSLMode mode) {

- RTC_DCHECK(state_ == SSL_NONE);

- ssl_mode_ = mode;

-void OpenSSLStreamAdapter::SetMaxProtocolVersion(SSLProtocolVersion version) {

- RTC_DCHECK(ssl_ctx_ == nullptr);

- ssl_max_version_ = version;

-void OpenSSLStreamAdapter::SetInitialRetransmissionTimeout(

- int timeout_ms) {

- RTC_DCHECK(ssl_ctx_ == nullptr);

- dtls_handshake_timeout_ms_ = timeout_ms;

-//

-// StreamInterface Implementation

-//

-StreamResult OpenSSLStreamAdapter::Write(const void* data, size_t data_len,

- size_t* written, int* error) {

- LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::Write(" << data_len << ")";

- switch (state_) {

- case SSL_NONE:

- // pass-through in clear text

- return StreamAdapterInterface::Write(data, data_len, written, error);

- case SSL_WAIT:

- case SSL_CONNECTING:

- return SR_BLOCK;

- case SSL_CONNECTED:

- if (waiting_to_verify_peer_certificate()) {

- return SR_BLOCK;

- }

- break;

- case SSL_ERROR:

- case SSL_CLOSED:

- default:

- if (error)

- *error = ssl_error_code_;

- return SR_ERROR;

- }

- // OpenSSL will return an error if we try to write zero bytes

- if (data_len == 0) {

- if (written)

- *written = 0;

- return SR_SUCCESS;

- }

- ssl_write_needs_read_ = false;

- int code = SSL_write(ssl_, data, checked_cast<int>(data_len));

- int ssl_error = SSL_get_error(ssl_, code);

- switch (ssl_error) {

- case SSL_ERROR_NONE:

- LOG(LS_VERBOSE) << " -- success";

- RTC_DCHECK(0 < code && static_cast<unsigned>(code) <= data_len);

- if (written)

- *written = code;

- return SR_SUCCESS;

- case SSL_ERROR_WANT_READ:

- LOG(LS_VERBOSE) << " -- error want read";

- ssl_write_needs_read_ = true;

- return SR_BLOCK;

- case SSL_ERROR_WANT_WRITE:

- LOG(LS_VERBOSE) << " -- error want write";

- return SR_BLOCK;

- case SSL_ERROR_ZERO_RETURN:

- default:

- Error("SSL_write", (ssl_error ? ssl_error : -1), 0, false);

- if (error)

- *error = ssl_error_code_;

- return SR_ERROR;

- }

- // not reached

-StreamResult OpenSSLStreamAdapter::Read(void* data, size_t data_len,

- size_t* read, int* error) {

- LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::Read(" << data_len << ")";

- switch (state_) {

- case SSL_NONE:

- // pass-through in clear text

- return StreamAdapterInterface::Read(data, data_len, read, error);

- case SSL_WAIT:

- case SSL_CONNECTING:

- return SR_BLOCK;

- case SSL_CONNECTED:

- if (waiting_to_verify_peer_certificate()) {

- return SR_BLOCK;

- }

- break;

- case SSL_CLOSED:

- return SR_EOS;

- case SSL_ERROR:

- default:

- if (error)

- *error = ssl_error_code_;

- return SR_ERROR;

- }

- // Don't trust OpenSSL with zero byte reads

- if (data_len == 0) {

- if (read)

- *read = 0;

- return SR_SUCCESS;

- }

- ssl_read_needs_write_ = false;

- int code = SSL_read(ssl_, data, checked_cast<int>(data_len));

- int ssl_error = SSL_get_error(ssl_, code);

- switch (ssl_error) {

- case SSL_ERROR_NONE:

- LOG(LS_VERBOSE) << " -- success";

- RTC_DCHECK(0 < code && static_cast<unsigned>(code) <= data_len);

- if (read)

- *read = code;

- if (ssl_mode_ == SSL_MODE_DTLS) {

- // Enforce atomic reads -- this is a short read

- unsigned int pending = SSL_pending(ssl_);

- if (pending) {

- LOG(LS_INFO) << " -- short DTLS read. flushing";

- FlushInput(pending);

- if (error)

- *error = SSE_MSG_TRUNC;

- return SR_ERROR;

- }

- return SR_SUCCESS;

- case SSL_ERROR_WANT_READ:

- LOG(LS_VERBOSE) << " -- error want read";

- return SR_BLOCK;

- case SSL_ERROR_WANT_WRITE:

- LOG(LS_VERBOSE) << " -- error want write";

- ssl_read_needs_write_ = true;

- return SR_BLOCK;

- case SSL_ERROR_ZERO_RETURN:

- LOG(LS_VERBOSE) << " -- remote side closed";

- Close();

- return SR_EOS;

- break;

- default:

- LOG(LS_VERBOSE) << " -- error " << code;

- Error("SSL_read", (ssl_error ? ssl_error : -1), 0, false);

- if (error)

- *error = ssl_error_code_;

- return SR_ERROR;

- }

- // not reached

-void OpenSSLStreamAdapter::FlushInput(unsigned int left) {

- unsigned char buf[2048];

- while (left) {

- // This should always succeed

- int toread = (sizeof(buf) < left) ? sizeof(buf) : left;

- int code = SSL_read(ssl_, buf, toread);

- int ssl_error = SSL_get_error(ssl_, code);

- RTC_DCHECK(ssl_error == SSL_ERROR_NONE);

- if (ssl_error != SSL_ERROR_NONE) {

- LOG(LS_VERBOSE) << " -- error " << code;

- Error("SSL_read", (ssl_error ? ssl_error : -1), 0, false);

- return;

- }

- LOG(LS_VERBOSE) << " -- flushed " << code << " bytes";

- left -= code;

- }

-void OpenSSLStreamAdapter::Close() {

- Cleanup(0);

- RTC_DCHECK(state_ == SSL_CLOSED || state_ == SSL_ERROR);

- // When we're closed at SSL layer, also close the stream level which

- // performs necessary clean up. Otherwise, a new incoming packet after

- // this could overflow the stream buffer.

- StreamAdapterInterface::Close();

-StreamState OpenSSLStreamAdapter::GetState() const {

- switch (state_) {

- case SSL_WAIT:

- case SSL_CONNECTING:

- return SS_OPENING;

- case SSL_CONNECTED:

- if (waiting_to_verify_peer_certificate()) {

- return SS_OPENING;

- }

- return SS_OPEN;

- default:

- return SS_CLOSED;

- };

- // not reached

-void OpenSSLStreamAdapter::OnEvent(StreamInterface* stream, int events,

- int err) {

- int events_to_signal = 0;

- int signal_error = 0;

- RTC_DCHECK(stream == this->stream());

- if ((events & SE_OPEN)) {

- LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent SE_OPEN";

- if (state_ != SSL_WAIT) {

- RTC_DCHECK(state_ == SSL_NONE);

- events_to_signal |= SE_OPEN;

- } else {

- state_ = SSL_CONNECTING;

- if (int err = BeginSSL()) {

- Error("BeginSSL", err, 0, true);

- return;

- }

- if ((events & (SE_READ|SE_WRITE))) {

- LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent"

- << ((events & SE_READ) ? " SE_READ" : "")

- << ((events & SE_WRITE) ? " SE_WRITE" : "");

- if (state_ == SSL_NONE) {

- events_to_signal |= events & (SE_READ|SE_WRITE);

- } else if (state_ == SSL_CONNECTING) {

- if (int err = ContinueSSL()) {

- Error("ContinueSSL", err, 0, true);

- return;

- }

- } else if (state_ == SSL_CONNECTED) {

- if (((events & SE_READ) && ssl_write_needs_read_) ||

- (events & SE_WRITE)) {

- LOG(LS_VERBOSE) << " -- onStreamWriteable";

- events_to_signal |= SE_WRITE;

- }

- if (((events & SE_WRITE) && ssl_read_needs_write_) ||

- (events & SE_READ)) {

- LOG(LS_VERBOSE) << " -- onStreamReadable";

- events_to_signal |= SE_READ;

- }

- if ((events & SE_CLOSE)) {

- LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent(SE_CLOSE, " << err << ")";

- Cleanup(0);

- events_to_signal |= SE_CLOSE;

- // SE_CLOSE is the only event that uses the final parameter to OnEvent().

- RTC_DCHECK(signal_error == 0);

- signal_error = err;

- }

- if (events_to_signal)

- StreamAdapterInterface::OnEvent(stream, events_to_signal, signal_error);

-int OpenSSLStreamAdapter::BeginSSL() {

- RTC_DCHECK(state_ == SSL_CONNECTING);

- // The underlying stream has opened.

- LOG(LS_INFO) << "BeginSSL with peer.";

- BIO* bio = nullptr;

- // First set up the context.

- RTC_DCHECK(ssl_ctx_ == nullptr);

- ssl_ctx_ = SetupSSLContext();

- if (!ssl_ctx_)

- return -1;

- bio = BIO_new_stream(static_cast<StreamInterface*>(stream()));

- if (!bio)

- return -1;

- ssl_ = SSL_new(ssl_ctx_);

- if (!ssl_) {

- BIO_free(bio);

- return -1;

- }

- SSL_set_app_data(ssl_, this);

- SSL_set_bio(ssl_, bio, bio); // the SSL object owns the bio now.

- if (ssl_mode_ == SSL_MODE_DTLS) {

-#ifdef OPENSSL_IS_BORINGSSL

- DTLSv1_set_initial_timeout_duration(ssl_, dtls_handshake_timeout_ms_);

-#else

- // Enable read-ahead for DTLS so whole packets are read from internal BIO

- // before parsing. This is done internally by BoringSSL for DTLS.

- SSL_set_read_ahead(ssl_, 1);

-#endif

- }

- SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE |

- SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);

-#if !defined(OPENSSL_IS_BORINGSSL)

- // Specify an ECDH group for ECDHE ciphers, otherwise OpenSSL cannot

- // negotiate them when acting as the server. Use NIST's P-256 which is

- // commonly supported. BoringSSL doesn't need explicit configuration and has

- // a reasonable default set.

- EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);

- if (ecdh == nullptr)

- return -1;

- SSL_set_options(ssl_, SSL_OP_SINGLE_ECDH_USE);

- SSL_set_tmp_ecdh(ssl_, ecdh);

- EC_KEY_free(ecdh);

-#endif

- // Do the connect

- return ContinueSSL();

-int OpenSSLStreamAdapter::ContinueSSL() {

- LOG(LS_VERBOSE) << "ContinueSSL";

- RTC_DCHECK(state_ == SSL_CONNECTING);

- // Clear the DTLS timer

- Thread::Current()->Clear(this, MSG_TIMEOUT);

- int code = (role_ == SSL_CLIENT) ? SSL_connect(ssl_) : SSL_accept(ssl_);

- int ssl_error;

- switch (ssl_error = SSL_get_error(ssl_, code)) {

- case SSL_ERROR_NONE:

- LOG(LS_VERBOSE) << " -- success";

- // By this point, OpenSSL should have given us a certificate, or errored

- // out if one was missing.

- RTC_DCHECK(peer_certificate_ || !client_auth_enabled());

- state_ = SSL_CONNECTED;

- if (!waiting_to_verify_peer_certificate()) {

- // We have everything we need to start the connection, so signal

- // SE_OPEN. If we need a client certificate fingerprint and don't have

- // it yet, we'll instead signal SE_OPEN in SetPeerCertificateDigest.

- //

- // TODO(deadbeef): Post this event asynchronously to unwind the stack.

- // The caller of ContinueSSL may be the same object listening for these

- // events and may not be prepared for reentrancy.

- // PostEvent(SE_OPEN | SE_READ | SE_WRITE, 0);

- StreamAdapterInterface::OnEvent(stream(), SE_OPEN | SE_READ | SE_WRITE,

- 0);

- }

- break;

- case SSL_ERROR_WANT_READ: {

- LOG(LS_VERBOSE) << " -- error want read";

- struct timeval timeout;

- if (DTLSv1_get_timeout(ssl_, &timeout)) {

- int delay = timeout.tv_sec * 1000 + timeout.tv_usec/1000;

- Thread::Current()->PostDelayed(RTC_FROM_HERE, delay, this,

- MSG_TIMEOUT, 0);

- }

- break;

- case SSL_ERROR_WANT_WRITE:

- LOG(LS_VERBOSE) << " -- error want write";

- break;

- case SSL_ERROR_ZERO_RETURN:

- default:

- LOG(LS_VERBOSE) << " -- error " << code;

- SSLHandshakeError ssl_handshake_err = SSLHandshakeError::UNKNOWN;

- int err_code = ERR_peek_last_error();

- if (err_code != 0 && ERR_GET_REASON(err_code) == SSL_R_NO_SHARED_CIPHER) {

- ssl_handshake_err = SSLHandshakeError::INCOMPATIBLE_CIPHERSUITE;

- }

- SignalSSLHandshakeError(ssl_handshake_err);

- return (ssl_error != 0) ? ssl_error : -1;

- }

- return 0;

-void OpenSSLStreamAdapter::Error(const char* context,

- int err,

- uint8_t alert,

- bool signal) {

- LOG(LS_WARNING) << "OpenSSLStreamAdapter::Error(" << context << ", " << err

- << ", " << static_cast<int>(alert) << ")";

- state_ = SSL_ERROR;

- ssl_error_code_ = err;

- Cleanup(alert);

- if (signal)

- StreamAdapterInterface::OnEvent(stream(), SE_CLOSE, err);

-void OpenSSLStreamAdapter::Cleanup(uint8_t alert) {

- LOG(LS_INFO) << "Cleanup";

- if (state_ != SSL_ERROR) {

- state_ = SSL_CLOSED;

- ssl_error_code_ = 0;

- }

- if (ssl_) {

- int ret;

-// SSL_send_fatal_alert is only available in BoringSSL.

-#ifdef OPENSSL_IS_BORINGSSL

- if (alert) {

- ret = SSL_send_fatal_alert(ssl_, alert);

- if (ret < 0) {

- LOG(LS_WARNING) << "SSL_send_fatal_alert failed, error = "

- << SSL_get_error(ssl_, ret);

- }

- } else {

-#endif

- ret = SSL_shutdown(ssl_);

- if (ret < 0) {

- LOG(LS_WARNING) << "SSL_shutdown failed, error = "

- << SSL_get_error(ssl_, ret);

- }

-#ifdef OPENSSL_IS_BORINGSSL

- }

-#endif

- SSL_free(ssl_);

- ssl_ = nullptr;

- }

- if (ssl_ctx_) {

- SSL_CTX_free(ssl_ctx_);

- ssl_ctx_ = nullptr;

- }

- identity_.reset();

- peer_certificate_.reset();

- // Clear the DTLS timer

- Thread::Current()->Clear(this, MSG_TIMEOUT);

-void OpenSSLStreamAdapter::OnMessage(Message* msg) {

- // Process our own messages and then pass others to the superclass

- if (MSG_TIMEOUT == msg->message_id) {

- LOG(LS_INFO) << "DTLS timeout expired";

- DTLSv1_handle_timeout(ssl_);

- ContinueSSL();

- } else {

- StreamInterface::OnMessage(msg);

- }

-SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {

- SSL_CTX* ctx = nullptr;

-#ifdef OPENSSL_IS_BORINGSSL

- ctx = SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ?

- DTLS_method() : TLS_method());

- // Version limiting for BoringSSL will be done below.

-#else

- const SSL_METHOD* method;

- switch (ssl_max_version_) {

- case SSL_PROTOCOL_TLS_10:

- case SSL_PROTOCOL_TLS_11:

- // OpenSSL doesn't support setting min/max versions, so we always use

- // (D)TLS 1.0 if a max. version below the max. available is requested.

- if (ssl_mode_ == SSL_MODE_DTLS) {

- if (role_ == SSL_CLIENT) {

- method = DTLSv1_client_method();

- } else {

- method = DTLSv1_server_method();

- }

- } else {

- if (role_ == SSL_CLIENT) {

- method = TLSv1_client_method();

- } else {

- method = TLSv1_server_method();

- }

- break;

- case SSL_PROTOCOL_TLS_12:

- default:

- if (ssl_mode_ == SSL_MODE_DTLS) {

-#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)

- // DTLS 1.2 only available starting from OpenSSL 1.0.2

- if (role_ == SSL_CLIENT) {

- method = DTLS_client_method();

- } else {

- method = DTLS_server_method();

- }

-#else

- if (role_ == SSL_CLIENT) {

- method = DTLSv1_client_method();

- } else {

- method = DTLSv1_server_method();

- }

-#endif

- } else {

-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)

- // New API only available starting from OpenSSL 1.1.0

- if (role_ == SSL_CLIENT) {

- method = TLS_client_method();

- } else {

- method = TLS_server_method();

- }

-#else

- if (role_ == SSL_CLIENT) {

- method = SSLv23_client_method();

- } else {

- method = SSLv23_server_method();

- }

-#endif

- }

- break;

- }

- ctx = SSL_CTX_new(method);

-#endif // OPENSSL_IS_BORINGSSL

- if (ctx == nullptr)

- return nullptr;

-#ifdef OPENSSL_IS_BORINGSSL

- SSL_CTX_set_min_proto_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?

- DTLS1_VERSION : TLS1_VERSION);

- switch (ssl_max_version_) {

- case SSL_PROTOCOL_TLS_10:

- SSL_CTX_set_max_proto_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?

- DTLS1_VERSION : TLS1_VERSION);

- break;

- case SSL_PROTOCOL_TLS_11:

- SSL_CTX_set_max_proto_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?

- DTLS1_VERSION : TLS1_1_VERSION);

- break;

- case SSL_PROTOCOL_TLS_12:

- default:

- SSL_CTX_set_max_proto_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?

- DTLS1_2_VERSION : TLS1_2_VERSION);

- break;

- }

- if (g_use_time_callback_for_testing) {

- SSL_CTX_set_current_time_cb(ctx, &TimeCallbackForTesting);

- }

-#endif

- if (identity_ && !identity_->ConfigureIdentity(ctx)) {

- SSL_CTX_free(ctx);

- return nullptr;

- }

-#if !defined(NDEBUG)

- SSL_CTX_set_info_callback(ctx, OpenSSLAdapter::SSLInfoCallback);

-#endif

- int mode = SSL_VERIFY_PEER;

- if (client_auth_enabled()) {

- // Require a certificate from the client.

- // Note: Normally this is always true in production, but it may be disabled

- // for testing purposes (e.g. SSLAdapter unit tests).

- mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;

- }

- SSL_CTX_set_verify(ctx, mode, SSLVerifyCallback);

- SSL_CTX_set_verify_depth(ctx, 4);

- // Select list of available ciphers. Note that !SHA256 and !SHA384 only

- // remove HMAC-SHA256 and HMAC-SHA384 cipher suites, not GCM cipher suites

- // with SHA256 or SHA384 as the handshake hash.

- // This matches the list of SSLClientSocketOpenSSL in Chromium.

- SSL_CTX_set_cipher_list(

- ctx, "DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK");

- if (!srtp_ciphers_.empty()) {

- if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {

- SSL_CTX_free(ctx);

- return nullptr;

- }

- return ctx;

-bool OpenSSLStreamAdapter::VerifyPeerCertificate() {

- if (!has_peer_certificate_digest() || !peer_certificate_) {

- LOG(LS_WARNING) << "Missing digest or peer certificate.";

- return false;

- }

- unsigned char digest[EVP_MAX_MD_SIZE];

- size_t digest_length;

- if (!OpenSSLCertificate::ComputeDigest(

- peer_certificate_->x509(), peer_certificate_digest_algorithm_, digest,

- sizeof(digest), &digest_length)) {

- LOG(LS_WARNING) << "Failed to compute peer cert digest.";

- return false;

- }

- Buffer computed_digest(digest, digest_length);

- if (computed_digest != peer_certificate_digest_value_) {

- LOG(LS_WARNING) << "Rejected peer certificate due to mismatched digest.";

- return false;

- }

- // Ignore any verification error if the digest matches, since there is no

- // value in checking the validity of a self-signed cert issued by untrusted

- // sources.

- LOG(LS_INFO) << "Accepted peer certificate.";

- peer_certificate_verified_ = true;

- return true;

-int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {

- // Get our SSL structure from the store

- SSL* ssl = reinterpret_cast<SSL*>(

- X509_STORE_CTX_get_ex_data(store, SSL_get_ex_data_X509_STORE_CTX_idx()));

- X509* cert = X509_STORE_CTX_get_current_cert(store);

- int depth = X509_STORE_CTX_get_error_depth(store);

- // For now we ignore the parent certificates and verify the leaf against

- // the digest.

- //

- // TODO(jiayl): Verify the chain is a proper chain and report the chain to

- // |stream->peer_certificate_|.

- if (depth > 0) {

- LOG(LS_INFO) << "Ignored chained certificate at depth " << depth;

- return 1;

- }

- OpenSSLStreamAdapter* stream =

- reinterpret_cast<OpenSSLStreamAdapter*>(SSL_get_app_data(ssl));

- // Record the peer's certificate.

- stream->peer_certificate_.reset(new OpenSSLCertificate(cert));

- // If the peer certificate digest isn't known yet, we'll wait to verify

- // until it's known, and for now just return a success status.

- if (stream->peer_certificate_digest_algorithm_.empty()) {

- LOG(LS_INFO) << "Waiting to verify certificate until digest is known.";

- return 1;

- }

- return stream->VerifyPeerCertificate();

-bool OpenSSLStreamAdapter::IsBoringSsl() {

-#ifdef OPENSSL_IS_BORINGSSL

- return true;

-#else

- return false;

-#endif

-#define CDEF(X) \

- { static_cast<uint16_t>(TLS1_CK_##X & 0xffff), "TLS_" #X }

-struct cipher_list {

- uint16_t cipher;

- const char* cipher_str;

-};

-// TODO(torbjorng): Perhaps add more cipher suites to these lists.

-static const cipher_list OK_RSA_ciphers[] = {

- CDEF(ECDHE_RSA_WITH_AES_128_CBC_SHA),

- CDEF(ECDHE_RSA_WITH_AES_256_CBC_SHA),

- CDEF(ECDHE_RSA_WITH_AES_128_GCM_SHA256),

-#ifdef TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA256

- CDEF(ECDHE_RSA_WITH_AES_256_GCM_SHA256),

-#endif

-#ifdef TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

- CDEF(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256),

-#endif

-};

-static const cipher_list OK_ECDSA_ciphers[] = {

- CDEF(ECDHE_ECDSA_WITH_AES_128_CBC_SHA),

- CDEF(ECDHE_ECDSA_WITH_AES_256_CBC_SHA),

- CDEF(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),

-#ifdef TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256

- CDEF(ECDHE_ECDSA_WITH_AES_256_GCM_SHA256),

-#endif

-#ifdef TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

- CDEF(ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256),

-#endif

-};

-#undef CDEF

-bool OpenSSLStreamAdapter::IsAcceptableCipher(int cipher, KeyType key_type) {

- if (key_type == KT_RSA) {

- for (const cipher_list& c : OK_RSA_ciphers) {

- if (cipher == c.cipher)

- return true;

- }

- if (key_type == KT_ECDSA) {

- for (const cipher_list& c : OK_ECDSA_ciphers) {

- if (cipher == c.cipher)

- return true;

- }

- return false;

-bool OpenSSLStreamAdapter::IsAcceptableCipher(const std::string& cipher,

- KeyType key_type) {

- if (key_type == KT_RSA) {

- for (const cipher_list& c : OK_RSA_ciphers) {

- if (cipher == c.cipher_str)

- return true;

- }

- if (key_type == KT_ECDSA) {

- for (const cipher_list& c : OK_ECDSA_ciphers) {

- if (cipher == c.cipher_str)

- return true;

- }

- return false;

-void OpenSSLStreamAdapter::enable_time_callback_for_testing() {

- g_use_time_callback_for_testing = true;

-} // namespace rtc

« no previous file with comments | « webrtc/base/opensslstreamadapter.h ('k') | webrtc/base/optional.h » ('j') | no next file with comments »