Blame - rtc_base/openssl_stream_adapter.cc - src

blob: 9642674d452e46820f58d145309315c856c51833 [file] [log] [blame]

henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1	/*
				2	* Copyright 2004 The WebRTC Project Authors. All rights reserved.
				3	*
				4	* Use of this source code is governed by a BSD-style license
				5	* that can be found in the LICENSE file in the root of the source
				6	* tree. An additional intellectual property rights grant can be found
				7	* in the file PATENTS. All contributing project authors may
				8	* be found in the AUTHORS file in the root of the source tree.
				9	*/
				10
Steve Anton	10542f2	2019-01-11 17:11:00	[diff] [blame]	11	#include "rtc_base/openssl_stream_adapter.h"
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	12
				13	#include <openssl/bio.h>
				14	#include <openssl/crypto.h>
				15	#include <openssl/err.h>
				16	#include <openssl/rand.h>
pthatcher@webrtc.org	3ee4fe5	2015-02-11 22:34:36	[diff] [blame]	17	#include <openssl/tls1.h>
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	18	#include <openssl/x509v3.h>
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	19
				20	#include "absl/strings/string_view.h"
torbjorng	aad6780	2016-04-07 15:55:28	[diff] [blame]	21	#ifndef OPENSSL_IS_BORINGSSL
				22	#include <openssl/dtls1.h>
ssaroha	bbfed52	2016-12-12 02:42:07	[diff] [blame]	23	#include <openssl/ssl.h>
torbjorng	aad6780	2016-04-07 15:55:28	[diff] [blame]	24	#endif
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	25
Guido Urdaneta	14bba6e	2020-09-25 14:00:51	[diff] [blame]	26	#include <atomic>
jbauch	555604a	2016-04-26 10:13:22	[diff] [blame]	27	#include <memory>
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	28	#include <utility>
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	29	#include <vector>
				30
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	31	#include "api/array_view.h"
Mirko Bonadei	92ea95e	2017-09-15 04:47:31	[diff] [blame]	32	#include "rtc_base/checks.h"
				33	#include "rtc_base/logging.h"
Karl Wiberg	e40468b	2017-11-22 09:42:26	[diff] [blame]	34	#include "rtc_base/numerics/safe_conversions.h"
Mirko Bonadei	92ea95e	2017-09-15 04:47:31	[diff] [blame]	35	#include "rtc_base/openssl.h"
Steve Anton	10542f2	2019-01-11 17:11:00	[diff] [blame]	36	#include "rtc_base/openssl_adapter.h"
				37	#include "rtc_base/openssl_digest.h"
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	38	#ifdef OPENSSL_IS_BORINGSSL
				39	#include "rtc_base/boringssl_identity.h"
				40	#else
Steve Anton	10542f2	2019-01-11 17:11:00	[diff] [blame]	41	#include "rtc_base/openssl_identity.h"
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	42	#endif
				43	#include "rtc_base/openssl_utility.h"
Steve Anton	10542f2	2019-01-11 17:11:00	[diff] [blame]	44	#include "rtc_base/ssl_certificate.h"
Mirko Bonadei	92ea95e	2017-09-15 04:47:31	[diff] [blame]	45	#include "rtc_base/stream.h"
Philipp Hancke	117e692	2022-06-17 12:14:55	[diff] [blame]	46	#include "rtc_base/string_encode.h"
Mirko Bonadei	92ea95e	2017-09-15 04:47:31	[diff] [blame]	47	#include "rtc_base/thread.h"
Steve Anton	10542f2	2019-01-11 17:11:00	[diff] [blame]	48	#include "rtc_base/time_utils.h"
Harald Alvestrand	1379913	2020-03-09 18:39:36	[diff] [blame]	49	#include "system_wrappers/include/field_trial.h"
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	50
Jiawei Ou	a9c94d5	2018-01-31 07:05:07	[diff] [blame]	51	#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
				52	#error "webrtc requires at least OpenSSL version 1.1.0, to support DTLS-SRTP"
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	53	#endif
				54
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	55	// Defines for the TLS Cipher Suite Map.
				56	#define DEFINE_CIPHER_ENTRY_SSL3(name) \
				57	{ SSL3_CK_##name, "TLS_" #name }
				58	#define DEFINE_CIPHER_ENTRY_TLS1(name) \
				59	{ TLS1_CK_##name, "TLS_" #name }
				60
				61	namespace rtc {
				62	namespace {
Danil Chapovalov	5286dcf	2022-07-18 15:04:56	[diff] [blame]	63	using ::webrtc::SafeTask;
Artem Titov	96e3b99	2021-07-26 14:03:14	[diff] [blame]	64	// SRTP cipher suite table. `internal_name` is used to construct a
Guo-wei Shieh	521ed7b	2015-11-19 03:41:53	[diff] [blame]	65	// colon-separated profile strings which is needed by
				66	// SSL_CTX_set_tlsext_use_srtp().
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	67	struct SrtpCipherMapEntry {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	68	const char* internal_name;
Guo-wei Shieh	521ed7b	2015-11-19 03:41:53	[diff] [blame]	69	const int id;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	70	};
				71
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	72	// Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.
				73	struct SslCipherMapEntry {
				74	uint32_t openssl_id;
				75	const char* rfc_name;
				76	};
				77
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	78	// This isn't elegant, but it's better than an external reference
				79	constexpr SrtpCipherMapEntry kSrtpCipherMap[] = {
Mirko Bonadei	7750d80	2021-07-26 15:27:42	[diff] [blame]	80	{"SRTP_AES128_CM_SHA1_80", kSrtpAes128CmSha1_80},
				81	{"SRTP_AES128_CM_SHA1_32", kSrtpAes128CmSha1_32},
				82	{"SRTP_AEAD_AES_128_GCM", kSrtpAeadAes128Gcm},
				83	{"SRTP_AEAD_AES_256_GCM", kSrtpAeadAes256Gcm}};
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	84
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	85	#ifndef OPENSSL_IS_BORINGSSL
David Benjamin	3c1f05d	2017-12-01 22:28:03	[diff] [blame]	86	// The "SSL_CIPHER_standard_name" function is only available in OpenSSL when
				87	// compiled with tracing, so we need to define the mapping manually here.
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	88	constexpr SslCipherMapEntry kSslCipherMap[] = {
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	89	// TLS v1.0 ciphersuites from RFC2246.
				90	DEFINE_CIPHER_ENTRY_SSL3(RSA_RC4_128_SHA),
				91	{SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	92
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	93	// AES ciphersuites from RFC3268.
				94	{TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
				95	{TLS1_CK_DHE_RSA_WITH_AES_128_SHA, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
				96	{TLS1_CK_RSA_WITH_AES_256_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA"},
				97	{TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	98
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	99	// ECC ciphersuites from RFC4492.
				100	DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_RC4_128_SHA),
				101	{TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
				102	"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},
				103	DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_CBC_SHA),
				104	DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_CBC_SHA),
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	105
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	106	DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_RC4_128_SHA),
				107	{TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
				108	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},
				109	DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_CBC_SHA),
				110	DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_CBC_SHA),
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	111
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	112	// TLS v1.2 ciphersuites.
				113	{TLS1_CK_RSA_WITH_AES_128_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256"},
				114	{TLS1_CK_RSA_WITH_AES_256_SHA256, "TLS_RSA_WITH_AES_256_CBC_SHA256"},
				115	{TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
				116	"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
				117	{TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
				118	"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	119
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	120	// TLS v1.2 GCM ciphersuites from RFC5288.
				121	DEFINE_CIPHER_ENTRY_TLS1(RSA_WITH_AES_128_GCM_SHA256),
				122	DEFINE_CIPHER_ENTRY_TLS1(RSA_WITH_AES_256_GCM_SHA384),
				123	DEFINE_CIPHER_ENTRY_TLS1(DHE_RSA_WITH_AES_128_GCM_SHA256),
				124	DEFINE_CIPHER_ENTRY_TLS1(DHE_RSA_WITH_AES_256_GCM_SHA384),
				125	DEFINE_CIPHER_ENTRY_TLS1(DH_RSA_WITH_AES_128_GCM_SHA256),
				126	DEFINE_CIPHER_ENTRY_TLS1(DH_RSA_WITH_AES_256_GCM_SHA384),
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	127
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	128	// ECDH HMAC based ciphersuites from RFC5289.
				129	{TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
				130	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},
				131	{TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
				132	"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},
				133	{TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
				134	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
				135	{TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
				136	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	137
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	138	// ECDH GCM based ciphersuites from RFC5289.
				139	DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
				140	DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384),
				141	DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256),
				142	DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384),
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	143
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	144	{0, nullptr}};
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	145	#endif // #ifndef OPENSSL_IS_BORINGSSL
pthatcher@webrtc.org	3ee4fe5	2015-02-11 22:34:36	[diff] [blame]	146
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	147	#ifdef OPENSSL_IS_BORINGSSL
				148	// Enabled by EnableTimeCallbackForTesting. Should never be set in production
				149	// code.
				150	bool g_use_time_callback_for_testing = false;
				151	// Not used in production code. Actual time should be relative to Jan 1, 1970.
				152	void TimeCallbackForTesting(const SSL* ssl, struct timeval* out_clock) {
				153	int64_t time = TimeNanos();
				154	out_clock->tv_sec = time / kNumNanosecsPerSec;
				155	out_clock->tv_usec = (time % kNumNanosecsPerSec) / kNumNanosecsPerMicrosec;
				156	}
				157	#endif
Guo-wei Shieh	456696a	2015-10-01 04:48:54	[diff] [blame]	158
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	159	} // namespace
Guo-wei Shieh	456696a	2015-10-01 04:48:54	[diff] [blame]	160
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	161	//////////////////////////////////////////////////////////////////////
				162	// StreamBIO
				163	//////////////////////////////////////////////////////////////////////
				164
				165	static int stream_write(BIO* h, const char* buf, int num);
				166	static int stream_read(BIO* h, char* buf, int size);
				167	static int stream_puts(BIO* h, const char* str);
				168	static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2);
				169	static int stream_new(BIO* h);
				170	static int stream_free(BIO* data);
				171
Jiawei Ou	eb0df08	2018-02-02 22:51:18	[diff] [blame]	172	static BIO_METHOD* BIO_stream_method() {
				173	static BIO_METHOD* method = [] {
				174	BIO_METHOD* method = BIO_meth_new(BIO_TYPE_BIO, "stream");
				175	BIO_meth_set_write(method, stream_write);
				176	BIO_meth_set_read(method, stream_read);
				177	BIO_meth_set_puts(method, stream_puts);
				178	BIO_meth_set_ctrl(method, stream_ctrl);
				179	BIO_meth_set_create(method, stream_new);
				180	BIO_meth_set_destroy(method, stream_free);
				181	return method;
				182	}();
				183	return method;
				184	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	185
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	186	static BIO* BIO_new_stream(StreamInterface* stream) {
Jiawei Ou	eb0df08	2018-02-02 22:51:18	[diff] [blame]	187	BIO* ret = BIO_new(BIO_stream_method());
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	188	if (ret == nullptr) {
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	189	return nullptr;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	190	}
Jiawei Ou	eb0df08	2018-02-02 22:51:18	[diff] [blame]	191	BIO_set_data(ret, stream);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	192	return ret;
				193	}
				194
				195	// bio methods return 1 (or at least non-zero) on success and 0 on failure.
				196
				197	static int stream_new(BIO* b) {
Jiawei Ou	eb0df08	2018-02-02 22:51:18	[diff] [blame]	198	BIO_set_shutdown(b, 0);
				199	BIO_set_init(b, 1);
				200	BIO_set_data(b, 0);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	201	return 1;
				202	}
				203
				204	static int stream_free(BIO* b) {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	205	if (b == nullptr) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	206	return 0;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	207	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	208	return 1;
				209	}
				210
				211	static int stream_read(BIO* b, char* out, int outl) {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	212	if (!out) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	213	return -1;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	214	}
Jiawei Ou	eb0df08	2018-02-02 22:51:18	[diff] [blame]	215	StreamInterface* stream = static_cast<StreamInterface*>(BIO_get_data(b));
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	216	BIO_clear_retry_flags(b);
				217	size_t read;
				218	int error;
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	219	StreamResult result = stream->Read(
				220	rtc::MakeArrayView(reinterpret_cast<uint8_t*>(out), outl), read, error);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	221	if (result == SR_SUCCESS) {
henrike@webrtc.org	d89b69a	2014-11-06 17:23:09	[diff] [blame]	222	return checked_cast<int>(read);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	223	} else if (result == SR_BLOCK) {
				224	BIO_set_retry_read(b);
				225	}
				226	return -1;
				227	}
				228
				229	static int stream_write(BIO* b, const char* in, int inl) {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	230	if (!in) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	231	return -1;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	232	}
Jiawei Ou	eb0df08	2018-02-02 22:51:18	[diff] [blame]	233	StreamInterface* stream = static_cast<StreamInterface*>(BIO_get_data(b));
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	234	BIO_clear_retry_flags(b);
				235	size_t written;
				236	int error;
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	237	StreamResult result = stream->Write(
				238	rtc::MakeArrayView(reinterpret_cast<const uint8_t*>(in), inl), written,
				239	error);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	240	if (result == SR_SUCCESS) {
henrike@webrtc.org	d89b69a	2014-11-06 17:23:09	[diff] [blame]	241	return checked_cast<int>(written);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	242	} else if (result == SR_BLOCK) {
				243	BIO_set_retry_write(b);
				244	}
				245	return -1;
				246	}
				247
				248	static int stream_puts(BIO* b, const char* str) {
henrike@webrtc.org	d89b69a	2014-11-06 17:23:09	[diff] [blame]	249	return stream_write(b, str, checked_cast<int>(strlen(str)));
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	250	}
				251
				252	static long stream_ctrl(BIO* b, int cmd, long num, void* ptr) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	253	switch (cmd) {
				254	case BIO_CTRL_RESET:
				255	return 0;
Jiawei Ou	018dd6e	2018-01-30 20:13:48	[diff] [blame]	256	case BIO_CTRL_EOF: {
				257	StreamInterface* stream = static_cast<StreamInterface*>(ptr);
				258	// 1 means end-of-stream.
				259	return (stream->GetState() == SS_CLOSED) ? 1 : 0;
				260	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	261	case BIO_CTRL_WPENDING:
				262	case BIO_CTRL_PENDING:
				263	return 0;
				264	case BIO_CTRL_FLUSH:
				265	return 1;
Henrik Lundin	f4baca5	2015-06-10 07:45:58	[diff] [blame]	266	case BIO_CTRL_DGRAM_QUERY_MTU:
				267	// openssl defaults to mtu=256 unless we return something here.
				268	// The handshake doesn't actually need to send packets above 1k,
				269	// so this seems like a sensible value that should work in most cases.
				270	// Webrtc uses the same value for video packets.
				271	return 1200;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	272	default:
				273	return 0;
				274	}
				275	}
				276
				277	/////////////////////////////////////////////////////////////////////////////
				278	// OpenSSLStreamAdapter
				279	/////////////////////////////////////////////////////////////////////////////
				280
Harald Alvestrand	8515d5a	2020-03-20 21:51:32	[diff] [blame]	281	OpenSSLStreamAdapter::OpenSSLStreamAdapter(
Tommi	59574ca	2023-09-05 07:21:57	[diff] [blame]	282	std::unique_ptr<StreamInterface> stream,
				283	absl::AnyInvocable<void(SSLHandshakeError)> handshake_error)
Niels Möller	0131a4d	2021-04-16 07:16:21	[diff] [blame]	284	: stream_(std::move(stream)),
Tommi	59574ca	2023-09-05 07:21:57	[diff] [blame]	285	handshake_error_(std::move(handshake_error)),
Tommi	0448298	2020-10-05 12:43:53	[diff] [blame]	286	owner_(rtc::Thread::Current()),
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	287	state_(SSL_NONE),
				288	role_(SSL_CLIENT),
Guo-wei Shieh	a7446d2	2016-01-11 23:27:03	[diff] [blame]	289	ssl_read_needs_write_(false),
				290	ssl_write_needs_read_(false),
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	291	ssl_(nullptr),
				292	ssl_ctx_(nullptr),
Joachim Bauch	831c558	2015-05-20 10:48:41	[diff] [blame]	293	ssl_mode_(SSL_MODE_TLS),
Philipp Hancke	e75cd0c	2023-11-13 11:25:25	[diff] [blame]	294	ssl_max_version_(SSL_PROTOCOL_TLS_12) {
Niels Möller	0131a4d	2021-04-16 07:16:21	[diff] [blame]	295	stream_->SignalEvent.connect(this, &OpenSSLStreamAdapter::OnEvent);
				296	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	297
				298	OpenSSLStreamAdapter::~OpenSSLStreamAdapter() {
Tommi	0448298	2020-10-05 12:43:53	[diff] [blame]	299	timeout_task_.Stop();
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	300	Cleanup(0);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	301	}
				302
Harald Alvestrand	8515d5a	2020-03-20 21:51:32	[diff] [blame]	303	void OpenSSLStreamAdapter::SetIdentity(std::unique_ptr<SSLIdentity> identity) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	304	RTC_DCHECK(!identity_);
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	305	#ifdef OPENSSL_IS_BORINGSSL
				306	identity_.reset(static_cast<BoringSSLIdentity*>(identity.release()));
				307	#else
Harald Alvestrand	8515d5a	2020-03-20 21:51:32	[diff] [blame]	308	identity_.reset(static_cast<OpenSSLIdentity*>(identity.release()));
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	309	#endif
Harald Alvestrand	8515d5a	2020-03-20 21:51:32	[diff] [blame]	310	}
				311
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	312	SSLIdentity* OpenSSLStreamAdapter::GetIdentityForTesting() const {
Harald Alvestrand	8515d5a	2020-03-20 21:51:32	[diff] [blame]	313	return identity_.get();
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	314	}
				315
				316	void OpenSSLStreamAdapter::SetServerRole(SSLRole role) {
				317	role_ = role;
				318	}
				319
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	320	bool OpenSSLStreamAdapter::SetPeerCertificateDigest(
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	321	absl::string_view digest_alg,
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	322	const unsigned char* digest_val,
				323	size_t digest_len,
				324	SSLPeerCertificateDigestError* error) {
				325	RTC_DCHECK(!peer_certificate_verified_);
Benjamin Wright	5d35554	2018-10-27 00:57:00	[diff] [blame]	326	RTC_DCHECK(!HasPeerCertificateDigest());
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	327	size_t expected_len;
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	328	if (error) {
				329	*error = SSLPeerCertificateDigestError::NONE;
				330	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	331
				332	if (!OpenSSLDigest::GetDigestSize(digest_alg, &expected_len)) {
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	333	RTC_LOG(LS_WARNING) << "Unknown digest algorithm: " << digest_alg;
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	334	if (error) {
				335	*error = SSLPeerCertificateDigestError::UNKNOWN_ALGORITHM;
				336	}
deadbeef	81f6f4f	2016-09-20 00:20:52	[diff] [blame]	337	return false;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	338	}
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	339	if (expected_len != digest_len) {
				340	if (error) {
				341	*error = SSLPeerCertificateDigestError::INVALID_LENGTH;
				342	}
deadbeef	81f6f4f	2016-09-20 00:20:52	[diff] [blame]	343	return false;
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	344	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	345
				346	peer_certificate_digest_value_.SetData(digest_val, digest_len);
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	347	peer_certificate_digest_algorithm_ = std::string(digest_alg);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	348
Taylor Brandstetter	c392866	2018-02-23 21:04:51	[diff] [blame]	349	if (!peer_cert_chain_) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	350	// Normal case, where the digest is set before we obtain the certificate
				351	// from the handshake.
				352	return true;
				353	}
				354
				355	if (!VerifyPeerCertificate()) {
				356	Error("SetPeerCertificateDigest", -1, SSL_AD_BAD_CERTIFICATE, false);
				357	if (error) {
				358	*error = SSLPeerCertificateDigestError::VERIFICATION_FAILED;
				359	}
				360	return false;
				361	}
				362
				363	if (state_ == SSL_CONNECTED) {
				364	// Post the event asynchronously to unwind the stack. The caller
				365	// of ContinueSSL may be the same object listening for these
				366	// events and may not be prepared for reentrancy.
				367	PostEvent(SE_OPEN \| SE_READ \| SE_WRITE, 0);
				368	}
				369
deadbeef	81f6f4f	2016-09-20 00:20:52	[diff] [blame]	370	return true;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	371	}
				372
Guo-wei Shieh	521ed7b	2015-11-19 03:41:53	[diff] [blame]	373	std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	374	#ifdef OPENSSL_IS_BORINGSSL
Guo-wei Shieh	521ed7b	2015-11-19 03:41:53	[diff] [blame]	375	const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite);
Guo-wei Shieh	456696a	2015-10-01 04:48:54	[diff] [blame]	376	if (!ssl_cipher) {
				377	return std::string();
				378	}
David Benjamin	a8f7376	2017-09-28 19:49:42	[diff] [blame]	379	return SSL_CIPHER_standard_name(ssl_cipher);
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	380	#else
Joachim Reiersen	e457e43	2022-10-21 19:08:22	[diff] [blame]	381	const int openssl_cipher_id = 0x03000000L \| cipher_suite;
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	382	for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name;
				383	++entry) {
Joachim Reiersen	e457e43	2022-10-21 19:08:22	[diff] [blame]	384	if (openssl_cipher_id == static_cast<int>(entry->openssl_id)) {
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	385	return entry->rfc_name;
				386	}
				387	}
				388	return std::string();
				389	#endif
Guo-wei Shieh	456696a	2015-10-01 04:48:54	[diff] [blame]	390	}
pthatcher@webrtc.org	3ee4fe5	2015-02-11 22:34:36	[diff] [blame]	391
Guo-wei Shieh	521ed7b	2015-11-19 03:41:53	[diff] [blame]	392	bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	393	if (state_ != SSL_CONNECTED) {
pthatcher@webrtc.org	3ee4fe5	2015-02-11 22:34:36	[diff] [blame]	394	return false;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	395	}
pthatcher@webrtc.org	3ee4fe5	2015-02-11 22:34:36	[diff] [blame]	396
				397	const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_);
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	398	if (current_cipher == nullptr) {
pthatcher@webrtc.org	3ee4fe5	2015-02-11 22:34:36	[diff] [blame]	399	return false;
				400	}
				401
Guo-wei Shieh	521ed7b	2015-11-19 03:41:53	[diff] [blame]	402	*cipher_suite = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));
pthatcher@webrtc.org	3ee4fe5	2015-02-11 22:34:36	[diff] [blame]	403	return true;
				404	}
				405
Harald Alvestrand	5cb7807	2019-10-28 08:51:17	[diff] [blame]	406	SSLProtocolVersion OpenSSLStreamAdapter::GetSslVersion() const {
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	407	if (state_ != SSL_CONNECTED) {
Harald Alvestrand	5cb7807	2019-10-28 08:51:17	[diff] [blame]	408	return SSL_PROTOCOL_NOT_GIVEN;
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	409	}
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	410
				411	int ssl_version = SSL_version(ssl_);
				412	if (ssl_mode_ == SSL_MODE_DTLS) {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	413	if (ssl_version == DTLS1_VERSION) {
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	414	return SSL_PROTOCOL_DTLS_10;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	415	} else if (ssl_version == DTLS1_2_VERSION) {
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	416	return SSL_PROTOCOL_DTLS_12;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	417	}
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	418	} else {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	419	if (ssl_version == TLS1_VERSION) {
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	420	return SSL_PROTOCOL_TLS_10;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	421	} else if (ssl_version == TLS1_1_VERSION) {
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	422	return SSL_PROTOCOL_TLS_11;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	423	} else if (ssl_version == TLS1_2_VERSION) {
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	424	return SSL_PROTOCOL_TLS_12;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	425	}
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	426	}
				427
Harald Alvestrand	5cb7807	2019-10-28 08:51:17	[diff] [blame]	428	return SSL_PROTOCOL_NOT_GIVEN;
				429	}
				430
				431	bool OpenSSLStreamAdapter::GetSslVersionBytes(int* version) const {
				432	if (state_ != SSL_CONNECTED) {
				433	return false;
				434	}
				435	*version = SSL_version(ssl_);
				436	return true;
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	437	}
				438
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	439	// Key Extractor interface
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	440	bool OpenSSLStreamAdapter::ExportKeyingMaterial(absl::string_view label,
Peter Boström	0c4e06b	2015-10-07 10:23:21	[diff] [blame]	441	const uint8_t* context,
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	442	size_t context_len,
				443	bool use_context,
Peter Boström	0c4e06b	2015-10-07 10:23:21	[diff] [blame]	444	uint8_t* result,
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	445	size_t result_len) {
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	446	if (SSL_export_keying_material(ssl_, result, result_len, label.data(),
				447	label.length(), context, context_len,
				448	use_context) != 1) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	449	return false;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	450	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	451	return true;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	452	}
				453
Philipp Hancke	36e4dd2	2023-09-28 09:02:21	[diff] [blame]	454	uint16_t OpenSSLStreamAdapter::GetPeerSignatureAlgorithm() const {
				455	if (state_ != SSL_CONNECTED) {
				456	return 0;
				457	}
				458	#ifdef OPENSSL_IS_BORINGSSL
				459	return SSL_get_peer_signature_algorithm(ssl_);
				460	#else
				461	return kSslSignatureAlgorithmUnknown;
				462	#endif
				463	}
				464
Guo-wei Shieh	521ed7b	2015-11-19 03:41:53	[diff] [blame]	465	bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
				466	const std::vector<int>& ciphers) {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	467	if (state_ != SSL_NONE) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	468	return false;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	469	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	470
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	471	std::string internal_ciphers;
				472	for (const int cipher : ciphers) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	473	bool found = false;
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	474	for (const auto& entry : kSrtpCipherMap) {
				475	if (cipher == entry.id) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	476	found = true;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	477	if (!internal_ciphers.empty()) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	478	internal_ciphers += ":";
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	479	}
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	480	internal_ciphers += entry.internal_name;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	481	break;
				482	}
				483	}
				484
				485	if (!found) {
Benjamin Wright	8e98c60	2019-03-01 01:25:01	[diff] [blame]	486	RTC_LOG(LS_ERROR) << "Could not find cipher: " << cipher;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	487	return false;
				488	}
				489	}
				490
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	491	if (internal_ciphers.empty()) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	492	return false;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	493	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	494
				495	srtp_ciphers_ = internal_ciphers;
				496	return true;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	497	}
				498
Guo-wei Shieh	521ed7b	2015-11-19 03:41:53	[diff] [blame]	499	bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	500	RTC_DCHECK(state_ == SSL_CONNECTED);
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	501	if (state_ != SSL_CONNECTED) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	502	return false;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	503	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	504
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	505	const SRTP_PROTECTION_PROFILE* srtp_profile =
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	506	SSL_get_selected_srtp_profile(ssl_);
				507
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	508	if (!srtp_profile) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	509	return false;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	510	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	511
Guo-wei Shieh	521ed7b	2015-11-19 03:41:53	[diff] [blame]	512	*crypto_suite = srtp_profile->id;
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	513	RTC_DCHECK(!SrtpCryptoSuiteToName(*crypto_suite).empty());
Guo-wei Shieh	521ed7b	2015-11-19 03:41:53	[diff] [blame]	514	return true;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	515	}
				516
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	517	bool OpenSSLStreamAdapter::IsTlsConnected() {
				518	return state_ == SSL_CONNECTED;
				519	}
				520
Taylor Brandstetter	c8762a8	2016-08-11 19:01:49	[diff] [blame]	521	int OpenSSLStreamAdapter::StartSSL() {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	522	// Don't allow StartSSL to be called twice.
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	523	if (state_ != SSL_NONE) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	524	return -1;
				525	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	526
Niels Möller	0131a4d	2021-04-16 07:16:21	[diff] [blame]	527	if (stream_->GetState() != SS_OPEN) {
Taylor Brandstetter	c8762a8	2016-08-11 19:01:49	[diff] [blame]	528	state_ = SSL_WAIT;
				529	return 0;
				530	}
				531
				532	state_ = SSL_CONNECTING;
				533	if (int err = BeginSSL()) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	534	Error("BeginSSL", err, 0, false);
Taylor Brandstetter	c8762a8	2016-08-11 19:01:49	[diff] [blame]	535	return err;
				536	}
				537
				538	return 0;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	539	}
				540
				541	void OpenSSLStreamAdapter::SetMode(SSLMode mode) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	542	RTC_DCHECK(state_ == SSL_NONE);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	543	ssl_mode_ = mode;
				544	}
				545
Joachim Bauch	831c558	2015-05-20 10:48:41	[diff] [blame]	546	void OpenSSLStreamAdapter::SetMaxProtocolVersion(SSLProtocolVersion version) {
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	547	RTC_DCHECK(ssl_ctx_ == nullptr);
Joachim Bauch	831c558	2015-05-20 10:48:41	[diff] [blame]	548	ssl_max_version_ = version;
				549	}
				550
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	551	void OpenSSLStreamAdapter::SetInitialRetransmissionTimeout(int timeout_ms) {
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	552	RTC_DCHECK(ssl_ctx_ == nullptr);
skvlad	d030912	2017-02-03 01:18:37	[diff] [blame]	553	dtls_handshake_timeout_ms_ = timeout_ms;
				554	}
				555
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	556	//
				557	// StreamInterface Implementation
				558	//
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	559	StreamResult OpenSSLStreamAdapter::Write(rtc::ArrayView<const uint8_t> data,
				560	size_t& written,
				561	int& error) {
				562	RTC_DLOG(LS_VERBOSE) << "OpenSSLStreamAdapter::Write(" << data.size() << ")";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	563
				564	switch (state_) {
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	565	case SSL_NONE:
				566	// pass-through in clear text
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	567	return stream_->Write(data, written, error);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	568
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	569	case SSL_WAIT:
				570	case SSL_CONNECTING:
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	571	return SR_BLOCK;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	572
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	573	case SSL_CONNECTED:
Benjamin Wright	5d35554	2018-10-27 00:57:00	[diff] [blame]	574	if (WaitingToVerifyPeerCertificate()) {
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	575	return SR_BLOCK;
				576	}
				577	break;
				578
				579	case SSL_ERROR:
				580	case SSL_CLOSED:
				581	default:
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	582	error = ssl_error_code_;
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	583	return SR_ERROR;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	584	}
				585
				586	// OpenSSL will return an error if we try to write zero bytes
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	587	if (data.size() == 0) {
				588	written = 0;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	589	return SR_SUCCESS;
				590	}
				591
				592	ssl_write_needs_read_ = false;
				593
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	594	int code = SSL_write(ssl_, data.data(), checked_cast<int>(data.size()));
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	595	int ssl_error = SSL_get_error(ssl_, code);
				596	switch (ssl_error) {
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	597	case SSL_ERROR_NONE:
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	598	RTC_DLOG(LS_VERBOSE) << " -- success";
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	599	RTC_DCHECK_GT(code, 0);
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	600	RTC_DCHECK_LE(code, data.size());
				601	written = code;
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	602	return SR_SUCCESS;
				603	case SSL_ERROR_WANT_READ:
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	604	RTC_DLOG(LS_VERBOSE) << " -- error want read";
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	605	ssl_write_needs_read_ = true;
				606	return SR_BLOCK;
				607	case SSL_ERROR_WANT_WRITE:
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	608	RTC_DLOG(LS_VERBOSE) << " -- error want write";
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	609	return SR_BLOCK;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	610
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	611	case SSL_ERROR_ZERO_RETURN:
				612	default:
				613	Error("SSL_write", (ssl_error ? ssl_error : -1), 0, false);
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	614	error = ssl_error_code_;
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	615	return SR_ERROR;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	616	}
				617	// not reached
				618	}
				619
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	620	StreamResult OpenSSLStreamAdapter::Read(rtc::ArrayView<uint8_t> data,
				621	size_t& read,
				622	int& error) {
				623	RTC_DLOG(LS_VERBOSE) << "OpenSSLStreamAdapter::Read(" << data.size() << ")";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	624	switch (state_) {
				625	case SSL_NONE:
				626	// pass-through in clear text
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	627	return stream_->Read(data, read, error);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	628	case SSL_WAIT:
				629	case SSL_CONNECTING:
				630	return SR_BLOCK;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	631	case SSL_CONNECTED:
Benjamin Wright	5d35554	2018-10-27 00:57:00	[diff] [blame]	632	if (WaitingToVerifyPeerCertificate()) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	633	return SR_BLOCK;
				634	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	635	break;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	636	case SSL_CLOSED:
				637	return SR_EOS;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	638	case SSL_ERROR:
				639	default:
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	640	error = ssl_error_code_;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	641	return SR_ERROR;
				642	}
				643
				644	// Don't trust OpenSSL with zero byte reads
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	645	if (data.size() == 0) {
				646	read = 0;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	647	return SR_SUCCESS;
				648	}
				649
				650	ssl_read_needs_write_ = false;
				651
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	652	const int code = SSL_read(ssl_, data.data(), checked_cast<int>(data.size()));
Benjamin Wright	f54e30b	2019-02-27 01:33:50	[diff] [blame]	653	const int ssl_error = SSL_get_error(ssl_, code);
				654
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	655	switch (ssl_error) {
				656	case SSL_ERROR_NONE:
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	657	RTC_DLOG(LS_VERBOSE) << " -- success";
kwiberg	ee89e78	2017-08-10 00:22:01	[diff] [blame]	658	RTC_DCHECK_GT(code, 0);
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	659	RTC_DCHECK_LE(code, data.size());
				660	read = code;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	661
				662	if (ssl_mode_ == SSL_MODE_DTLS) {
				663	// Enforce atomic reads -- this is a short read
				664	unsigned int pending = SSL_pending(ssl_);
				665
				666	if (pending) {
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	667	RTC_DLOG(LS_INFO) << " -- short DTLS read. flushing";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	668	FlushInput(pending);
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	669	error = SSE_MSG_TRUNC;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	670	return SR_ERROR;
				671	}
				672	}
				673	return SR_SUCCESS;
				674	case SSL_ERROR_WANT_READ:
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	675	RTC_DLOG(LS_VERBOSE) << " -- error want read";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	676	return SR_BLOCK;
				677	case SSL_ERROR_WANT_WRITE:
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	678	RTC_DLOG(LS_VERBOSE) << " -- error want write";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	679	ssl_read_needs_write_ = true;
				680	return SR_BLOCK;
				681	case SSL_ERROR_ZERO_RETURN:
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	682	RTC_DLOG(LS_VERBOSE) << " -- remote side closed";
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	683	Close();
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	684	return SR_EOS;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	685	default:
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	686	Error("SSL_read", (ssl_error ? ssl_error : -1), 0, false);
Harald Alvestrand	11840ce	2022-11-10 10:50:50	[diff] [blame]	687	error = ssl_error_code_;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	688	return SR_ERROR;
				689	}
				690	// not reached
				691	}
				692
				693	void OpenSSLStreamAdapter::FlushInput(unsigned int left) {
				694	unsigned char buf[2048];
				695
				696	while (left) {
				697	// This should always succeed
Benjamin Wright	f54e30b	2019-02-27 01:33:50	[diff] [blame]	698	const int toread = (sizeof(buf) < left) ? sizeof(buf) : left;
				699	const int code = SSL_read(ssl_, buf, toread);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	700
Benjamin Wright	f54e30b	2019-02-27 01:33:50	[diff] [blame]	701	const int ssl_error = SSL_get_error(ssl_, code);
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	702	RTC_DCHECK(ssl_error == SSL_ERROR_NONE);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	703
				704	if (ssl_error != SSL_ERROR_NONE) {
Jonas Olsson	addc380	2018-02-01 08:53:06	[diff] [blame]	705	RTC_DLOG(LS_VERBOSE) << " -- error " << code;
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	706	Error("SSL_read", (ssl_error ? ssl_error : -1), 0, false);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	707	return;
				708	}
				709
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	710	RTC_DLOG(LS_VERBOSE) << " -- flushed " << code << " bytes";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	711	left -= code;
				712	}
				713	}
				714
				715	void OpenSSLStreamAdapter::Close() {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	716	Cleanup(0);
				717	RTC_DCHECK(state_ == SSL_CLOSED \|\| state_ == SSL_ERROR);
				718	// When we're closed at SSL layer, also close the stream level which
				719	// performs necessary clean up. Otherwise, a new incoming packet after
				720	// this could overflow the stream buffer.
Niels Möller	0131a4d	2021-04-16 07:16:21	[diff] [blame]	721	stream_->Close();
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	722	}
				723
				724	StreamState OpenSSLStreamAdapter::GetState() const {
				725	switch (state_) {
				726	case SSL_WAIT:
				727	case SSL_CONNECTING:
				728	return SS_OPENING;
				729	case SSL_CONNECTED:
Benjamin Wright	5d35554	2018-10-27 00:57:00	[diff] [blame]	730	if (WaitingToVerifyPeerCertificate()) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	731	return SS_OPENING;
				732	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	733	return SS_OPEN;
				734	default:
				735	return SS_CLOSED;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	736	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	737	// not reached
				738	}
				739
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	740	void OpenSSLStreamAdapter::OnEvent(StreamInterface* stream,
				741	int events,
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	742	int err) {
				743	int events_to_signal = 0;
				744	int signal_error = 0;
Niels Möller	0131a4d	2021-04-16 07:16:21	[diff] [blame]	745	RTC_DCHECK(stream == stream_.get());
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	746
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	747	if ((events & SE_OPEN)) {
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	748	RTC_DLOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent SE_OPEN";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	749	if (state_ != SSL_WAIT) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	750	RTC_DCHECK(state_ == SSL_NONE);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	751	events_to_signal \|= SE_OPEN;
				752	} else {
				753	state_ = SSL_CONNECTING;
				754	if (int err = BeginSSL()) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	755	Error("BeginSSL", err, 0, true);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	756	return;
				757	}
				758	}
				759	}
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	760
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	761	if ((events & (SE_READ \| SE_WRITE))) {
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	762	RTC_DLOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent"
				763	<< ((events & SE_READ) ? " SE_READ" : "")
				764	<< ((events & SE_WRITE) ? " SE_WRITE" : "");
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	765	if (state_ == SSL_NONE) {
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	766	events_to_signal \|= events & (SE_READ \| SE_WRITE);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	767	} else if (state_ == SSL_CONNECTING) {
				768	if (int err = ContinueSSL()) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	769	Error("ContinueSSL", err, 0, true);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	770	return;
				771	}
				772	} else if (state_ == SSL_CONNECTED) {
				773	if (((events & SE_READ) && ssl_write_needs_read_) \|\|
				774	(events & SE_WRITE)) {
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	775	RTC_DLOG(LS_VERBOSE) << " -- onStreamWriteable";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	776	events_to_signal \|= SE_WRITE;
				777	}
				778	if (((events & SE_WRITE) && ssl_read_needs_write_) \|\|
				779	(events & SE_READ)) {
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	780	RTC_DLOG(LS_VERBOSE) << " -- onStreamReadable";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	781	events_to_signal \|= SE_READ;
				782	}
				783	}
				784	}
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	785
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	786	if ((events & SE_CLOSE)) {
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	787	RTC_DLOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent(SE_CLOSE, " << err
				788	<< ")";
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	789	Cleanup(0);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	790	events_to_signal \|= SE_CLOSE;
				791	// SE_CLOSE is the only event that uses the final parameter to OnEvent().
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	792	RTC_DCHECK(signal_error == 0);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	793	signal_error = err;
				794	}
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	795
				796	if (events_to_signal) {
Niels Möller	0131a4d	2021-04-16 07:16:21	[diff] [blame]	797	// Note that the adapter presents itself as the origin of the stream events,
				798	// since users of the adapter may not recognize the adapted object.
				799	SignalEvent(this, events_to_signal, signal_error);
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	800	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	801	}
				802
Tommi	0448298	2020-10-05 12:43:53	[diff] [blame]	803	void OpenSSLStreamAdapter::PostEvent(int events, int err) {
Danil Chapovalov	5286dcf	2022-07-18 15:04:56	[diff] [blame]	804	owner_->PostTask(SafeTask(task_safety_.flag(), [this, events, err]() {
				805	SignalEvent(this, events, err);
				806	}));
Tommi	0448298	2020-10-05 12:43:53	[diff] [blame]	807	}
				808
				809	void OpenSSLStreamAdapter::SetTimeout(int delay_ms) {
				810	// We need to accept 0 delay here as well as >0 delay, because
				811	// DTLSv1_get_timeout seems to frequently return 0 ms.
				812	RTC_DCHECK_GE(delay_ms, 0);
				813	RTC_DCHECK(!timeout_task_.Running());
				814
				815	timeout_task_ = webrtc::RepeatingTaskHandle::DelayedStart(
				816	owner_, webrtc::TimeDelta::Millis(delay_ms),
				817	[flag = task_safety_.flag(), this]() {
				818	if (flag->alive()) {
				819	RTC_DLOG(LS_INFO) << "DTLS timeout expired";
				820	timeout_task_.Stop();
Jonas Oreland	808f494	2021-06-16 11:42:20	[diff] [blame]	821	int res = DTLSv1_handle_timeout(ssl_);
				822	if (res > 0) {
				823	RTC_LOG(LS_INFO) << "DTLS retransmission";
				824	} else if (res < 0) {
				825	RTC_LOG(LS_INFO) << "DTLSv1_handle_timeout() return -1";
Philipp Hancke	9c83d9d	2022-04-28 17:01:28	[diff] [blame]	826	Error("DTLSv1_handle_timeout", res, -1, true);
				827	return webrtc::TimeDelta::PlusInfinity();
Jonas Oreland	808f494	2021-06-16 11:42:20	[diff] [blame]	828	}
Tommi	0448298	2020-10-05 12:43:53	[diff] [blame]	829	ContinueSSL();
				830	} else {
Artem Titov	d325196	2021-11-15 15:57:07	[diff] [blame]	831	RTC_DCHECK_NOTREACHED();
Tommi	0448298	2020-10-05 12:43:53	[diff] [blame]	832	}
				833	// This callback will never run again (stopped above).
				834	return webrtc::TimeDelta::PlusInfinity();
				835	});
				836	}
				837
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	838	int OpenSSLStreamAdapter::BeginSSL() {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	839	RTC_DCHECK(state_ == SSL_CONNECTING);
Taylor Brandstetter	c8762a8	2016-08-11 19:01:49	[diff] [blame]	840	// The underlying stream has opened.
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	841	RTC_DLOG(LS_INFO) << "BeginSSL with peer.";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	842
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	843	BIO* bio = nullptr;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	844
Taylor Brandstetter	c8762a8	2016-08-11 19:01:49	[diff] [blame]	845	// First set up the context.
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	846	RTC_DCHECK(ssl_ctx_ == nullptr);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	847	ssl_ctx_ = SetupSSLContext();
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	848	if (!ssl_ctx_) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	849	return -1;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	850	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	851
Niels Möller	0131a4d	2021-04-16 07:16:21	[diff] [blame]	852	bio = BIO_new_stream(stream_.get());
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	853	if (!bio) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	854	return -1;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	855	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	856
				857	ssl_ = SSL_new(ssl_ctx_);
				858	if (!ssl_) {
				859	BIO_free(bio);
				860	return -1;
				861	}
				862
				863	SSL_set_app_data(ssl_, this);
				864
				865	SSL_set_bio(ssl_, bio, bio); // the SSL object owns the bio now.
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	866	if (ssl_mode_ == SSL_MODE_DTLS) {
Taylor Brandstetter	4f0dfbd	2016-06-16 00:15:23	[diff] [blame]	867	#ifdef OPENSSL_IS_BORINGSSL
skvlad	d030912	2017-02-03 01:18:37	[diff] [blame]	868	DTLSv1_set_initial_timeout_duration(ssl_, dtls_handshake_timeout_ms_);
Taylor Brandstetter	4f0dfbd	2016-06-16 00:15:23	[diff] [blame]	869	#else
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	870	// Enable read-ahead for DTLS so whole packets are read from internal BIO
				871	// before parsing. This is done internally by BoringSSL for DTLS.
				872	SSL_set_read_ahead(ssl_, 1);
philipel	49c0869	2016-05-24 08:49:43	[diff] [blame]	873	#endif
Taylor Brandstetter	4f0dfbd	2016-06-16 00:15:23	[diff] [blame]	874	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	875
				876	SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE \|
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	877	SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	878
				879	// Do the connect
				880	return ContinueSSL();
				881	}
				882
				883	int OpenSSLStreamAdapter::ContinueSSL() {
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	884	RTC_DLOG(LS_VERBOSE) << "ContinueSSL";
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	885	RTC_DCHECK(state_ == SSL_CONNECTING);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	886
				887	// Clear the DTLS timer
Tommi	0448298	2020-10-05 12:43:53	[diff] [blame]	888	timeout_task_.Stop();
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	889
Benjamin Wright	f54e30b	2019-02-27 01:33:50	[diff] [blame]	890	const int code = (role_ == SSL_CLIENT) ? SSL_connect(ssl_) : SSL_accept(ssl_);
				891	const int ssl_error = SSL_get_error(ssl_, code);
				892
				893	switch (ssl_error) {
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	894	case SSL_ERROR_NONE:
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	895	RTC_DLOG(LS_VERBOSE) << " -- success";
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	896	// By this point, OpenSSL should have given us a certificate, or errored
				897	// out if one was missing.
Benjamin Wright	b19b497	2018-10-25 17:46:49	[diff] [blame]	898	RTC_DCHECK(peer_cert_chain_ \|\| !GetClientAuthEnabled());
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	899
				900	state_ = SSL_CONNECTED;
Benjamin Wright	5d35554	2018-10-27 00:57:00	[diff] [blame]	901	if (!WaitingToVerifyPeerCertificate()) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	902	// We have everything we need to start the connection, so signal
				903	// SE_OPEN. If we need a client certificate fingerprint and don't have
				904	// it yet, we'll instead signal SE_OPEN in SetPeerCertificateDigest.
				905	//
Taylor Brandstetter	fe69a74	2016-10-01 00:34:32	[diff] [blame]	906	// TODO(deadbeef): Post this event asynchronously to unwind the stack.
				907	// The caller of ContinueSSL may be the same object listening for these
				908	// events and may not be prepared for reentrancy.
				909	// PostEvent(SE_OPEN \| SE_READ \| SE_WRITE, 0);
Niels Möller	0131a4d	2021-04-16 07:16:21	[diff] [blame]	910	SignalEvent(this, SE_OPEN \| SE_READ \| SE_WRITE, 0);
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	911	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	912	break;
				913
				914	case SSL_ERROR_WANT_READ: {
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	915	RTC_DLOG(LS_VERBOSE) << " -- error want read";
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	916	struct timeval timeout;
				917	if (DTLSv1_get_timeout(ssl_, &timeout)) {
				918	int delay = timeout.tv_sec * 1000 + timeout.tv_usec / 1000;
Tommi	0448298	2020-10-05 12:43:53	[diff] [blame]	919	SetTimeout(delay);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	920	}
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	921	} break;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	922
				923	case SSL_ERROR_WANT_WRITE:
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	924	RTC_DLOG(LS_VERBOSE) << " -- error want write";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	925	break;
				926
				927	case SSL_ERROR_ZERO_RETURN:
				928	default:
zhihuang	d82eee0	2016-08-26 18:25:05	[diff] [blame]	929	SSLHandshakeError ssl_handshake_err = SSLHandshakeError::UNKNOWN;
				930	int err_code = ERR_peek_last_error();
				931	if (err_code != 0 && ERR_GET_REASON(err_code) == SSL_R_NO_SHARED_CIPHER) {
				932	ssl_handshake_err = SSLHandshakeError::INCOMPATIBLE_CIPHERSUITE;
				933	}
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	934	RTC_DLOG(LS_VERBOSE) << " -- error " << code << ", " << err_code << ", "
				935	<< ERR_GET_REASON(err_code);
Tommi	59574ca	2023-09-05 07:21:57	[diff] [blame]	936	if (handshake_error_) {
				937	handshake_error_(ssl_handshake_err);
Tommi	59574ca	2023-09-05 07:21:57	[diff] [blame]	938	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	939	return (ssl_error != 0) ? ssl_error : -1;
				940	}
				941
				942	return 0;
				943	}
				944
Ali Tofigh	2ab914c	2022-04-13 10:55:15	[diff] [blame]	945	void OpenSSLStreamAdapter::Error(absl::string_view context,
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	946	int err,
				947	uint8_t alert,
				948	bool signal) {
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	949	RTC_LOG(LS_WARNING) << "OpenSSLStreamAdapter::Error(" << context << ", "
				950	<< err << ", " << static_cast<int>(alert) << ")";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	951	state_ = SSL_ERROR;
				952	ssl_error_code_ = err;
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	953	Cleanup(alert);
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	954	if (signal) {
Niels Möller	0131a4d	2021-04-16 07:16:21	[diff] [blame]	955	SignalEvent(this, SE_CLOSE, err);
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	956	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	957	}
				958
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	959	void OpenSSLStreamAdapter::Cleanup(uint8_t alert) {
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	960	RTC_DLOG(LS_INFO) << "Cleanup";
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	961
				962	if (state_ != SSL_ERROR) {
				963	state_ = SSL_CLOSED;
				964	ssl_error_code_ = 0;
				965	}
				966
				967	if (ssl_) {
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	968	int ret;
				969	// SSL_send_fatal_alert is only available in BoringSSL.
				970	#ifdef OPENSSL_IS_BORINGSSL
				971	if (alert) {
				972	ret = SSL_send_fatal_alert(ssl_, alert);
				973	if (ret < 0) {
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	974	RTC_LOG(LS_WARNING) << "SSL_send_fatal_alert failed, error = "
				975	<< SSL_get_error(ssl_, ret);
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	976	}
				977	} else {
				978	#endif
				979	ret = SSL_shutdown(ssl_);
				980	if (ret < 0) {
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	981	RTC_LOG(LS_WARNING)
				982	<< "SSL_shutdown failed, error = " << SSL_get_error(ssl_, ret);
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	983	}
				984	#ifdef OPENSSL_IS_BORINGSSL
jiayl@webrtc.org	f1d751c	2014-09-25 16:38:46	[diff] [blame]	985	}
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	986	#endif
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	987	SSL_free(ssl_);
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	988	ssl_ = nullptr;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	989	}
				990	if (ssl_ctx_) {
				991	SSL_CTX_free(ssl_ctx_);
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	992	ssl_ctx_ = nullptr;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	993	}
				994	identity_.reset();
Taylor Brandstetter	c392866	2018-02-23 21:04:51	[diff] [blame]	995	peer_cert_chain_.reset();
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	996
				997	// Clear the DTLS timer
Tommi	0448298	2020-10-05 12:43:53	[diff] [blame]	998	timeout_task_.Stop();
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	999	}
				1000
				1001	SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	1002	#ifdef OPENSSL_IS_BORINGSSL
				1003	// If X509 objects aren't used, we can use these methods to avoid
				1004	// linking the sizable crypto/x509 code, using CRYPTO_BUFFER instead.
				1005	SSL_CTX* ctx =
				1006	SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ? DTLS_with_buffers_method()
				1007	: TLS_with_buffers_method());
				1008	#else
David Benjamin	170a4b3	2019-01-30 15:46:16	[diff] [blame]	1009	SSL_CTX* ctx =
				1010	SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ? DTLS_method() : TLS_method());
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	1011	#endif
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	1012	if (ctx == nullptr) {
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	1013	return nullptr;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	1014	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1015
Philipp Hancke	e75cd0c	2023-11-13 11:25:25	[diff] [blame]	1016	SSL_CTX_set_min_proto_version(
				1017	ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);
				1018	SSL_CTX_set_max_proto_version(
				1019	ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);
Harald Alvestrand	1379913	2020-03-09 18:39:36	[diff] [blame]	1020
David Benjamin	170a4b3	2019-01-30 15:46:16	[diff] [blame]	1021	#ifdef OPENSSL_IS_BORINGSSL
				1022	// SSL_CTX_set_current_time_cb is only supported in BoringSSL.
deadbeef	6cf94a0	2016-11-29 01:38:34	[diff] [blame]	1023	if (g_use_time_callback_for_testing) {
				1024	SSL_CTX_set_current_time_cb(ctx, &TimeCallbackForTesting);
				1025	}
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	1026	SSL_CTX_set0_buffer_pool(ctx, openssl::GetBufferPool());
Torbjorn Granlund	9adc91d	2016-03-24 13:05:06	[diff] [blame]	1027	#endif
Joachim Bauch	831c558	2015-05-20 10:48:41	[diff] [blame]	1028
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1029	if (identity_ && !identity_->ConfigureIdentity(ctx)) {
				1030	SSL_CTX_free(ctx);
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	1031	return nullptr;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1032	}
				1033
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1034	SSL_CTX_set_info_callback(ctx, OpenSSLAdapter::SSLInfoCallback);
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1035
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	1036	int mode = SSL_VERIFY_PEER;
Benjamin Wright	b19b497	2018-10-25 17:46:49	[diff] [blame]	1037	if (GetClientAuthEnabled()) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	1038	// Require a certificate from the client.
				1039	// Note: Normally this is always true in production, but it may be disabled
				1040	// for testing purposes (e.g. SSLAdapter unit tests).
				1041	mode \|= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
				1042	}
				1043
David Benjamin	dc24656	2017-09-29 16:14:08	[diff] [blame]	1044	// Configure a custom certificate verification callback to check the peer
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	1045	// certificate digest.
				1046	#ifdef OPENSSL_IS_BORINGSSL
				1047	// Use CRYPTO_BUFFER version of the callback if building with BoringSSL.
				1048	SSL_CTX_set_custom_verify(ctx, mode, SSLVerifyCallback);
				1049	#else
				1050	// Note the second argument to SSL_CTX_set_verify is to override individual
				1051	// errors in the default verification logic, which is not what we want here.
David Benjamin	dc24656	2017-09-29 16:14:08	[diff] [blame]	1052	SSL_CTX_set_verify(ctx, mode, nullptr);
				1053	SSL_CTX_set_cert_verify_callback(ctx, SSLVerifyCallback, nullptr);
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	1054	#endif
David Benjamin	dc24656	2017-09-29 16:14:08	[diff] [blame]	1055
Joachim Bauch	831c558	2015-05-20 10:48:41	[diff] [blame]	1056	// Select list of available ciphers. Note that !SHA256 and !SHA384 only
				1057	// remove HMAC-SHA256 and HMAC-SHA384 cipher suites, not GCM cipher suites
				1058	// with SHA256 or SHA384 as the handshake hash.
David Benjamin	7a46cc5	2021-08-17 20:56:20	[diff] [blame]	1059	// This matches the list of SSLClientSocketImpl in Chromium.
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	1060	SSL_CTX_set_cipher_list(
David Benjamin	7a46cc5	2021-08-17 20:56:20	[diff] [blame]	1061	ctx,
				1062	"DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK:!3DES");
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1063
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1064	if (!srtp_ciphers_.empty()) {
				1065	if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {
				1066	SSL_CTX_free(ctx);
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	1067	return nullptr;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1068	}
				1069	}
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1070
Philipp Hancke	ebe207f	2023-09-28 08:02:54	[diff] [blame]	1071	#ifdef OPENSSL_IS_BORINGSSL
				1072	SSL_CTX_set_permute_extensions(
				1073	ctx, webrtc::field_trial::IsEnabled("WebRTC-PermuteTlsClientHello"));
				1074	#endif
				1075
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1076	return ctx;
				1077	}
				1078
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	1079	bool OpenSSLStreamAdapter::VerifyPeerCertificate() {
Benjamin Wright	5d35554	2018-10-27 00:57:00	[diff] [blame]	1080	if (!HasPeerCertificateDigest() \|\| !peer_cert_chain_ \|\|
Taylor Brandstetter	c392866	2018-02-23 21:04:51	[diff] [blame]	1081	!peer_cert_chain_->GetSize()) {
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	1082	RTC_LOG(LS_WARNING) << "Missing digest or peer certificate.";
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	1083	return false;
				1084	}
deadbeef	81f6f4f	2016-09-20 00:20:52	[diff] [blame]	1085
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	1086	unsigned char digest[EVP_MAX_MD_SIZE];
				1087	size_t digest_length;
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	1088	if (!peer_cert_chain_->Get(0).ComputeDigest(
				1089	peer_certificate_digest_algorithm_, digest, sizeof(digest),
				1090	&digest_length)) {
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	1091	RTC_LOG(LS_WARNING) << "Failed to compute peer cert digest.";
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	1092	return false;
				1093	}
				1094
				1095	Buffer computed_digest(digest, digest_length);
				1096	if (computed_digest != peer_certificate_digest_value_) {
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	1097	RTC_LOG(LS_WARNING)
Philipp Hancke	117e692	2022-06-17 12:14:55	[diff] [blame]	1098	<< "Rejected peer certificate due to mismatched digest using "
				1099	<< peer_certificate_digest_algorithm_ << ". Expected "
				1100	<< rtc::hex_encode_with_delimiter(peer_certificate_digest_value_, ':')
				1101	<< " got " << rtc::hex_encode_with_delimiter(computed_digest, ':');
jbauch	f8f457b	2017-03-10 00:24:57	[diff] [blame]	1102	return false;
deadbeef	81f6f4f	2016-09-20 00:20:52	[diff] [blame]	1103	}
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	1104	// Ignore any verification error if the digest matches, since there is no
				1105	// value in checking the validity of a self-signed cert issued by untrusted
				1106	// sources.
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	1107	RTC_DLOG(LS_INFO) << "Accepted peer certificate.";
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	1108	peer_certificate_verified_ = true;
				1109	return true;
				1110	}
				1111
Jian Cui	0a8798b	2017-11-17 00:58:02	[diff] [blame]	1112	std::unique_ptr<SSLCertChain> OpenSSLStreamAdapter::GetPeerSSLCertChain()
				1113	const {
Steve Anton	f25303e	2018-10-16 22:23:31	[diff] [blame]	1114	return peer_cert_chain_ ? peer_cert_chain_->Clone() : nullptr;
Jian Cui	0a8798b	2017-11-17 00:58:02	[diff] [blame]	1115	}
				1116
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	1117	#ifdef OPENSSL_IS_BORINGSSL
				1118	enum ssl_verify_result_t OpenSSLStreamAdapter::SSLVerifyCallback(
				1119	SSL* ssl,
				1120	uint8_t* out_alert) {
				1121	// Get our OpenSSLStreamAdapter from the context.
				1122	OpenSSLStreamAdapter* stream =
				1123	reinterpret_cast<OpenSSLStreamAdapter*>(SSL_get_app_data(ssl));
				1124	const STACK_OF(CRYPTO_BUFFER)* chain = SSL_get0_peer_certificates(ssl);
				1125	// Creates certificate chain.
				1126	std::vector<std::unique_ptr<SSLCertificate>> cert_chain;
				1127	for (CRYPTO_BUFFER* cert : chain) {
				1128	cert_chain.emplace_back(new BoringSSLCertificate(bssl::UpRef(cert)));
				1129	}
				1130	stream->peer_cert_chain_.reset(new SSLCertChain(std::move(cert_chain)));
				1131
				1132	// If the peer certificate digest isn't known yet, we'll wait to verify
				1133	// until it's known, and for now just return a success status.
				1134	if (stream->peer_certificate_digest_algorithm_.empty()) {
				1135	RTC_LOG(LS_INFO) << "Waiting to verify certificate until digest is known.";
				1136	// TODO(deadbeef): Use ssl_verify_retry?
				1137	return ssl_verify_ok;
				1138	}
				1139
				1140	if (!stream->VerifyPeerCertificate()) {
				1141	return ssl_verify_invalid;
				1142	}
				1143
				1144	return ssl_verify_ok;
				1145	}
				1146	#else // OPENSSL_IS_BORINGSSL
David Benjamin	dc24656	2017-09-29 16:14:08	[diff] [blame]	1147	int OpenSSLStreamAdapter::SSLVerifyCallback(X509_STORE_CTX* store, void* arg) {
				1148	// Get our SSL structure and OpenSSLStreamAdapter from the store.
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	1149	SSL* ssl = reinterpret_cast<SSL*>(
				1150	X509_STORE_CTX_get_ex_data(store, SSL_get_ex_data_X509_STORE_CTX_idx()));
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	1151	OpenSSLStreamAdapter* stream =
				1152	reinterpret_cast<OpenSSLStreamAdapter*>(SSL_get_app_data(ssl));
henrike@webrtc.org	4e5f65a	2014-06-05 20:40:11	[diff] [blame]	1153
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1154	// Record the peer's certificate.
Jiawei Ou	9d4e840	2018-05-23 22:44:20	[diff] [blame]	1155	X509* cert = X509_STORE_CTX_get0_cert(store);
Taylor Brandstetter	c392866	2018-02-23 21:04:51	[diff] [blame]	1156	stream->peer_cert_chain_.reset(
Mirko Bonadei	317a1f0	2019-09-17 15:06:18	[diff] [blame]	1157	new SSLCertChain(std::make_unique<OpenSSLCertificate>(cert)));
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1158
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	1159	// If the peer certificate digest isn't known yet, we'll wait to verify
				1160	// until it's known, and for now just return a success status.
				1161	if (stream->peer_certificate_digest_algorithm_.empty()) {
Tomas Gunnarsson	d48ff45	2020-10-02 16:28:46	[diff] [blame]	1162	RTC_DLOG(LS_INFO) << "Waiting to verify certificate until digest is known.";
deadbeef	89824f6	2016-09-30 18:55:43	[diff] [blame]	1163	return 1;
				1164	}
				1165
David Benjamin	dc24656	2017-09-29 16:14:08	[diff] [blame]	1166	if (!stream->VerifyPeerCertificate()) {
				1167	X509_STORE_CTX_set_error(store, X509_V_ERR_CERT_REJECTED);
				1168	return 0;
				1169	}
				1170
				1171	return 1;
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1172	}
Taylor Brandstetter	165c618	2020-12-11 00:23:03	[diff] [blame]	1173	#endif // !OPENSSL_IS_BORINGSSL
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1174
Taylor Brandstetter	4f0dfbd	2016-06-16 00:15:23	[diff] [blame]	1175	bool OpenSSLStreamAdapter::IsBoringSsl() {
				1176	#ifdef OPENSSL_IS_BORINGSSL
				1177	return true;
				1178	#else
				1179	return false;
				1180	#endif
				1181	}
				1182
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1183	#define CDEF(X) \
				1184	{ static_cast<uint16_t>(TLS1_CK_##X & 0xffff), "TLS_" #X }
				1185
				1186	struct cipher_list {
				1187	uint16_t cipher;
				1188	const char* cipher_str;
				1189	};
				1190
				1191	// TODO(torbjorng): Perhaps add more cipher suites to these lists.
				1192	static const cipher_list OK_RSA_ciphers[] = {
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	1193	CDEF(ECDHE_RSA_WITH_AES_128_CBC_SHA),
				1194	CDEF(ECDHE_RSA_WITH_AES_256_CBC_SHA),
				1195	CDEF(ECDHE_RSA_WITH_AES_128_GCM_SHA256),
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1196	#ifdef TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA256
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	1197	CDEF(ECDHE_RSA_WITH_AES_256_GCM_SHA256),
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1198	#endif
torbjorng	aad6780	2016-04-07 15:55:28	[diff] [blame]	1199	#ifdef TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	1200	CDEF(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256),
torbjorng	aad6780	2016-04-07 15:55:28	[diff] [blame]	1201	#endif
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1202	};
				1203
				1204	static const cipher_list OK_ECDSA_ciphers[] = {
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	1205	CDEF(ECDHE_ECDSA_WITH_AES_128_CBC_SHA),
				1206	CDEF(ECDHE_ECDSA_WITH_AES_256_CBC_SHA),
				1207	CDEF(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1208	#ifdef TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	1209	CDEF(ECDHE_ECDSA_WITH_AES_256_GCM_SHA256),
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1210	#endif
torbjorng	aad6780	2016-04-07 15:55:28	[diff] [blame]	1211	#ifdef TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	1212	CDEF(ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256),
torbjorng	aad6780	2016-04-07 15:55:28	[diff] [blame]	1213	#endif
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1214	};
				1215	#undef CDEF
				1216
				1217	bool OpenSSLStreamAdapter::IsAcceptableCipher(int cipher, KeyType key_type) {
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	1218	if (key_type == KT_RSA) {
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1219	for (const cipher_list& c : OK_RSA_ciphers) {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	1220	if (cipher == c.cipher) {
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1221	return true;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	1222	}
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	1223	}
Joachim Bauch	831c558	2015-05-20 10:48:41	[diff] [blame]	1224	}
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1225
				1226	if (key_type == KT_ECDSA) {
				1227	for (const cipher_list& c : OK_ECDSA_ciphers) {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	1228	if (cipher == c.cipher) {
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1229	return true;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	1230	}
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1231	}
				1232	}
				1233
				1234	return false;
				1235	}
				1236
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	1237	bool OpenSSLStreamAdapter::IsAcceptableCipher(absl::string_view cipher,
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1238	KeyType key_type) {
				1239	if (key_type == KT_RSA) {
				1240	for (const cipher_list& c : OK_RSA_ciphers) {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	1241	if (cipher == c.cipher_str) {
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1242	return true;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	1243	}
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1244	}
				1245	}
				1246
				1247	if (key_type == KT_ECDSA) {
				1248	for (const cipher_list& c : OK_ECDSA_ciphers) {
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	1249	if (cipher == c.cipher_str) {
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1250	return true;
Benjamin Wright	d4d5f8a	2018-10-15 18:19:39	[diff] [blame]	1251	}
torbjorng	43166b8	2016-03-11 08:06:47	[diff] [blame]	1252	}
				1253	}
				1254
				1255	return false;
pthatcher@webrtc.org	3ee4fe5	2015-02-11 22:34:36	[diff] [blame]	1256	}
				1257
Benjamin Wright	b19b497	2018-10-25 17:46:49	[diff] [blame]	1258	void OpenSSLStreamAdapter::EnableTimeCallbackForTesting() {
Joachim Reiersen	637bed5	2019-04-25 17:41:35	[diff] [blame]	1259	#ifdef OPENSSL_IS_BORINGSSL
deadbeef	6cf94a0	2016-11-29 01:38:34	[diff] [blame]	1260	g_use_time_callback_for_testing = true;
Joachim Reiersen	637bed5	2019-04-25 17:41:35	[diff] [blame]	1261	#endif
deadbeef	6cf94a0	2016-11-29 01:38:34	[diff] [blame]	1262	}
				1263
henrike@webrtc.org	f048872	2014-05-13 18:00:26	[diff] [blame]	1264	} // namespace rtc