Swift
summaryrefslogtreecommitdiffstats
path: root/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften/TLS/OpenSSL/OpenSSLContext.cpp')
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContext.cpp368
1 files changed, 311 insertions, 57 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 0805917..968ef8f 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -1,8 +1,9 @@
/*
- * Copyright (c) 2010-2016 Isode Limited.
+ * Copyright (c) 2010-2019 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
+
#include <Swiften/Base/Platform.h>
#ifdef SWIFTEN_PLATFORM_WINDOWS
@@ -10,15 +11,21 @@
#include <wincrypt.h>
#endif
+#include <cassert>
+#include <memory>
#include <vector>
+
+
+#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
-#include <memory>
#if defined(SWIFTEN_PLATFORM_MACOSX)
#include <Security/Security.h>
#endif
+#include <Swiften/Base/Log.h>
+#include <Swiften/Base/Algorithm.h>
#include <Swiften/TLS/OpenSSL/OpenSSLContext.h>
#include <Swiften/TLS/OpenSSL/OpenSSLCertificate.h>
#include <Swiften/TLS/CertificateWithKey.h>
@@ -39,10 +46,66 @@ static void freeX509Stack(STACK_OF(X509)* stack) {
sk_X509_free(stack);
}
-OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readBIO_(0), writeBIO_(0) {
+namespace {
+ class OpenSSLInitializerFinalizer {
+ public:
+ OpenSSLInitializerFinalizer() {
+ SSL_load_error_strings();
+ SSL_library_init();
+ OpenSSL_add_all_algorithms();
+
+ // Disable compression
+ /*
+ STACK_OF(SSL_COMP)* compressionMethods = SSL_COMP_get_compression_methods();
+ sk_SSL_COMP_zero(compressionMethods);*/
+ }
+
+ ~OpenSSLInitializerFinalizer() {
+ EVP_cleanup();
+ }
+
+ OpenSSLInitializerFinalizer(const OpenSSLInitializerFinalizer &) = delete;
+ };
+
+ std::unique_ptr<SSL_CTX> createSSL_CTX(OpenSSLContext::Mode mode) {
+ std::unique_ptr<SSL_CTX> sslCtx;
+ switch (mode) {
+ case OpenSSLContext::Mode::Client:
+ sslCtx = std::unique_ptr<SSL_CTX>(SSL_CTX_new(SSLv23_client_method()));
+ break;
+ case OpenSSLContext::Mode::Server:
+ sslCtx = std::unique_ptr<SSL_CTX>(SSL_CTX_new(SSLv23_server_method()));
+ break;
+ }
+ return sslCtx;
+ }
+
+ std::string openSSLInternalErrorToString() {
+ auto bio = std::shared_ptr<BIO>(BIO_new(BIO_s_mem()), BIO_free);
+ ERR_print_errors(bio.get());
+ std::string errorString;
+ errorString.resize(BIO_pending(bio.get()));
+ BIO_read(bio.get(), (void*)errorString.data(), errorString.size());
+ return errorString;
+ }
+ }
+
+OpenSSLContext::OpenSSLContext(Mode mode) : mode_(mode), state_(State::Start) {
ensureLibraryInitialized();
- context_ = SSL_CTX_new(SSLv23_client_method());
- SSL_CTX_set_options(context_, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+ context_ = createSSL_CTX(mode_);
+ SSL_CTX_set_options(context_.get(), SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
+ if (mode_ == Mode::Server) {
+#if OPENSSL_VERSION_NUMBER < 0x1010
+ // Automatically select highest preference curve used for ECDH temporary keys used during
+ // key exchange if possible.
+ // Since version 1.1.0, this option is always enabled.
+ SSL_CTX_set_ecdh_auto(context_.get(), 1);
+#endif
+
+ SSL_CTX_set_tlsext_servername_arg(context_.get(), this);
+ SSL_CTX_set_tlsext_servername_callback(context_.get(), OpenSSLContext::handleServerNameCallback);
+ }
// TODO: implement CRL checking
// TODO: download CRL (HTTP transport)
@@ -52,7 +115,7 @@ OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readB
// TODO: handle OCSP stapling see https://www.rfc-editor.org/rfc/rfc4366.txt
// Load system certs
#if defined(SWIFTEN_PLATFORM_WINDOWS)
- X509_STORE* store = SSL_CTX_get_cert_store(context_);
+ X509_STORE* store = SSL_CTX_get_cert_store(context_.get());
HCERTSTORE systemStore = CertOpenSystemStore(0, "ROOT");
if (systemStore) {
PCCERT_CONTEXT certContext = NULL;
@@ -68,7 +131,7 @@ OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readB
}
}
#elif !defined(SWIFTEN_PLATFORM_MACOSX)
- SSL_CTX_set_default_verify_paths(context_);
+ SSL_CTX_set_default_verify_paths(context_.get());
#elif defined(SWIFTEN_PLATFORM_MACOSX) && !defined(SWIFTEN_PLATFORM_IPHONE)
// On Mac OS X 10.5 (OpenSSL < 0.9.8), OpenSSL does not automatically look in the system store.
// On Mac OS X 10.6 (OpenSSL >= 0.9.8), OpenSSL *does* look in the system store to determine trust.
@@ -76,7 +139,7 @@ OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readB
// the certificates first. See
// http://opensource.apple.com/source/OpenSSL098/OpenSSL098-27/src/crypto/x509/x509_vfy_apple.c
// to understand why. We therefore add all certs from the system store ourselves.
- X509_STORE* store = SSL_CTX_get_cert_store(context_);
+ X509_STORE* store = SSL_CTX_get_cert_store(context_.get());
CFArrayRef anchorCertificates;
if (SecTrustCopyAnchorCertificates(&anchorCertificates) == 0) {
for (int i = 0; i < CFArrayGetCount(anchorCertificates); ++i) {
@@ -99,51 +162,96 @@ OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readB
}
OpenSSLContext::~OpenSSLContext() {
- SSL_free(handle_);
- SSL_CTX_free(context_);
}
void OpenSSLContext::ensureLibraryInitialized() {
- static bool isLibraryInitialized = false;
- if (!isLibraryInitialized) {
- SSL_load_error_strings();
- SSL_library_init();
- OpenSSL_add_all_algorithms();
+ static OpenSSLInitializerFinalizer openSSLInit;
+}
- // Disable compression
- /*
- STACK_OF(SSL_COMP)* compressionMethods = SSL_COMP_get_compression_methods();
- sk_SSL_COMP_zero(compressionMethods);*/
+void OpenSSLContext::initAndSetBIOs() {
+ // Ownership of BIOs is transferred
+ readBIO_ = BIO_new(BIO_s_mem());
+ writeBIO_ = BIO_new(BIO_s_mem());
+ SSL_set_bio(handle_.get(), readBIO_, writeBIO_);
+}
- isLibraryInitialized = true;
+void OpenSSLContext::accept() {
+ assert(mode_ == Mode::Server);
+ handle_ = std::unique_ptr<SSL>(SSL_new(context_.get()));
+ if (!handle_) {
+ state_ = State::Error;
+ onError(std::make_shared<TLSError>(TLSError::AcceptFailed, openSSLInternalErrorToString()));
+ return;
}
+
+ initAndSetBIOs();
+
+ state_ = State::Accepting;
+ doAccept();
}
void OpenSSLContext::connect() {
- handle_ = SSL_new(context_);
- if (handle_ == nullptr) {
- state_ = Error;
- onError(std::make_shared<TLSError>());
+ connect(std::string());
+}
+
+void OpenSSLContext::connect(const std::string& requestedServerName) {
+ assert(mode_ == Mode::Client);
+ handle_ = std::unique_ptr<SSL>(SSL_new(context_.get()));
+ if (!handle_) {
+ state_ = State::Error;
+ onError(std::make_shared<TLSError>(TLSError::ConnectFailed, openSSLInternalErrorToString()));
return;
}
- // Ownership of BIOs is ransferred
- readBIO_ = BIO_new(BIO_s_mem());
- writeBIO_ = BIO_new(BIO_s_mem());
- SSL_set_bio(handle_, readBIO_, writeBIO_);
+ if (!requestedServerName.empty()) {
+ if (SSL_set_tlsext_host_name(handle_.get(), const_cast<char*>(requestedServerName.c_str())) != 1) {
+ onError(std::make_shared<TLSError>(TLSError::ConnectFailed, "Failed to set Server Name Indication: " + openSSLInternalErrorToString()));\
+ return;
+ }
+ }
- state_ = Connecting;
+ // Ownership of BIOs is transferred to the SSL_CTX instance in handle_.
+ initAndSetBIOs();
+
+ state_ = State::Connecting;
doConnect();
}
+void OpenSSLContext::doAccept() {
+ auto acceptResult = SSL_accept(handle_.get());
+ auto error = SSL_get_error(handle_.get(), acceptResult);
+ switch (error) {
+ case SSL_ERROR_NONE: {
+ state_ = State::Connected;
+ //std::cout << x->name << std::endl;
+ //const char* comp = SSL_get_current_compression(handle_.get());
+ //std::cout << "Compression: " << SSL_COMP_get_name(comp) << std::endl;
+ onConnected();
+ // The following call is important so the client knowns the handshake is finished.
+ sendPendingDataToNetwork();
+ break;
+ }
+ case SSL_ERROR_WANT_READ:
+ sendPendingDataToNetwork();
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ sendPendingDataToNetwork();
+ break;
+ default:
+ state_ = State::Error;
+ onError(std::make_shared<TLSError>(TLSError::AcceptFailed, openSSLInternalErrorToString()));
+ sendPendingDataToNetwork();
+ }
+}
+
void OpenSSLContext::doConnect() {
- int connectResult = SSL_connect(handle_);
- int error = SSL_get_error(handle_, connectResult);
+ int connectResult = SSL_connect(handle_.get());
+ int error = SSL_get_error(handle_.get(), connectResult);
switch (error) {
case SSL_ERROR_NONE: {
- state_ = Connected;
+ state_ = State::Connected;
//std::cout << x->name << std::endl;
- //const char* comp = SSL_get_current_compression(handle_);
+ //const char* comp = SSL_get_current_compression(handle_.get());
//std::cout << "Compression: " << SSL_COMP_get_name(comp) << std::endl;
onConnected();
break;
@@ -152,11 +260,30 @@ void OpenSSLContext::doConnect() {
sendPendingDataToNetwork();
break;
default:
- state_ = Error;
+ state_ = State::Error;
onError(std::make_shared<TLSError>());
+ onError(std::make_shared<TLSError>(TLSError::ConnectFailed, openSSLInternalErrorToString()));
}
}
+int OpenSSLContext::handleServerNameCallback(SSL* ssl, int*, void* arg) {
+ if (ssl == nullptr)
+ return SSL_TLSEXT_ERR_NOACK;
+
+ const char* servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+ if (servername) {
+ auto serverNameString = std::string(servername);
+ auto context = reinterpret_cast<OpenSSLContext*>(arg);
+ context->onServerNameRequested(serverNameString);
+
+ if (context->abortTLSHandshake_) {
+ context->abortTLSHandshake_ = false;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+ }
+ return SSL_TLSEXT_ERR_OK;
+}
+
void OpenSSLContext::sendPendingDataToNetwork() {
int size = BIO_pending(writeBIO_);
if (size > 0) {
@@ -170,41 +297,141 @@ void OpenSSLContext::sendPendingDataToNetwork() {
void OpenSSLContext::handleDataFromNetwork(const SafeByteArray& data) {
BIO_write(readBIO_, vecptr(data), data.size());
switch (state_) {
- case Connecting:
+ case State::Accepting:
+ doAccept();
+ break;
+ case State::Connecting:
doConnect();
break;
- case Connected:
+ case State::Connected:
sendPendingDataToApplication();
break;
- case Start: assert(false); break;
- case Error: /*assert(false);*/ break;
+ case State::Start: assert(false); break;
+ case State::Error: /*assert(false);*/ break;
}
}
void OpenSSLContext::handleDataFromApplication(const SafeByteArray& data) {
- if (SSL_write(handle_, vecptr(data), data.size()) >= 0) {
- sendPendingDataToNetwork();
+ auto ret = SSL_write(handle_.get(), vecptr(data), data.size());
+ if (ret > 0 || SSL_get_error(handle_.get(), ret) == SSL_ERROR_WANT_READ) {
+ sendPendingDataToNetwork();
}
else {
- state_ = Error;
- onError(std::make_shared<TLSError>());
+ state_ = State::Error;
+ onError(std::make_shared<TLSError>(TLSError::UnknownError, openSSLInternalErrorToString()));
}
}
void OpenSSLContext::sendPendingDataToApplication() {
SafeByteArray data;
data.resize(SSL_READ_BUFFERSIZE);
- int ret = SSL_read(handle_, vecptr(data), data.size());
+ int ret = SSL_read(handle_.get(), vecptr(data), data.size());
while (ret > 0) {
data.resize(ret);
onDataForApplication(data);
data.resize(SSL_READ_BUFFERSIZE);
- ret = SSL_read(handle_, vecptr(data), data.size());
+ ret = SSL_read(handle_.get(), vecptr(data), data.size());
+ }
+ if (ret < 0 && SSL_get_error(handle_.get(), ret) != SSL_ERROR_WANT_READ) {
+ state_ = State::Error;
+ onError(std::make_shared<TLSError>(TLSError::UnknownError, openSSLInternalErrorToString()));
+ }
+}
+
+bool OpenSSLContext::setCertificateChain(const std::vector<Certificate::ref>& certificateChain) {
+ if (certificateChain.size() == 0) {
+ SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl;
+ return false;
+ }
+
+ // load endpoint certificate
+ auto openSSLCert = std::dynamic_pointer_cast<OpenSSLCertificate>(certificateChain[0]);
+ if (!openSSLCert) {
+ return false;
+ }
+
+ if (SSL_CTX_use_certificate(context_.get(), openSSLCert->getInternalX509().get()) != 1) {
+ return false;
+ }
+
+ if (certificateChain.size() > 1) {
+ for (auto certificate : range(certificateChain.begin() + 1, certificateChain.end())) {
+ auto openSSLCert = std::dynamic_pointer_cast<OpenSSLCertificate>(certificate);
+ if (!openSSLCert) {
+ return false;
+ }
+ if (SSL_CTX_add_extra_chain_cert(context_.get(), openSSLCert->getInternalX509().get()) != 1) {
+ SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl;
+ return false;
+ }
+ }
+ }
+
+ if (handle_) {
+ // This workaround is needed as OpenSSL has a shortcut to not do anything
+ // if you set the SSL_CTX to the existing SSL_CTX and not reloading the
+ // certificates from the SSL_CTX.
+ auto dummyContext = createSSL_CTX(mode_);
+ SSL_set_SSL_CTX(handle_.get(), dummyContext.get());
+ SSL_set_SSL_CTX(handle_.get(), context_.get());
+ }
+
+ return true;
+}
+
+int empty_or_preset_password_cb(char* buf, int max_len, int flag, void* password);
+
+int empty_or_preset_password_cb(char* buf, int max_len, int /* flag */, void* password) {
+ char* charPassword = (char*)password;
+ if (charPassword == nullptr) {
+ return 0;
+ }
+ int len = strlen(charPassword);
+ if(len > max_len) {
+ return 0;
}
- if (ret < 0 && SSL_get_error(handle_, ret) != SSL_ERROR_WANT_READ) {
- state_ = Error;
- onError(std::make_shared<TLSError>());
+ memcpy(buf, charPassword, len);
+ return len;
+}
+
+bool OpenSSLContext::setPrivateKey(const PrivateKey::ref& privateKey) {
+ if (privateKey->getData().size() > std::numeric_limits<int>::max()) {
+ return false;
+ }
+
+ auto bio = std::shared_ptr<BIO>(BIO_new(BIO_s_mem()), BIO_free);
+ BIO_write(bio.get(), vecptr(privateKey->getData()), int(privateKey->getData().size()));
+
+ SafeByteArray safePassword;
+ void* password = nullptr;
+ if (privateKey->getPassword()) {
+ safePassword = privateKey->getPassword().get();
+ safePassword.push_back(0);
+ password = safePassword.data();
+ }
+ auto resultKey = PEM_read_bio_PrivateKey(bio.get(), nullptr, empty_or_preset_password_cb, password);
+ if (resultKey) {
+ if (handle_) {
+ auto result = SSL_use_PrivateKey(handle_.get(), resultKey);;
+ if (result != 1) {
+ return false;
+ }
+ }
+ else {
+ auto result = SSL_CTX_use_PrivateKey(context_.get(), resultKey);
+ if (result != 1) {
+ return false;
+ }
+ }
+ }
+ else {
+ return false;
}
+ return true;
+}
+
+void OpenSSLContext::setAbortTLSHandshake(bool abort) {
+ abortTLSHandshake_ = abort;
}
bool OpenSSLContext::setClientCertificate(CertificateWithKey::ref certificate) {
@@ -216,16 +443,16 @@ bool OpenSSLContext::setClientCertificate(CertificateWithKey::ref certificate) {
// Create a PKCS12 structure
BIO* bio = BIO_new(BIO_s_mem());
BIO_write(bio, vecptr(pkcs12Certificate->getData()), pkcs12Certificate->getData().size());
- std::shared_ptr<PKCS12> pkcs12(d2i_PKCS12_bio(bio, NULL), PKCS12_free);
+ std::shared_ptr<PKCS12> pkcs12(d2i_PKCS12_bio(bio, nullptr), PKCS12_free);
BIO_free(bio);
if (!pkcs12) {
return false;
}
// Parse PKCS12
- X509 *certPtr = 0;
- EVP_PKEY* privateKeyPtr = 0;
- STACK_OF(X509)* caCertsPtr = 0;
+ X509 *certPtr = nullptr;
+ EVP_PKEY* privateKeyPtr = nullptr;
+ STACK_OF(X509)* caCertsPtr = nullptr;
SafeByteArray password(pkcs12Certificate->getPassword());
password.push_back(0);
int result = PKCS12_parse(pkcs12.get(), reinterpret_cast<const char*>(vecptr(password)), &privateKeyPtr, &certPtr, &caCertsPtr);
@@ -237,21 +464,40 @@ bool OpenSSLContext::setClientCertificate(CertificateWithKey::ref certificate) {
std::shared_ptr<STACK_OF(X509)> caCerts(caCertsPtr, freeX509Stack);
// Use the key & certificates
- if (SSL_CTX_use_certificate(context_, cert.get()) != 1) {
+ if (SSL_CTX_use_certificate(context_.get(), cert.get()) != 1) {
return false;
}
- if (SSL_CTX_use_PrivateKey(context_, privateKey.get()) != 1) {
+ if (SSL_CTX_use_PrivateKey(context_.get(), privateKey.get()) != 1) {
return false;
}
for (int i = 0; i < sk_X509_num(caCerts.get()); ++i) {
- SSL_CTX_add_extra_chain_cert(context_, sk_X509_value(caCerts.get(), i));
+ SSL_CTX_add_extra_chain_cert(context_.get(), sk_X509_value(caCerts.get(), i));
}
return true;
}
+bool OpenSSLContext::setDiffieHellmanParameters(const ByteArray& parametersInOpenSslDer) {
+ auto bio = std::unique_ptr<BIO, decltype(&BIO_free)>(BIO_new(BIO_s_mem()), BIO_free);
+ if (bio) {
+ BIO_write(bio.get(), vecptr(parametersInOpenSslDer), parametersInOpenSslDer.size());
+ auto result = 0L;
+ if (auto dhparams = d2i_DHparams_bio(bio.get(), NULL)) {
+ if (handle_) {
+ result = SSL_set_tmp_dh(handle_.get(), dhparams);
+ }
+ else {
+ result = SSL_CTX_set_tmp_dh(context_.get(), dhparams);
+ }
+ DH_free(dhparams);
+ }
+ return result == 1;
+ }
+ return false;
+}
+
std::vector<Certificate::ref> OpenSSLContext::getPeerCertificateChain() const {
std::vector<Certificate::ref> result;
- STACK_OF(X509)* chain = SSL_get_peer_cert_chain(handle_);
+ STACK_OF(X509)* chain = SSL_get_peer_cert_chain(handle_.get());
for (int i = 0; i < sk_X509_num(chain); ++i) {
std::shared_ptr<X509> x509Cert(X509_dup(sk_X509_value(chain, i)), X509_free);
@@ -262,7 +508,7 @@ std::vector<Certificate::ref> OpenSSLContext::getPeerCertificateChain() const {
}
std::shared_ptr<CertificateVerificationError> OpenSSLContext::getPeerCertificateVerificationError() const {
- int verifyResult = SSL_get_verify_result(handle_);
+ int verifyResult = SSL_get_verify_result(handle_.get());
if (verifyResult != X509_V_OK) {
return std::make_shared<CertificateVerificationError>(getVerificationErrorTypeForResult(verifyResult));
}
@@ -274,11 +520,19 @@ std::shared_ptr<CertificateVerificationError> OpenSSLContext::getPeerCertificate
ByteArray OpenSSLContext::getFinishMessage() const {
ByteArray data;
data.resize(MAX_FINISHED_SIZE);
- size_t size = SSL_get_finished(handle_, vecptr(data), data.size());
+ auto size = SSL_get_finished(handle_.get(), vecptr(data), data.size());
data.resize(size);
return data;
}
+ByteArray OpenSSLContext::getPeerFinishMessage() const {
+ ByteArray data;
+ data.resize(MAX_FINISHED_SIZE);
+ auto size = SSL_get_peer_finished(handle_.get(), vecptr(data), data.size());
+ data.resize(size);
+ return data;
+ }
+
CertificateVerificationError::Type OpenSSLContext::getVerificationErrorTypeForResult(int result) {
assert(result != 0);
switch (result) {