2 * Copyright 2016-present Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include <folly/io/async/ssl/OpenSSLUtils.h>
19 #include <glog/logging.h>
21 #include <unordered_map>
23 #include <folly/ScopeGuard.h>
24 #include <folly/portability/Sockets.h>
25 #include <folly/portability/Unistd.h>
28 #ifdef OPENSSL_IS_BORINGSSL
29 // BoringSSL doesn't (as of May 2016) export the equivalent
30 // of BIO_sock_should_retry, so this is one way around it :(
31 static int boringssl_bio_fd_should_retry(int err);
39 bool OpenSSLUtils::getTLSMasterKey(
40 const SSL_SESSION* session,
41 MutableByteRange keyOut) {
42 #if FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_102
44 session->master_key_length == static_cast<int>(keyOut.size())) {
45 auto masterKey = session->master_key;
47 masterKey, masterKey + session->master_key_length, keyOut.begin());
51 (SSL_SESSION*)session;
52 (MutableByteRange) keyOut;
57 bool OpenSSLUtils::getTLSClientRandom(
59 MutableByteRange randomOut) {
60 #if FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_102
61 if ((SSL_version(ssl) >> 8) == TLS1_VERSION_MAJOR && ssl->s3 &&
62 randomOut.size() == SSL3_RANDOM_SIZE) {
63 auto clientRandom = ssl->s3->client_random;
64 std::copy(clientRandom, clientRandom + SSL3_RANDOM_SIZE, randomOut.begin());
69 (MutableByteRange) randomOut;
74 bool OpenSSLUtils::getPeerAddressFromX509StoreCtx(X509_STORE_CTX* ctx,
75 sockaddr_storage* addrStorage,
77 // Grab the ssl idx and then the ssl object so that we can get the peer
78 // name to compare against the ips in the subjectAltName
79 auto sslIdx = SSL_get_ex_data_X509_STORE_CTX_idx();
80 auto ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, sslIdx));
81 int fd = SSL_get_fd(ssl);
83 LOG(ERROR) << "Inexplicably couldn't get fd from SSL";
87 *addrLen = sizeof(*addrStorage);
88 if (getpeername(fd, reinterpret_cast<sockaddr*>(addrStorage), addrLen) != 0) {
89 PLOG(ERROR) << "Unable to get peer name";
92 CHECK(*addrLen <= sizeof(*addrStorage));
96 bool OpenSSLUtils::validatePeerCertNames(X509* cert,
98 socklen_t /* addrLen */) {
99 // Try to extract the names within the SAN extension from the certificate
100 auto altNames = reinterpret_cast<STACK_OF(GENERAL_NAME)*>(
101 X509_get_ext_d2i(cert, NID_subject_alt_name, nullptr, nullptr));
103 if (altNames != nullptr) {
104 sk_GENERAL_NAME_pop_free(altNames, GENERAL_NAME_free);
107 if (altNames == nullptr) {
108 LOG(WARNING) << "No subjectAltName provided and we only support ip auth";
112 const sockaddr_in* addr4 = nullptr;
113 const sockaddr_in6* addr6 = nullptr;
114 if (addr != nullptr) {
115 if (addr->sa_family == AF_INET) {
116 addr4 = reinterpret_cast<const sockaddr_in*>(addr);
117 } else if (addr->sa_family == AF_INET6) {
118 addr6 = reinterpret_cast<const sockaddr_in6*>(addr);
120 LOG(FATAL) << "Unsupported sockaddr family: " << addr->sa_family;
124 for (int i = 0; i < sk_GENERAL_NAME_num(altNames); i++) {
125 auto name = sk_GENERAL_NAME_value(altNames, i);
126 if ((addr4 != nullptr || addr6 != nullptr) && name->type == GEN_IPADD) {
127 // Extra const-ness for paranoia
128 unsigned char const* const rawIpStr = name->d.iPAddress->data;
129 size_t const rawIpLen = size_t(name->d.iPAddress->length);
131 if (rawIpLen == 4 && addr4 != nullptr) {
132 if (::memcmp(rawIpStr, &addr4->sin_addr, rawIpLen) == 0) {
135 } else if (rawIpLen == 16 && addr6 != nullptr) {
136 if (::memcmp(rawIpStr, &addr6->sin6_addr, rawIpLen) == 0) {
139 } else if (rawIpLen != 4 && rawIpLen != 16) {
140 LOG(WARNING) << "Unexpected IP length: " << rawIpLen;
145 LOG(WARNING) << "Unable to match client cert against alt name ip";
149 static std::unordered_map<uint16_t, std::string> getOpenSSLCipherNames() {
150 std::unordered_map<uint16_t, std::string> ret;
151 SSL_CTX* ctx = nullptr;
154 const SSL_METHOD* meth = SSLv23_server_method();
155 OpenSSL_add_ssl_algorithms();
157 if ((ctx = SSL_CTX_new(meth)) == nullptr) {
164 if ((ssl = SSL_new(ctx)) == nullptr) {
171 STACK_OF(SSL_CIPHER)* sk = SSL_get_ciphers(ssl);
172 for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
173 const SSL_CIPHER* c = sk_SSL_CIPHER_value(sk, i);
174 unsigned long id = SSL_CIPHER_get_id(c);
175 // OpenSSL 1.0.2 and prior does weird things such as stuff the SSL/TLS
176 // version into the top 16 bits. Let's ignore those for now. This is
177 // BoringSSL compatible (their id can be cast as uint16_t)
178 uint16_t cipherCode = id & 0xffffL;
179 ret[cipherCode] = SSL_CIPHER_get_name(c);
184 const std::string& OpenSSLUtils::getCipherName(uint16_t cipherCode) {
185 // Having this in a hash map saves the binary search inside OpenSSL
186 static std::unordered_map<uint16_t, std::string> cipherCodeToName(
187 getOpenSSLCipherNames());
189 const auto& iter = cipherCodeToName.find(cipherCode);
190 if (iter != cipherCodeToName.end()) {
193 static std::string empty("");
198 void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) {
201 #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT)
206 ssl->initial_ctx = ctx;
211 SSL_CTX* OpenSSLUtils::getSSLInitialCtx(SSL* ssl) {
213 #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT)
215 return ssl->initial_ctx;
221 BioMethodUniquePtr OpenSSLUtils::newSocketBioMethod() {
222 BIO_METHOD* newmeth = nullptr;
223 #if FOLLY_OPENSSL_IS_110
224 if (!(newmeth = BIO_meth_new(BIO_TYPE_SOCKET, "socket_bio_method"))) {
227 auto meth = const_cast<BIO_METHOD*>(BIO_s_socket());
228 BIO_meth_set_create(newmeth, BIO_meth_get_create(meth));
229 BIO_meth_set_destroy(newmeth, BIO_meth_get_destroy(meth));
230 BIO_meth_set_ctrl(newmeth, BIO_meth_get_ctrl(meth));
231 BIO_meth_set_callback_ctrl(newmeth, BIO_meth_get_callback_ctrl(meth));
232 BIO_meth_set_read(newmeth, BIO_meth_get_read(meth));
233 BIO_meth_set_write(newmeth, BIO_meth_get_write(meth));
234 BIO_meth_set_gets(newmeth, BIO_meth_get_gets(meth));
235 BIO_meth_set_puts(newmeth, BIO_meth_get_puts(meth));
237 if (!(newmeth = (BIO_METHOD*)OPENSSL_malloc(sizeof(BIO_METHOD)))) {
240 memcpy(newmeth, BIO_s_socket(), sizeof(BIO_METHOD));
243 return BioMethodUniquePtr(newmeth);
246 bool OpenSSLUtils::setCustomBioReadMethod(
248 int (*meth)(BIO*, char*, int)) {
250 ret = (BIO_meth_set_read(bioMeth, meth) == 1);
254 bool OpenSSLUtils::setCustomBioWriteMethod(
256 int (*meth)(BIO*, const char*, int)) {
258 ret = (BIO_meth_set_write(bioMeth, meth) == 1);
262 int OpenSSLUtils::getBioShouldRetryWrite(int r) {
264 #ifdef OPENSSL_IS_BORINGSSL
265 ret = boringssl_bio_fd_should_retry(r);
267 ret = BIO_sock_should_retry(r);
272 void OpenSSLUtils::setBioAppData(BIO* b, void* ptr) {
273 #ifdef OPENSSL_IS_BORINGSSL
274 BIO_set_callback_arg(b, static_cast<char*>(ptr));
276 BIO_set_app_data(b, ptr);
280 void* OpenSSLUtils::getBioAppData(BIO* b) {
281 #ifdef OPENSSL_IS_BORINGSSL
282 return BIO_get_callback_arg(b);
284 return BIO_get_app_data(b);
288 int OpenSSLUtils::getBioFd(BIO* b, int* fd) {
290 int ret = portability::sockets::socket_to_fd((SOCKET)BIO_get_fd(b, fd));
296 return BIO_get_fd(b, fd);
300 void OpenSSLUtils::setBioFd(BIO* b, int fd, int flags) {
302 SOCKET socket = portability::sockets::fd_to_socket(fd);
303 // Internally OpenSSL uses this as an int for reasons completely
304 // beyond any form of sanity, so we do the cast ourselves to avoid
305 // the warnings that would be generated.
306 int sock = int(socket);
310 BIO_set_fd(b, sock, flags);
317 #ifdef OPENSSL_IS_BORINGSSL
319 static int boringssl_bio_fd_non_fatal_error(int err) {
322 err == EWOULDBLOCK ||
324 #ifdef WSAEWOULDBLOCK
325 err == WSAEWOULDBLOCK ||
340 err == EINPROGRESS ||
351 #if defined(OPENSSL_WINDOWS)
353 int boringssl_bio_fd_should_retry(int i) {
355 return boringssl_bio_fd_non_fatal_error((int)GetLastError());
360 #else // !OPENSSL_WINDOWS
362 int boringssl_bio_fd_should_retry(int i) {
364 return boringssl_bio_fd_non_fatal_error(errno);
368 #endif // OPENSSL_WINDOWS
370 #endif // OEPNSSL_IS_BORINGSSL