6ce2f3f26b
This is required to remove the ; from the macro with Qt 6. Task-number: QTBUG-82978 Change-Id: I3f0b6717956ca8fa486bed9817b89dfa19f5e0e1 Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
1402 lines
47 KiB
C++
1402 lines
47 KiB
C++
/****************************************************************************
|
|
**
|
|
** Copyright (C) 2018 The Qt Company Ltd.
|
|
** Contact: https://www.qt.io/licensing/
|
|
**
|
|
** This file is part of the QtNetwork module of the Qt Toolkit.
|
|
**
|
|
** $QT_BEGIN_LICENSE:LGPL$
|
|
** Commercial License Usage
|
|
** Licensees holding valid commercial Qt licenses may use this file in
|
|
** accordance with the commercial license agreement provided with the
|
|
** Software or, alternatively, in accordance with the terms contained in
|
|
** a written agreement between you and The Qt Company. For licensing terms
|
|
** and conditions see https://www.qt.io/terms-conditions. For further
|
|
** information use the contact form at https://www.qt.io/contact-us.
|
|
**
|
|
** GNU Lesser General Public License Usage
|
|
** Alternatively, this file may be used under the terms of the GNU Lesser
|
|
** General Public License version 3 as published by the Free Software
|
|
** Foundation and appearing in the file LICENSE.LGPL3 included in the
|
|
** packaging of this file. Please review the following information to
|
|
** ensure the GNU Lesser General Public License version 3 requirements
|
|
** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
|
|
**
|
|
** GNU General Public License Usage
|
|
** Alternatively, this file may be used under the terms of the GNU
|
|
** General Public License version 2.0 or (at your option) the GNU General
|
|
** Public license version 3 or any later version approved by the KDE Free
|
|
** Qt Foundation. The licenses are as published by the Free Software
|
|
** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
|
|
** included in the packaging of this file. Please review the following
|
|
** information to ensure the GNU General Public License requirements will
|
|
** be met: https://www.gnu.org/licenses/gpl-2.0.html and
|
|
** https://www.gnu.org/licenses/gpl-3.0.html.
|
|
**
|
|
** $QT_END_LICENSE$
|
|
**
|
|
****************************************************************************/
|
|
|
|
#ifndef NOMINMAX
|
|
#define NOMINMAX
|
|
#endif // NOMINMAX
|
|
#include "private/qnativesocketengine_p.h"
|
|
|
|
#include "qsslpresharedkeyauthenticator_p.h"
|
|
#include "qsslsocket_openssl_symbols_p.h"
|
|
#include "qsslsocket_openssl_p.h"
|
|
#include "qsslcertificate_p.h"
|
|
#include "qdtls_openssl_p.h"
|
|
#include "qudpsocket.h"
|
|
#include "qssl_p.h"
|
|
|
|
#include "qmessageauthenticationcode.h"
|
|
#include "qcryptographichash.h"
|
|
|
|
#include "qdebug.h"
|
|
|
|
#include <cstring>
|
|
#include <cstddef>
|
|
|
|
QT_BEGIN_NAMESPACE
|
|
|
|
#define QT_DTLS_VERBOSE 0
|
|
|
|
#if QT_DTLS_VERBOSE
|
|
|
|
#define qDtlsWarning(arg) qWarning(arg)
|
|
#define qDtlsDebug(arg) qDebug(arg)
|
|
|
|
#else
|
|
|
|
#define qDtlsWarning(arg)
|
|
#define qDtlsDebug(arg)
|
|
|
|
#endif // QT_DTLS_VERBOSE
|
|
|
|
namespace dtlsutil
|
|
{
|
|
|
|
QByteArray cookie_for_peer(SSL *ssl)
|
|
{
|
|
Q_ASSERT(ssl);
|
|
|
|
// SSL_get_rbio does not increment the reference count
|
|
BIO *readBIO = q_SSL_get_rbio(ssl);
|
|
if (!readBIO) {
|
|
qCWarning(lcSsl, "No BIO (dgram) found in SSL object");
|
|
return {};
|
|
}
|
|
|
|
auto listener = static_cast<dtlsopenssl::DtlsState *>(q_BIO_get_app_data(readBIO));
|
|
if (!listener) {
|
|
qCWarning(lcSsl, "BIO_get_app_data returned invalid (nullptr) value");
|
|
return {};
|
|
}
|
|
|
|
const QHostAddress peerAddress(listener->remoteAddress);
|
|
const quint16 peerPort(listener->remotePort);
|
|
QByteArray peerData;
|
|
if (peerAddress.protocol() == QAbstractSocket::IPv6Protocol) {
|
|
const Q_IPV6ADDR sin6_addr(peerAddress.toIPv6Address());
|
|
peerData.resize(int(sizeof sin6_addr + sizeof peerPort));
|
|
char *dst = peerData.data();
|
|
std::memcpy(dst, &peerPort, sizeof peerPort);
|
|
dst += sizeof peerPort;
|
|
std::memcpy(dst, &sin6_addr, sizeof sin6_addr);
|
|
} else if (peerAddress.protocol() == QAbstractSocket::IPv4Protocol) {
|
|
const quint32 sin_addr(peerAddress.toIPv4Address());
|
|
peerData.resize(int(sizeof sin_addr + sizeof peerPort));
|
|
char *dst = peerData.data();
|
|
std::memcpy(dst, &peerPort, sizeof peerPort);
|
|
dst += sizeof peerPort;
|
|
std::memcpy(dst, &sin_addr, sizeof sin_addr);
|
|
} else {
|
|
Q_UNREACHABLE();
|
|
}
|
|
|
|
return peerData;
|
|
}
|
|
|
|
struct FallbackCookieSecret
|
|
{
|
|
FallbackCookieSecret()
|
|
{
|
|
key.resize(32);
|
|
const int status = q_RAND_bytes(reinterpret_cast<unsigned char *>(key.data()),
|
|
key.size());
|
|
if (status <= 0)
|
|
key.clear();
|
|
}
|
|
|
|
QByteArray key;
|
|
|
|
Q_DISABLE_COPY(FallbackCookieSecret)
|
|
};
|
|
|
|
QByteArray fallbackSecret()
|
|
{
|
|
static const FallbackCookieSecret generator;
|
|
return generator.key;
|
|
}
|
|
|
|
int next_timeoutMs(SSL *tlsConnection)
|
|
{
|
|
Q_ASSERT(tlsConnection);
|
|
timeval timeLeft = {};
|
|
q_DTLSv1_get_timeout(tlsConnection, &timeLeft);
|
|
return timeLeft.tv_sec * 1000;
|
|
}
|
|
|
|
|
|
void delete_connection(SSL *ssl)
|
|
{
|
|
// The 'deleter' for QSharedPointer<SSL>.
|
|
if (ssl)
|
|
q_SSL_free(ssl);
|
|
}
|
|
|
|
void delete_BIO_ADDR(BIO_ADDR *bio)
|
|
{
|
|
// A deleter for QSharedPointer<BIO_ADDR>
|
|
if (bio)
|
|
q_BIO_ADDR_free(bio);
|
|
}
|
|
|
|
void delete_bio_method(BIO_METHOD *method)
|
|
{
|
|
// The 'deleter' for QSharedPointer<BIO_METHOD>.
|
|
if (method)
|
|
q_BIO_meth_free(method);
|
|
}
|
|
|
|
// The 'deleter' for QScopedPointer<BIO>.
|
|
struct bio_deleter
|
|
{
|
|
static void cleanup(BIO *bio)
|
|
{
|
|
if (bio)
|
|
q_BIO_free(bio);
|
|
}
|
|
};
|
|
|
|
// The path MTU discovery is non-trivial: it's a mix of getsockopt/setsockopt
|
|
// (IP_MTU/IP6_MTU/IP_MTU_DISCOVER) and fallback MTU values. It's not
|
|
// supported on all platforms, worse so - imposes specific requirements on
|
|
// underlying UDP socket etc. So for now, we either try a user-proposed MTU
|
|
// hint or rely on our own fallback value. As a fallback mtu OpenSSL uses 576
|
|
// for IPv4 and 1280 for IPv6 (RFC 791, RFC 2460). To KIS we use 576. This
|
|
// rather small MTU value does not affect the size that can be read/written
|
|
// by QDtls, only a handshake (which is allowed to fragment).
|
|
enum class MtuGuess : long
|
|
{
|
|
defaultMtu = 576
|
|
};
|
|
|
|
} // namespace dtlsutil
|
|
|
|
namespace dtlscallbacks
|
|
{
|
|
|
|
extern "C" int q_generate_cookie_callback(SSL *ssl, unsigned char *dst,
|
|
unsigned *cookieLength)
|
|
{
|
|
if (!ssl || !dst || !cookieLength) {
|
|
qCWarning(lcSsl,
|
|
"Failed to generate cookie - invalid (nullptr) parameter(s)");
|
|
return 0;
|
|
}
|
|
|
|
void *generic = q_SSL_get_ex_data(ssl, QSslSocketBackendPrivate::s_indexForSSLExtraData);
|
|
if (!generic) {
|
|
qCWarning(lcSsl, "SSL_get_ex_data returned nullptr, cannot generate cookie");
|
|
return 0;
|
|
}
|
|
|
|
*cookieLength = 0;
|
|
|
|
auto dtls = static_cast<dtlsopenssl::DtlsState *>(generic);
|
|
if (!dtls->secret.size())
|
|
return 0;
|
|
|
|
const QByteArray peerData(dtlsutil::cookie_for_peer(ssl));
|
|
if (!peerData.size())
|
|
return 0;
|
|
|
|
QMessageAuthenticationCode hmac(dtls->hashAlgorithm, dtls->secret);
|
|
hmac.addData(peerData);
|
|
const QByteArray cookie = hmac.result();
|
|
Q_ASSERT(cookie.size() >= 0);
|
|
// DTLS1_COOKIE_LENGTH is erroneously 256 bytes long, must be 255 - RFC 6347, 4.2.1.
|
|
*cookieLength = qMin(DTLS1_COOKIE_LENGTH - 1, cookie.size());
|
|
std::memcpy(dst, cookie.constData(), *cookieLength);
|
|
|
|
return 1;
|
|
}
|
|
|
|
extern "C" int q_verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
|
|
unsigned cookieLength)
|
|
{
|
|
if (!ssl || !cookie || !cookieLength) {
|
|
qCWarning(lcSsl, "Could not verify cookie, invalid (nullptr or zero) parameters");
|
|
return 0;
|
|
}
|
|
|
|
unsigned char newCookie[DTLS1_COOKIE_LENGTH] = {};
|
|
unsigned newCookieLength = 0;
|
|
if (q_generate_cookie_callback(ssl, newCookie, &newCookieLength) != 1)
|
|
return 0;
|
|
|
|
return newCookieLength == cookieLength
|
|
&& !std::memcmp(cookie, newCookie, cookieLength);
|
|
}
|
|
|
|
extern "C" int q_X509DtlsCallback(int ok, X509_STORE_CTX *ctx)
|
|
{
|
|
if (!ok) {
|
|
// Store the error and at which depth the error was detected.
|
|
SSL *ssl = static_cast<SSL *>(q_X509_STORE_CTX_get_ex_data(ctx, q_SSL_get_ex_data_X509_STORE_CTX_idx()));
|
|
if (!ssl) {
|
|
qCWarning(lcSsl, "X509_STORE_CTX_get_ex_data returned nullptr, handshake failure");
|
|
return 0;
|
|
}
|
|
|
|
void *generic = q_SSL_get_ex_data(ssl, QSslSocketBackendPrivate::s_indexForSSLExtraData);
|
|
if (!generic) {
|
|
qCWarning(lcSsl, "SSL_get_ex_data returned nullptr, handshake failure");
|
|
return 0;
|
|
}
|
|
|
|
auto dtls = static_cast<dtlsopenssl::DtlsState *>(generic);
|
|
dtls->x509Errors.append(QSslErrorEntry::fromStoreContext(ctx));
|
|
}
|
|
|
|
// Always return 1 (OK) to allow verification to continue. We handle the
|
|
// errors gracefully after collecting all errors, after verification has
|
|
// completed.
|
|
return 1;
|
|
}
|
|
|
|
extern "C" unsigned q_PSK_client_callback(SSL *ssl, const char *hint, char *identity,
|
|
unsigned max_identity_len, unsigned char *psk,
|
|
unsigned max_psk_len)
|
|
{
|
|
auto *dtls = static_cast<dtlsopenssl::DtlsState *>(q_SSL_get_ex_data(ssl,
|
|
QSslSocketBackendPrivate::s_indexForSSLExtraData));
|
|
if (!dtls)
|
|
return 0;
|
|
|
|
Q_ASSERT(dtls->dtlsPrivate);
|
|
return dtls->dtlsPrivate->pskClientCallback(hint, identity, max_identity_len, psk, max_psk_len);
|
|
}
|
|
|
|
extern "C" unsigned q_PSK_server_callback(SSL *ssl, const char *identity, unsigned char *psk,
|
|
unsigned max_psk_len)
|
|
{
|
|
auto *dtls = static_cast<dtlsopenssl::DtlsState *>(q_SSL_get_ex_data(ssl,
|
|
QSslSocketBackendPrivate::s_indexForSSLExtraData));
|
|
if (!dtls)
|
|
return 0;
|
|
|
|
Q_ASSERT(dtls->dtlsPrivate);
|
|
return dtls->dtlsPrivate->pskServerCallback(identity, psk, max_psk_len);
|
|
}
|
|
|
|
} // namespace dtlscallbacks
|
|
|
|
namespace dtlsbio
|
|
{
|
|
|
|
extern "C" int q_dgram_read(BIO *bio, char *dst, int bytesToRead)
|
|
{
|
|
if (!bio || !dst || bytesToRead <= 0) {
|
|
qCWarning(lcSsl, "invalid input parameter(s)");
|
|
return 0;
|
|
}
|
|
|
|
q_BIO_clear_retry_flags(bio);
|
|
|
|
auto dtls = static_cast<dtlsopenssl::DtlsState *>(q_BIO_get_app_data(bio));
|
|
// It's us who set data, if OpenSSL does too, the logic here is wrong
|
|
// then and we have to use BIO_set_app_data then!
|
|
Q_ASSERT(dtls);
|
|
int bytesRead = 0;
|
|
if (dtls->dgram.size()) {
|
|
bytesRead = qMin(dtls->dgram.size(), bytesToRead);
|
|
std::memcpy(dst, dtls->dgram.constData(), bytesRead);
|
|
|
|
if (!dtls->peeking)
|
|
dtls->dgram = dtls->dgram.mid(bytesRead);
|
|
} else {
|
|
bytesRead = -1;
|
|
}
|
|
|
|
if (bytesRead <= 0)
|
|
q_BIO_set_retry_read(bio);
|
|
|
|
return bytesRead;
|
|
}
|
|
|
|
extern "C" int q_dgram_write(BIO *bio, const char *src, int bytesToWrite)
|
|
{
|
|
if (!bio || !src || bytesToWrite <= 0) {
|
|
qCWarning(lcSsl, "invalid input parameter(s)");
|
|
return 0;
|
|
}
|
|
|
|
q_BIO_clear_retry_flags(bio);
|
|
|
|
auto dtls = static_cast<dtlsopenssl::DtlsState *>(q_BIO_get_app_data(bio));
|
|
Q_ASSERT(dtls);
|
|
if (dtls->writeSuppressed) {
|
|
// See the comment in QDtls::startHandshake.
|
|
return bytesToWrite;
|
|
}
|
|
|
|
QUdpSocket *udpSocket = dtls->udpSocket;
|
|
Q_ASSERT(udpSocket);
|
|
|
|
const QByteArray dgram(QByteArray::fromRawData(src, bytesToWrite));
|
|
qint64 bytesWritten = -1;
|
|
if (udpSocket->state() == QAbstractSocket::ConnectedState) {
|
|
bytesWritten = udpSocket->write(dgram);
|
|
} else {
|
|
bytesWritten = udpSocket->writeDatagram(dgram, dtls->remoteAddress,
|
|
dtls->remotePort);
|
|
}
|
|
|
|
if (bytesWritten <= 0)
|
|
q_BIO_set_retry_write(bio);
|
|
|
|
Q_ASSERT(bytesWritten <= std::numeric_limits<int>::max());
|
|
return int(bytesWritten);
|
|
}
|
|
|
|
extern "C" int q_dgram_puts(BIO *bio, const char *src)
|
|
{
|
|
if (!bio || !src) {
|
|
qCWarning(lcSsl, "invalid input parameter(s)");
|
|
return 0;
|
|
}
|
|
|
|
return q_dgram_write(bio, src, int(std::strlen(src)));
|
|
}
|
|
|
|
extern "C" long q_dgram_ctrl(BIO *bio, int cmd, long num, void *ptr)
|
|
{
|
|
// This is our custom BIO_ctrl. bio.h defines a lot of BIO_CTRL_*
|
|
// and BIO_* constants and BIO_somename macros that expands to BIO_ctrl
|
|
// call with one of those constants as argument. What exactly BIO_ctrl
|
|
// does - depends on the 'cmd' and the type of BIO (so BIO_ctrl does
|
|
// not even have a single well-defined value meaning success or failure).
|
|
// We handle only the most generic commands - the ones documented for
|
|
// BIO_ctrl - and also DGRAM specific ones. And even for them - in most
|
|
// cases we do nothing but report a success or some non-error value.
|
|
// Documents also state: "Source/sink BIOs return an 0 if they do not
|
|
// recognize the BIO_ctrl() operation." - these are covered by 'default'
|
|
// label in the switch-statement below. Debug messages in the switch mean:
|
|
// 1) we got a command that is unexpected for dgram BIO, or:
|
|
// 2) we do not call any function that would lead to OpenSSL using this
|
|
// command.
|
|
|
|
if (!bio) {
|
|
qDebug(lcSsl, "invalid 'bio' parameter (nullptr)");
|
|
return -1;
|
|
}
|
|
|
|
auto dtls = static_cast<dtlsopenssl::DtlsState *>(q_BIO_get_app_data(bio));
|
|
Q_ASSERT(dtls);
|
|
|
|
switch (cmd) {
|
|
// Let's start from the most generic ones, in the order in which they are
|
|
// documented (as BIO_ctrl):
|
|
case BIO_CTRL_RESET:
|
|
// BIO_reset macro.
|
|
// From documentation:
|
|
// "BIO_reset() normally returns 1 for success and 0 or -1 for failure.
|
|
// File BIOs are an exception, they return 0 for success and -1 for
|
|
// failure."
|
|
// We have nothing to reset and we are not file BIO.
|
|
return 1;
|
|
case BIO_C_FILE_SEEK:
|
|
case BIO_C_FILE_TELL:
|
|
qDtlsWarning("Unexpected cmd (BIO_C_FILE_SEEK/BIO_C_FILE_TELL)");
|
|
// These are for BIO_seek, BIO_tell. We are not a file BIO.
|
|
// Non-negative return value means success.
|
|
return 0;
|
|
case BIO_CTRL_FLUSH:
|
|
// BIO_flush, nothing to do, we do not buffer any data.
|
|
// 0 or -1 means error, 1 - success.
|
|
return 1;
|
|
case BIO_CTRL_EOF:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_EOF)");
|
|
// BIO_eof, 1 means EOF read. Makes no sense for us.
|
|
return 0;
|
|
case BIO_CTRL_SET_CLOSE:
|
|
// BIO_set_close with BIO_CLOSE/BIO_NOCLOSE flags. Documented as
|
|
// always returning 1.
|
|
// From the documentation:
|
|
// "Typically BIO_CLOSE is used in a source/sink BIO to indicate that
|
|
// the underlying I/O stream should be closed when the BIO is freed."
|
|
//
|
|
// QUdpSocket we work with is not BIO's business, ignoring.
|
|
return 1;
|
|
case BIO_CTRL_GET_CLOSE:
|
|
// BIO_get_close. No, never, see the comment above.
|
|
return 0;
|
|
case BIO_CTRL_PENDING:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_PENDING)");
|
|
// BIO_pending. Not used by DTLS/OpenSSL (we are not buffering).
|
|
return 0;
|
|
case BIO_CTRL_WPENDING:
|
|
// No, we have nothing buffered.
|
|
return 0;
|
|
// The constants below are not documented as a part BIO_ctrl documentation,
|
|
// but they are also not type-specific.
|
|
case BIO_CTRL_DUP:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_DUP)");
|
|
// BIO_dup_state, not used by DTLS (and socket-related BIOs in general).
|
|
// For some very specific BIO type this 'cmd' would copy some state
|
|
// from 'bio' to (BIO*)'ptr'. 1 means success.
|
|
return 0;
|
|
case BIO_CTRL_SET_CALLBACK:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_SET_CALLBACK)");
|
|
// BIO_set_info_callback. We never call this, OpenSSL does not do this
|
|
// on its own (normally it's used if client code wants to have some
|
|
// debug information, for example, dumping handshake state via
|
|
// BIO_printf from SSL info_callback).
|
|
return 0;
|
|
case BIO_CTRL_GET_CALLBACK:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_GET_CALLBACK)");
|
|
// BIO_get_info_callback. We never call this.
|
|
if (ptr)
|
|
*static_cast<bio_info_cb **>(ptr) = nullptr;
|
|
return 0;
|
|
case BIO_CTRL_SET:
|
|
case BIO_CTRL_GET:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_SET/BIO_CTRL_GET)");
|
|
// Somewhat 'documented' as setting/getting IO type. Not used anywhere
|
|
// except BIO_buffer_get_num_lines (which contradics 'get IO type').
|
|
// Ignoring.
|
|
return 0;
|
|
// DGRAM-specific operation, we have to return some reasonable value
|
|
// (so far, I've encountered only peek mode switching, connect).
|
|
case BIO_CTRL_DGRAM_CONNECT:
|
|
// BIO_ctrl_dgram_connect. Not needed. Our 'dtls' already knows
|
|
// the peer's address/port. Report success though.
|
|
return 1;
|
|
case BIO_CTRL_DGRAM_SET_CONNECTED:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_DGRAM_SET_CONNECTED)");
|
|
// BIO_ctrl_dgram_set_connected. We never call it, OpenSSL does
|
|
// not call it on its own (so normally it's done by client code).
|
|
// Similar to BIO_CTRL_DGRAM_CONNECT, but it also informs the BIO
|
|
// that its UDP socket is connected. We never need it though.
|
|
return -1;
|
|
case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_DGRAM_SET_RECV_TIMEOUT)");
|
|
// Essentially setsockopt with SO_RCVTIMEO, not needed, our sockets
|
|
// are non-blocking.
|
|
return -1;
|
|
case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_DGRAM_GET_RECV_TIMEOUT)");
|
|
// getsockopt with SO_RCVTIMEO, not needed, our sockets are
|
|
// non-blocking. ptr is timeval *.
|
|
return -1;
|
|
case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_DGRAM_SET_SEND_TIMEOUT)");
|
|
// setsockopt, SO_SNDTIMEO, cannot happen.
|
|
return -1;
|
|
case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_DGRAM_GET_SEND_TIMEOUT)");
|
|
// getsockopt, SO_SNDTIMEO, cannot happen.
|
|
return -1;
|
|
case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
|
|
// BIO_dgram_recv_timedout. No, we are non-blocking.
|
|
return 0;
|
|
case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
|
|
// BIO_dgram_send_timedout. No, we are non-blocking.
|
|
return 0;
|
|
case BIO_CTRL_DGRAM_MTU_DISCOVER:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_DGRAM_MTU_DISCOVER)");
|
|
// setsockopt, IP_MTU_DISCOVER/IP6_MTU_DISCOVER, to be done
|
|
// in QUdpSocket instead. OpenSSL never calls it, only client
|
|
// code.
|
|
return 1;
|
|
case BIO_CTRL_DGRAM_QUERY_MTU:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_DGRAM_QUERY_MTU)");
|
|
// To be done in QUdpSocket instead.
|
|
return 1;
|
|
case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
|
|
qDtlsWarning("Unexpected command *BIO_CTRL_DGRAM_GET_FALLBACK_MTU)");
|
|
// Without SSL_OP_NO_QUERY_MTU set on SSL, OpenSSL can request for
|
|
// fallback MTU after several re-transmissions.
|
|
// Should never happen in our case.
|
|
return long(dtlsutil::MtuGuess::defaultMtu);
|
|
case BIO_CTRL_DGRAM_GET_MTU:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_DGRAM_GET_MTU)");
|
|
return -1;
|
|
case BIO_CTRL_DGRAM_SET_MTU:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_DGRAM_SET_MTU)");
|
|
// Should not happen (we don't call BIO_ctrl with this parameter)
|
|
// and set MTU on SSL instead.
|
|
return -1; // num is mtu and it's a return value meaning success.
|
|
case BIO_CTRL_DGRAM_MTU_EXCEEDED:
|
|
qDtlsWarning("Unexpected cmd (BIO_CTRL_DGRAM_MTU_EXCEEDED)");
|
|
return 0;
|
|
case BIO_CTRL_DGRAM_GET_PEER:
|
|
qDtlsDebug("BIO_CTRL_DGRAM_GET_PEER");
|
|
// BIO_dgram_get_peer. We do not return a real address (DTLS is not
|
|
// using this address), but let's pretend a success.
|
|
switch (dtls->remoteAddress.protocol()) {
|
|
case QAbstractSocket::IPv6Protocol:
|
|
return sizeof(sockaddr_in6);
|
|
case QAbstractSocket::IPv4Protocol:
|
|
return sizeof(sockaddr_in);
|
|
default:
|
|
return -1;
|
|
}
|
|
case BIO_CTRL_DGRAM_SET_PEER:
|
|
// Similar to BIO_CTRL_DGRAM_CONNECTED.
|
|
return 1;
|
|
case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
|
|
// DTLSTODO: I'm not sure yet, how it's used by OpenSSL.
|
|
return 1;
|
|
case BIO_CTRL_DGRAM_SET_DONT_FRAG:
|
|
qDtlsDebug("BIO_CTRL_DGRAM_SET_DONT_FRAG");
|
|
// To be done in QUdpSocket, it's about IP_DONTFRAG etc.
|
|
return 1;
|
|
case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
|
|
// AFAIK it's 28 for IPv4 and 48 for IPv6, but let's pretend it's 0
|
|
// so that OpenSSL does not start suddenly fragmenting the first
|
|
// client hello (which will result in DTLSv1_listen rejecting it).
|
|
return 0;
|
|
case BIO_CTRL_DGRAM_SET_PEEK_MODE:
|
|
dtls->peeking = num;
|
|
return 1;
|
|
default:;
|
|
#if QT_DTLS_VERBOSE
|
|
qWarning() << "Unexpected cmd (" << cmd << ")";
|
|
#endif
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
extern "C" int q_dgram_create(BIO *bio)
|
|
{
|
|
|
|
q_BIO_set_init(bio, 1);
|
|
// With a custom BIO you'd normally allocate some implementation-specific
|
|
// data and append it to this new BIO using BIO_set_data. We don't need
|
|
// it and thus q_dgram_destroy below is a noop.
|
|
return 1;
|
|
}
|
|
|
|
extern "C" int q_dgram_destroy(BIO *bio)
|
|
{
|
|
Q_UNUSED(bio);
|
|
return 1;
|
|
}
|
|
|
|
const char * const qdtlsMethodName = "qdtlsbio";
|
|
|
|
} // namespace dtlsbio
|
|
|
|
namespace dtlsopenssl
|
|
{
|
|
|
|
bool DtlsState::init(QDtlsBasePrivate *dtlsBase, QUdpSocket *socket,
|
|
const QHostAddress &remote, quint16 port,
|
|
const QByteArray &receivedMessage)
|
|
{
|
|
Q_ASSERT(dtlsBase);
|
|
Q_ASSERT(socket);
|
|
|
|
if (!tlsContext.data() && !initTls(dtlsBase))
|
|
return false;
|
|
|
|
udpSocket = socket;
|
|
|
|
setLinkMtu(dtlsBase);
|
|
|
|
dgram = receivedMessage;
|
|
remoteAddress = remote;
|
|
remotePort = port;
|
|
|
|
// SSL_get_rbio does not increment a reference count.
|
|
BIO *bio = q_SSL_get_rbio(tlsConnection.data());
|
|
Q_ASSERT(bio);
|
|
q_BIO_set_app_data(bio, this);
|
|
|
|
return true;
|
|
}
|
|
|
|
void DtlsState::reset()
|
|
{
|
|
tlsConnection.reset();
|
|
tlsContext.reset();
|
|
}
|
|
|
|
bool DtlsState::initTls(QDtlsBasePrivate *dtlsBase)
|
|
{
|
|
if (tlsContext.data())
|
|
return true;
|
|
|
|
if (!QSslSocket::supportsSsl())
|
|
return false;
|
|
|
|
if (!initCtxAndConnection(dtlsBase))
|
|
return false;
|
|
|
|
if (!initBIO(dtlsBase)) {
|
|
tlsConnection.reset();
|
|
tlsContext.reset();
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
static QString msgFunctionFailed(const char *function)
|
|
{
|
|
//: %1: Some function
|
|
return QDtls::tr("%1 failed").arg(QLatin1String(function));
|
|
}
|
|
|
|
bool DtlsState::initCtxAndConnection(QDtlsBasePrivate *dtlsBase)
|
|
{
|
|
Q_ASSERT(dtlsBase);
|
|
Q_ASSERT(QSslSocket::supportsSsl());
|
|
|
|
if (dtlsBase->mode == QSslSocket::UnencryptedMode) {
|
|
dtlsBase->setDtlsError(QDtlsError::TlsInitializationError,
|
|
QDtls::tr("Invalid SslMode, SslServerMode or SslClientMode expected"));
|
|
return false;
|
|
}
|
|
|
|
if (!QDtlsBasePrivate::isDtlsProtocol(dtlsBase->dtlsConfiguration.protocol)) {
|
|
dtlsBase->setDtlsError(QDtlsError::TlsInitializationError,
|
|
QDtls::tr("Invalid protocol version, DTLS protocol expected"));
|
|
return false;
|
|
}
|
|
|
|
// Create a deep copy of our configuration
|
|
auto configurationCopy = new QSslConfigurationPrivate(dtlsBase->dtlsConfiguration);
|
|
configurationCopy->ref.storeRelaxed(0); // the QSslConfiguration constructor refs up
|
|
|
|
// DTLSTODO: check we do not set something DTLS-incompatible there ...
|
|
TlsContext newContext(QSslContext::sharedFromConfiguration(dtlsBase->mode,
|
|
configurationCopy,
|
|
dtlsBase->dtlsConfiguration.allowRootCertOnDemandLoading));
|
|
|
|
if (newContext->error() != QSslError::NoError) {
|
|
dtlsBase->setDtlsError(QDtlsError::TlsInitializationError, newContext->errorString());
|
|
return false;
|
|
}
|
|
|
|
TlsConnection newConnection(newContext->createSsl(), dtlsutil::delete_connection);
|
|
if (!newConnection.data()) {
|
|
dtlsBase->setDtlsError(QDtlsError::TlsInitializationError,
|
|
msgFunctionFailed("SSL_new"));
|
|
return false;
|
|
}
|
|
|
|
const int set = q_SSL_set_ex_data(newConnection.data(),
|
|
QSslSocketBackendPrivate::s_indexForSSLExtraData,
|
|
this);
|
|
|
|
if (set != 1 && configurationCopy->peerVerifyMode != QSslSocket::VerifyNone) {
|
|
dtlsBase->setDtlsError(QDtlsError::TlsInitializationError,
|
|
msgFunctionFailed("SSL_set_ex_data"));
|
|
return false;
|
|
}
|
|
|
|
if (dtlsBase->mode == QSslSocket::SslServerMode) {
|
|
if (dtlsBase->dtlsConfiguration.dtlsCookieEnabled)
|
|
q_SSL_set_options(newConnection.data(), SSL_OP_COOKIE_EXCHANGE);
|
|
q_SSL_set_psk_server_callback(newConnection.data(), dtlscallbacks::q_PSK_server_callback);
|
|
} else {
|
|
q_SSL_set_psk_client_callback(newConnection.data(), dtlscallbacks::q_PSK_client_callback);
|
|
}
|
|
|
|
tlsContext.swap(newContext);
|
|
tlsConnection.swap(newConnection);
|
|
|
|
return true;
|
|
}
|
|
|
|
bool DtlsState::initBIO(QDtlsBasePrivate *dtlsBase)
|
|
{
|
|
Q_ASSERT(dtlsBase);
|
|
Q_ASSERT(tlsContext.data() && tlsConnection.data());
|
|
|
|
BioMethod customMethod(q_BIO_meth_new(BIO_TYPE_DGRAM, dtlsbio::qdtlsMethodName),
|
|
dtlsutil::delete_bio_method);
|
|
if (!customMethod.data()) {
|
|
dtlsBase->setDtlsError(QDtlsError::TlsInitializationError,
|
|
msgFunctionFailed("BIO_meth_new"));
|
|
return false;
|
|
}
|
|
|
|
BIO_METHOD *biom = customMethod.data();
|
|
q_BIO_meth_set_create(biom, dtlsbio::q_dgram_create);
|
|
q_BIO_meth_set_destroy(biom, dtlsbio::q_dgram_destroy);
|
|
q_BIO_meth_set_read(biom, dtlsbio::q_dgram_read);
|
|
q_BIO_meth_set_write(biom, dtlsbio::q_dgram_write);
|
|
q_BIO_meth_set_puts(biom, dtlsbio::q_dgram_puts);
|
|
q_BIO_meth_set_ctrl(biom, dtlsbio::q_dgram_ctrl);
|
|
|
|
QScopedPointer<BIO, dtlsutil::bio_deleter> newBio(q_BIO_new(biom));
|
|
BIO *bio = newBio.data();
|
|
if (!bio) {
|
|
dtlsBase->setDtlsError(QDtlsError::TlsInitializationError,
|
|
msgFunctionFailed("BIO_new"));
|
|
return false;
|
|
}
|
|
|
|
q_SSL_set_bio(tlsConnection.data(), bio, bio);
|
|
newBio.take();
|
|
|
|
bioMethod.swap(customMethod);
|
|
|
|
return true;
|
|
}
|
|
|
|
void DtlsState::setLinkMtu(QDtlsBasePrivate *dtlsBase)
|
|
{
|
|
Q_ASSERT(dtlsBase);
|
|
Q_ASSERT(udpSocket);
|
|
Q_ASSERT(tlsConnection.data());
|
|
|
|
long mtu = dtlsBase->mtuHint;
|
|
if (!mtu) {
|
|
// If the underlying QUdpSocket was connected, getsockopt with
|
|
// IP_MTU/IP6_MTU can give us some hint:
|
|
bool optionFound = false;
|
|
if (udpSocket->state() == QAbstractSocket::ConnectedState) {
|
|
const QVariant val(udpSocket->socketOption(QAbstractSocket::PathMtuSocketOption));
|
|
if (val.isValid() && val.canConvert<int>())
|
|
mtu = val.toInt(&optionFound);
|
|
}
|
|
|
|
if (!optionFound || mtu <= 0) {
|
|
// OK, our own initial guess.
|
|
mtu = long(dtlsutil::MtuGuess::defaultMtu);
|
|
}
|
|
}
|
|
|
|
// For now, we disable this option.
|
|
q_SSL_set_options(tlsConnection.data(), SSL_OP_NO_QUERY_MTU);
|
|
|
|
q_DTLS_set_link_mtu(tlsConnection.data(), mtu);
|
|
}
|
|
|
|
} // namespace dtlsopenssl
|
|
|
|
QDtlsClientVerifierOpenSSL::QDtlsClientVerifierOpenSSL()
|
|
{
|
|
secret = dtlsutil::fallbackSecret();
|
|
}
|
|
|
|
bool QDtlsClientVerifierOpenSSL::verifyClient(QUdpSocket *socket, const QByteArray &dgram,
|
|
const QHostAddress &address, quint16 port)
|
|
{
|
|
Q_ASSERT(socket);
|
|
Q_ASSERT(dgram.size());
|
|
Q_ASSERT(!address.isNull());
|
|
Q_ASSERT(port);
|
|
|
|
clearDtlsError();
|
|
verifiedClientHello.clear();
|
|
|
|
if (!dtls.init(this, socket, address, port, dgram))
|
|
return false;
|
|
|
|
dtls.secret = secret;
|
|
dtls.hashAlgorithm = hashAlgorithm;
|
|
|
|
Q_ASSERT(dtls.tlsConnection.data());
|
|
QSharedPointer<BIO_ADDR> peer(q_BIO_ADDR_new(), dtlsutil::delete_BIO_ADDR);
|
|
if (!peer.data()) {
|
|
setDtlsError(QDtlsError::TlsInitializationError,
|
|
QDtlsClientVerifier::tr("BIO_ADDR_new failed, ignoring client hello"));
|
|
return false;
|
|
}
|
|
|
|
const int ret = q_DTLSv1_listen(dtls.tlsConnection.data(), peer.data());
|
|
if (ret < 0) {
|
|
// Since 1.1 - it's a fatal error (not so in 1.0.2 for non-blocking socket)
|
|
setDtlsError(QDtlsError::TlsFatalError, QSslSocketBackendPrivate::getErrorsFromOpenSsl());
|
|
return false;
|
|
}
|
|
|
|
if (ret > 0) {
|
|
verifiedClientHello = dgram;
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
void QDtlsPrivateOpenSSL::TimeoutHandler::start(int hintMs)
|
|
{
|
|
Q_ASSERT(timerId == -1);
|
|
timerId = startTimer(hintMs > 0 ? hintMs : timeoutMs, Qt::PreciseTimer);
|
|
}
|
|
|
|
void QDtlsPrivateOpenSSL::TimeoutHandler::doubleTimeout()
|
|
{
|
|
if (timeoutMs * 2 < 60000)
|
|
timeoutMs *= 2;
|
|
else
|
|
timeoutMs = 60000;
|
|
}
|
|
|
|
void QDtlsPrivateOpenSSL::TimeoutHandler::stop()
|
|
{
|
|
if (timerId != -1) {
|
|
killTimer(timerId);
|
|
timerId = -1;
|
|
}
|
|
}
|
|
|
|
void QDtlsPrivateOpenSSL::TimeoutHandler::timerEvent(QTimerEvent *event)
|
|
{
|
|
Q_UNUSED(event);
|
|
Q_ASSERT(timerId != -1);
|
|
|
|
killTimer(timerId);
|
|
timerId = -1;
|
|
|
|
Q_ASSERT(dtlsConnection);
|
|
dtlsConnection->reportTimeout();
|
|
}
|
|
|
|
QDtlsPrivateOpenSSL::QDtlsPrivateOpenSSL()
|
|
{
|
|
secret = dtlsutil::fallbackSecret();
|
|
dtls.dtlsPrivate = this;
|
|
}
|
|
|
|
bool QDtlsPrivateOpenSSL::startHandshake(QUdpSocket *socket, const QByteArray &dgram)
|
|
{
|
|
Q_ASSERT(socket);
|
|
Q_ASSERT(handshakeState == QDtls::HandshakeNotStarted);
|
|
|
|
clearDtlsError();
|
|
connectionEncrypted = false;
|
|
|
|
if (!dtls.init(this, socket, remoteAddress, remotePort, dgram))
|
|
return false;
|
|
|
|
if (mode == QSslSocket::SslServerMode && dtlsConfiguration.dtlsCookieEnabled) {
|
|
dtls.secret = secret;
|
|
dtls.hashAlgorithm = hashAlgorithm;
|
|
// Let's prepare the state machine so that message sequence 1 does not
|
|
// surprise DTLS/OpenSSL (such a message would be disregarded as
|
|
// 'stale or future' in SSL_accept otherwise):
|
|
int result = 0;
|
|
QSharedPointer<BIO_ADDR> peer(q_BIO_ADDR_new(), dtlsutil::delete_BIO_ADDR);
|
|
if (!peer.data()) {
|
|
setDtlsError(QDtlsError::TlsInitializationError,
|
|
QDtls::tr("BIO_ADD_new failed, cannot start handshake"));
|
|
return false;
|
|
}
|
|
|
|
// If it's an invalid/unexpected ClientHello, we don't want to send
|
|
// VerifyClientRequest - it's a job of QDtlsClientVerifier - so we
|
|
// suppress any attempts to write into socket:
|
|
dtls.writeSuppressed = true;
|
|
result = q_DTLSv1_listen(dtls.tlsConnection.data(), peer.data());
|
|
dtls.writeSuppressed = false;
|
|
|
|
if (result <= 0) {
|
|
setDtlsError(QDtlsError::TlsFatalError,
|
|
QDtls::tr("Cannot start the handshake, verified client hello expected"));
|
|
dtls.reset();
|
|
return false;
|
|
}
|
|
}
|
|
|
|
handshakeState = QDtls::HandshakeInProgress;
|
|
opensslErrors.clear();
|
|
tlsErrors.clear();
|
|
|
|
return continueHandshake(socket, dgram);
|
|
}
|
|
|
|
bool QDtlsPrivateOpenSSL::continueHandshake(QUdpSocket *socket, const QByteArray &dgram)
|
|
{
|
|
Q_ASSERT(socket);
|
|
|
|
Q_ASSERT(handshakeState == QDtls::HandshakeInProgress);
|
|
|
|
clearDtlsError();
|
|
|
|
if (timeoutHandler.data())
|
|
timeoutHandler->stop();
|
|
|
|
if (!dtls.init(this, socket, remoteAddress, remotePort, dgram))
|
|
return false;
|
|
|
|
dtls.x509Errors.clear();
|
|
|
|
int result = 0;
|
|
if (mode == QSslSocket::SslServerMode)
|
|
result = q_SSL_accept(dtls.tlsConnection.data());
|
|
else
|
|
result = q_SSL_connect(dtls.tlsConnection.data());
|
|
|
|
// DTLSTODO: Investigate/test if it makes sense - QSslSocket can emit
|
|
// peerVerifyError at this point (and thus potentially client code
|
|
// will close the underlying TCP connection immediately), but we are using
|
|
// QUdpSocket, no connection to close, our verification callback returns 1
|
|
// (verified OK) and this probably means OpenSSL has already sent a reply
|
|
// to the server's hello/certificate.
|
|
|
|
opensslErrors << dtls.x509Errors;
|
|
|
|
if (result <= 0) {
|
|
const auto code = q_SSL_get_error(dtls.tlsConnection.data(), result);
|
|
switch (code) {
|
|
case SSL_ERROR_WANT_READ:
|
|
case SSL_ERROR_WANT_WRITE:
|
|
// DTLSTODO: to be tested - in principle, if it was the first call to
|
|
// continueHandshake and server for some reason discards the client
|
|
// hello message (even the verified one) - our 'this' will probably
|
|
// forever stay in this strange InProgress state? (the client
|
|
// will dully re-transmit the same hello and we discard it again?)
|
|
// SSL_get_state can provide more information about state
|
|
// machine and we can switch to NotStarted (since we have not
|
|
// replied with our hello ...)
|
|
if (!timeoutHandler.data()) {
|
|
timeoutHandler.reset(new TimeoutHandler);
|
|
timeoutHandler->dtlsConnection = this;
|
|
} else {
|
|
// Back to 1s.
|
|
timeoutHandler->resetTimeout();
|
|
}
|
|
|
|
timeoutHandler->start();
|
|
|
|
return true; // The handshake is not yet complete.
|
|
default:
|
|
storePeerCertificates();
|
|
setDtlsError(QDtlsError::TlsFatalError,
|
|
QSslSocketBackendPrivate::msgErrorsDuringHandshake());
|
|
dtls.reset();
|
|
handshakeState = QDtls::HandshakeNotStarted;
|
|
return false;
|
|
}
|
|
}
|
|
|
|
storePeerCertificates();
|
|
fetchNegotiatedParameters();
|
|
|
|
const bool doVerifyPeer = dtlsConfiguration.peerVerifyMode == QSslSocket::VerifyPeer
|
|
|| (dtlsConfiguration.peerVerifyMode == QSslSocket::AutoVerifyPeer
|
|
&& mode == QSslSocket::SslClientMode);
|
|
|
|
if (!doVerifyPeer || verifyPeer() || tlsErrorsWereIgnored()) {
|
|
connectionEncrypted = true;
|
|
handshakeState = QDtls::HandshakeComplete;
|
|
return true;
|
|
}
|
|
|
|
setDtlsError(QDtlsError::PeerVerificationError, QDtls::tr("Peer verification failed"));
|
|
handshakeState = QDtls::PeerVerificationFailed;
|
|
return false;
|
|
}
|
|
|
|
|
|
bool QDtlsPrivateOpenSSL::handleTimeout(QUdpSocket *socket)
|
|
{
|
|
Q_ASSERT(socket);
|
|
|
|
Q_ASSERT(timeoutHandler.data());
|
|
Q_ASSERT(dtls.tlsConnection.data());
|
|
|
|
clearDtlsError();
|
|
|
|
dtls.udpSocket = socket;
|
|
|
|
if (q_DTLSv1_handle_timeout(dtls.tlsConnection.data()) > 0) {
|
|
timeoutHandler->doubleTimeout();
|
|
timeoutHandler->start();
|
|
} else {
|
|
timeoutHandler->start(dtlsutil::next_timeoutMs(dtls.tlsConnection.data()));
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool QDtlsPrivateOpenSSL::resumeHandshake(QUdpSocket *socket)
|
|
{
|
|
Q_UNUSED(socket);
|
|
Q_ASSERT(socket);
|
|
Q_ASSERT(handshakeState == QDtls::PeerVerificationFailed);
|
|
|
|
clearDtlsError();
|
|
|
|
if (tlsErrorsWereIgnored()) {
|
|
handshakeState = QDtls::HandshakeComplete;
|
|
connectionEncrypted = true;
|
|
tlsErrors.clear();
|
|
tlsErrorsToIgnore.clear();
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
void QDtlsPrivateOpenSSL::abortHandshake(QUdpSocket *socket)
|
|
{
|
|
Q_ASSERT(socket);
|
|
Q_ASSERT(handshakeState == QDtls::PeerVerificationFailed
|
|
|| handshakeState == QDtls::HandshakeInProgress);
|
|
|
|
clearDtlsError();
|
|
|
|
if (handshakeState == QDtls::PeerVerificationFailed) {
|
|
// Yes, while peer verification failed, we were actually encrypted.
|
|
// Let's play it nice - inform our peer about connection shut down.
|
|
sendShutdownAlert(socket);
|
|
} else {
|
|
resetDtls();
|
|
}
|
|
}
|
|
|
|
void QDtlsPrivateOpenSSL::sendShutdownAlert(QUdpSocket *socket)
|
|
{
|
|
Q_ASSERT(socket);
|
|
|
|
clearDtlsError();
|
|
|
|
if (connectionEncrypted && !connectionWasShutdown) {
|
|
dtls.udpSocket = socket;
|
|
Q_ASSERT(dtls.tlsConnection.data());
|
|
q_SSL_shutdown(dtls.tlsConnection.data());
|
|
}
|
|
|
|
resetDtls();
|
|
}
|
|
|
|
qint64 QDtlsPrivateOpenSSL::writeDatagramEncrypted(QUdpSocket *socket,
|
|
const QByteArray &dgram)
|
|
{
|
|
Q_ASSERT(socket);
|
|
Q_ASSERT(dtls.tlsConnection.data());
|
|
Q_ASSERT(connectionEncrypted);
|
|
|
|
clearDtlsError();
|
|
|
|
dtls.udpSocket = socket;
|
|
const int written = q_SSL_write(dtls.tlsConnection.data(),
|
|
dgram.constData(), dgram.size());
|
|
if (written > 0)
|
|
return written;
|
|
|
|
const unsigned long errorCode = q_ERR_get_error();
|
|
if (!dgram.size() && errorCode == SSL_ERROR_NONE) {
|
|
// With OpenSSL <= 1.1 this can happen. For example, DTLS client
|
|
// tries to reconnect (while re-using the same address/port) -
|
|
// DTLS server drops a message with unexpected epoch but says - no
|
|
// error. We leave to client code to resolve such problems until
|
|
// OpenSSL provides something better.
|
|
return 0;
|
|
}
|
|
|
|
switch (errorCode) {
|
|
case SSL_ERROR_WANT_WRITE:
|
|
case SSL_ERROR_WANT_READ:
|
|
// We do not set any error/description ... a user can probably re-try
|
|
// sending a datagram.
|
|
break;
|
|
case SSL_ERROR_ZERO_RETURN:
|
|
connectionWasShutdown = true;
|
|
setDtlsError(QDtlsError::TlsFatalError, QDtls::tr("The DTLS connection has been closed"));
|
|
handshakeState = QDtls::HandshakeNotStarted;
|
|
dtls.reset();
|
|
break;
|
|
case SSL_ERROR_SYSCALL:
|
|
case SSL_ERROR_SSL:
|
|
default:
|
|
// DTLSTODO: we don't know yet what to do. Tests needed - probably,
|
|
// some errors can be just ignored (it's UDP, not TCP after all).
|
|
// Unlike QSslSocket we do not abort though.
|
|
QString description(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
|
|
if (socket->error() != QAbstractSocket::UnknownSocketError && description.isEmpty()) {
|
|
setDtlsError(QDtlsError::UnderlyingSocketError, socket->errorString());
|
|
} else {
|
|
setDtlsError(QDtlsError::TlsFatalError,
|
|
QDtls::tr("Error while writing: %1").arg(description));
|
|
}
|
|
}
|
|
|
|
return -1;
|
|
}
|
|
|
|
QByteArray QDtlsPrivateOpenSSL::decryptDatagram(QUdpSocket *socket, const QByteArray &tlsdgram)
|
|
{
|
|
Q_ASSERT(socket);
|
|
Q_ASSERT(tlsdgram.size());
|
|
|
|
Q_ASSERT(dtls.tlsConnection.data());
|
|
Q_ASSERT(connectionEncrypted);
|
|
|
|
dtls.dgram = tlsdgram;
|
|
dtls.udpSocket = socket;
|
|
|
|
clearDtlsError();
|
|
|
|
QByteArray dgram;
|
|
dgram.resize(tlsdgram.size());
|
|
const int read = q_SSL_read(dtls.tlsConnection.data(), dgram.data(),
|
|
dgram.size());
|
|
|
|
if (read > 0) {
|
|
dgram.resize(read);
|
|
return dgram;
|
|
}
|
|
|
|
dgram.clear();
|
|
unsigned long errorCode = q_ERR_get_error();
|
|
if (errorCode == SSL_ERROR_NONE) {
|
|
const int shutdown = q_SSL_get_shutdown(dtls.tlsConnection.data());
|
|
if (shutdown & SSL_RECEIVED_SHUTDOWN)
|
|
errorCode = SSL_ERROR_ZERO_RETURN;
|
|
else
|
|
return dgram;
|
|
}
|
|
|
|
switch (errorCode) {
|
|
case SSL_ERROR_WANT_READ:
|
|
case SSL_ERROR_WANT_WRITE:
|
|
return dgram;
|
|
case SSL_ERROR_ZERO_RETURN:
|
|
// "The connection was shut down cleanly" ... hmm, whatever,
|
|
// needs testing (DTLSTODO).
|
|
connectionWasShutdown = true;
|
|
setDtlsError(QDtlsError::RemoteClosedConnectionError,
|
|
QDtls::tr("The DTLS connection has been shutdown"));
|
|
dtls.reset();
|
|
connectionEncrypted = false;
|
|
handshakeState = QDtls::HandshakeNotStarted;
|
|
return dgram;
|
|
case SSL_ERROR_SYSCALL: // some IO error
|
|
case SSL_ERROR_SSL: // error in the SSL library
|
|
// DTLSTODO: Apparently, some errors can be ignored, for example,
|
|
// ECONNRESET etc. This all needs a lot of testing!!!
|
|
default:
|
|
setDtlsError(QDtlsError::TlsNonFatalError,
|
|
QDtls::tr("Error while reading: %1")
|
|
.arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()));
|
|
return dgram;
|
|
}
|
|
}
|
|
|
|
unsigned QDtlsPrivateOpenSSL::pskClientCallback(const char *hint, char *identity,
|
|
unsigned max_identity_len,
|
|
unsigned char *psk,
|
|
unsigned max_psk_len)
|
|
{
|
|
// The code below is taken (with some modifications) from qsslsocket_openssl
|
|
// - alas, we cannot simply re-use it, it's in QSslSocketPrivate.
|
|
|
|
Q_Q(QDtls);
|
|
|
|
{
|
|
QSslPreSharedKeyAuthenticator authenticator;
|
|
// Fill in some read-only fields (for client code)
|
|
if (hint) {
|
|
identityHint.clear();
|
|
identityHint.append(hint);
|
|
// From the original code in QSslSocket:
|
|
// "it's NULL terminated, but do not include the NULL" == this fromRawData(ptr/size).
|
|
authenticator.d->identityHint = QByteArray::fromRawData(identityHint.constData(),
|
|
int(std::strlen(hint)));
|
|
}
|
|
|
|
authenticator.d->maximumIdentityLength = int(max_identity_len) - 1; // needs to be NULL terminated
|
|
authenticator.d->maximumPreSharedKeyLength = int(max_psk_len);
|
|
|
|
pskAuthenticator.swap(authenticator);
|
|
}
|
|
|
|
// Let the client provide the remaining bits...
|
|
emit q->pskRequired(&pskAuthenticator);
|
|
|
|
// No PSK set? Return now to make the handshake fail
|
|
if (pskAuthenticator.preSharedKey().isEmpty())
|
|
return 0;
|
|
|
|
// Copy data back into OpenSSL
|
|
const int identityLength = qMin(pskAuthenticator.identity().length(),
|
|
pskAuthenticator.maximumIdentityLength());
|
|
std::memcpy(identity, pskAuthenticator.identity().constData(), identityLength);
|
|
identity[identityLength] = 0;
|
|
|
|
const int pskLength = qMin(pskAuthenticator.preSharedKey().length(),
|
|
pskAuthenticator.maximumPreSharedKeyLength());
|
|
std::memcpy(psk, pskAuthenticator.preSharedKey().constData(), pskLength);
|
|
|
|
return pskLength;
|
|
}
|
|
|
|
unsigned QDtlsPrivateOpenSSL::pskServerCallback(const char *identity, unsigned char *psk,
|
|
unsigned max_psk_len)
|
|
{
|
|
Q_Q(QDtls);
|
|
|
|
{
|
|
QSslPreSharedKeyAuthenticator authenticator;
|
|
// Fill in some read-only fields (for the user)
|
|
authenticator.d->identityHint = dtlsConfiguration.preSharedKeyIdentityHint;
|
|
authenticator.d->identity = identity;
|
|
authenticator.d->maximumIdentityLength = 0; // user cannot set an identity
|
|
authenticator.d->maximumPreSharedKeyLength = int(max_psk_len);
|
|
|
|
pskAuthenticator.swap(authenticator);
|
|
}
|
|
|
|
// Let the client provide the remaining bits...
|
|
emit q->pskRequired(&pskAuthenticator);
|
|
|
|
// No PSK set? Return now to make the handshake fail
|
|
if (pskAuthenticator.preSharedKey().isEmpty())
|
|
return 0;
|
|
|
|
// Copy data back into OpenSSL
|
|
const int pskLength = qMin(pskAuthenticator.preSharedKey().length(),
|
|
pskAuthenticator.maximumPreSharedKeyLength());
|
|
|
|
std::memcpy(psk, pskAuthenticator.preSharedKey().constData(), pskLength);
|
|
|
|
return pskLength;
|
|
}
|
|
|
|
// The definition is located in qsslsocket_openssl.cpp.
|
|
QSslError _q_OpenSSL_to_QSslError(int errorCode, const QSslCertificate &cert);
|
|
|
|
bool QDtlsPrivateOpenSSL::verifyPeer()
|
|
{
|
|
// DTLSTODO: Windows-specific code for CA fetcher is not here yet.
|
|
QList<QSslError> errors;
|
|
|
|
// Check the whole chain for blacklisting (including root, as we check for
|
|
// subjectInfo and issuer)
|
|
for (const QSslCertificate &cert : qAsConst(dtlsConfiguration.peerCertificateChain)) {
|
|
if (QSslCertificatePrivate::isBlacklisted(cert))
|
|
errors << QSslError(QSslError::CertificateBlacklisted, cert);
|
|
}
|
|
|
|
if (dtlsConfiguration.peerCertificate.isNull()) {
|
|
errors << QSslError(QSslError::NoPeerCertificate);
|
|
} else if (mode == QSslSocket::SslClientMode) {
|
|
// Check the peer certificate itself. First try the subject's common name
|
|
// (CN) as a wildcard, then try all alternate subject name DNS entries the
|
|
// same way.
|
|
|
|
// QSslSocket has a rather twisted logic: if verificationPeerName
|
|
// is empty, we call QAbstractSocket::peerName(), which returns
|
|
// either peerName (can be set by setPeerName) or host name
|
|
// (can be set as a result of connectToHost).
|
|
QString name = peerVerificationName;
|
|
if (name.isEmpty()) {
|
|
Q_ASSERT(dtls.udpSocket);
|
|
name = dtls.udpSocket->peerName();
|
|
}
|
|
|
|
if (!QSslSocketPrivate::isMatchingHostname(dtlsConfiguration.peerCertificate, name))
|
|
errors << QSslError(QSslError::HostNameMismatch, dtlsConfiguration.peerCertificate);
|
|
}
|
|
|
|
// Translate errors from the error list into QSslErrors
|
|
errors.reserve(errors.size() + opensslErrors.size());
|
|
for (const auto &error : qAsConst(opensslErrors)) {
|
|
errors << _q_OpenSSL_to_QSslError(error.code,
|
|
dtlsConfiguration.peerCertificateChain.value(error.depth));
|
|
}
|
|
|
|
tlsErrors = errors;
|
|
return tlsErrors.isEmpty();
|
|
}
|
|
|
|
void QDtlsPrivateOpenSSL::storePeerCertificates()
|
|
{
|
|
Q_ASSERT(dtls.tlsConnection.data());
|
|
// Store the peer certificate and chain. For clients, the peer certificate
|
|
// chain includes the peer certificate; for servers, it doesn't. Both the
|
|
// peer certificate and the chain may be empty if the peer didn't present
|
|
// any certificate.
|
|
X509 *x509 = q_SSL_get_peer_certificate(dtls.tlsConnection.data());
|
|
dtlsConfiguration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
|
|
q_X509_free(x509);
|
|
if (dtlsConfiguration.peerCertificateChain.isEmpty()) {
|
|
auto stack = q_SSL_get_peer_cert_chain(dtls.tlsConnection.data());
|
|
dtlsConfiguration.peerCertificateChain = QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(stack);
|
|
if (!dtlsConfiguration.peerCertificate.isNull() && mode == QSslSocket::SslServerMode)
|
|
dtlsConfiguration.peerCertificateChain.prepend(dtlsConfiguration.peerCertificate);
|
|
}
|
|
}
|
|
|
|
bool QDtlsPrivateOpenSSL::tlsErrorsWereIgnored() const
|
|
{
|
|
// check whether the errors we got are all in the list of expected errors
|
|
// (applies only if the method QDtlsConnection::ignoreTlsErrors(const
|
|
// QList<QSslError> &errors) was called)
|
|
for (const QSslError &error : tlsErrors) {
|
|
if (!tlsErrorsToIgnore.contains(error))
|
|
return false;
|
|
}
|
|
|
|
return !tlsErrorsToIgnore.empty();
|
|
}
|
|
|
|
void QDtlsPrivateOpenSSL::fetchNegotiatedParameters()
|
|
{
|
|
Q_ASSERT(dtls.tlsConnection.data());
|
|
|
|
const SSL_CIPHER *cipher = q_SSL_get_current_cipher(dtls.tlsConnection.data());
|
|
sessionCipher = cipher ? QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher)
|
|
: QSslCipher();
|
|
|
|
// Note: cipher's protocol version will be reported as either TLS 1.0 or
|
|
// TLS 1.2, that's how it's set by OpenSSL (and that's what they are?).
|
|
|
|
switch (q_SSL_version(dtls.tlsConnection.data())) {
|
|
case DTLS1_VERSION:
|
|
sessionProtocol = QSsl::DtlsV1_0;
|
|
break;
|
|
case DTLS1_2_VERSION:
|
|
sessionProtocol = QSsl::DtlsV1_2;
|
|
break;
|
|
default:
|
|
qCWarning(lcSsl, "unknown protocol version");
|
|
sessionProtocol = QSsl::UnknownProtocol;
|
|
}
|
|
}
|
|
|
|
void QDtlsPrivateOpenSSL::reportTimeout()
|
|
{
|
|
Q_Q(QDtls);
|
|
|
|
emit q->handshakeTimeout();
|
|
}
|
|
|
|
void QDtlsPrivateOpenSSL::resetDtls()
|
|
{
|
|
dtls.reset();
|
|
connectionEncrypted = false;
|
|
tlsErrors.clear();
|
|
tlsErrorsToIgnore.clear();
|
|
dtlsConfiguration.peerCertificate.clear();
|
|
dtlsConfiguration.peerCertificateChain.clear();
|
|
connectionWasShutdown = false;
|
|
handshakeState = QDtls::HandshakeNotStarted;
|
|
sessionCipher = {};
|
|
sessionProtocol = QSsl::UnknownProtocol;
|
|
}
|
|
|
|
QT_END_NAMESPACE
|