[HICN-595] Bring TLS up to date

HICN-2 would enable TLS only if OpenSSL 1.1.1 was present. However the mechanism to do so was broken and hiperf always ended up using normal consumer and producer sockets. This patch fixes that by updating the build files. It also fixes various bugs in the TLS implementation that went unnoticed and cleans up the code. Change-Id: Ifda75a9929e14460af43fe79d737d0c926bb671e Signed-off-by: Olivier Roques <oroques+fdio@cisco.com> Signed-off-by: Mauro Sardara <msardara@cisco.com>
author: Olivier Roques <oroques+fdio@cisco.com> 2020-04-08 15:29:55 +0200
committer: Olivier Roques <oroques+fdio@cisco.com> 2020-04-11 17:25:30 +0200
commit: eb9119968cfc53f41526981924e5c8d44612f98a (patch)
tree: 065b282b91e48fc62a01f5de5a5fe1bd29092c5c /libtransport/src/implementation/tls_rtc_socket_producer.cc
parent: 0ea5735b98f38beacf92dfdca74b7a6d5b3f7182 (diff)
1 files changed, 20 insertions, 11 deletions
diff --git a/libtransport/src/implementation/tls_rtc_socket_producer.cc b/libtransport/src/implementation/tls_rtc_socket_producer.cc
index 3b3152993..9ef79ca23 100644
--- a/libtransport/src/implementation/tls_rtc_socket_producer.cc
+++ b/libtransport/src/implementation/tls_rtc_socket_producer.cc
@@ -53,7 +53,7 @@ int TLSRTCProducerSocket::readOld(BIO *b, char *buf, int size) {
     (socket->cv_).wait(lck);
   }
 
-  utils::MemBuf *membuf = socket->packet_->next();
+  utils::MemBuf *membuf = socket->handshake_packet_->next();
   int size_to_read;
 
   if ((int)membuf->length() > size) {
@@ -91,10 +91,10 @@ int TLSRTCProducerSocket::writeOld(BIO *b, const char *buf, int num) {
   TLSRTCProducerSocket *socket;
   socket = (TLSRTCProducerSocket *)BIO_get_data(b);
 
-  if ((SSL_in_before(socket->ssl_) || SSL_in_init(socket->ssl_)) &&
-      socket->first_) {
-    socket->tls_chunks_--;
+  if (socket->getHandshakeState() != SERVER_FINISHED && socket->first_) {
     bool making_manifest = socket->parent_->making_manifest_;
+
+    socket->tls_chunks_--;
     socket->parent_->setSocketOption(GeneralTransportOptions::MAKE_MANIFEST,
                                      false);
     socket->parent_->ProducerSocket::produce(
@@ -107,13 +107,17 @@ int TLSRTCProducerSocket::writeOld(BIO *b, const char *buf, int num) {
     std::unique_ptr<utils::MemBuf> mbuf =
         utils::MemBuf::copyBuffer(buf, (std::size_t)num, 0, 0);
     auto a = mbuf.release();
+
     socket->async_thread_.add([socket = socket, a]() {
       socket->to_call_oncontentproduced_--;
       auto mbuf = std::unique_ptr<utils::MemBuf>(a);
+
       socket->RTCProducerSocket::produce(std::move(mbuf));
+
       ProducerContentCallback on_content_produced_application;
       socket->getSocketOption(ProducerCallbacksOptions::CONTENT_PRODUCED,
                               on_content_produced_application);
+
       if (socket->to_call_oncontentproduced_ == 0 &&
           on_content_produced_application) {
         on_content_produced_application(
@@ -144,24 +148,28 @@ TLSRTCProducerSocket::TLSRTCProducerSocket(
 }
 
 void TLSRTCProducerSocket::accept() {
-  if (SSL_in_before(ssl_) || SSL_in_init(ssl_)) {
+  HandshakeState handshake_state = getHandshakeState();
+
+  if (handshake_state == UNINITIATED || handshake_state == CLIENT_HELLO) {
     tls_chunks_ = 1;
     int result = SSL_accept(ssl_);
+
     if (result != 1)
       throw errors::RuntimeException("Unable to perform client handshake");
   }
 
   TRANSPORT_LOGD("Handshake performed!");
-  parent_->list_secure_rtc_producers.push_front(
-      std::move(parent_->map_secure_rtc_producers[handshake_name_]));
-  parent_->map_secure_rtc_producers.erase(handshake_name_);
+
+  parent_->list_producers.push_front(
+      std::move(parent_->map_producers[handshake_name_]));
+  parent_->map_producers.erase(handshake_name_);
 
   ProducerInterestCallback on_interest_process_decrypted;
   getSocketOption(ProducerCallbacksOptions::CACHE_MISS,
                   on_interest_process_decrypted);
 
   if (on_interest_process_decrypted) {
-    Interest inter(std::move(packet_));
+    Interest inter(std::move(handshake_packet_));
     on_interest_process_decrypted(
         (transport::interface::ProducerSocket &)(*getInterface()), inter);
   }
@@ -181,7 +189,9 @@ int TLSRTCProducerSocket::async_accept() {
 }
 
 void TLSRTCProducerSocket::produce(std::unique_ptr<utils::MemBuf> &&buffer) {
-  if (SSL_in_before(ssl_) || SSL_in_init(ssl_)) {
+  HandshakeState handshake_state = getHandshakeState();
+
+  if (handshake_state != SERVER_FINISHED) {
     throw errors::RuntimeException(
         "New handshake on the same P2P secure producer socket not supported");
   }
@@ -197,5 +207,4 @@ void TLSRTCProducerSocket::produce(std::unique_ptr<utils::MemBuf> &&buffer) {
 }
 
 }  // namespace implementation
-
 }  // namespace transport
author	Olivier Roques <oroques+fdio@cisco.com>	2020-04-08 15:29:55 +0200
committer	Olivier Roques <oroques+fdio@cisco.com>	2020-04-11 17:25:30 +0200
commit	eb9119968cfc53f41526981924e5c8d44612f98a (patch)
tree	065b282b91e48fc62a01f5de5a5fe1bd29092c5c /libtransport/src/implementation/tls_rtc_socket_producer.cc
parent	0ea5735b98f38beacf92dfdca74b7a6d5b3f7182 (diff)