1 /* $NetBSD: ssl-bozo.c,v 1.29 2020/10/15 04:21:53 mrg Exp $ */
2
3 /* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */
4
5 /*
6 * Copyright (c) 1997-2020 Matthew R. Green
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer and
16 * dedication in the documentation and/or other materials provided
17 * with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
26 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
27 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 */
32
33 /* this code implements SSL and backend IO for bozohttpd */
34
35 #include <stdarg.h>
36 #include <stdio.h>
37 #include <string.h>
38 #include <syslog.h>
39 #include <unistd.h>
40
41 #include "bozohttpd.h"
42
43 #ifndef USE_ARG
44 #define USE_ARG(x) /*LINTED*/(void)&(x)
45 #endif
46
47 #ifndef NO_SSL_SUPPORT
48
49 #include <openssl/ssl.h>
50 #include <openssl/err.h>
51
52 #ifndef BOZO_SSL_CIPHERS
53 #define BOZO_SSL_CIPHERS \
54 "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:" \
55 "AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:" \
56 "AES:" \
57 "-SHA:" \
58 "!aNULL:!eNULL:" \
59 "!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:" \
60 "!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:" \
61 "!KRB5-DES-CBC3-SHA"
62 #endif
63
64 #ifndef BOZO_SSL_OPTIONS
65 #define BOZO_SSL_OPTIONS \
66 ((long)(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1))
67 #endif
68
69 /* this structure encapsulates the ssl info */
70
71 /* this structure encapsulates the ssl info */
72 typedef struct sslinfo_t {
73 SSL_CTX *ssl_context;
74 const SSL_METHOD *ssl_method;
75 SSL *bozossl;
76 char *certificate_file;
77 char *privatekey_file;
78 char *ciphers;
79 } sslinfo_t;
80
81 /*
82 * bozo_clear_ssl_queue: print the contents of the SSL error queue
83 */
84 static void
bozo_clear_ssl_queue(bozohttpd_t * httpd)85 bozo_clear_ssl_queue(bozohttpd_t *httpd)
86 {
87 unsigned long sslcode = ERR_get_error();
88
89 do {
90 static const char sslfmt[] = "SSL Error: %s:%s:%s";
91
92 if (httpd->logstderr || isatty(STDERR_FILENO)) {
93 fprintf(stderr, sslfmt,
94 ERR_lib_error_string(sslcode),
95 ERR_func_error_string(sslcode),
96 ERR_reason_error_string(sslcode));
97 } else {
98 syslog(LOG_ERR, sslfmt,
99 ERR_lib_error_string(sslcode),
100 ERR_func_error_string(sslcode),
101 ERR_reason_error_string(sslcode));
102 }
103 } while (0 != (sslcode = ERR_get_error()));
104 }
105
106 /*
107 * bozo_ssl_warn works just like bozowarn, plus the SSL error queue
108 */
109 BOZO_PRINTFLIKE(2, 3) static void
bozo_ssl_warn(bozohttpd_t * httpd,const char * fmt,...)110 bozo_ssl_warn(bozohttpd_t *httpd, const char *fmt, ...)
111 {
112 va_list ap;
113
114 va_start(ap, fmt);
115 if (httpd->logstderr || isatty(STDERR_FILENO)) {
116 vfprintf(stderr, fmt, ap);
117 fputs("\n", stderr);
118 } else
119 vsyslog(LOG_ERR, fmt, ap);
120 va_end(ap);
121
122 bozo_clear_ssl_queue(httpd);
123 }
124
125
126 /*
127 * bozo_ssl_err works just like bozoerr, plus the SSL error queue
128 */
129 BOZO_PRINTFLIKE(3, 4) BOZO_DEAD static void
bozo_ssl_err(bozohttpd_t * httpd,int code,const char * fmt,...)130 bozo_ssl_err(bozohttpd_t *httpd, int code, const char *fmt, ...)
131 {
132 va_list ap;
133
134 va_start(ap, fmt);
135 if (httpd->logstderr || isatty(STDERR_FILENO)) {
136 vfprintf(stderr, fmt, ap);
137 fputs("\n", stderr);
138 } else
139 vsyslog(LOG_ERR, fmt, ap);
140 va_end(ap);
141
142 bozo_clear_ssl_queue(httpd);
143 exit(code);
144 }
145
146 /*
147 * bozo_check_error_queue: print warnings if the error isn't expected
148 */
149 static void
bozo_check_error_queue(bozohttpd_t * httpd,const char * tag,int ret)150 bozo_check_error_queue(bozohttpd_t *httpd, const char *tag, int ret)
151 {
152 if (ret > 0)
153 return;
154
155 const sslinfo_t *sslinfo = httpd->sslinfo;
156 const int sslerr = SSL_get_error(sslinfo->bozossl, ret);
157
158 if (sslerr != SSL_ERROR_ZERO_RETURN &&
159 sslerr != SSL_ERROR_SYSCALL &&
160 sslerr != SSL_ERROR_NONE)
161 bozo_ssl_warn(httpd, "%s: SSL_ERROR %d", tag, sslerr);
162 }
163
164 static BOZO_PRINTFLIKE(2, 0) int
bozo_ssl_printf(bozohttpd_t * httpd,const char * fmt,va_list ap)165 bozo_ssl_printf(bozohttpd_t *httpd, const char * fmt, va_list ap)
166 {
167 char *buf;
168 int nbytes;
169
170 if ((nbytes = vasprintf(&buf, fmt, ap)) != -1) {
171 const sslinfo_t *sslinfo = httpd->sslinfo;
172 int ret = SSL_write(sslinfo->bozossl, buf, nbytes);
173 bozo_check_error_queue(httpd, "write", ret);
174 }
175
176 free(buf);
177
178 return nbytes;
179 }
180
181 static ssize_t
bozo_ssl_read(bozohttpd_t * httpd,int fd,void * buf,size_t nbytes)182 bozo_ssl_read(bozohttpd_t *httpd, int fd, void *buf, size_t nbytes)
183 {
184 const sslinfo_t *sslinfo = httpd->sslinfo;
185 int ret;
186
187 USE_ARG(fd);
188 ret = SSL_read(sslinfo->bozossl, buf, (int)nbytes);
189 bozo_check_error_queue(httpd, "read", ret);
190
191 return (ssize_t)ret;
192 }
193
194 static ssize_t
bozo_ssl_write(bozohttpd_t * httpd,int fd,const void * buf,size_t nbytes)195 bozo_ssl_write(bozohttpd_t *httpd, int fd, const void *buf, size_t nbytes)
196 {
197 const sslinfo_t *sslinfo = httpd->sslinfo;
198 int ret;
199
200 USE_ARG(fd);
201 ret = SSL_write(sslinfo->bozossl, buf, (int)nbytes);
202 bozo_check_error_queue(httpd, "write", ret);
203
204 return (ssize_t)ret;
205 }
206
207 void
bozo_ssl_init(bozohttpd_t * httpd)208 bozo_ssl_init(bozohttpd_t *httpd)
209 {
210 sslinfo_t *sslinfo = httpd->sslinfo;
211 long options;
212
213 if (sslinfo == NULL || !sslinfo->certificate_file)
214 return;
215 SSL_library_init();
216 SSL_load_error_strings();
217
218 sslinfo->ssl_method = SSLv23_server_method();
219 sslinfo->ssl_context = SSL_CTX_new(sslinfo->ssl_method);
220
221 if (NULL == sslinfo->ssl_context)
222 bozo_ssl_err(httpd, EXIT_FAILURE,
223 "SSL context creation failed");
224
225 options = SSL_CTX_set_options(sslinfo->ssl_context,
226 BOZO_SSL_OPTIONS);
227 if ((options & BOZO_SSL_OPTIONS) != BOZO_SSL_OPTIONS)
228 bozo_ssl_err(httpd, EXIT_FAILURE,
229 "Error setting ssl options requested %#lx, got %#lx",
230 BOZO_SSL_OPTIONS, options);
231
232 if (!SSL_CTX_set_cipher_list(sslinfo->ssl_context,
233 sslinfo->ciphers ? sslinfo->ciphers : BOZO_SSL_CIPHERS))
234 bozo_ssl_err(httpd, EXIT_FAILURE,
235 "Error setting cipher list '%s'", sslinfo->ciphers);
236
237 if (1 != SSL_CTX_use_certificate_chain_file(sslinfo->ssl_context,
238 sslinfo->certificate_file))
239 bozo_ssl_err(httpd, EXIT_FAILURE,
240 "Unable to use certificate file '%s'",
241 sslinfo->certificate_file);
242
243 if (1 != SSL_CTX_use_PrivateKey_file(sslinfo->ssl_context,
244 sslinfo->privatekey_file, SSL_FILETYPE_PEM))
245 bozo_ssl_err(httpd, EXIT_FAILURE,
246 "Unable to use private key file '%s'",
247 sslinfo->privatekey_file);
248
249 /* check consistency of key vs certificate */
250 if (!SSL_CTX_check_private_key(sslinfo->ssl_context))
251 bozo_ssl_err(httpd, EXIT_FAILURE,
252 "Check private key failed");
253 }
254
255 /*
256 * returns non-zero for failure
257 */
258 int
bozo_ssl_accept(bozohttpd_t * httpd)259 bozo_ssl_accept(bozohttpd_t *httpd)
260 {
261 sslinfo_t *sslinfo = httpd->sslinfo;
262
263 if (sslinfo == NULL || !sslinfo->ssl_context)
264 return 0;
265
266 alarm(httpd->ssl_timeout);
267
268 sslinfo->bozossl = SSL_new(sslinfo->ssl_context);
269 if (sslinfo->bozossl == NULL)
270 bozoerr(httpd, 1, "SSL_new failed");
271
272 SSL_set_rfd(sslinfo->bozossl, 0);
273 SSL_set_wfd(sslinfo->bozossl, 1);
274
275 const int ret = SSL_accept(sslinfo->bozossl);
276 bozo_check_error_queue(httpd, "accept", ret);
277
278 alarm(0);
279
280 if (bozo_timeout_hit) {
281 SSL_free(sslinfo->bozossl);
282 sslinfo->bozossl = NULL;
283 return 1;
284 }
285
286 return ret != 1;
287 }
288
289 void
bozo_ssl_shutdown(bozohttpd_t * httpd)290 bozo_ssl_shutdown(bozohttpd_t *httpd)
291 {
292 const sslinfo_t *sslinfo = httpd->sslinfo;
293
294 if (sslinfo && sslinfo->bozossl)
295 SSL_shutdown(sslinfo->bozossl);
296 }
297
298 void
bozo_ssl_destroy(bozohttpd_t * httpd)299 bozo_ssl_destroy(bozohttpd_t *httpd)
300 {
301 const sslinfo_t *sslinfo = httpd->sslinfo;
302
303 if (sslinfo && sslinfo->bozossl)
304 SSL_free(sslinfo->bozossl);
305 }
306
307 static sslinfo_t *
bozo_get_sslinfo(bozohttpd_t * httpd)308 bozo_get_sslinfo(bozohttpd_t *httpd)
309 {
310 sslinfo_t *sslinfo;
311 if (httpd->sslinfo)
312 return httpd->sslinfo;
313 sslinfo = bozomalloc(httpd, sizeof(*sslinfo));
314 if (sslinfo == NULL)
315 bozoerr(httpd, 1, "sslinfo allocation failed");
316 memset(sslinfo, 0, sizeof(*sslinfo));
317 return httpd->sslinfo = sslinfo;
318 }
319
320 void
bozo_ssl_set_opts(bozohttpd_t * httpd,const char * cert,const char * priv)321 bozo_ssl_set_opts(bozohttpd_t *httpd, const char *cert, const char *priv)
322 {
323 sslinfo_t *sslinfo = bozo_get_sslinfo(httpd);
324
325 sslinfo->certificate_file = bozostrdup(httpd, NULL, cert);
326 sslinfo->privatekey_file = bozostrdup(httpd, NULL, priv);
327 debug((httpd, DEBUG_NORMAL, "using cert/priv files: %s & %s",
328 sslinfo->certificate_file,
329 sslinfo->privatekey_file));
330 if (!httpd->bindport)
331 httpd->bindport = bozostrdup(httpd, NULL, BOZO_HTTPS_PORT);
332 }
333
334 void
bozo_ssl_set_ciphers(bozohttpd_t * httpd,const char * ciphers)335 bozo_ssl_set_ciphers(bozohttpd_t *httpd, const char *ciphers)
336 {
337 sslinfo_t *sslinfo = bozo_get_sslinfo(httpd);
338
339 sslinfo->ciphers = bozostrdup(httpd, NULL, ciphers);
340 debug((httpd, DEBUG_NORMAL, "using ciphers: %s", sslinfo->ciphers));
341 }
342
343 #endif /* NO_SSL_SUPPORT */
344
345 /*
346 * These functions are always present, so that caller code can simply
347 * use bozo_*() for IO, regardless of SSL.
348 */
349 int
bozo_printf(bozohttpd_t * httpd,const char * fmt,...)350 bozo_printf(bozohttpd_t *httpd, const char *fmt, ...)
351 {
352 va_list args;
353 int cc;
354
355 USE_ARG(httpd);
356
357 va_start(args, fmt);
358 #ifndef NO_SSL_SUPPORT
359 if (httpd->sslinfo)
360 cc = bozo_ssl_printf(httpd, fmt, args);
361 else
362 #endif
363 cc = vprintf(fmt, args);
364 va_end(args);
365 return cc;
366 }
367
368 ssize_t
bozo_read(bozohttpd_t * httpd,int fd,void * buf,size_t len)369 bozo_read(bozohttpd_t *httpd, int fd, void *buf, size_t len)
370 {
371 #ifndef NO_SSL_SUPPORT
372 if (httpd->sslinfo)
373 return bozo_ssl_read(httpd, fd, buf, len);
374 #endif
375 USE_ARG(httpd);
376 return read(fd, buf, len);
377 }
378
379 ssize_t
bozo_write(bozohttpd_t * httpd,int fd,const void * buf,size_t len)380 bozo_write(bozohttpd_t *httpd, int fd, const void *buf, size_t len)
381 {
382 #ifndef NO_SSL_SUPPORT
383 if (httpd->sslinfo)
384 return bozo_ssl_write(httpd, fd, buf, len);
385 #endif
386 USE_ARG(httpd);
387 return write(fd, buf, len);
388 }
389
390 int
bozo_flush(bozohttpd_t * httpd,FILE * fp)391 bozo_flush(bozohttpd_t *httpd, FILE *fp)
392 {
393 #ifndef NO_SSL_SUPPORT
394 if (httpd->sslinfo)
395 return 0;
396 #endif
397 USE_ARG(httpd);
398 return fflush(fp);
399 }
400