1 /* $OpenBSD: ssl.c,v 1.93 2019/06/05 06:40:13 gilles Exp $ */ 2 3 /* 4 * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> 5 * Copyright (c) 2008 Reyk Floeter <reyk@openbsd.org> 6 * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org> 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21 #include <sys/types.h> 22 #include <sys/queue.h> 23 #include <sys/tree.h> 24 #include <sys/socket.h> 25 #include <sys/stat.h> 26 27 #include <ctype.h> 28 #include <event.h> 29 #include <fcntl.h> 30 #include <imsg.h> 31 #include <limits.h> 32 #include <pwd.h> 33 #include <stdio.h> 34 #include <stdlib.h> 35 #include <string.h> 36 #include <unistd.h> 37 38 #include <openssl/ssl.h> 39 #include <openssl/engine.h> 40 #include <openssl/err.h> 41 #include <openssl/rsa.h> 42 #include <openssl/ecdsa.h> 43 #include <openssl/dh.h> 44 #include <openssl/bn.h> 45 46 #include "log.h" 47 #include "ssl.h" 48 49 void 50 ssl_init(void) 51 { 52 static int inited = 0; 53 54 if (inited) 55 return; 56 57 SSL_library_init(); 58 SSL_load_error_strings(); 59 60 OpenSSL_add_all_algorithms(); 61 62 /* Init hardware crypto engines. */ 63 ENGINE_load_builtin_engines(); 64 ENGINE_register_all_complete(); 65 inited = 1; 66 } 67 68 int 69 ssl_setup(SSL_CTX **ctxp, struct pki *pki, 70 int (*sni_cb)(SSL *,int *,void *), const char *ciphers) 71 { 72 SSL_CTX *ctx; 73 uint8_t sid[SSL_MAX_SID_CTX_LENGTH]; 74 75 ctx = ssl_ctx_create(pki->pki_name, pki->pki_cert, pki->pki_cert_len, ciphers); 76 77 /* 78 * Set session ID context to a random value. We don't support 79 * persistent caching of sessions so it is OK to set a temporary 80 * session ID context that is valid during run time. 81 */ 82 arc4random_buf(sid, sizeof(sid)); 83 if (!SSL_CTX_set_session_id_context(ctx, sid, sizeof(sid))) 84 goto err; 85 86 if (sni_cb) 87 SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb); 88 89 SSL_CTX_set_dh_auto(ctx, pki->pki_dhe); 90 91 SSL_CTX_set_ecdh_auto(ctx, 1); 92 93 *ctxp = ctx; 94 return 1; 95 96 err: 97 SSL_CTX_free(ctx); 98 ssl_error("ssl_setup"); 99 return 0; 100 } 101 102 char * 103 ssl_load_file(const char *name, off_t *len, mode_t perm) 104 { 105 struct stat st; 106 off_t size; 107 char *buf = NULL; 108 int fd, saved_errno; 109 char mode[12]; 110 111 if ((fd = open(name, O_RDONLY)) == -1) 112 return (NULL); 113 if (fstat(fd, &st) != 0) 114 goto fail; 115 if (st.st_uid != 0) { 116 log_warnx("warn: %s: not owned by uid 0", name); 117 errno = EACCES; 118 goto fail; 119 } 120 if (st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO) & ~perm) { 121 strmode(perm, mode); 122 log_warnx("warn: %s: insecure permissions: must be at most %s", 123 name, &mode[1]); 124 errno = EACCES; 125 goto fail; 126 } 127 size = st.st_size; 128 if ((buf = calloc(1, size + 1)) == NULL) 129 goto fail; 130 if (read(fd, buf, size) != size) 131 goto fail; 132 close(fd); 133 134 *len = size + 1; 135 return (buf); 136 137 fail: 138 free(buf); 139 saved_errno = errno; 140 close(fd); 141 errno = saved_errno; 142 return (NULL); 143 } 144 145 #if 0 146 static int 147 ssl_password_cb(char *buf, int size, int rwflag, void *u) 148 { 149 size_t len; 150 if (u == NULL) { 151 explicit_bzero(buf, size); 152 return (0); 153 } 154 if ((len = strlcpy(buf, u, size)) >= (size_t)size) 155 return (0); 156 return (len); 157 } 158 #endif 159 160 static int 161 ssl_password_cb(char *buf, int size, int rwflag, void *u) 162 { 163 int ret = 0; 164 size_t len; 165 char *pass; 166 167 pass = getpass((const char *)u); 168 if (pass == NULL) 169 return 0; 170 len = strlen(pass); 171 if (strlcpy(buf, pass, size) >= (size_t)size) 172 goto end; 173 ret = len; 174 end: 175 if (len) 176 explicit_bzero(pass, len); 177 return ret; 178 } 179 180 char * 181 ssl_load_key(const char *name, off_t *len, char *pass, mode_t perm, const char *pkiname) 182 { 183 FILE *fp = NULL; 184 EVP_PKEY *key = NULL; 185 BIO *bio = NULL; 186 long size; 187 char *data, *buf, *filebuf; 188 struct stat st; 189 char mode[12]; 190 char prompt[2048]; 191 192 /* Initialize SSL library once */ 193 ssl_init(); 194 195 /* 196 * Read (possibly) encrypted key from file 197 */ 198 if ((fp = fopen(name, "r")) == NULL) 199 return (NULL); 200 if ((filebuf = malloc_conceal(BUFSIZ)) == NULL) 201 goto fail; 202 setvbuf(fp, filebuf, _IOFBF, BUFSIZ); 203 204 if (fstat(fileno(fp), &st) != 0) 205 goto fail; 206 if (st.st_uid != 0) { 207 log_warnx("warn: %s: not owned by uid 0", name); 208 errno = EACCES; 209 goto fail; 210 } 211 if (st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO) & ~perm) { 212 strmode(perm, mode); 213 log_warnx("warn: %s: insecure permissions: must be at most %s", 214 name, &mode[1]); 215 errno = EACCES; 216 goto fail; 217 } 218 219 (void)snprintf(prompt, sizeof prompt, "passphrase for %s: ", pkiname); 220 key = PEM_read_PrivateKey(fp, NULL, ssl_password_cb, prompt); 221 fclose(fp); 222 fp = NULL; 223 freezero(filebuf, BUFSIZ); 224 filebuf = NULL; 225 if (key == NULL) 226 goto fail; 227 /* 228 * Write unencrypted key to memory buffer 229 */ 230 if ((bio = BIO_new(BIO_s_mem())) == NULL) 231 goto fail; 232 if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL)) 233 goto fail; 234 if ((size = BIO_get_mem_data(bio, &data)) <= 0) 235 goto fail; 236 if ((buf = calloc_conceal(1, size + 1)) == NULL) 237 goto fail; 238 memcpy(buf, data, size); 239 240 BIO_free_all(bio); 241 EVP_PKEY_free(key); 242 243 *len = (off_t)size + 1; 244 return (buf); 245 246 fail: 247 ssl_error("ssl_load_key"); 248 BIO_free_all(bio); 249 EVP_PKEY_free(key); 250 if (fp) 251 fclose(fp); 252 freezero(filebuf, BUFSIZ); 253 return (NULL); 254 } 255 256 SSL_CTX * 257 ssl_ctx_create(const char *pkiname, char *cert, off_t cert_len, const char *ciphers) 258 { 259 SSL_CTX *ctx; 260 size_t pkinamelen = 0; 261 262 ctx = SSL_CTX_new(SSLv23_method()); 263 if (ctx == NULL) { 264 ssl_error("ssl_ctx_create"); 265 fatal("ssl_ctx_create: could not create SSL context"); 266 } 267 268 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 269 SSL_CTX_set_timeout(ctx, SSL_SESSION_TIMEOUT); 270 SSL_CTX_set_options(ctx, 271 SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TICKET); 272 SSL_CTX_set_options(ctx, 273 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); 274 SSL_CTX_set_options(ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); 275 SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); 276 277 if (ciphers == NULL) 278 ciphers = SSL_CIPHERS; 279 if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { 280 ssl_error("ssl_ctx_create"); 281 fatal("ssl_ctx_create: could not set cipher list"); 282 } 283 284 if (cert != NULL) { 285 if (pkiname != NULL) 286 pkinamelen = strlen(pkiname) + 1; 287 if (!SSL_CTX_use_certificate_chain_mem(ctx, cert, cert_len)) { 288 ssl_error("ssl_ctx_create"); 289 fatal("ssl_ctx_create: invalid certificate chain"); 290 } else if (!ssl_ctx_fake_private_key(ctx, 291 pkiname, pkinamelen, cert, cert_len, NULL, NULL)) { 292 ssl_error("ssl_ctx_create"); 293 fatal("ssl_ctx_create: could not fake private key"); 294 } else if (!SSL_CTX_check_private_key(ctx)) { 295 ssl_error("ssl_ctx_create"); 296 fatal("ssl_ctx_create: invalid private key"); 297 } 298 } 299 300 return (ctx); 301 } 302 303 int 304 ssl_load_certificate(struct pki *p, const char *pathname) 305 { 306 p->pki_cert = ssl_load_file(pathname, &p->pki_cert_len, 0755); 307 if (p->pki_cert == NULL) 308 return 0; 309 return 1; 310 } 311 312 int 313 ssl_load_keyfile(struct pki *p, const char *pathname, const char *pkiname) 314 { 315 char pass[1024]; 316 317 p->pki_key = ssl_load_key(pathname, &p->pki_key_len, pass, 0740, pkiname); 318 if (p->pki_key == NULL) 319 return 0; 320 return 1; 321 } 322 323 int 324 ssl_load_cafile(struct ca *c, const char *pathname) 325 { 326 c->ca_cert = ssl_load_file(pathname, &c->ca_cert_len, 0755); 327 if (c->ca_cert == NULL) 328 return 0; 329 return 1; 330 } 331 332 const char * 333 ssl_to_text(const SSL *ssl) 334 { 335 static char buf[256]; 336 337 (void)snprintf(buf, sizeof buf, "%s:%s:%d", 338 SSL_get_version(ssl), 339 SSL_get_cipher_name(ssl), 340 SSL_get_cipher_bits(ssl, NULL)); 341 342 return (buf); 343 } 344 345 void 346 ssl_error(const char *where) 347 { 348 unsigned long code; 349 char errbuf[128]; 350 351 for (; (code = ERR_get_error()) != 0 ;) { 352 ERR_error_string_n(code, errbuf, sizeof(errbuf)); 353 log_debug("debug: SSL library error: %s: %s", where, errbuf); 354 } 355 } 356 357 int 358 ssl_load_pkey(const void *data, size_t datalen, char *buf, off_t len, 359 X509 **x509ptr, EVP_PKEY **pkeyptr) 360 { 361 BIO *in; 362 X509 *x509 = NULL; 363 EVP_PKEY *pkey = NULL; 364 RSA *rsa = NULL; 365 EC_KEY *eckey = NULL; 366 void *exdata = NULL; 367 368 if ((in = BIO_new_mem_buf(buf, len)) == NULL) { 369 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_BUF_LIB); 370 return (0); 371 } 372 373 if ((x509 = PEM_read_bio_X509(in, NULL, 374 ssl_password_cb, NULL)) == NULL) { 375 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PEM_LIB); 376 goto fail; 377 } 378 379 if ((pkey = X509_get_pubkey(x509)) == NULL) { 380 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_X509_LIB); 381 goto fail; 382 } 383 384 BIO_free(in); 385 in = NULL; 386 387 if (data != NULL && datalen) { 388 if (((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL && 389 (eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) || 390 (exdata = malloc(datalen)) == NULL) { 391 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_EVP_LIB); 392 goto fail; 393 } 394 395 memcpy(exdata, data, datalen); 396 if (rsa) 397 RSA_set_ex_data(rsa, 0, exdata); 398 if (eckey) 399 ECDSA_set_ex_data(eckey, 0, exdata); 400 RSA_free(rsa); /* dereference, will be cleaned up with pkey */ 401 EC_KEY_free(eckey); /* dereference, will be cleaned up with pkey */ 402 } 403 404 *x509ptr = x509; 405 *pkeyptr = pkey; 406 407 return (1); 408 409 fail: 410 RSA_free(rsa); 411 EC_KEY_free(eckey); 412 BIO_free(in); 413 EVP_PKEY_free(pkey); 414 X509_free(x509); 415 free(exdata); 416 417 return (0); 418 } 419 420 int 421 ssl_ctx_fake_private_key(SSL_CTX *ctx, const void *data, size_t datalen, 422 char *buf, off_t len, X509 **x509ptr, EVP_PKEY **pkeyptr) 423 { 424 int ret = 0; 425 EVP_PKEY *pkey = NULL; 426 X509 *x509 = NULL; 427 428 if (!ssl_load_pkey(data, datalen, buf, len, &x509, &pkey)) 429 return (0); 430 431 /* 432 * Use the public key as the "private" key - the secret key 433 * parameters are hidden in an extra process that will be 434 * contacted by the RSA engine. The SSL/TLS library needs at 435 * least the public key parameters in the current process. 436 */ 437 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 438 if (!ret) 439 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_LIB_SSL); 440 441 if (pkeyptr != NULL) 442 *pkeyptr = pkey; 443 else 444 EVP_PKEY_free(pkey); 445 446 if (x509ptr != NULL) 447 *x509ptr = x509; 448 else 449 X509_free(x509); 450 451 return (ret); 452 } 453