1 /* $OpenBSD: ssl.c,v 1.86 2016/04/21 14:27:41 jsing Exp $ */ 2 3 /* 4 * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> 5 * Copyright (c) 2008 Reyk Floeter <reyk@openbsd.org> 6 * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org> 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21 #include <sys/types.h> 22 #include <sys/queue.h> 23 #include <sys/tree.h> 24 #include <sys/socket.h> 25 #include <sys/stat.h> 26 27 #include <ctype.h> 28 #include <event.h> 29 #include <fcntl.h> 30 #include <imsg.h> 31 #include <limits.h> 32 #include <pwd.h> 33 #include <stdio.h> 34 #include <stdlib.h> 35 #include <string.h> 36 #include <unistd.h> 37 38 #include <openssl/ssl.h> 39 #include <openssl/engine.h> 40 #include <openssl/err.h> 41 #include <openssl/rsa.h> 42 #include <openssl/dh.h> 43 #include <openssl/bn.h> 44 45 #include "log.h" 46 #include "ssl.h" 47 48 void 49 ssl_init(void) 50 { 51 static int inited = 0; 52 53 if (inited) 54 return; 55 56 SSL_library_init(); 57 SSL_load_error_strings(); 58 59 OpenSSL_add_all_algorithms(); 60 61 /* Init hardware crypto engines. */ 62 ENGINE_load_builtin_engines(); 63 ENGINE_register_all_complete(); 64 inited = 1; 65 } 66 67 int 68 ssl_setup(SSL_CTX **ctxp, struct pki *pki, 69 int (*sni_cb)(SSL *,int *,void *), const char *ciphers) 70 { 71 SSL_CTX *ctx; 72 uint8_t sid[SSL_MAX_SID_CTX_LENGTH]; 73 74 ctx = ssl_ctx_create(pki->pki_name, pki->pki_cert, pki->pki_cert_len, ciphers); 75 76 /* 77 * Set session ID context to a random value. We don't support 78 * persistent caching of sessions so it is OK to set a temporary 79 * session ID context that is valid during run time. 80 */ 81 arc4random_buf(sid, sizeof(sid)); 82 if (!SSL_CTX_set_session_id_context(ctx, sid, sizeof(sid))) 83 goto err; 84 85 if (sni_cb) 86 SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb); 87 88 SSL_CTX_set_dh_auto(ctx, pki->pki_dhe); 89 90 SSL_CTX_set_ecdh_auto(ctx, 1); 91 92 *ctxp = ctx; 93 return 1; 94 95 err: 96 SSL_CTX_free(ctx); 97 ssl_error("ssl_setup"); 98 return 0; 99 } 100 101 char * 102 ssl_load_file(const char *name, off_t *len, mode_t perm) 103 { 104 struct stat st; 105 off_t size; 106 char *buf = NULL; 107 int fd, saved_errno; 108 char mode[12]; 109 110 if ((fd = open(name, O_RDONLY)) == -1) 111 return (NULL); 112 if (fstat(fd, &st) != 0) 113 goto fail; 114 if (st.st_uid != 0) { 115 log_warnx("warn: %s: not owned by uid 0", name); 116 errno = EACCES; 117 goto fail; 118 } 119 if (st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO) & ~perm) { 120 strmode(perm, mode); 121 log_warnx("warn: %s: insecure permissions: must be at most %s", 122 name, &mode[1]); 123 errno = EACCES; 124 goto fail; 125 } 126 size = st.st_size; 127 if ((buf = calloc(1, size + 1)) == NULL) 128 goto fail; 129 if (read(fd, buf, size) != size) 130 goto fail; 131 close(fd); 132 133 *len = size + 1; 134 return (buf); 135 136 fail: 137 free(buf); 138 saved_errno = errno; 139 close(fd); 140 errno = saved_errno; 141 return (NULL); 142 } 143 144 #if 0 145 static int 146 ssl_password_cb(char *buf, int size, int rwflag, void *u) 147 { 148 size_t len; 149 if (u == NULL) { 150 explicit_bzero(buf, size); 151 return (0); 152 } 153 if ((len = strlcpy(buf, u, size)) >= (size_t)size) 154 return (0); 155 return (len); 156 } 157 #endif 158 159 static int 160 ssl_password_cb(char *buf, int size, int rwflag, void *u) 161 { 162 int ret = 0; 163 size_t len; 164 char *pass; 165 166 pass = getpass((const char *)u); 167 if (pass == NULL) 168 return 0; 169 len = strlen(pass); 170 if (strlcpy(buf, pass, size) >= (size_t)size) 171 goto end; 172 ret = len; 173 end: 174 if (len) 175 explicit_bzero(pass, len); 176 return ret; 177 } 178 179 char * 180 ssl_load_key(const char *name, off_t *len, char *pass, mode_t perm, const char *pkiname) 181 { 182 FILE *fp = NULL; 183 EVP_PKEY *key = NULL; 184 BIO *bio = NULL; 185 long size; 186 char *data, *buf = NULL; 187 struct stat st; 188 char mode[12]; 189 char prompt[2048]; 190 191 /* Initialize SSL library once */ 192 ssl_init(); 193 194 /* 195 * Read (possibly) encrypted key from file 196 */ 197 if ((fp = fopen(name, "r")) == NULL) 198 return (NULL); 199 200 if (fstat(fileno(fp), &st) != 0) 201 goto fail; 202 if (st.st_uid != 0) { 203 log_warnx("warn: %s: not owned by uid 0", name); 204 errno = EACCES; 205 goto fail; 206 } 207 if (st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO) & ~perm) { 208 strmode(perm, mode); 209 log_warnx("warn: %s: insecure permissions: must be at most %s", 210 name, &mode[1]); 211 errno = EACCES; 212 goto fail; 213 } 214 215 (void)snprintf(prompt, sizeof prompt, "passphrase for %s: ", pkiname); 216 key = PEM_read_PrivateKey(fp, NULL, ssl_password_cb, prompt); 217 fclose(fp); 218 fp = NULL; 219 if (key == NULL) 220 goto fail; 221 /* 222 * Write unencrypted key to memory buffer 223 */ 224 if ((bio = BIO_new(BIO_s_mem())) == NULL) 225 goto fail; 226 if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL)) 227 goto fail; 228 if ((size = BIO_get_mem_data(bio, &data)) <= 0) 229 goto fail; 230 if ((buf = calloc(1, size + 1)) == NULL) 231 goto fail; 232 memcpy(buf, data, size); 233 234 BIO_free_all(bio); 235 EVP_PKEY_free(key); 236 237 *len = (off_t)size + 1; 238 return (buf); 239 240 fail: 241 ssl_error("ssl_load_key"); 242 free(buf); 243 if (bio != NULL) 244 BIO_free_all(bio); 245 if (key != NULL) 246 EVP_PKEY_free(key); 247 if (fp) 248 fclose(fp); 249 return (NULL); 250 } 251 252 SSL_CTX * 253 ssl_ctx_create(const char *pkiname, char *cert, off_t cert_len, const char *ciphers) 254 { 255 SSL_CTX *ctx; 256 size_t pkinamelen = 0; 257 258 ctx = SSL_CTX_new(SSLv23_method()); 259 if (ctx == NULL) { 260 ssl_error("ssl_ctx_create"); 261 fatal("ssl_ctx_create: could not create SSL context"); 262 } 263 264 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 265 SSL_CTX_set_timeout(ctx, SSL_SESSION_TIMEOUT); 266 SSL_CTX_set_options(ctx, 267 SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TICKET); 268 SSL_CTX_set_options(ctx, 269 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); 270 271 if (ciphers == NULL) 272 ciphers = SSL_CIPHERS; 273 if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { 274 ssl_error("ssl_ctx_create"); 275 fatal("ssl_ctx_create: could not set cipher list"); 276 } 277 278 if (cert != NULL) { 279 if (pkiname != NULL) 280 pkinamelen = strlen(pkiname) + 1; 281 if (!SSL_CTX_use_certificate_chain_mem(ctx, cert, cert_len)) { 282 ssl_error("ssl_ctx_create"); 283 fatal("ssl_ctx_create: invalid certificate chain"); 284 } else if (!ssl_ctx_fake_private_key(ctx, 285 pkiname, pkinamelen, cert, cert_len, NULL, NULL)) { 286 ssl_error("ssl_ctx_create"); 287 fatal("ssl_ctx_create: could not fake private key"); 288 } else if (!SSL_CTX_check_private_key(ctx)) { 289 ssl_error("ssl_ctx_create"); 290 fatal("ssl_ctx_create: invalid private key"); 291 } 292 } 293 294 return (ctx); 295 } 296 297 int 298 ssl_load_certificate(struct pki *p, const char *pathname) 299 { 300 p->pki_cert = ssl_load_file(pathname, &p->pki_cert_len, 0755); 301 if (p->pki_cert == NULL) 302 return 0; 303 return 1; 304 } 305 306 int 307 ssl_load_keyfile(struct pki *p, const char *pathname, const char *pkiname) 308 { 309 char pass[1024]; 310 311 p->pki_key = ssl_load_key(pathname, &p->pki_key_len, pass, 0740, pkiname); 312 if (p->pki_key == NULL) 313 return 0; 314 return 1; 315 } 316 317 int 318 ssl_load_cafile(struct ca *c, const char *pathname) 319 { 320 c->ca_cert = ssl_load_file(pathname, &c->ca_cert_len, 0755); 321 if (c->ca_cert == NULL) 322 return 0; 323 return 1; 324 } 325 326 const char * 327 ssl_to_text(const SSL *ssl) 328 { 329 static char buf[256]; 330 331 (void)snprintf(buf, sizeof buf, "version=%s, cipher=%s, bits=%d", 332 SSL_get_version(ssl), 333 SSL_get_cipher_name(ssl), 334 SSL_get_cipher_bits(ssl, NULL)); 335 336 return (buf); 337 } 338 339 void 340 ssl_error(const char *where) 341 { 342 unsigned long code; 343 char errbuf[128]; 344 345 for (; (code = ERR_get_error()) != 0 ;) { 346 ERR_error_string_n(code, errbuf, sizeof(errbuf)); 347 log_debug("debug: SSL library error: %s: %s", where, errbuf); 348 } 349 } 350 351 int 352 ssl_load_pkey(const void *data, size_t datalen, char *buf, off_t len, 353 X509 **x509ptr, EVP_PKEY **pkeyptr) 354 { 355 BIO *in; 356 X509 *x509 = NULL; 357 EVP_PKEY *pkey = NULL; 358 RSA *rsa = NULL; 359 void *exdata = NULL; 360 361 if ((in = BIO_new_mem_buf(buf, len)) == NULL) { 362 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_BUF_LIB); 363 return (0); 364 } 365 366 if ((x509 = PEM_read_bio_X509(in, NULL, 367 ssl_password_cb, NULL)) == NULL) { 368 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PEM_LIB); 369 goto fail; 370 } 371 372 if ((pkey = X509_get_pubkey(x509)) == NULL) { 373 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_X509_LIB); 374 goto fail; 375 } 376 377 BIO_free(in); 378 in = NULL; 379 380 if (data != NULL && datalen) { 381 if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL || 382 (exdata = malloc(datalen)) == NULL) { 383 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_EVP_LIB); 384 goto fail; 385 } 386 387 memcpy(exdata, data, datalen); 388 RSA_set_ex_data(rsa, 0, exdata); 389 RSA_free(rsa); /* dereference, will be cleaned up with pkey */ 390 } 391 392 *x509ptr = x509; 393 *pkeyptr = pkey; 394 395 return (1); 396 397 fail: 398 if (rsa != NULL) 399 RSA_free(rsa); 400 if (in != NULL) 401 BIO_free(in); 402 if (pkey != NULL) 403 EVP_PKEY_free(pkey); 404 if (x509 != NULL) 405 X509_free(x509); 406 free(exdata); 407 408 return (0); 409 } 410 411 int 412 ssl_ctx_fake_private_key(SSL_CTX *ctx, const void *data, size_t datalen, 413 char *buf, off_t len, X509 **x509ptr, EVP_PKEY **pkeyptr) 414 { 415 int ret = 0; 416 EVP_PKEY *pkey = NULL; 417 X509 *x509 = NULL; 418 419 if (!ssl_load_pkey(data, datalen, buf, len, &x509, &pkey)) 420 return (0); 421 422 /* 423 * Use the public key as the "private" key - the secret key 424 * parameters are hidden in an extra process that will be 425 * contacted by the RSA engine. The SSL/TLS library needs at 426 * least the public key parameters in the current process. 427 */ 428 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 429 if (!ret) 430 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SSL_LIB); 431 432 if (pkeyptr != NULL) 433 *pkeyptr = pkey; 434 else if (pkey != NULL) 435 EVP_PKEY_free(pkey); 436 437 if (x509ptr != NULL) 438 *x509ptr = x509; 439 else if (x509 != NULL) 440 X509_free(x509); 441 442 return (ret); 443 } 444