1 /*
2 * TLS transport
3 *
4 * Copyright (c) 2015-2017 by Farsight Security, Inc.
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18
19 #include <config.h>
20 #include <axa/wire.h>
21
22 #include <openssl/conf.h>
23 #include <openssl/crypto.h>
24 #include <openssl/err.h>
25 #include <openssl/opensslconf.h>
26 #include <openssl/rand.h>
27 #include <pthread.h>
28 #include <sys/stat.h>
29 #include <unistd.h>
30 #include <stdint.h>
31 #include <string.h>
32
33
34 static char *certs_dir = NULL;
35
36 static char cipher_list0[] = "ALL";
37 static char *cipher_list = cipher_list0;
38
39 /* All apikey related TLS data and functions are in the 'axa_apikey_'
40 * namespace. This is done to keep the apikey TLS implementation separate from
41 * the legacy TLS implementation, preserve the ABI, and to ease the eventual
42 * deprecation and removal of the TLS code from the code base. */
43 static bool tls_initialized = false;
44 static bool apikey_initialized = false;
45 static bool tls_srvr = false;
46 static bool apikey_srvr = false;
47 static bool tls_threaded = false;
48 static bool apikey_threaded = false;
49 static bool tls_cleaned = false;
50 static bool apikey_cleaned = false;
51 static pthread_t init_id;
52 static pthread_t apikey_init_id;
53 static int32_t init_critical;
54
55 static SSL_CTX *ssl_ctx;
56 static SSL_CTX *apikey_ssl_ctx;
57
58 #ifndef OPENSSL_THREADS
59 #error "this installation of OpenSSL lacks thread support"
60 #endif
61 struct CRYPTO_dynlock_value {
62 pthread_mutex_t mutex;
63 };
64 static int num_locks;
65 static pthread_mutex_t *mutex_buf_tls = NULL;
66 static pthread_mutex_t *mutex_buf_apikey = NULL;
67
68
69
70 /* Convert an SSL error queue code to a string */
71 static char *
reason_string(unsigned long got_err)72 reason_string(unsigned long got_err)
73 {
74 const char *ssl_str;
75 char *str;
76
77 ssl_str = ERR_reason_error_string(got_err);
78 if (ssl_str != NULL)
79 str = axa_strdup(ssl_str);
80 else
81 axa_asprintf(&str, "SSL error=%lu", got_err);
82 return (str);
83 }
84
85 /* Make an AXA error string from the top of the error queue. */
86 static void AXA_PF(2,3)
q_pemsg(axa_emsg_t * emsg,const char * p,...)87 q_pemsg(axa_emsg_t *emsg, const char *p, ...)
88 {
89 char *qstr, *msg;
90 va_list args;
91
92 va_start(args, p);
93 axa_vasprintf(&msg, p, args);
94 va_end(args);
95 qstr = reason_string(ERR_get_error());
96 axa_pemsg(emsg, "%s: %s", msg, qstr);
97 free(msg);
98 free(qstr);
99 }
100
101 /* Deal with results from SSL_accept(), SSL_connect(), SSL_write(),
102 * and SSL_read() */
103 static int
get_ssl_pemsg(axa_emsg_t * emsg,SSL * ssl,int ret,const char * p,...)104 get_ssl_pemsg(axa_emsg_t *emsg, SSL *ssl, int ret, const char *p, ...)
105 {
106 int ssl_errno;
107 unsigned long qerr;
108 char *msg, *qstr;
109 va_list args;
110
111 if (ret > 0)
112 return (SSL_ERROR_NONE);
113
114 ssl_errno = SSL_get_error(ssl, ret);
115 switch (ssl_errno) {
116 case SSL_ERROR_NONE:
117 case SSL_ERROR_WANT_READ:
118 case SSL_ERROR_WANT_WRITE:
119 /* operation finished or must be repeated by the caller */
120 return (ssl_errno);
121
122 case SSL_ERROR_ZERO_RETURN:
123 va_start(args, p);
124 axa_asprintf(&msg, p, args);
125 va_end(args);
126 axa_pemsg(emsg, "%s: TLS/SSL connection closed", msg);
127 free(msg);
128 return (ssl_errno);
129
130 case SSL_ERROR_SYSCALL:
131 va_start(args, p);
132 axa_asprintf(&msg, p, args);
133 va_end(args);
134 qerr = ERR_get_error();
135 if (qerr != 0) {
136 qstr = reason_string(qerr);
137 axa_pemsg(emsg, "%s: %s", msg, qstr);
138 free(qstr);
139 } else if (ret == 0) {
140 axa_pemsg(emsg, "%s: TLS/SSL EOF", msg);
141 } else {
142 axa_pemsg(emsg, "%s: %s", msg, strerror(errno));
143 }
144 free(msg);
145 return (ssl_errno);
146
147 case SSL_ERROR_SSL:
148 va_start(args, p);
149 axa_asprintf(&msg, p, args);
150 va_end(args);
151 qstr = reason_string(ERR_get_error());
152 axa_pemsg(emsg, "%s: %s", msg, qstr);
153 free(qstr);
154 free(msg);
155 return (ssl_errno);
156 }
157
158 va_start(args, p);
159 axa_asprintf(&msg, p, args);
160 va_end(args);
161 axa_pemsg(emsg, "%s: unexpected SSL_ERROR %d", msg, ssl_errno);
162 free(msg);
163 return (ssl_errno);
164 }
165
166
167 /* Thread ID callback for OpenSSL */
168 static unsigned long
id_function(void)169 __attribute__((used)) id_function(void)
170 {
171 #ifdef __clang__
172 #pragma clang diagnostic push
173 #pragma clang diagnostic ignored "-Wbad-function-cast"
174 #else
175 #pragma GCC diagnostic push
176 #pragma GCC diagnostic ignored "-Wbad-function-cast"
177 #endif
178 /* pthread_t is a pointer on some systems including FreeBSD */
179 return ((uintptr_t)pthread_self());
180 #ifdef __clang__
181 #pragma clang diagnostic pop
182 #else
183 #pragma GCC diagnostic pop
184 #endif
185 }
186
187 /* Lock or unlock a static (created at initialization) lock for OpenSSL
188 * (tls) */
189 static void
locking_function_tls(int mode,int n,const char * file AXA_UNUSED,int line AXA_UNUSED)190 __attribute__((used)) locking_function_tls(int mode, int n,
191 const char *file AXA_UNUSED, int line AXA_UNUSED)
192 {
193 if (mode & CRYPTO_LOCK) {
194 AXA_ASSERT(0 == pthread_mutex_lock(&mutex_buf_tls[n]));
195 } else {
196 AXA_ASSERT(0 == pthread_mutex_unlock(&mutex_buf_tls[n]));
197 }
198 }
199
200 /* Lock or unlock a static (created at initialization) lock for OpenSSL
201 * (apikey) */
202 static void
locking_function_apikey(int mode,int n,const char * file AXA_UNUSED,int line AXA_UNUSED)203 __attribute__((used)) locking_function_apikey(int mode, int n,
204 const char *file AXA_UNUSED, int line AXA_UNUSED)
205 {
206 if (mode & CRYPTO_LOCK) {
207 AXA_ASSERT(0 == pthread_mutex_lock(&mutex_buf_apikey[n]));
208 } else {
209 AXA_ASSERT(0 == pthread_mutex_unlock(&mutex_buf_apikey[n]));
210 }
211 }
212 /* Create a "dynamic" lock for OpenSSL */
213 static struct CRYPTO_dynlock_value *
dyn_create_function(const char * file AXA_UNUSED,int line AXA_UNUSED)214 __attribute__((used)) dyn_create_function(const char *file AXA_UNUSED,
215 int line AXA_UNUSED)
216 {
217 struct CRYPTO_dynlock_value *value;
218
219 value = (struct CRYPTO_dynlock_value *)
220 axa_malloc(sizeof(struct CRYPTO_dynlock_value));
221 AXA_ASSERT(0 == pthread_mutex_init(&value->mutex, NULL));
222 return value;
223 }
224
225 /* Destroy a "dynamic" lock for OpenSSL */
226 static void
dyn_destroy_function(struct CRYPTO_dynlock_value * l,const char * file AXA_UNUSED,int line AXA_UNUSED)227 __attribute__((used)) dyn_destroy_function(struct CRYPTO_dynlock_value *l,
228 const char *file AXA_UNUSED, int line AXA_UNUSED)
229 {
230 AXA_ASSERT(0 == pthread_mutex_destroy(&l->mutex));
231 free(l);
232 }
233
234 /* Lock or unlock a "dynamic" lock */
235 static void
dyn_lock_function(int mode,struct CRYPTO_dynlock_value * l,const char * file AXA_UNUSED,int line AXA_UNUSED)236 __attribute__((used)) dyn_lock_function(int mode,
237 struct CRYPTO_dynlock_value *l, const char *file AXA_UNUSED,
238 int line AXA_UNUSED)
239 {
240 if (mode & CRYPTO_LOCK) {
241 AXA_ASSERT(0 == pthread_mutex_lock(&l->mutex));
242 } else {
243 AXA_ASSERT(0 == pthread_mutex_unlock(&l->mutex));
244 }
245 }
246
247 static bool
ck_certs_dir(axa_emsg_t * emsg,char * dir)248 ck_certs_dir(axa_emsg_t *emsg, char *dir)
249 {
250 AXA_ASSERT(init_critical == 1);
251
252 if (dir != NULL) {
253 if (certs_dir != NULL)
254 free(certs_dir);
255 certs_dir = dir;
256 }
257
258 if (*certs_dir == '\0') {
259 axa_pemsg(emsg, "\"\" is an invalid certificates directory");
260 return (false);
261 }
262
263 /* Tell the SSL library about the new directory only when it
264 * knows about the previous directory. */
265 if (ssl_ctx != NULL) {
266 if (0 >= SSL_CTX_load_verify_locations(ssl_ctx, NULL, certs_dir)) {
267 q_pemsg(emsg, "SSL_CTX_load_verify_locations(%s)", certs_dir);
268 return (false);
269 } else if (0 >= SSL_CTX_set_default_verify_paths(ssl_ctx)) {
270 q_pemsg(emsg, "SSL_CTX_set_default_verify_paths()");
271 return (false);
272 }
273 }
274
275 return (true);
276 }
277
278 static bool
ck_env_certs_dir(axa_emsg_t * emsg,const char * name,const char * subdir)279 ck_env_certs_dir(axa_emsg_t *emsg, const char *name, const char *subdir)
280 {
281 const char *val;
282 char *dir;
283
284 val = getenv(name);
285 if (val == NULL)
286 return (false);
287 axa_asprintf(&dir, "%s/%s", val, subdir);
288 return (ck_certs_dir(emsg, dir));
289 }
290
291 static bool
sub_tls_certs_dir(axa_emsg_t * emsg,const char * dir)292 sub_tls_certs_dir(axa_emsg_t *emsg, const char *dir)
293 {
294
295 if (dir != NULL)
296 return (ck_certs_dir(emsg, axa_strdup(dir)));
297
298 if (certs_dir != NULL)
299 return (ck_certs_dir(emsg, NULL));
300
301 /* Find a default if we are not supplied with a directory name. */
302 if (ck_env_certs_dir(emsg, "AXACONF", "certs"))
303 return (true);
304 if (ck_env_certs_dir(emsg, "HOME", ".axa/certs"))
305 return (true);
306 return (ck_certs_dir(emsg, axa_strdup(AXACONFDIR"/certs")));
307 }
308
309 bool
axa_tls_certs_dir(axa_emsg_t * emsg,const char * dir)310 axa_tls_certs_dir(axa_emsg_t *emsg, const char *dir)
311 {
312 bool result;
313 int i;
314
315 /* This is not reentrant */
316 i = __sync_add_and_fetch(&init_critical, 1);
317 AXA_ASSERT(i == 1);
318
319 result = sub_tls_certs_dir(emsg, dir);
320
321 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
322 return (result);
323 }
324
325 const char *
axa_tls_cipher_list(axa_emsg_t * emsg,const char * list)326 axa_tls_cipher_list(axa_emsg_t *emsg, const char *list)
327 {
328 int i;
329
330 if (list == NULL || *list == '\0')
331 return (cipher_list);
332
333 /* This is not reentrant */
334 i = __sync_add_and_fetch(&init_critical, 1);
335 AXA_ASSERT(i == 1);
336
337 if (cipher_list != cipher_list0)
338 free(cipher_list);
339 cipher_list = axa_strdup(list);
340
341 if (ssl_ctx != NULL
342 && 0 >= SSL_CTX_set_cipher_list(ssl_ctx, cipher_list)) {
343 q_pemsg(emsg, "SSL_CTX_set_cipher_list(%s)", cipher_list);
344 i = __sync_sub_and_fetch(&init_critical, 1);
345 AXA_ASSERT(i == 0);
346 return (NULL);
347 }
348
349 i = __sync_sub_and_fetch(&init_critical, 1);
350 AXA_ASSERT(i == 0);
351 return (cipher_list);
352 }
353
354 bool
axa_tls_init(axa_emsg_t * emsg,bool srvr,bool threaded)355 axa_tls_init(axa_emsg_t *emsg, bool srvr, bool threaded)
356 {
357 DSA *dsa;
358 DH *dh;
359 EC_KEY *ecdh;
360 int i;
361
362 /* SSL_library_init() is not reentrant. */
363 AXA_ASSERT(__sync_add_and_fetch(&init_critical, 1) == 1);
364
365 /* Do not try to use OpenSSL after releasing it. */
366 AXA_ASSERT(tls_cleaned == false);
367
368 if (tls_initialized) {
369 /* Require consistency. */
370 AXA_ASSERT(tls_srvr == srvr && tls_threaded == threaded);
371
372 /*
373 * Check that every initialization is just as threaded.
374 * No harm is done by using pthread_self() in unthreaded
375 * callers of this, because libaxa uses libnmsg which uses
376 * pthreads.
377 */
378 if (!tls_threaded)
379 AXA_ASSERT(pthread_self() == init_id);
380
381 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
382 return (true);
383 }
384
385 tls_initialized = true;
386 tls_srvr = srvr;
387 tls_threaded = threaded;
388 init_id = pthread_self();
389
390 SSL_library_init();
391 SSL_load_error_strings();
392
393 #if OPENSSL_VERSION_NUMBER < 0x10100000L
394 OPENSSL_config(NULL);
395 #endif
396
397 /*
398 * Turn on OpenSSL threading if needed.
399 */
400 if (tls_threaded) {
401 /* static locks */
402 CRYPTO_set_id_callback(id_function);
403 num_locks = CRYPTO_num_locks();
404 if (num_locks != 0) {
405 mutex_buf_tls = axa_malloc(num_locks
406 * sizeof(pthread_mutex_t));
407 for (i = 0; i < num_locks; i++)
408 AXA_ASSERT(0 ==
409 pthread_mutex_init(&mutex_buf_tls[i],
410 NULL));
411 }
412
413 CRYPTO_set_locking_callback(locking_function_tls);
414
415 /* dynamic locks */
416 CRYPTO_set_dynlock_create_callback(dyn_create_function);
417 CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
418 CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
419 }
420
421 ERR_clear_error();
422
423 ssl_ctx = SSL_CTX_new(SSLv23_method());
424 if (ssl_ctx == NULL) {
425 q_pemsg(emsg, "SSL_CTX_new()");
426 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
427 return (false);
428 }
429
430 /* Generate DSA parameters for DH because that is faster. */
431 RAND_load_file("/dev/urandom", 128);
432 dsa = DSA_new();
433 if (dsa == NULL) {
434 q_pemsg(emsg, "DSA_new()");
435 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
436 return (false);
437 }
438 if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0,
439 NULL, NULL, NULL)) {
440 q_pemsg(emsg, "DSA_generate_parameters_ex()");
441 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
442 return (false);
443 }
444 dh = DSA_dup_DH(dsa);
445 if (dh == NULL) {
446 q_pemsg(emsg, "DSA_dup_DH()");
447 DSA_free(dsa);
448 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
449 return (false);
450 }
451 DSA_free(dsa);
452 if (!SSL_CTX_set_tmp_dh(ssl_ctx, dh)) {
453 DH_free(dh);
454 q_pemsg(emsg, "SSL_CTX_set_tmp_dh()");
455 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
456 return (false);
457 }
458 DH_free(dh);
459
460 ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
461 if (ecdh == NULL) {
462 q_pemsg(emsg,
463 "EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)");
464 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
465 return (false);
466 }
467 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
468 EC_KEY_free(ecdh);
469
470 SSL_CTX_set_mode(ssl_ctx,
471 SSL_MODE_ENABLE_PARTIAL_WRITE
472 | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
473
474 /* Require a good certificate from the peer. */
475 SSL_CTX_set_verify(ssl_ctx,
476 SSL_VERIFY_PEER
477 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
478 NULL);
479
480 /*
481 * Is SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3 needed?
482 */
483 SSL_CTX_set_options(ssl_ctx,
484 SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3
485 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1
486 | SSL_OP_SINGLE_DH_USE
487 | SSL_OP_SINGLE_ECDH_USE
488 | SSL_OP_CIPHER_SERVER_PREFERENCE
489 | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
490 | SSL_OP_NO_TICKET | SSL_OP_NO_COMPRESSION);
491
492 if (*cipher_list != '\0'
493 && 0 >= SSL_CTX_set_cipher_list(ssl_ctx, cipher_list)) {
494 q_pemsg(emsg, "SSL_CTX_set_cipher_list(%s)", cipher_list);
495 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
496 return (false);
497 }
498
499 if (!sub_tls_certs_dir(emsg, NULL)) {
500 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
501 return (false);
502 }
503
504 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
505 return (true);
506 }
507
508 bool
axa_apikey_init(axa_emsg_t * emsg,bool srvr,bool threaded)509 axa_apikey_init(axa_emsg_t *emsg, bool srvr, bool threaded)
510 {
511 DSA *dsa;
512 DH *dh;
513 EC_KEY *ecdh;
514 int i;
515
516 /* SSL_library_init() is not reentrant. */
517 AXA_ASSERT(__sync_add_and_fetch(&init_critical, 1) == 1);
518
519 /* Do not try to use OpenSSL after releasing it. */
520 AXA_ASSERT(apikey_cleaned == false);
521
522 if (apikey_initialized) {
523 /* Require consistency. */
524 AXA_ASSERT(apikey_srvr == srvr && apikey_threaded == threaded);
525
526 /*
527 * Check that every initialization is just as threaded.
528 * No harm is done by using pthread_self() in unthreaded
529 * callers of this, because libaxa uses libnmsg which uses
530 * pthreads.
531 */
532 if (!apikey_threaded)
533 AXA_ASSERT(pthread_self() == apikey_init_id);
534
535 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
536 return (true);
537 }
538
539 apikey_initialized = true;
540 apikey_srvr = srvr;
541 apikey_threaded = threaded;
542 apikey_init_id = pthread_self();
543
544 SSL_library_init();
545 SSL_load_error_strings();
546
547 #if OPENSSL_VERSION_NUMBER < 0x10100000L
548 OPENSSL_config(NULL);
549 #endif
550
551 /*
552 * Turn on OpenSSL threading if needed.
553 */
554 if (apikey_threaded) {
555 /* static locks */
556 CRYPTO_set_id_callback(id_function);
557 num_locks = CRYPTO_num_locks();
558 if (num_locks != 0) {
559 mutex_buf_apikey = axa_malloc(num_locks
560 * sizeof(pthread_mutex_t));
561 for (i = 0; i < num_locks; i++)
562 AXA_ASSERT(0 == pthread_mutex_init(
563 &mutex_buf_apikey[i],
564 NULL));
565 }
566
567 CRYPTO_set_locking_callback(locking_function_apikey);
568
569 /* dynamic locks */
570 CRYPTO_set_dynlock_create_callback(dyn_create_function);
571 CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
572 CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
573 }
574
575 ERR_clear_error();
576
577 apikey_ssl_ctx = SSL_CTX_new(SSLv23_method());
578 if (apikey_ssl_ctx == NULL) {
579 q_pemsg(emsg, "SSL_CTX_new()");
580 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
581 return (false);
582 }
583
584 /* Generate DSA parameters for DH because that is faster. */
585 RAND_load_file("/dev/urandom", 128);
586 dsa = DSA_new();
587 if (dsa == NULL) {
588 q_pemsg(emsg, "DSA_new()");
589 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
590 return (false);
591 }
592 if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL)) {
593 q_pemsg(emsg, "DSA_generate_parameters_ex()");
594 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
595 return (false);
596 }
597 dh = DSA_dup_DH(dsa);
598 if (dh == NULL) {
599 q_pemsg(emsg, "DSA_dup_DH()");
600 DSA_free(dsa);
601 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
602 return (false);
603 }
604 DSA_free(dsa);
605 if (!SSL_CTX_set_tmp_dh(apikey_ssl_ctx, dh)) {
606 DH_free(dh);
607 q_pemsg(emsg, "SSL_CTX_set_tmp_dh()");
608 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
609 return (false);
610 }
611 DH_free(dh);
612
613 ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
614 if (ecdh == NULL) {
615 q_pemsg(emsg,
616 "EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)");
617 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
618 return (false);
619 }
620 if (SSL_CTX_set_tmp_ecdh(apikey_ssl_ctx, ecdh) != 1) {
621 q_pemsg(emsg, "SSL_CTX_set_tmp_ecdh()");
622 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
623 return (false);
624 }
625 EC_KEY_free(ecdh);
626
627 SSL_CTX_set_mode(apikey_ssl_ctx,
628 SSL_MODE_ENABLE_PARTIAL_WRITE
629 | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
630
631 /*
632 * Is SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3 needed?
633 */
634 SSL_CTX_set_options(apikey_ssl_ctx,
635 SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3
636 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1
637 | SSL_OP_SINGLE_DH_USE
638 | SSL_OP_SINGLE_ECDH_USE
639 | SSL_OP_CIPHER_SERVER_PREFERENCE
640 | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
641 | SSL_OP_NO_TICKET | SSL_OP_NO_COMPRESSION);
642
643 if (*cipher_list != '\0'
644 && 0 >= SSL_CTX_set_cipher_list(apikey_ssl_ctx, cipher_list)) {
645 q_pemsg(emsg, "SSL_CTX_set_cipher_list(%s)", cipher_list);
646 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
647 return (false);
648 }
649
650 if (!sub_tls_certs_dir(emsg, NULL)) {
651 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
652 return (false);
653 }
654
655 AXA_ASSERT(__sync_sub_and_fetch(&init_critical, 1) == 0);
656 return (true);
657 }
658
659 void
axa_tls_cleanup(void)660 axa_tls_cleanup(void)
661 {
662 int i;
663
664 /* You cannot restart OpenSSL after shutting it down. */
665 if (tls_cleaned)
666 return;
667 tls_cleaned = true;
668
669 CRYPTO_set_locking_callback(NULL);
670 CRYPTO_set_id_callback(NULL);
671
672 CRYPTO_set_dynlock_create_callback(NULL);
673 CRYPTO_set_dynlock_lock_callback(NULL);
674 CRYPTO_set_dynlock_destroy_callback(NULL);
675
676 CRYPTO_set_locking_callback(NULL);
677
678 if (mutex_buf_tls != NULL) {
679 for (i = 0; i < num_locks; i++) {
680 pthread_mutex_destroy(&mutex_buf_tls[i]);
681 }
682 free(mutex_buf_tls);
683 mutex_buf_tls = NULL;
684 }
685
686 if (ssl_ctx != NULL) {
687 SSL_CTX_free(ssl_ctx);
688 ssl_ctx = NULL;
689 }
690
691 if (certs_dir != NULL) {
692 free(certs_dir);
693 certs_dir = NULL;
694 }
695
696 if (cipher_list != cipher_list0) {
697 free(cipher_list);
698 cipher_list = cipher_list0;
699 }
700
701 ERR_free_strings();
702 #if OPENSSL_VERSION_NUMBER < 0x10100000L
703 OPENSSL_no_config();
704 #endif
705 }
706
707 void
axa_apikey_cleanup(void)708 axa_apikey_cleanup(void)
709 {
710 int i;
711
712 /* You cannot restart OpenSSL after shutting it down. */
713 if (apikey_cleaned)
714 return;
715 apikey_cleaned = true;
716
717 CRYPTO_set_locking_callback(NULL);
718 CRYPTO_set_id_callback(NULL);
719
720 CRYPTO_set_dynlock_create_callback(NULL);
721 CRYPTO_set_dynlock_lock_callback(NULL);
722 CRYPTO_set_dynlock_destroy_callback(NULL);
723
724 CRYPTO_set_locking_callback(NULL);
725
726 if (mutex_buf_apikey != NULL) {
727 for (i = 0; i < num_locks; i++) {
728 pthread_mutex_destroy(&mutex_buf_apikey[i]);
729 }
730 free(mutex_buf_apikey);
731 mutex_buf_apikey = NULL;
732 }
733
734 if (apikey_ssl_ctx != NULL) {
735 SSL_CTX_free(apikey_ssl_ctx);
736 ssl_ctx = NULL;
737 }
738
739 if (cipher_list != cipher_list0) {
740 free(cipher_list);
741 cipher_list = cipher_list0;
742 }
743
744 ERR_free_strings();
745 #if OPENSSL_VERSION_NUMBER < 0x10100000L
746 OPENSSL_no_config();
747 #endif
748 }
749
750 /*
751 * Parse "certfile,keyfile@host,port" or "user@host,port" for a TLS connection.
752 * Take everything before the first '@' as the file or user name.
753 * Given "user", assume the file names are user.pem and user.key
754 * User names must not contain '/' or ','.
755 * Look first in the current directory.
756 * If the files are not found in the current directory
757 * and if they do not contain '/', prepend certs_dir and try again.
758 */
759 bool
axa_tls_parse(axa_emsg_t * emsg,char ** cert_filep,char ** key_filep,char ** addrp,const char * spec)760 axa_tls_parse(axa_emsg_t *emsg,
761 char **cert_filep, char **key_filep, char **addrp,
762 const char *spec)
763 {
764 const char *comma, *at;
765 struct stat sb;
766 char *p;
767
768 AXA_ASSERT(*cert_filep == NULL && *key_filep == NULL && *addrp == NULL);
769
770 /* Just assume we are an un-threaded client
771 * if we have not been told. */
772 if (!tls_initialized
773 && !axa_tls_init(emsg, false, false))
774 return (false);
775
776 at = strchr(spec, '@');
777 comma = strpbrk(spec, ",@");
778
779 if (at == NULL || at == spec) {
780 axa_pemsg(emsg, "\"tls:%s\" has no user name or cert files",
781 spec);
782 return (false);
783 }
784
785 if (comma == at) {
786 /* Without a comma, assume we have a user name. */
787 axa_asprintf(cert_filep, "%.*s.pem",
788 (int)(comma - spec), spec);
789 axa_asprintf(key_filep, "%.*s.key",
790 (int)(comma - spec), spec);
791 } else {
792 *cert_filep = axa_strndup(spec, comma - spec);
793 *key_filep = axa_strndup(comma+1, at - (comma+1));
794 }
795 *addrp = axa_strdup(at+1);
796
797 /* Try the naked file names. */
798 if (0 > stat(*cert_filep, &sb)) {
799 axa_pemsg(emsg, "\"%s\" %s: %s",
800 spec, *cert_filep, strerror(errno));
801 } else if (0 <= stat(*key_filep, &sb)) {
802 return (true);
803 } else {
804 axa_pemsg(emsg, "\"%s\" %s: %s",
805 spec, *key_filep, strerror(errno));
806 }
807
808 /* If that failed,
809 * look in the certs directory if neither file name is a path. */
810 if (strchr(*cert_filep, '/') != NULL
811 || strchr(*cert_filep, '/') != NULL)
812 return (false);
813
814 axa_asprintf(&p, "%s/%s", certs_dir, *cert_filep);
815 free(*cert_filep);
816 *cert_filep = p;
817
818 axa_asprintf(&p, "%s/%s", certs_dir, *key_filep);
819 free(*key_filep);
820 *key_filep = p;
821
822 if (0 > stat(*cert_filep, &sb)) {
823 axa_pemsg(emsg, "\"%s\" %s: %s",
824 spec, *cert_filep, strerror(errno));
825 } else if (0 <= stat(*key_filep, &sb)) {
826 return (true);
827 } else {
828 axa_pemsg(emsg, "\"%s\" %s: %s",
829 spec, *key_filep, strerror(errno));
830 }
831
832 free(*addrp);
833 *addrp = NULL;
834 free(*cert_filep);
835 *cert_filep = NULL;
836 free(*key_filep);
837 *key_filep = NULL;
838
839 return (false);
840 }
841
842 bool
axa_apikey_parse_srvr(axa_emsg_t * emsg,char ** cert_filep,char ** key_filep,char ** addrp,const char * spec)843 axa_apikey_parse_srvr(axa_emsg_t *emsg,
844 char **cert_filep, char **key_filep, char **addrp,
845 const char *spec)
846 {
847 const char *comma, *at;
848 struct stat sb;
849 char *p;
850
851 AXA_ASSERT(*cert_filep == NULL && *key_filep == NULL && *addrp == NULL);
852
853 /* Just assume we are an un-threaded client
854 * if we have not been told. */
855 if (!apikey_initialized
856 && !axa_apikey_init(emsg, true, false))
857 return (false);
858
859 at = strchr(spec, '@');
860 comma = strpbrk(spec, ",@");
861
862 if (at == NULL || at == spec) {
863 axa_pemsg(emsg, "\"apikey:%s\" has no apikey or cert files",
864 spec);
865 return (false);
866 }
867
868 if (comma == at) {
869 /* Without a comma, assume we have a user name. */
870 axa_asprintf(cert_filep, "%.*s-bundle.crt",
871 (int)(comma - spec), spec);
872 axa_asprintf(key_filep, "%.*s.key",
873 (int)(comma - spec), spec);
874 } else {
875 *cert_filep = axa_strndup(spec, comma - spec);
876 *key_filep = axa_strndup(comma+1, at - (comma+1));
877 }
878 *addrp = axa_strdup(at+1);
879
880 /* Try the naked file names. */
881 if (0 > stat(*cert_filep, &sb)) {
882 axa_pemsg(emsg, "\"%s\" %s: %s",
883 spec, *cert_filep, strerror(errno));
884 } else if (0 <= stat(*key_filep, &sb)) {
885 return (true);
886 } else {
887 axa_pemsg(emsg, "\"%s\" %s: %s",
888 spec, *key_filep, strerror(errno));
889 }
890
891 /* If that failed,
892 * look in the certs directory if neither file name is a path. */
893 if (strchr(*cert_filep, '/') != NULL
894 || strchr(*cert_filep, '/') != NULL)
895 return (false);
896
897 axa_asprintf(&p, "%s/%s", certs_dir, *cert_filep);
898 free(*cert_filep);
899 *cert_filep = p;
900
901 axa_asprintf(&p, "%s/%s", certs_dir, *key_filep);
902 free(*key_filep);
903 *key_filep = p;
904
905 if (0 > stat(*cert_filep, &sb)) {
906 axa_pemsg(emsg, "\"%s\" %s: %s",
907 spec, *cert_filep, strerror(errno));
908 } else if (0 <= stat(*key_filep, &sb)) {
909 return (true);
910 } else {
911 axa_pemsg(emsg, "\"%s\" %s: %s",
912 spec, *key_filep, strerror(errno));
913 }
914
915 free(*addrp);
916 *addrp = NULL;
917 free(*cert_filep);
918 *cert_filep = NULL;
919 free(*key_filep);
920 *key_filep = NULL;
921
922 return (false);
923 }
924
925 /* Initialize per-connection OpenSSL data and complete the TLS handshake. */
926 axa_io_result_t
axa_tls_start(axa_emsg_t * emsg,axa_io_t * io)927 axa_tls_start(axa_emsg_t *emsg, axa_io_t *io)
928 {
929 BIO *bio;
930 X509 *cert;
931 X509_NAME *subject;
932 const SSL_CIPHER *cipher;
933 const char *comp, *expan;
934 int ssl_errno;
935 long l;
936 int i, j;
937
938 /* Start from scratch the first time. */
939 if (io->ssl == NULL) {
940 /* Just assume we are an un-threaded client. */
941 if (!tls_initialized
942 && !axa_tls_init(emsg, false, false))
943 return (AXA_IO_ERR);
944
945 ERR_clear_error();
946
947 io->ssl = SSL_new(ssl_ctx);
948 if (io->ssl == NULL) {
949 q_pemsg(emsg, "SSL_new()");
950 return (AXA_IO_ERR);
951 }
952 bio = BIO_new_socket(io->i_fd, BIO_NOCLOSE);
953 if (bio == NULL) {
954 q_pemsg(emsg, "BIO_new_socket()");
955 return (AXA_IO_ERR);
956 }
957 SSL_set_bio(io->ssl, bio, bio);
958
959 if (0 >= SSL_use_PrivateKey_file(io->ssl, io->key_file,
960 SSL_FILETYPE_PEM)) {
961 q_pemsg(emsg, "SSL_use_PrivateKey_file(%s)",
962 io->key_file);
963 return (AXA_IO_ERR);
964 }
965
966 if (0 >= SSL_use_certificate_file(io->ssl, io->cert_file,
967 SSL_FILETYPE_PEM)) {
968 q_pemsg(emsg, "SSL_use_certificate_file(%s)",
969 io->cert_file);
970 return (AXA_IO_ERR);
971 }
972
973 if (0 >= SSL_check_private_key(io->ssl)) {
974 q_pemsg(emsg, "SSL_check_private_key(%s %s)",
975 io->cert_file, io->key_file);
976 return (AXA_IO_ERR);
977 }
978 }
979
980 ERR_clear_error();
981 if (tls_srvr) {
982 ssl_errno = get_ssl_pemsg(emsg, io->ssl, SSL_accept(io->ssl),
983 "SSL_accept()");
984 } else {
985 ssl_errno = get_ssl_pemsg(emsg, io->ssl, SSL_connect(io->ssl),
986 "SSL_connect()");
987 }
988 switch (ssl_errno) {
989 case SSL_ERROR_NONE:
990 break;
991 case SSL_ERROR_WANT_READ:
992 io->i_events = AXA_POLL_IN;
993 io->o_events = 0;
994 return (AXA_IO_BUSY);
995 case SSL_ERROR_WANT_WRITE:
996 io->i_events = AXA_POLL_OUT;
997 io->o_events = 0;
998 return (AXA_IO_BUSY);
999 default:
1000 return (AXA_IO_ERR);
1001 }
1002
1003 /* Require a verified certificate. */
1004 l = SSL_get_verify_result(io->ssl);
1005 if (l != X509_V_OK) {
1006 axa_pemsg(emsg, "verify(): %s",
1007 X509_verify_cert_error_string(l));
1008 return (AXA_IO_ERR);
1009 }
1010
1011 /* Get information about the connection and the peer. */
1012 AXA_ASSERT(io->tls_info == NULL);
1013 comp = "no compression";
1014 expan = "no compression";
1015
1016 cipher = SSL_get_current_cipher(io->ssl);
1017 axa_asprintf(&io->tls_info, "%s %s %s%s%s",
1018 SSL_CIPHER_get_version(cipher),
1019 SSL_CIPHER_get_name(cipher),
1020 comp,
1021 expan != comp ? "/" : "",
1022 expan != comp ? expan : "");
1023
1024
1025 /*
1026 * Use the subject common name (CN) as the peer user name.
1027 */
1028 cert = SSL_get_peer_certificate(io->ssl);
1029 /* SSL_get_verify_result() == X509_V_OK guarantees the certificate. */
1030 AXA_ASSERT(cert != NULL);
1031 subject = X509_get_subject_name(cert);
1032 if (subject == NULL) {
1033 /* Is this possible? */
1034 X509_free(cert);
1035 axa_pemsg(emsg, "invalid null certificate subject");
1036 return (AXA_IO_ERR);
1037 }
1038 i = X509_NAME_get_text_by_NID(subject, NID_commonName, NULL, 0);
1039 if (i < 0) {
1040 X509_free(cert);
1041 axa_pemsg(emsg, "cannot find certificate CN");
1042 return (AXA_IO_ERR);
1043 }
1044 if ((size_t)i > sizeof(io->user.name)) {
1045 X509_free(cert);
1046 axa_pemsg(emsg, "certificate CN length of %d is too long", i);
1047 return (AXA_IO_ERR);
1048 }
1049 j = X509_NAME_get_text_by_NID(subject, NID_commonName,
1050 io->user.name, sizeof(io->user.name));
1051 AXA_ASSERT(i == j);
1052 X509_free(cert);
1053
1054 /* The TLS handshaking is finished. */
1055 io->i_events = AXA_POLL_IN;
1056 io->o_events = 0;
1057
1058 io->connected = true;
1059 return (AXA_IO_OK);
1060 }
1061
1062 bool
axa_apikey_load_and_check_key(axa_emsg_t * emsg,const char * key_file,const char * cert_file)1063 axa_apikey_load_and_check_key(axa_emsg_t *emsg, const char *key_file,
1064 const char *cert_file) {
1065 /* Apparently the following functions are either not
1066 * thread-safe or not idempotent, or both. Calling
1067 * them for each new apikey session appeared to race
1068 * with other threads and resulted in spurious crashes
1069 * when apikey sessions would arrive "concurrently".
1070 *
1071 * The solution appears to be calling them once when
1072 * the first apikey session shows up. This should be called after
1073 * axa_apikey_init() successfully completes.
1074 */
1075 if (!apikey_srvr)
1076 return (false);
1077
1078 if (0 >= SSL_CTX_use_PrivateKey_file(apikey_ssl_ctx, key_file,
1079 SSL_FILETYPE_PEM)) {
1080 q_pemsg(emsg, "SSL_use_PrivateKey_file(%s)", key_file);
1081 return (false);
1082 }
1083
1084 if (0 >= SSL_CTX_use_certificate_chain_file(apikey_ssl_ctx,
1085 cert_file)) {
1086 q_pemsg(emsg, "SSL_CTX_use_certificate_chain_file(%s)",
1087 cert_file);
1088 return (false);
1089 }
1090
1091 if (0 >= SSL_CTX_check_private_key(apikey_ssl_ctx)) {
1092 q_pemsg(emsg, "SSL_check_private_key(%s %s)", cert_file,
1093 key_file);
1094 return (false);
1095 }
1096
1097 return (true);
1098 }
1099
1100 /* Initialize per-connection OpenSSL data and complete the TLS handshake. */
1101 axa_io_result_t
axa_apikey_start(axa_emsg_t * emsg,axa_io_t * io)1102 axa_apikey_start(axa_emsg_t *emsg, axa_io_t *io)
1103 {
1104 BIO *bio;
1105 const SSL_CIPHER *cipher;
1106 const char *comp, *expan;
1107 int ssl_errno;
1108
1109 /* Start from scratch the first time. */
1110 if (io->ssl == NULL) {
1111 /* Just assume we are an un-threaded client. */
1112 if (!apikey_initialized
1113 && !axa_apikey_init(emsg, false, false))
1114 return (AXA_IO_ERR);
1115
1116 ERR_clear_error();
1117
1118 io->ssl = SSL_new(apikey_ssl_ctx);
1119 if (io->ssl == NULL) {
1120 q_pemsg(emsg, "SSL_new()");
1121 return (AXA_IO_ERR);
1122 }
1123 bio = BIO_new_socket(io->i_fd, BIO_NOCLOSE);
1124 if (bio == NULL) {
1125 q_pemsg(emsg, "BIO_new_socket()");
1126 return (AXA_IO_ERR);
1127 }
1128 SSL_set_bio(io->ssl, bio, bio);
1129
1130 }
1131
1132 ERR_clear_error();
1133 if (apikey_srvr) {
1134 ssl_errno = get_ssl_pemsg(emsg, io->ssl, SSL_accept(io->ssl),
1135 "SSL_accept()");
1136 } else {
1137 ssl_errno = get_ssl_pemsg(emsg, io->ssl, SSL_connect(io->ssl),
1138 "SSL_connect()");
1139 }
1140 switch (ssl_errno) {
1141 case SSL_ERROR_NONE:
1142 break;
1143 case SSL_ERROR_WANT_READ:
1144 io->i_events = AXA_POLL_IN;
1145 io->o_events = 0;
1146 return (AXA_IO_BUSY);
1147 case SSL_ERROR_WANT_WRITE:
1148 io->i_events = AXA_POLL_OUT;
1149 io->o_events = 0;
1150 return (AXA_IO_BUSY);
1151 default:
1152 return (AXA_IO_ERR);
1153 }
1154
1155 /* Get information about the connection and the peer. */
1156 AXA_ASSERT(io->tls_info == NULL);
1157 comp = "no compression";
1158 expan = "no compression";
1159
1160 cipher = SSL_get_current_cipher(io->ssl);
1161 axa_asprintf(&io->tls_info, "%s %s %s%s%s",
1162 SSL_CIPHER_get_version(cipher),
1163 SSL_CIPHER_get_name(cipher),
1164 comp,
1165 expan != comp ? "/" : "",
1166 expan != comp ? expan : "");
1167
1168 /* The TLS handshaking is finished. */
1169 io->i_events = AXA_POLL_IN;
1170 io->o_events = 0;
1171
1172 io->connected = true;
1173 return (AXA_IO_OK);
1174 }
1175
1176 /* Close and release per-connection OpenSSL data */
1177 void
axa_tls_stop(axa_io_t * io)1178 axa_tls_stop(axa_io_t *io)
1179 {
1180 if (io->ssl != NULL) {
1181 SSL_free(io->ssl);
1182 io->ssl = NULL;
1183 }
1184 }
1185
1186 void
axa_apikey_stop(axa_io_t * io)1187 axa_apikey_stop(axa_io_t *io)
1188 {
1189 if (io->ssl != NULL) {
1190 SSL_free(io->ssl);
1191 io->ssl = NULL;
1192 }
1193 }
1194
1195 /* TLS input */
1196 axa_io_result_t
axa_tls_read(axa_emsg_t * emsg,axa_io_t * io)1197 axa_tls_read(axa_emsg_t *emsg, axa_io_t *io)
1198 {
1199 int ret, ssl_errno;
1200
1201 AXA_ASSERT(io->i_events != 0);
1202
1203 ERR_clear_error();
1204 ret = SSL_read(io->ssl, io->recv_buf, io->recv_buf_len);
1205 ssl_errno = get_ssl_pemsg(emsg, io->ssl, ret,
1206 "SSL_read(%d)", io->recv_buf_len);
1207 switch (ssl_errno) {
1208 case SSL_ERROR_NONE:
1209 break;
1210 case SSL_ERROR_WANT_READ:
1211 io->i_events = AXA_POLL_IN;
1212 return (AXA_IO_BUSY);
1213 case SSL_ERROR_WANT_WRITE:
1214 io->i_events = AXA_POLL_OUT;
1215 return (AXA_IO_BUSY);
1216 default:
1217 io->i_events = 0;
1218 return (AXA_IO_ERR);
1219 }
1220
1221 io->recv_bytes = ret;
1222 gettimeofday(&io->alive, NULL);
1223
1224 io->i_events = AXA_POLL_IN;
1225 return (AXA_IO_OK);
1226 }
1227
1228 /* TLS output */
1229 axa_io_result_t
axa_tls_flush(axa_emsg_t * emsg,axa_io_t * io)1230 axa_tls_flush(axa_emsg_t *emsg, axa_io_t *io)
1231 {
1232 int ret, ssl_errno;
1233
1234 for (;;) {
1235 ERR_clear_error();
1236 ret = SSL_write(io->ssl, io->send_start, io->send_bytes);
1237 ssl_errno = get_ssl_pemsg(emsg, io->ssl, ret,
1238 "SSL_write(%d)", io->send_bytes);
1239 switch (ssl_errno) {
1240 case SSL_ERROR_NONE:
1241 break;
1242 case SSL_ERROR_WANT_READ:
1243 io->o_events = AXA_POLL_IN;
1244 return (AXA_IO_BUSY);
1245 case SSL_ERROR_WANT_WRITE:
1246 io->o_events = AXA_POLL_OUT;
1247 return (AXA_IO_BUSY);
1248 default:
1249 io->o_events = 0;
1250 return (AXA_IO_ERR);
1251 }
1252
1253 AXA_ASSERT(io->send_bytes >= (size_t)ret);
1254 io->send_start += ret;
1255 io->send_bytes -= ret;
1256 if (io->send_bytes != 0)
1257 continue;
1258
1259 io->o_events = 0;
1260 gettimeofday(&io->alive, NULL);
1261 return (AXA_IO_OK);
1262 }
1263 }
1264