1 /* tls_g.c - Handle tls/ssl using GNUTLS. */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 *
5 * Copyright 2008-2021 The OpenLDAP Foundation.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
10 * Public License.
11 *
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
15 */
16 /* ACKNOWLEDGEMENTS: GNUTLS support written by Howard Chu and
17 * Emily Backes; sponsored by The Written Word (thewrittenword.com)
18 * and Stanford University (stanford.edu).
19 */
20
21 #include "portable.h"
22
23 #ifdef HAVE_GNUTLS
24
25 #include "ldap_config.h"
26
27 #include <stdio.h>
28
29 #include <ac/stdlib.h>
30 #include <ac/errno.h>
31 #include <ac/socket.h>
32 #include <ac/string.h>
33 #include <ac/ctype.h>
34 #include <ac/time.h>
35 #include <ac/unistd.h>
36 #include <ac/param.h>
37 #include <ac/dirent.h>
38 #include <sys/stat.h>
39 #include <fcntl.h>
40
41 #include "ldap-int.h"
42 #include "ldap-tls.h"
43
44 #include <gnutls/gnutls.h>
45 #include <gnutls/x509.h>
46 #include <gnutls/abstract.h>
47 #include <gnutls/crypto.h>
48
49 typedef struct tlsg_ctx {
50 gnutls_certificate_credentials_t cred;
51 gnutls_dh_params_t dh_params;
52 unsigned long verify_depth;
53 int refcount;
54 int reqcert;
55 gnutls_priority_t prios;
56 #ifdef LDAP_R_COMPILE
57 ldap_pvt_thread_mutex_t ref_mutex;
58 #endif
59 } tlsg_ctx;
60
61 typedef struct tlsg_session {
62 gnutls_session_t session;
63 tlsg_ctx *ctx;
64 struct berval peer_der_dn;
65 } tlsg_session;
66
67 static int tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites );
68 static int tlsg_cert_verify( tlsg_session *s );
69
70 #ifdef LDAP_R_COMPILE
71
72 static void
tlsg_thr_init(void)73 tlsg_thr_init( void )
74 {
75 /* do nothing */
76 }
77 #endif /* LDAP_R_COMPILE */
78
79 /*
80 * Initialize TLS subsystem. Should be called only once.
81 */
82 static int
tlsg_init(void)83 tlsg_init( void )
84 {
85 gnutls_global_init();
86 return 0;
87 }
88
89 /*
90 * Tear down the TLS subsystem. Should only be called once.
91 */
92 static void
tlsg_destroy(void)93 tlsg_destroy( void )
94 {
95 gnutls_global_deinit();
96 }
97
98 static tls_ctx *
tlsg_ctx_new(struct ldapoptions * lo)99 tlsg_ctx_new ( struct ldapoptions *lo )
100 {
101 tlsg_ctx *ctx;
102
103 ctx = ber_memcalloc ( 1, sizeof (*ctx) );
104 if ( ctx ) {
105 if ( gnutls_certificate_allocate_credentials( &ctx->cred )) {
106 ber_memfree( ctx );
107 return NULL;
108 }
109 ctx->refcount = 1;
110 gnutls_priority_init( &ctx->prios, "NORMAL", NULL );
111 #ifdef LDAP_R_COMPILE
112 ldap_pvt_thread_mutex_init( &ctx->ref_mutex );
113 #endif
114 }
115 return (tls_ctx *)ctx;
116 }
117
118 static void
tlsg_ctx_ref(tls_ctx * ctx)119 tlsg_ctx_ref( tls_ctx *ctx )
120 {
121 tlsg_ctx *c = (tlsg_ctx *)ctx;
122 LDAP_MUTEX_LOCK( &c->ref_mutex );
123 c->refcount++;
124 LDAP_MUTEX_UNLOCK( &c->ref_mutex );
125 }
126
127 static void
tlsg_ctx_free(tls_ctx * ctx)128 tlsg_ctx_free ( tls_ctx *ctx )
129 {
130 tlsg_ctx *c = (tlsg_ctx *)ctx;
131 int refcount;
132
133 if ( !c ) return;
134
135 LDAP_MUTEX_LOCK( &c->ref_mutex );
136 refcount = --c->refcount;
137 LDAP_MUTEX_UNLOCK( &c->ref_mutex );
138 if ( refcount )
139 return;
140 gnutls_priority_deinit( c->prios );
141 gnutls_certificate_free_credentials( c->cred );
142 if ( c->dh_params )
143 gnutls_dh_params_deinit( c->dh_params );
144 ber_memfree ( c );
145 }
146
147 static int
tlsg_getfile(const char * path,gnutls_datum_t * buf)148 tlsg_getfile( const char *path, gnutls_datum_t *buf )
149 {
150 int rc = -1, fd;
151 struct stat st;
152 char ebuf[128];
153
154 fd = open( path, O_RDONLY );
155 if ( fd < 0 ) {
156 Debug2( LDAP_DEBUG_ANY,
157 "TLS: opening `%s' failed: %s\n",
158 path,
159 AC_STRERROR_R( errno, ebuf, sizeof ebuf ));
160 return -1;
161 }
162 if ( fstat( fd, &st ) == 0 ) {
163 buf->size = st.st_size;
164 buf->data = LDAP_MALLOC( st.st_size + 1 );
165 if ( buf->data ) {
166 rc = read( fd, buf->data, st.st_size );
167 close( fd );
168 if ( rc < st.st_size )
169 rc = -1;
170 else
171 rc = 0;
172 }
173 }
174 return rc;
175 }
176
177 /* This is the GnuTLS default */
178 #define VERIFY_DEPTH 6
179
180 /*
181 * initialize a new TLS context
182 */
183 static int
tlsg_ctx_init(struct ldapoptions * lo,struct ldaptls * lt,int is_server)184 tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
185 {
186 tlsg_ctx *ctx = lo->ldo_tls_ctx;
187 int rc;
188
189 if ( lo->ldo_tls_ciphersuite &&
190 tlsg_parse_ciphers( ctx, lt->lt_ciphersuite )) {
191 Debug1( LDAP_DEBUG_ANY,
192 "TLS: could not set cipher list %s.\n",
193 lo->ldo_tls_ciphersuite );
194 return -1;
195 }
196
197 if (lo->ldo_tls_cacertdir != NULL) {
198 rc = gnutls_certificate_set_x509_trust_dir(
199 ctx->cred,
200 lt->lt_cacertdir,
201 GNUTLS_X509_FMT_PEM );
202 if ( rc > 0 ) {
203 Debug2( LDAP_DEBUG_TRACE,
204 "TLS: loaded %d CA certificates from directory `%s'.\n",
205 rc, lt->lt_cacertdir );
206 } else {
207 Debug1( LDAP_DEBUG_ANY,
208 "TLS: warning: no certificate found in CA certificate directory `%s'.\n",
209 lt->lt_cacertdir );
210 /* only warn, no return */
211 }
212 }
213
214 if (lo->ldo_tls_cacertfile != NULL) {
215 rc = gnutls_certificate_set_x509_trust_file(
216 ctx->cred,
217 lt->lt_cacertfile,
218 GNUTLS_X509_FMT_PEM );
219 if ( rc < 0 ) {
220 Debug3( LDAP_DEBUG_ANY,
221 "TLS: could not use CA certificate file `%s': %s (%d)\n",
222 lo->ldo_tls_cacertfile,
223 gnutls_strerror( rc ),
224 rc );
225 return -1;
226 } else if ( rc == 0 ) {
227 Debug1( LDAP_DEBUG_ANY,
228 "TLS: warning: no certificate loaded from CA certificate file `%s'.\n",
229 lo->ldo_tls_cacertfile );
230 /* only warn, no return */
231 }
232 }
233
234 if (lo->ldo_tls_cacert.bv_val != NULL ) {
235 gnutls_datum_t buf;
236 buf.data = (unsigned char *)lo->ldo_tls_cacert.bv_val;
237 buf.size = lo->ldo_tls_cacert.bv_len;
238 rc = gnutls_certificate_set_x509_trust_mem(
239 ctx->cred,
240 &buf,
241 GNUTLS_X509_FMT_DER );
242 if ( rc < 0 ) {
243 Debug2( LDAP_DEBUG_ANY,
244 "TLS: could not use CA certificate: %s (%d)\n",
245 gnutls_strerror( rc ),
246 rc );
247 return -1;
248 }
249 }
250
251 if (( lo->ldo_tls_certfile && lo->ldo_tls_keyfile ) ||
252 ( lo->ldo_tls_cert.bv_val && lo->ldo_tls_key.bv_val )) {
253 gnutls_x509_privkey_t key;
254 gnutls_datum_t buf;
255 gnutls_x509_crt_t certs[VERIFY_DEPTH];
256 unsigned int max = VERIFY_DEPTH;
257
258 rc = gnutls_x509_privkey_init( &key );
259 if ( rc ) return -1;
260
261 /* OpenSSL builds the cert chain for us, but GnuTLS
262 * expects it to be present in the certfile. If it's
263 * not, we have to build it ourselves. So we have to
264 * do some special checks here...
265 */
266 if ( lo->ldo_tls_key.bv_val ) {
267 buf.data = (unsigned char *)lo->ldo_tls_key.bv_val;
268 buf.size = lo->ldo_tls_key.bv_len;
269 rc = gnutls_x509_privkey_import( key, &buf,
270 GNUTLS_X509_FMT_DER );
271 } else {
272 rc = tlsg_getfile( lt->lt_keyfile, &buf );
273 if ( rc ) {
274 Debug1( LDAP_DEBUG_ANY,
275 "TLS: could not use private key file `%s`.\n",
276 lt->lt_keyfile);
277 return -1;
278 }
279 rc = gnutls_x509_privkey_import( key, &buf,
280 GNUTLS_X509_FMT_PEM );
281 LDAP_FREE( buf.data );
282 }
283 if ( rc < 0 ) {
284 Debug2( LDAP_DEBUG_ANY,
285 "TLS: could not use private key: %s (%d)\n",
286 gnutls_strerror( rc ),
287 rc );
288 return rc;
289 }
290
291 if ( lo->ldo_tls_cert.bv_val ) {
292 buf.data = (unsigned char *)lo->ldo_tls_cert.bv_val;
293 buf.size = lo->ldo_tls_cert.bv_len;
294 rc = gnutls_x509_crt_list_import( certs, &max, &buf,
295 GNUTLS_X509_FMT_DER, 0 );
296 } else {
297 rc = tlsg_getfile( lt->lt_certfile, &buf );
298 if ( rc ) {
299 Debug1( LDAP_DEBUG_ANY,
300 "TLS: could not use certificate file `%s`.\n",
301 lt->lt_certfile);
302 return -1;
303 }
304 rc = gnutls_x509_crt_list_import( certs, &max, &buf,
305 GNUTLS_X509_FMT_PEM, 0 );
306 LDAP_FREE( buf.data );
307 }
308 if ( rc < 0 ) {
309 Debug2( LDAP_DEBUG_ANY,
310 "TLS: could not use certificate: %s (%d)\n",
311 gnutls_strerror( rc ),
312 rc );
313 return rc;
314 }
315
316 /* If there's only one cert and it's not self-signed,
317 * then we have to build the cert chain.
318 */
319 if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
320 unsigned int i;
321 for ( i = 1; i<VERIFY_DEPTH; i++ ) {
322 if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &certs[i], 0 ))
323 break;
324 max++;
325 /* If this CA is self-signed, we're done */
326 if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
327 break;
328 }
329 }
330 rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
331 if ( rc ) {
332 Debug2( LDAP_DEBUG_ANY,
333 "TLS: could not use certificate with key: %s (%d)\n",
334 gnutls_strerror( rc ),
335 rc );
336 return -1;
337 }
338 } else if (( lo->ldo_tls_certfile || lo->ldo_tls_keyfile )) {
339 Debug0( LDAP_DEBUG_ANY,
340 "TLS: only one of certfile and keyfile specified\n" );
341 return -1;
342 } else if (( lo->ldo_tls_cert.bv_val || lo->ldo_tls_key.bv_val )) {
343 Debug0( LDAP_DEBUG_ANY,
344 "TLS: only one of cert and key specified\n" );
345 return -1;
346 }
347
348 if ( lo->ldo_tls_crlfile ) {
349 rc = gnutls_certificate_set_x509_crl_file(
350 ctx->cred,
351 lt->lt_crlfile,
352 GNUTLS_X509_FMT_PEM );
353 if ( rc < 0 ) return -1;
354 rc = 0;
355 }
356
357 /* FIXME: ITS#5992 - this should be configurable,
358 * and V1 CA certs should be phased out ASAP.
359 */
360 gnutls_certificate_set_verify_flags( ctx->cred,
361 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
362
363 if ( is_server && lo->ldo_tls_dhfile ) {
364 gnutls_datum_t buf;
365 rc = tlsg_getfile( lo->ldo_tls_dhfile, &buf );
366 if ( rc ) return -1;
367 rc = gnutls_dh_params_init( &ctx->dh_params );
368 if ( rc == 0 )
369 rc = gnutls_dh_params_import_pkcs3( ctx->dh_params, &buf,
370 GNUTLS_X509_FMT_PEM );
371 LDAP_FREE( buf.data );
372 if ( rc ) return -1;
373 gnutls_certificate_set_dh_params( ctx->cred, ctx->dh_params );
374 }
375
376 ctx->reqcert = lo->ldo_tls_require_cert;
377
378 return 0;
379 }
380
381 static tls_session *
tlsg_session_new(tls_ctx * ctx,int is_server)382 tlsg_session_new ( tls_ctx * ctx, int is_server )
383 {
384 tlsg_ctx *c = (tlsg_ctx *)ctx;
385 tlsg_session *session;
386
387 session = ber_memcalloc ( 1, sizeof (*session) );
388 if ( !session )
389 return NULL;
390
391 session->ctx = c;
392 gnutls_init( &session->session, is_server ? GNUTLS_SERVER : GNUTLS_CLIENT );
393 gnutls_priority_set( session->session, c->prios );
394 if ( c->cred )
395 gnutls_credentials_set( session->session, GNUTLS_CRD_CERTIFICATE, c->cred );
396
397 if ( is_server ) {
398 int flag = 0;
399 if ( c->reqcert ) {
400 flag = GNUTLS_CERT_REQUEST;
401 if ( c->reqcert == LDAP_OPT_X_TLS_DEMAND ||
402 c->reqcert == LDAP_OPT_X_TLS_HARD )
403 flag = GNUTLS_CERT_REQUIRE;
404 gnutls_certificate_server_set_request( session->session, flag );
405 }
406 }
407 return (tls_session *)session;
408 }
409
410 static int
tlsg_session_accept(tls_session * session)411 tlsg_session_accept( tls_session *session )
412 {
413 tlsg_session *s = (tlsg_session *)session;
414 int rc;
415
416 rc = gnutls_handshake( s->session );
417 if ( rc == 0 && s->ctx->reqcert != LDAP_OPT_X_TLS_NEVER ) {
418 const gnutls_datum_t *peer_cert_list;
419 unsigned int list_size;
420
421 peer_cert_list = gnutls_certificate_get_peers( s->session,
422 &list_size );
423 if ( !peer_cert_list && s->ctx->reqcert == LDAP_OPT_X_TLS_TRY )
424 rc = 0;
425 else {
426 rc = tlsg_cert_verify( s );
427 if ( rc && s->ctx->reqcert == LDAP_OPT_X_TLS_ALLOW )
428 rc = 0;
429 }
430 }
431 return rc;
432 }
433
434 static int
tlsg_session_connect(LDAP * ld,tls_session * session,const char * name_in)435 tlsg_session_connect( LDAP *ld, tls_session *session, const char *name_in )
436 {
437 tlsg_session *s = (tlsg_session *)session;
438 int rc;
439
440 if ( name_in ) {
441 rc = gnutls_server_name_set( s->session, GNUTLS_NAME_DNS, name_in, strlen(name_in) );
442 if ( rc != GNUTLS_E_SUCCESS ) {
443 return rc;
444 }
445 }
446
447 return tlsg_session_accept( session);
448 }
449
450 static int
tlsg_session_upflags(Sockbuf * sb,tls_session * session,int rc)451 tlsg_session_upflags( Sockbuf *sb, tls_session *session, int rc )
452 {
453 tlsg_session *s = (tlsg_session *)session;
454
455 if ( rc != GNUTLS_E_INTERRUPTED && rc != GNUTLS_E_AGAIN )
456 return 0;
457
458 switch (gnutls_record_get_direction (s->session)) {
459 case 0:
460 sb->sb_trans_needs_read = 1;
461 return 1;
462 case 1:
463 sb->sb_trans_needs_write = 1;
464 return 1;
465 }
466 return 0;
467 }
468
469 static char *
tlsg_session_errmsg(tls_session * sess,int rc,char * buf,size_t len)470 tlsg_session_errmsg( tls_session *sess, int rc, char *buf, size_t len )
471 {
472 return (char *)gnutls_strerror( rc );
473 }
474
475 static void
tlsg_x509_cert_dn(struct berval * cert,struct berval * dn,int get_subject)476 tlsg_x509_cert_dn( struct berval *cert, struct berval *dn, int get_subject )
477 {
478 BerElementBuffer berbuf;
479 BerElement *ber = (BerElement *)&berbuf;
480 ber_tag_t tag;
481 ber_len_t len;
482 ber_int_t i;
483
484 ber_init2( ber, cert, LBER_USE_DER );
485 tag = ber_skip_tag( ber, &len ); /* Sequence */
486 tag = ber_skip_tag( ber, &len ); /* Sequence */
487 tag = ber_peek_tag( ber, &len ); /* Context + Constructed (version) */
488 if ( tag == 0xa0 ) { /* Version is optional */
489 tag = ber_skip_tag( ber, &len );
490 tag = ber_get_int( ber, &i ); /* Int: Version */
491 }
492 tag = ber_skip_tag( ber, &len ); /* Int: Serial (can be longer than ber_int_t) */
493 ber_skip_data( ber, len );
494 tag = ber_skip_tag( ber, &len ); /* Sequence: Signature */
495 ber_skip_data( ber, len );
496 if ( !get_subject ) {
497 tag = ber_peek_tag( ber, &len ); /* Sequence: Issuer DN */
498 } else {
499 tag = ber_skip_tag( ber, &len );
500 ber_skip_data( ber, len );
501 tag = ber_skip_tag( ber, &len ); /* Sequence: Validity */
502 ber_skip_data( ber, len );
503 tag = ber_peek_tag( ber, &len ); /* Sequence: Subject DN */
504 }
505 len = ber_ptrlen( ber );
506 dn->bv_val = cert->bv_val + len;
507 dn->bv_len = cert->bv_len - len;
508 }
509
510 static int
tlsg_session_my_dn(tls_session * session,struct berval * der_dn)511 tlsg_session_my_dn( tls_session *session, struct berval *der_dn )
512 {
513 tlsg_session *s = (tlsg_session *)session;
514 const gnutls_datum_t *x;
515 struct berval bv;
516
517 x = gnutls_certificate_get_ours( s->session );
518
519 if (!x) return LDAP_INVALID_CREDENTIALS;
520
521 bv.bv_val = (char *) x->data;
522 bv.bv_len = x->size;
523
524 tlsg_x509_cert_dn( &bv, der_dn, 1 );
525 return 0;
526 }
527
528 static int
tlsg_session_peer_dn(tls_session * session,struct berval * der_dn)529 tlsg_session_peer_dn( tls_session *session, struct berval *der_dn )
530 {
531 tlsg_session *s = (tlsg_session *)session;
532 if ( !s->peer_der_dn.bv_val ) {
533 const gnutls_datum_t *peer_cert_list;
534 unsigned int list_size;
535 struct berval bv;
536
537 peer_cert_list = gnutls_certificate_get_peers( s->session,
538 &list_size );
539 if ( !peer_cert_list ) return LDAP_INVALID_CREDENTIALS;
540
541 bv.bv_len = peer_cert_list->size;
542 bv.bv_val = (char *) peer_cert_list->data;
543
544 tlsg_x509_cert_dn( &bv, &s->peer_der_dn, 1 );
545 }
546 *der_dn = s->peer_der_dn;
547 return 0;
548 }
549
550 /* what kind of hostname were we given? */
551 #define IS_DNS 0
552 #define IS_IP4 1
553 #define IS_IP6 2
554
555 #define CN_OID "2.5.4.3"
556
557 static int
tlsg_session_chkhost(LDAP * ld,tls_session * session,const char * name_in)558 tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in )
559 {
560 tlsg_session *s = (tlsg_session *)session;
561 int i, ret;
562 int chkSAN = ld->ld_options.ldo_tls_require_san, gotSAN = 0;
563 const gnutls_datum_t *peer_cert_list;
564 unsigned int list_size;
565 char altname[NI_MAXHOST];
566 size_t altnamesize;
567
568 gnutls_x509_crt_t cert;
569 const char *name;
570 char *ptr;
571 char *domain = NULL;
572 #ifdef LDAP_PF_INET6
573 struct in6_addr addr;
574 #else
575 struct in_addr addr;
576 #endif
577 int len1 = 0, len2 = 0;
578 int ntype = IS_DNS;
579
580 if( ldap_int_hostname &&
581 ( !name_in || !strcasecmp( name_in, "localhost" ) ) )
582 {
583 name = ldap_int_hostname;
584 } else {
585 name = name_in;
586 }
587
588 peer_cert_list = gnutls_certificate_get_peers( s->session,
589 &list_size );
590 if ( !peer_cert_list ) {
591 Debug0( LDAP_DEBUG_ANY,
592 "TLS: unable to get peer certificate.\n" );
593 /* If this was a fatal condition, things would have
594 * aborted long before now.
595 */
596 return LDAP_SUCCESS;
597 }
598 ret = gnutls_x509_crt_init( &cert );
599 if ( ret < 0 )
600 return LDAP_LOCAL_ERROR;
601 ret = gnutls_x509_crt_import( cert, peer_cert_list, GNUTLS_X509_FMT_DER );
602 if ( ret ) {
603 gnutls_x509_crt_deinit( cert );
604 return LDAP_LOCAL_ERROR;
605 }
606
607 #ifdef LDAP_PF_INET6
608 if (inet_pton(AF_INET6, name, &addr)) {
609 ntype = IS_IP6;
610 } else
611 #endif
612 if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) {
613 if (inet_aton(name, (struct in_addr *)&addr)) ntype = IS_IP4;
614 }
615
616 if (ntype == IS_DNS) {
617 len1 = strlen(name);
618 domain = strchr(name, '.');
619 if (domain) {
620 len2 = len1 - (domain-name);
621 }
622 }
623
624 if (chkSAN) {
625 for ( i=0, ret=0; ret >= 0; i++ ) {
626 altnamesize = sizeof(altname);
627 ret = gnutls_x509_crt_get_subject_alt_name( cert, i,
628 altname, &altnamesize, NULL );
629 if ( ret < 0 ) break;
630
631 gotSAN = 1;
632 /* ignore empty */
633 if ( altnamesize == 0 ) continue;
634
635 if ( ret == GNUTLS_SAN_DNSNAME ) {
636 if (ntype != IS_DNS) continue;
637
638 /* Is this an exact match? */
639 if ((len1 == altnamesize) && !strncasecmp(name, altname, len1)) {
640 break;
641 }
642
643 /* Is this a wildcard match? */
644 if (domain && (altname[0] == '*') && (altname[1] == '.') &&
645 (len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2))
646 {
647 break;
648 }
649 } else if ( ret == GNUTLS_SAN_IPADDRESS ) {
650 if (ntype == IS_DNS) continue;
651
652 #ifdef LDAP_PF_INET6
653 if (ntype == IS_IP6 && altnamesize != sizeof(struct in6_addr)) {
654 continue;
655 } else
656 #endif
657 if (ntype == IS_IP4 && altnamesize != sizeof(struct in_addr)) {
658 continue;
659 }
660 if (!memcmp(altname, &addr, altnamesize)) {
661 break;
662 }
663 }
664 }
665 if ( ret >= 0 ) {
666 ret = LDAP_SUCCESS;
667 }
668 }
669 if (ret != LDAP_SUCCESS && chkSAN) {
670 switch(chkSAN) {
671 case LDAP_OPT_X_TLS_DEMAND:
672 case LDAP_OPT_X_TLS_HARD:
673 if (!gotSAN) {
674 Debug0( LDAP_DEBUG_ANY,
675 "TLS: unable to get subjectAltName from peer certificate.\n" );
676 ret = LDAP_CONNECT_ERROR;
677 if ( ld->ld_error ) {
678 LDAP_FREE( ld->ld_error );
679 }
680 ld->ld_error = LDAP_STRDUP(
681 _("TLS: unable to get subjectAltName from peer certificate"));
682 goto done;
683 }
684 /* FALLTHRU */
685 case LDAP_OPT_X_TLS_TRY:
686 if (gotSAN) {
687 Debug1( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
688 "subjectAltName in certificate.\n",
689 name );
690 ret = LDAP_CONNECT_ERROR;
691 if ( ld->ld_error ) {
692 LDAP_FREE( ld->ld_error );
693 }
694 ld->ld_error = LDAP_STRDUP(
695 _("TLS: hostname does not match subjectAltName in peer certificate"));
696 goto done;
697 }
698 break;
699 case LDAP_OPT_X_TLS_ALLOW:
700 break;
701 }
702 }
703
704 if ( ret != LDAP_SUCCESS ){
705 /* find the last CN */
706 i=0;
707 do {
708 altnamesize = 0;
709 ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID,
710 i, 1, altname, &altnamesize );
711 if ( ret == GNUTLS_E_SHORT_MEMORY_BUFFER )
712 i++;
713 else
714 break;
715 } while ( 1 );
716
717 if ( i ) {
718 altnamesize = sizeof(altname);
719 ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID,
720 i-1, 0, altname, &altnamesize );
721 }
722
723 if ( ret < 0 ) {
724 Debug0( LDAP_DEBUG_ANY,
725 "TLS: unable to get common name from peer certificate.\n" );
726 ret = LDAP_CONNECT_ERROR;
727 if ( ld->ld_error ) {
728 LDAP_FREE( ld->ld_error );
729 }
730 ld->ld_error = LDAP_STRDUP(
731 _("TLS: unable to get CN from peer certificate"));
732
733 } else {
734 ret = LDAP_LOCAL_ERROR;
735 if ( !len1 ) len1 = strlen( name );
736 if ( len1 == altnamesize && strncasecmp(name, altname, altnamesize) == 0 ) {
737 ret = LDAP_SUCCESS;
738
739 } else if (( altname[0] == '*' ) && ( altname[1] == '.' )) {
740 /* Is this a wildcard match? */
741 if( domain &&
742 (len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2)) {
743 ret = LDAP_SUCCESS;
744 }
745 }
746 }
747
748 if( ret == LDAP_LOCAL_ERROR ) {
749 altname[altnamesize] = '\0';
750 Debug2( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
751 "common name in certificate (%s).\n",
752 name, altname );
753 ret = LDAP_CONNECT_ERROR;
754 if ( ld->ld_error ) {
755 LDAP_FREE( ld->ld_error );
756 }
757 ld->ld_error = LDAP_STRDUP(
758 _("TLS: hostname does not match name in peer certificate"));
759 }
760 }
761 done:
762 gnutls_x509_crt_deinit( cert );
763 return ret;
764 }
765
766 static int
tlsg_session_strength(tls_session * session)767 tlsg_session_strength( tls_session *session )
768 {
769 tlsg_session *s = (tlsg_session *)session;
770 gnutls_cipher_algorithm_t c;
771
772 c = gnutls_cipher_get( s->session );
773 return gnutls_cipher_get_key_size( c ) * 8;
774 }
775
776 static int
tlsg_session_unique(tls_session * sess,struct berval * buf,int is_server)777 tlsg_session_unique( tls_session *sess, struct berval *buf, int is_server)
778 {
779 tlsg_session *s = (tlsg_session *)sess;
780 gnutls_datum_t cb;
781 int rc;
782
783 rc = gnutls_session_channel_binding( s->session, GNUTLS_CB_TLS_UNIQUE, &cb );
784 if ( rc == 0 ) {
785 int len = cb.size;
786 if ( len > buf->bv_len )
787 len = buf->bv_len;
788 buf->bv_len = len;
789 memcpy( buf->bv_val, cb.data, len );
790 return len;
791 }
792 return 0;
793 }
794
795 static int
tlsg_session_endpoint(tls_session * sess,struct berval * buf,int is_server)796 tlsg_session_endpoint( tls_session *sess, struct berval *buf, int is_server )
797 {
798 tlsg_session *s = (tlsg_session *)sess;
799 const gnutls_datum_t *cert_data;
800 gnutls_x509_crt_t server_cert;
801 gnutls_digest_algorithm_t md;
802 int sign_algo, md_len, rc;
803
804 if ( is_server )
805 cert_data = gnutls_certificate_get_ours( s->session );
806 else
807 cert_data = gnutls_certificate_get_peers( s->session, NULL );
808
809 if ( cert_data == NULL )
810 return 0;
811
812 rc = gnutls_x509_crt_init( &server_cert );
813 if ( rc != GNUTLS_E_SUCCESS )
814 return 0;
815
816 rc = gnutls_x509_crt_import( server_cert, cert_data, GNUTLS_X509_FMT_DER );
817 if ( rc != GNUTLS_E_SUCCESS ) {
818 gnutls_x509_crt_deinit( server_cert );
819 return 0;
820 }
821
822 sign_algo = gnutls_x509_crt_get_signature_algorithm( server_cert );
823 gnutls_x509_crt_deinit( server_cert );
824 if ( sign_algo <= GNUTLS_SIGN_UNKNOWN )
825 return 0;
826
827 md = gnutls_sign_get_hash_algorithm( sign_algo );
828 if ( md == GNUTLS_DIG_UNKNOWN )
829 return 0;
830
831 /* See RFC 5929 */
832 switch (md) {
833 case GNUTLS_DIG_NULL:
834 case GNUTLS_DIG_MD2:
835 case GNUTLS_DIG_MD5:
836 case GNUTLS_DIG_SHA1:
837 md = GNUTLS_DIG_SHA256;
838 }
839
840 md_len = gnutls_hash_get_len( md );
841 if ( md_len == 0 || md_len > buf->bv_len )
842 return 0;
843
844 rc = gnutls_hash_fast( md, cert_data->data, cert_data->size, buf->bv_val );
845 if ( rc != GNUTLS_E_SUCCESS )
846 return 0;
847
848 buf->bv_len = md_len;
849
850 return md_len;
851 }
852
853 static const char *
tlsg_session_version(tls_session * sess)854 tlsg_session_version( tls_session *sess )
855 {
856 tlsg_session *s = (tlsg_session *)sess;
857 return gnutls_protocol_get_name(gnutls_protocol_get_version( s->session ));
858 }
859
860 static const char *
tlsg_session_cipher(tls_session * sess)861 tlsg_session_cipher( tls_session *sess )
862 {
863 tlsg_session *s = (tlsg_session *)sess;
864 return gnutls_cipher_get_name(gnutls_cipher_get( s->session ));
865 }
866
867 static int
tlsg_session_peercert(tls_session * sess,struct berval * der)868 tlsg_session_peercert( tls_session *sess, struct berval *der )
869 {
870 tlsg_session *s = (tlsg_session *)sess;
871 const gnutls_datum_t *peer_cert_list;
872 unsigned int list_size;
873
874 peer_cert_list = gnutls_certificate_get_peers( s->session, &list_size );
875 if (!peer_cert_list)
876 return -1;
877 der->bv_len = peer_cert_list[0].size;
878 der->bv_val = LDAP_MALLOC( der->bv_len );
879 if (!der->bv_val)
880 return -1;
881 memcpy(der->bv_val, peer_cert_list[0].data, der->bv_len);
882 return 0;
883 }
884
885 static int
tlsg_session_pinning(LDAP * ld,tls_session * sess,char * hashalg,struct berval * hash)886 tlsg_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval *hash )
887 {
888 tlsg_session *s = (tlsg_session *)sess;
889 const gnutls_datum_t *cert_list;
890 unsigned int cert_list_size = 0;
891 gnutls_x509_crt_t crt;
892 gnutls_pubkey_t pubkey;
893 gnutls_datum_t key = {};
894 gnutls_digest_algorithm_t alg;
895 struct berval keyhash;
896 size_t len;
897 int rc = -1;
898
899 if ( hashalg ) {
900 alg = gnutls_digest_get_id( hashalg );
901 if ( alg == GNUTLS_DIG_UNKNOWN ) {
902 Debug1( LDAP_DEBUG_ANY, "tlsg_session_pinning: "
903 "unknown hashing algorithm for GnuTLS: '%s'\n",
904 hashalg );
905 return rc;
906 }
907 }
908
909 cert_list = gnutls_certificate_get_peers( s->session, &cert_list_size );
910 if ( cert_list_size == 0 ) {
911 return rc;
912 }
913
914 if ( gnutls_x509_crt_init( &crt ) < 0 ) {
915 return rc;
916 }
917
918 if ( gnutls_x509_crt_import( crt, &cert_list[0], GNUTLS_X509_FMT_DER ) ) {
919 goto done;
920 }
921
922 if ( gnutls_pubkey_init( &pubkey ) ) {
923 goto done;
924 }
925
926 if ( gnutls_pubkey_import_x509( pubkey, crt, 0 ) < 0 ) {
927 goto done;
928 }
929
930 gnutls_pubkey_export( pubkey, GNUTLS_X509_FMT_DER, key.data, &len );
931 if ( len <= 0 ) {
932 goto done;
933 }
934
935 key.data = LDAP_MALLOC( len );
936 if ( !key.data ) {
937 goto done;
938 }
939
940 key.size = len;
941
942 if ( gnutls_pubkey_export( pubkey, GNUTLS_X509_FMT_DER,
943 key.data, &len ) < 0 ) {
944 goto done;
945 }
946
947 if ( hashalg ) {
948 keyhash.bv_len = gnutls_hash_get_len( alg );
949 keyhash.bv_val = LDAP_MALLOC( keyhash.bv_len );
950 if ( !keyhash.bv_val || gnutls_fingerprint( alg, &key,
951 keyhash.bv_val, &keyhash.bv_len ) < 0 ) {
952 goto done;
953 }
954 } else {
955 keyhash.bv_val = (char *)key.data;
956 keyhash.bv_len = key.size;
957 }
958
959 if ( ber_bvcmp( hash, &keyhash ) ) {
960 rc = LDAP_CONNECT_ERROR;
961 Debug0( LDAP_DEBUG_ANY, "tlsg_session_pinning: "
962 "public key hash does not match provided pin.\n" );
963 if ( ld->ld_error ) {
964 LDAP_FREE( ld->ld_error );
965 }
966 ld->ld_error = LDAP_STRDUP(
967 _("TLS: public key hash does not match provided pin"));
968 } else {
969 rc = LDAP_SUCCESS;
970 }
971
972 done:
973 if ( pubkey ) {
974 gnutls_pubkey_deinit( pubkey );
975 }
976 if ( crt ) {
977 gnutls_x509_crt_deinit( crt );
978 }
979 if ( keyhash.bv_val != (char *)key.data ) {
980 LDAP_FREE( keyhash.bv_val );
981 }
982 if ( key.data ) {
983 LDAP_FREE( key.data );
984 }
985 return rc;
986 }
987
988 /* suites is a string of colon-separated cipher suite names. */
989 static int
tlsg_parse_ciphers(tlsg_ctx * ctx,char * suites)990 tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites )
991 {
992 const char *err;
993 int rc = gnutls_priority_init( &ctx->prios, suites, &err );
994 if ( rc )
995 ctx->prios = NULL;
996 return rc;
997 }
998
999 /*
1000 * TLS support for LBER Sockbufs
1001 */
1002
1003 struct tls_data {
1004 tlsg_session *session;
1005 Sockbuf_IO_Desc *sbiod;
1006 };
1007
1008 static ssize_t
tlsg_recv(gnutls_transport_ptr_t ptr,void * buf,size_t len)1009 tlsg_recv( gnutls_transport_ptr_t ptr, void *buf, size_t len )
1010 {
1011 struct tls_data *p;
1012
1013 if ( buf == NULL || len <= 0 ) return 0;
1014
1015 p = (struct tls_data *)ptr;
1016
1017 if ( p == NULL || p->sbiod == NULL ) {
1018 return 0;
1019 }
1020
1021 return LBER_SBIOD_READ_NEXT( p->sbiod, buf, len );
1022 }
1023
1024 static ssize_t
tlsg_send(gnutls_transport_ptr_t ptr,const void * buf,size_t len)1025 tlsg_send( gnutls_transport_ptr_t ptr, const void *buf, size_t len )
1026 {
1027 struct tls_data *p;
1028
1029 if ( buf == NULL || len <= 0 ) return 0;
1030
1031 p = (struct tls_data *)ptr;
1032
1033 if ( p == NULL || p->sbiod == NULL ) {
1034 return 0;
1035 }
1036
1037 return LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len );
1038 }
1039
1040 static int
tlsg_sb_setup(Sockbuf_IO_Desc * sbiod,void * arg)1041 tlsg_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg )
1042 {
1043 struct tls_data *p;
1044 tlsg_session *session = arg;
1045
1046 assert( sbiod != NULL );
1047
1048 p = LBER_MALLOC( sizeof( *p ) );
1049 if ( p == NULL ) {
1050 return -1;
1051 }
1052
1053 gnutls_transport_set_ptr( session->session, (gnutls_transport_ptr_t)p );
1054 gnutls_transport_set_pull_function( session->session, tlsg_recv );
1055 gnutls_transport_set_push_function( session->session, tlsg_send );
1056 p->session = session;
1057 p->sbiod = sbiod;
1058 sbiod->sbiod_pvt = p;
1059 return 0;
1060 }
1061
1062 static int
tlsg_sb_remove(Sockbuf_IO_Desc * sbiod)1063 tlsg_sb_remove( Sockbuf_IO_Desc *sbiod )
1064 {
1065 struct tls_data *p;
1066
1067 assert( sbiod != NULL );
1068 assert( sbiod->sbiod_pvt != NULL );
1069
1070 p = (struct tls_data *)sbiod->sbiod_pvt;
1071 gnutls_deinit ( p->session->session );
1072 LBER_FREE( p->session );
1073 LBER_FREE( sbiod->sbiod_pvt );
1074 sbiod->sbiod_pvt = NULL;
1075 return 0;
1076 }
1077
1078 static int
tlsg_sb_close(Sockbuf_IO_Desc * sbiod)1079 tlsg_sb_close( Sockbuf_IO_Desc *sbiod )
1080 {
1081 struct tls_data *p;
1082
1083 assert( sbiod != NULL );
1084 assert( sbiod->sbiod_pvt != NULL );
1085
1086 p = (struct tls_data *)sbiod->sbiod_pvt;
1087 gnutls_bye ( p->session->session, GNUTLS_SHUT_WR );
1088 return 0;
1089 }
1090
1091 static int
tlsg_sb_ctrl(Sockbuf_IO_Desc * sbiod,int opt,void * arg)1092 tlsg_sb_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
1093 {
1094 struct tls_data *p;
1095
1096 assert( sbiod != NULL );
1097 assert( sbiod->sbiod_pvt != NULL );
1098
1099 p = (struct tls_data *)sbiod->sbiod_pvt;
1100
1101 if ( opt == LBER_SB_OPT_GET_SSL ) {
1102 *((tlsg_session **)arg) = p->session;
1103 return 1;
1104
1105 } else if ( opt == LBER_SB_OPT_DATA_READY ) {
1106 if( gnutls_record_check_pending( p->session->session ) > 0 ) {
1107 return 1;
1108 }
1109 }
1110
1111 return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
1112 }
1113
1114 static ber_slen_t
tlsg_sb_read(Sockbuf_IO_Desc * sbiod,void * buf,ber_len_t len)1115 tlsg_sb_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
1116 {
1117 struct tls_data *p;
1118 ber_slen_t ret;
1119
1120 assert( sbiod != NULL );
1121 assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
1122
1123 p = (struct tls_data *)sbiod->sbiod_pvt;
1124
1125 ret = gnutls_record_recv ( p->session->session, buf, len );
1126 switch (ret) {
1127 case GNUTLS_E_INTERRUPTED:
1128 case GNUTLS_E_AGAIN:
1129 sbiod->sbiod_sb->sb_trans_needs_read = 1;
1130 sock_errset(EWOULDBLOCK);
1131 ret = 0;
1132 break;
1133 case GNUTLS_E_REHANDSHAKE:
1134 for ( ret = gnutls_handshake ( p->session->session );
1135 ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN;
1136 ret = gnutls_handshake ( p->session->session ) );
1137 sbiod->sbiod_sb->sb_trans_needs_read = 1;
1138 ret = 0;
1139 break;
1140 default:
1141 sbiod->sbiod_sb->sb_trans_needs_read = 0;
1142 }
1143 return ret;
1144 }
1145
1146 static ber_slen_t
tlsg_sb_write(Sockbuf_IO_Desc * sbiod,void * buf,ber_len_t len)1147 tlsg_sb_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
1148 {
1149 struct tls_data *p;
1150 ber_slen_t ret;
1151
1152 assert( sbiod != NULL );
1153 assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
1154
1155 p = (struct tls_data *)sbiod->sbiod_pvt;
1156
1157 ret = gnutls_record_send ( p->session->session, (char *)buf, len );
1158
1159 if ( ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN ) {
1160 sbiod->sbiod_sb->sb_trans_needs_write = 1;
1161 sock_errset(EWOULDBLOCK);
1162 ret = 0;
1163 } else {
1164 sbiod->sbiod_sb->sb_trans_needs_write = 0;
1165 }
1166 return ret;
1167 }
1168
1169 static Sockbuf_IO tlsg_sbio =
1170 {
1171 tlsg_sb_setup, /* sbi_setup */
1172 tlsg_sb_remove, /* sbi_remove */
1173 tlsg_sb_ctrl, /* sbi_ctrl */
1174 tlsg_sb_read, /* sbi_read */
1175 tlsg_sb_write, /* sbi_write */
1176 tlsg_sb_close /* sbi_close */
1177 };
1178
1179 /* Certs are not automatically verified during the handshake */
1180 static int
tlsg_cert_verify(tlsg_session * ssl)1181 tlsg_cert_verify( tlsg_session *ssl )
1182 {
1183 unsigned int status = 0;
1184 int err;
1185 time_t now = time(0);
1186 time_t peertime;
1187
1188 err = gnutls_certificate_verify_peers2( ssl->session, &status );
1189 if ( err < 0 ) {
1190 Debug1( LDAP_DEBUG_ANY,"TLS: gnutls_certificate_verify_peers2 failed %d\n",
1191 err );
1192 return -1;
1193 }
1194 if ( status ) {
1195 Debug1( LDAP_DEBUG_TRACE,"TLS: peer cert untrusted or revoked (0x%x)\n",
1196 status );
1197 return -1;
1198 }
1199 peertime = gnutls_certificate_expiration_time_peers( ssl->session );
1200 if ( peertime == (time_t) -1 ) {
1201 Debug0( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_expiration_time_peers failed\n" );
1202 return -1;
1203 }
1204 if ( peertime < now ) {
1205 Debug0( LDAP_DEBUG_ANY, "TLS: peer certificate is expired\n" );
1206 return -1;
1207 }
1208 peertime = gnutls_certificate_activation_time_peers( ssl->session );
1209 if ( peertime == (time_t) -1 ) {
1210 Debug0( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_activation_time_peers failed\n" );
1211 return -1;
1212 }
1213 if ( peertime > now ) {
1214 Debug0( LDAP_DEBUG_ANY, "TLS: peer certificate not yet active\n" );
1215 return -1;
1216 }
1217 return 0;
1218 }
1219
1220 tls_impl ldap_int_tls_impl = {
1221 "GnuTLS",
1222
1223 tlsg_init,
1224 tlsg_destroy,
1225
1226 tlsg_ctx_new,
1227 tlsg_ctx_ref,
1228 tlsg_ctx_free,
1229 tlsg_ctx_init,
1230
1231 tlsg_session_new,
1232 tlsg_session_connect,
1233 tlsg_session_accept,
1234 tlsg_session_upflags,
1235 tlsg_session_errmsg,
1236 tlsg_session_my_dn,
1237 tlsg_session_peer_dn,
1238 tlsg_session_chkhost,
1239 tlsg_session_strength,
1240 tlsg_session_unique,
1241 tlsg_session_endpoint,
1242 tlsg_session_version,
1243 tlsg_session_cipher,
1244 tlsg_session_peercert,
1245 tlsg_session_pinning,
1246
1247 &tlsg_sbio,
1248
1249 #ifdef LDAP_R_COMPILE
1250 tlsg_thr_init,
1251 #else
1252 NULL,
1253 #endif
1254
1255 0
1256 };
1257
1258 #endif /* HAVE_GNUTLS */
1259