1 #include "config.h"
2
3 #ifdef HAVE_LIBSSL
4
5 #include <stdio.h>
6 #include <stdlib.h>
7 #include <errno.h>
8 #include <unistd.h>
9 #include <string.h>
10 #include <sys/types.h>
11 #include <sys/stat.h>
12 #include <sys/socket.h>
13 #include <fcntl.h>
14 #include "ssl.h"
15 #include "client.h"
16 #include "conn.h"
17 #include "pen.h"
18 #include "diag.h"
19 #include "memory.h"
20 #include "server.h"
21
22 char ssl_compat;
23 char require_peer_cert;
24 char ssl_protocol;
25 char *certfile;
26 char *keyfile;
27 char *cacert_dir;
28 char *cacert_file;
29 char *ssl_sni_path;
30 SSL_CTX *ssl_context = NULL;
31 long ssl_options;
32 char *ssl_ciphers;
33 int ssl_session_id_context = 1;
34 int ssl_client_renegotiation_interval = 3600; /* one hour, effectively disabled */
35 unsigned char ocsp_resp_data[OCSP_RESP_MAX];
36 long ocsp_resp_len = 0;
37 char *ocsp_resp_file = NULL;
38
ssl_verify_cb(int ok,X509_STORE_CTX * ctx)39 static int ssl_verify_cb(int ok, X509_STORE_CTX *ctx)
40 {
41 char buffer[256];
42
43 X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)),
44 buffer, sizeof(buffer));
45 if (ok) {
46 debug("SSL: Certificate OK: %s", buffer);
47 } else {
48 switch (X509_STORE_CTX_get_error(ctx)) {
49 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
50 debug("SSL: Cert error: CA not known: %s", buffer);
51 break;
52 case X509_V_ERR_CERT_NOT_YET_VALID:
53 debug("SSL: Cert error: Cert not yet valid: %s",
54 buffer);
55 break;
56 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
57 debug("SSL: Cert error: illegal \'not before\' field: %s",
58 buffer);
59 break;
60 case X509_V_ERR_CERT_HAS_EXPIRED:
61 debug("SSL: Cert error: Cert expired: %s", buffer);
62 break;
63 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
64 debug("SSL: Cert error: invalid \'not after\' field: %s",
65 buffer);
66 break;
67 default:
68 debug("SSL: Cert error: unknown error %d in %s",
69 X509_STORE_CTX_get_error(ctx), buffer);
70 break;
71 }
72 }
73 return ok;
74 }
75
ssl_temp_rsa_cb(SSL * ssl,int export,int keylength)76 static RSA *ssl_temp_rsa_cb(SSL *ssl, int export, int keylength)
77 {
78 static RSA *rsa = NULL;
79
80 if (rsa == NULL) {
81 RSA *rsa = RSA_new();
82 BIGNUM *bn = BN_new();
83 if (rsa == NULL ||
84 bn == NULL ||
85 !BN_set_word(bn, RSA_F4) ||
86 !RSA_generate_key_ex(rsa, 512, bn, NULL)) {
87 BN_free(bn);
88 RSA_free(rsa); rsa = NULL;
89 }
90 }
91 return rsa;
92 }
93
ssl_info_cb(const SSL * ssl,int where,int ret)94 static void ssl_info_cb(const SSL *ssl, int where, int ret)
95 {
96 #if defined SSL3_ST_SR_CLNT_HELLO_A || defined SSL23_ST_SR_CLNT_HELLO_A
97 int st = SSL_get_state(ssl);
98 #endif
99 const char *state = SSL_state_string_long(ssl);
100 const char *type = SSL_alert_type_string_long(ret);
101 const char *desc = SSL_alert_desc_string_long(ret);
102 connection *conn = SSL_get_app_data(ssl);
103 int renegotiating = 0;
104 DEBUG(3, "ssl_info_cb(ssl=%p, where=%d, ret=%d)", ssl, where, ret);
105 if (where & SSL_CB_LOOP) DEBUG(3, "\tSSL_CB_LOOP");
106 if (where & SSL_CB_EXIT) DEBUG(3, "\tSSL_CB_EXIT");
107 if (where & SSL_CB_READ) DEBUG(3, "\tSSL_CB_READ");
108 if (where & SSL_CB_WRITE) DEBUG(3, "\tSSL_CB_WRITE");
109 if (where & SSL_CB_ALERT) DEBUG(3, "\tSSL_CB_ALERT");
110 if (where & SSL_CB_READ_ALERT) DEBUG(3, "\tSSL_CB_READ_ALERT");
111 if (where & SSL_CB_WRITE_ALERT) DEBUG(3, "\tSSL_CB_WRITE_ALERT");
112 if (where & SSL_CB_ACCEPT_LOOP) DEBUG(3, "\tSSL_CB_ACCEPT_LOOP");
113 if (where & SSL_CB_ACCEPT_EXIT) DEBUG(3, "\tSSL_CB_ACCEPT_EXIT");
114 if (where & SSL_CB_CONNECT_LOOP) DEBUG(3, "\tSSL_CB_CONNECT_LOOP");
115 if (where & SSL_CB_CONNECT_EXIT) DEBUG(3, "\tSSL_CB_CONNECT_EXIT");
116 if (where & SSL_CB_HANDSHAKE_START) DEBUG(3, "\tSSL_CB_HANDSHAKE_START");
117 if (where & SSL_CB_HANDSHAKE_DONE) DEBUG(3, "\tSSL_CB_HANDSHAKE_DONE");
118 DEBUG(3, "SSL state = %s", state);
119 DEBUG(3, "Alert type = %s", type);
120 DEBUG(3, "Alert description = %s", desc);
121 #ifdef SSL3_ST_SR_CLNT_HELLO_A
122 if (st == SSL3_ST_SR_CLNT_HELLO_A) {
123 DEBUG(3, "\tSSL3_ST_SR_CLNT_HELLO_A");
124 renegotiating = 1;
125 }
126 #endif
127 #ifdef SSL23_ST_SR_CLNT_HELLO_A
128 if (st == SSL23_ST_SR_CLNT_HELLO_A) {
129 DEBUG(3, "\tSSL23_ST_SR_CLNT_HELLO_A");
130 renegotiating = 1;
131 }
132 #endif
133 if (conn == NULL) {
134 debug("Whoops, no conn info");
135 } else {
136 DEBUG(3, "Connection in state %d from client %d to server %d",
137 conn->state, conn->client, conn->server);
138 if (renegotiating) {
139 int reneg_time = now-conn->reneg;
140 conn->reneg = now;
141 DEBUG(3, "Client asks for renegotiation");
142 DEBUG(3, "Last time was %d seconds ago", reneg_time);
143 if (reneg_time < ssl_client_renegotiation_interval) {
144 debug("That's more often than we care for");
145 conn->state = CS_CLOSED;
146 }
147 }
148 }
149 }
150
151 static struct sni {
152 char *name;
153 SSL_CTX *ssl_context;
154 unsigned char ocsp_resp_data[OCSP_RESP_MAX];
155 int ocsp_resp_len;
156 time_t ocsp_resp_time;
157 struct sni *next;
158 } *sni_list;
159
160 static SSL_CTX *ssl_create_context(char *keyfile, char *certfile,
161 char *cacert_dir, char *cacert_file);
162
lookup_sni(const char * name)163 static struct sni *lookup_sni(const char *name)
164 {
165 struct sni *s;
166 for (s = sni_list; s; s = s->next)
167 if (!strcmp(s->name, name)) break;
168
169 if (s == NULL) {
170 char keyfile[1024], certfile[1024], cacert_file[1024];
171 s = pen_malloc(sizeof *s);
172 s->name = pen_strdup(name);
173 s->next = sni_list;
174 sni_list = s;
175 snprintf(keyfile, sizeof keyfile, "%s/%s.key", ssl_sni_path, name);
176 snprintf(certfile, sizeof certfile, "%s/%s.crt", ssl_sni_path, name);
177 snprintf(cacert_file, sizeof cacert_file, "%s/%s.ca", ssl_sni_path, name);
178 s->ocsp_resp_len = 0;
179 s->ocsp_resp_time = 0; /* never */
180 s->ssl_context = ssl_create_context(keyfile, certfile, NULL, cacert_file);
181 }
182 return s;
183 }
184
read_ocsp(const char * fn,unsigned char * data)185 static long read_ocsp(const char *fn, unsigned char *data)
186 {
187 int f = open(fn, O_RDONLY);
188 long len = 0;
189 DEBUG(3, "Read ocsp response from '%s'", fn);
190 if (f == -1) {
191 DEBUG(3, "Can't read file");
192 } else {
193 len = read(f, data, OCSP_RESP_MAX);
194 DEBUG(3, "Read %ld bytes of ocsp response", len);
195 close(f);
196 }
197 if (len < 0) len = 0;
198 return len;
199 }
200
ssl_stapling_cb(SSL * ssl,void * p)201 static int ssl_stapling_cb(SSL *ssl, void *p)
202 {
203 connection *conn = SSL_get_app_data(ssl);
204 unsigned char *data, *ocsp_resp_copy;
205 long len = 0;
206
207 if (conn == NULL) {
208 debug("Whoops, no conn info");
209 return SSL_TLSEXT_ERR_ALERT_FATAL;
210 } else {
211 DEBUG(3, "ssl_stapling_cb() called for connection from client %d to server %d",
212 conn->client, conn->server);
213 }
214 if (SSL_get_SSL_CTX(ssl) != ssl_context) {
215 const char *n;
216 char ocsp_file[1024];
217 struct sni *s;
218 DEBUG(3, "stapling for sni context");
219 n = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
220 if (n == NULL) {
221 DEBUG(3, "SNI hostname null, giving up");
222 return SSL_TLSEXT_ERR_NOACK;
223 }
224 s = lookup_sni(n);
225 if (now-s->ocsp_resp_time > 3600) { /* seems about right */
226 snprintf(ocsp_file, sizeof ocsp_file, "%s/%s.ocsp", ssl_sni_path, n);
227 s->ocsp_resp_len = read_ocsp(ocsp_file, s->ocsp_resp_data);
228 s->ocsp_resp_time = now;
229 }
230 len = s->ocsp_resp_len;
231 data = s->ocsp_resp_data;
232 } else {
233 DEBUG(3, "stapling for default context");
234 if (ocsp_resp_file) {
235 ocsp_resp_len = read_ocsp(ocsp_resp_file, ocsp_resp_data);
236 free(ocsp_resp_file);
237 ocsp_resp_file = NULL;
238 }
239 len = ocsp_resp_len;
240 data = ocsp_resp_data;
241 }
242 if (len == 0) {
243 DEBUG(3, "No ocsp data");
244 return SSL_TLSEXT_ERR_NOACK;
245 }
246 ocsp_resp_copy = pen_malloc(len);
247 memcpy(ocsp_resp_copy, data, len);
248 SSL_set_tlsext_status_ocsp_resp(ssl, ocsp_resp_copy, len);
249 return SSL_TLSEXT_ERR_OK;
250 }
251
ssl_sni_cb(SSL * ssl,int * foo,void * arg)252 static int ssl_sni_cb(SSL *ssl, int *foo, void *arg)
253 {
254 const char *n;
255 struct sni *s;
256
257 n = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
258 if (n == NULL) {
259 DEBUG(3, "SNI hostname null, giving up");
260 return SSL_TLSEXT_ERR_NOACK;
261 }
262 DEBUG(3, "ssl_sni_cb() => name = '%s'", n);
263 if (ssl_sni_path == NULL) {
264 DEBUG(3, "ssl_sni_path not set, giving up");
265 return SSL_TLSEXT_ERR_NOACK;
266 }
267 s = lookup_sni(n);
268 if (s->ssl_context == NULL) return SSL_TLSEXT_ERR_NOACK;
269 SSL_set_SSL_CTX(ssl, s->ssl_context);
270 return SSL_TLSEXT_ERR_OK;
271 }
272
ssl_create_context(char * keyfile,char * certfile,char * cacert_dir,char * cacert_file)273 static SSL_CTX *ssl_create_context(char *keyfile, char *certfile,
274 char *cacert_dir, char *cacert_file)
275 {
276 int n, err;
277 SSL_CTX *ssl_context;
278
279 if (certfile == NULL || *certfile == 0) {
280 debug("SSL: No cert file specified in config file!");
281 debug("The server MUST have a certificate!");
282 return NULL;
283 }
284 if (keyfile == NULL || *keyfile == 0)
285 keyfile = certfile;
286 if (cacert_dir != NULL && *cacert_dir == 0)
287 cacert_dir = NULL;
288 if (cacert_file != NULL && *cacert_file == 0)
289 cacert_file = NULL;
290
291 ssl_context = SSL_CTX_new(SSLv23_method());
292 if (ssl_context == NULL) {
293 err = ERR_get_error();
294 debug("SSL: Error allocating context: %s",
295 ERR_error_string(err, NULL));
296 return NULL;
297 }
298 switch (ssl_protocol) {
299 #ifndef OPENSSL_NO_SSL3
300 case SRV_SSL_V3:
301 ssl_options |= SSL_OP_NO_SSLv2;
302 break;
303 #endif
304 case SRV_SSL_TLS1:
305 ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
306 break;
307 }
308 DEBUG(1, "ssl_options = 0x%lx", ssl_options);
309 if (ssl_options) {
310 SSL_CTX_set_options(ssl_context, ssl_options);
311 }
312 if (ssl_compat) {
313 SSL_CTX_set_options(ssl_context, SSL_OP_ALL);
314 }
315 DEBUG(1, "ssl_ciphers = '%s'", ssl_ciphers);
316 if (ssl_ciphers) {
317 n = SSL_CTX_set_cipher_list(ssl_context, ssl_ciphers);
318 if (n == 0) {
319 err = ERR_get_error();
320 DEBUG(3, "SSL_CTX_set_cipher_list(ssl_context, %s) returns %d (%s)",
321 ssl_ciphers, n, err);
322 }
323 }
324
325 if (!SSL_CTX_use_certificate_file(ssl_context, certfile,
326 SSL_FILETYPE_PEM)) {
327 err = ERR_get_error();
328 debug("SSL: error reading certificate from file %s: %s",
329 certfile, ERR_error_string(err, NULL));
330 return NULL;
331 }
332 if (!SSL_CTX_use_PrivateKey_file(ssl_context, keyfile,
333 SSL_FILETYPE_PEM)) {
334 err = ERR_get_error();
335 debug("SSL: error reading private key from file %s: %s",
336 keyfile, ERR_error_string(err, NULL));
337 return NULL;
338 }
339 if (!SSL_CTX_check_private_key(ssl_context)) {
340 debug("SSL: Private key does not match public key in cert!");
341 return NULL;
342 }
343
344 if (cacert_dir != NULL || cacert_file != NULL) {
345 if (!SSL_CTX_load_verify_locations(ssl_context,
346 cacert_file, cacert_dir)) {
347 err = ERR_get_error();
348 debug("SSL: Error error setting CA cert locations: %s",
349 ERR_error_string(err, NULL));
350 cacert_file = cacert_dir = NULL;
351 }
352 }
353 if (cacert_dir == NULL && cacert_file == NULL) { /* no verify locations loaded */
354 debug("SSL: No verify locations, trying default");
355 if (!SSL_CTX_set_default_verify_paths(ssl_context)) {
356 err = ERR_get_error();
357 debug("SSL: Error error setting default CA cert location: %s",
358 ERR_error_string(err, NULL));
359 debug("continuing anyway...");
360 }
361 }
362 SSL_CTX_set_tmp_rsa_callback(ssl_context, ssl_temp_rsa_cb);
363 SSL_CTX_set_info_callback(ssl_context, ssl_info_cb);
364 SSL_CTX_set_tlsext_status_cb(ssl_context, ssl_stapling_cb);
365 SSL_CTX_set_tlsext_servername_callback(ssl_context, ssl_sni_cb);
366 if (require_peer_cert) {
367 SSL_CTX_set_verify(ssl_context,
368 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
369 ssl_verify_cb);
370 } else {
371 SSL_CTX_set_verify(ssl_context,
372 SSL_VERIFY_NONE,
373 ssl_verify_cb);
374 }
375
376 SSL_CTX_set_client_CA_list(ssl_context,
377 SSL_load_client_CA_file(certfile));
378
379 /* permit large writes to be split up in several records */
380 SSL_CTX_set_mode(ssl_context, SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
381
382 DEBUG(3, "SSL_CTX_get_session_cache_mode() returns %d",
383 SSL_CTX_get_session_cache_mode(ssl_context));
384 SSL_CTX_set_session_cache_mode(ssl_context, SSL_SESS_CACHE_SERVER);
385
386 #if defined(HAVE_EC_KEY) && defined(NID_X9_62_prime256v1)
387 EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
388 if (ecdh == NULL) {
389 debug("EC_KEY_new_by_curve_name failure");
390 } else {
391 if (SSL_CTX_set_tmp_ecdh(ssl_context, ecdh) != 1) {
392 debug("SSL_CTX_set_tmp_ecdh failure");
393 } else {
394 DEBUG(1, "ECDH Initialized with NIST P-256");
395 }
396 EC_KEY_free(ecdh);
397 }
398 #endif
399
400 SSL_CTX_set_session_id_context(ssl_context, (void *)&ssl_session_id_context,
401 sizeof ssl_session_id_context);
402
403 return ssl_context;
404 }
405
ssl_init(void)406 int ssl_init(void)
407 {
408 SSL_load_error_strings();
409 SSLeay_add_ssl_algorithms();
410 ssl_context = ssl_create_context(keyfile, certfile, cacert_dir, cacert_file);
411 if (ssl_context == NULL) {
412 error("Unable to create default context");
413 }
414
415 return 0;
416 }
417
418 #endif /* HAVE_LIBSSL */
419