1 /* 2 * stunnel TLS offloading and load-balancing proxy 3 * Copyright (C) 1998-2021 Michal Trojnara <Michal.Trojnara@stunnel.org> 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License as published by the 7 * Free Software Foundation; either version 2 of the License, or (at your 8 * option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * See the GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, see <http://www.gnu.org/licenses>. 17 * 18 * Linking stunnel statically or dynamically with other modules is making 19 * a combined work based on stunnel. Thus, the terms and conditions of 20 * the GNU General Public License cover the whole combination. 21 * 22 * In addition, as a special exception, the copyright holder of stunnel 23 * gives you permission to combine stunnel with free software programs or 24 * libraries that are released under the GNU LGPL and with code included 25 * in the standard release of OpenSSL under the OpenSSL License (or 26 * modified versions of such code, with unchanged license). You may copy 27 * and distribute such a system following the terms of the GNU GPL for 28 * stunnel and the licenses of the other code concerned. 29 * 30 * Note that people who make modified versions of stunnel are not obligated 31 * to grant this special exception for their modified versions; it is their 32 * choice whether to do so. The GNU General Public License gives permission 33 * to release a modified version without this exception; this exception 34 * also makes it possible to release a modified version which carries 35 * forward this exception. 36 */ 37 38 #ifndef COMMON_H 39 #define COMMON_H 40 41 #include "version.h" 42 43 /**************************************** common constants */ 44 45 #define DEFAULT_SECURITY_LEVEL 2 46 47 #define LIBWRAP_CLIENTS 5 48 49 /* CPU stack size */ 50 #define DEFAULT_STACK_SIZE 65536 51 /* #define DEBUG_STACK_SIZE */ 52 53 /* I/O buffer size: 18432 (0x4800) is the maximum size of TLS record payload */ 54 #define BUFFSIZE 18432 55 56 /* how many bytes of random input to read from files for PRNG */ 57 /* security margin is huge to compensate for flawed entropy */ 58 #define RANDOM_BYTES 1024 59 60 /**************************************** debugging */ 61 62 /* for FormatGuard */ 63 /* #define __NO_FORMATGUARD_ */ 64 65 /* additional diagnostic messages */ 66 /* #define DEBUG_FD_ALLOC */ 67 68 #ifdef DEBUG_INFO 69 #define NOEXPORT 70 #else 71 #define NOEXPORT static 72 #endif 73 74 #ifdef __GNUC__ 75 #define NORETURN __attribute__((noreturn)) 76 #else 77 #define NORETURN 78 #endif /* __GNUC__ */ 79 80 /**************************************** platform */ 81 82 #ifdef _WIN32 83 #define USE_WIN32 84 #endif 85 86 #ifdef _WIN32_WCE 87 #define USE_WIN32 88 typedef int socklen_t; 89 #endif 90 91 #ifdef USE_WIN32 92 typedef signed char int8_t; 93 typedef signed short int16_t; 94 typedef signed int int32_t; 95 typedef signed long long int64_t; 96 typedef unsigned char uint8_t; 97 typedef unsigned short uint16_t; 98 typedef unsigned int uint32_t; 99 typedef unsigned long long uint64_t; 100 #ifndef __MINGW32__ 101 #ifdef _WIN64 102 typedef __int64 ssize_t; 103 #else /* _WIN64 */ 104 typedef int ssize_t; 105 #endif /* _WIN64 */ 106 #endif /* !__MINGW32__ */ 107 #define USE_IPv6 108 #define _CRT_SECURE_NO_DEPRECATE 109 #define _CRT_NONSTDC_NO_DEPRECATE 110 #define _CRT_NON_CONFORMING_SWPRINTFS 111 /* prevent including wincrypt.h, as it defines its own OCSP_RESPONSE */ 112 #define __WINCRYPT_H__ 113 #define S_EADDRINUSE WSAEADDRINUSE 114 /* winsock does not define WSAEAGAIN */ 115 /* in most (but not all!) BSD implementations EAGAIN==EWOULDBLOCK */ 116 #define S_EAGAIN WSAEWOULDBLOCK 117 #define S_ECONNRESET WSAECONNRESET 118 #define S_EINPROGRESS WSAEINPROGRESS 119 #define S_EINTR WSAEINTR 120 #define S_EINVAL WSAEINVAL 121 #define S_EISCONN WSAEISCONN 122 #define S_EMFILE WSAEMFILE 123 /* winsock does not define WSAENFILE */ 124 #define S_ENOBUFS WSAENOBUFS 125 /* winsock does not define WSAENOMEM */ 126 #define S_ENOPROTOOPT WSAENOPROTOOPT 127 #define S_ENOTSOCK WSAENOTSOCK 128 #define S_EOPNOTSUPP WSAEOPNOTSUPP 129 #define S_EWOULDBLOCK WSAEWOULDBLOCK 130 #define S_ECONNABORTED WSAECONNABORTED 131 #else /* USE_WIN32 */ 132 #define S_EADDRINUSE EADDRINUSE 133 #define S_EAGAIN EAGAIN 134 #define S_ECONNRESET ECONNRESET 135 #define S_EINPROGRESS EINPROGRESS 136 #define S_EINTR EINTR 137 #define S_EINVAL EINVAL 138 #define S_EISCONN EISCONN 139 #define S_EMFILE EMFILE 140 #ifdef ENFILE 141 #define S_ENFILE ENFILE 142 #endif 143 #ifdef ENOBUFS 144 #define S_ENOBUFS ENOBUFS 145 #endif 146 #ifdef ENOMEM 147 #define S_ENOMEM ENOMEM 148 #endif 149 #define S_ENOPROTOOPT ENOPROTOOPT 150 #define S_ENOTSOCK ENOTSOCK 151 #define S_EOPNOTSUPP EOPNOTSUPP 152 #define S_EWOULDBLOCK EWOULDBLOCK 153 #define S_ECONNABORTED ECONNABORTED 154 #endif /* USE_WIN32 */ 155 156 /**************************************** generic headers */ 157 158 #ifdef __vms 159 #include <starlet.h> 160 #endif /* __vms */ 161 162 /* for nsr-tandem-nsk architecture */ 163 #ifdef __TANDEM 164 #include <floss.h> 165 #endif 166 167 /* threads model */ 168 #ifdef USE_UCONTEXT 169 #define __MAKECONTEXT_V2_SOURCE 170 #include <ucontext.h> 171 #endif 172 173 #ifdef USE_PTHREAD 174 #ifndef THREADS 175 #define THREADS 176 #endif 177 #ifndef _REENTRANT 178 /* _REENTRANT is required for thread-safe errno on Solaris */ 179 #define _REENTRANT 180 #endif 181 #ifndef _THREAD_SAFE 182 #define _THREAD_SAFE 183 #endif 184 #include <pthread.h> 185 #endif 186 187 /* systemd */ 188 #ifdef USE_SYSTEMD 189 #include <systemd/sd-daemon.h> 190 #endif 191 192 #ifdef HAVE_STDINT_H 193 #include <stdint.h> 194 #endif 195 196 #ifdef HAVE_INTTYPES_H 197 #include <inttypes.h> 198 #endif 199 200 /* must be included before sys/stat.h for Ultrix */ 201 /* must be included before sys/socket.h for OpenBSD */ 202 #include <sys/types.h> /* u_short, u_long */ 203 /* general headers */ 204 #include <stdio.h> 205 /* must be included before sys/stat.h for Ultrix */ 206 #ifndef _WIN32_WCE 207 #include <errno.h> 208 #endif 209 #include <stdlib.h> 210 #include <stdarg.h> /* va_ */ 211 #include <string.h> 212 #include <ctype.h> /* isalnum */ 213 #include <time.h> 214 #include <sys/stat.h> /* stat */ 215 #include <setjmp.h> 216 #include <fcntl.h> 217 218 /**************************************** WIN32 headers */ 219 220 #ifdef USE_WIN32 221 222 #define HAVE_STRUCT_ADDRINFO 223 #define HAVE_SNPRINTF 224 #define snprintf _snprintf 225 #define HAVE_VSNPRINTF 226 #define vsnprintf _vsnprintf 227 #define strcasecmp _stricmp 228 #define strncasecmp _strnicmp 229 230 #define get_last_socket_error() WSAGetLastError() 231 #define set_last_socket_error(e) WSASetLastError(e) 232 #define get_last_error() GetLastError() 233 #define set_last_error(e) SetLastError(e) 234 #define readsocket(s,b,n) recv((s),(b),(int)(n),0) 235 #define writesocket(s,b,n) send((s),(b),(int)(n),0) 236 237 /* #define Win32_Winsock */ 238 #define __USE_W32_SOCKETS 239 240 /* Winsock2 header for IPv6 definitions */ 241 #include <winsock2.h> 242 #include <ws2tcpip.h> 243 244 #include <windows.h> 245 246 #include <process.h> /* _beginthread */ 247 #include <shlobj.h> /* SHGetFolderPath */ 248 #include <tchar.h> 249 250 #include "resources.h" 251 252 /**************************************** non-WIN32 headers */ 253 254 #else /* USE_WIN32 */ 255 256 #ifdef __INNOTEK_LIBC__ 257 #define socklen_t __socklen_t 258 #define strcasecmp stricmp 259 #define strncasecmp strnicmp 260 #define NI_NUMERICHOST 1 261 #define NI_NUMERICSERV 2 262 #define get_last_socket_error() sock_errno() 263 #define set_last_socket_error(e) () 264 #define get_last_error() errno 265 #define set_last_error(e) (errno=(e)) 266 #define readsocket(s,b,n) recv((s),(b),(n),0) 267 #define writesocket(s,b,n) send((s),(b),(n),0) 268 #define closesocket(s) close(s) 269 #define ioctlsocket(a,b,c) so_ioctl((a),(b),(c)) 270 #else 271 #define get_last_socket_error() errno 272 #define set_last_socket_error(e) (errno=(e)) 273 #define get_last_error() errno 274 #define set_last_error(e) (errno=(e)) 275 #define readsocket(s,b,n) read((s),(b),(n)) 276 #define writesocket(s,b,n) write((s),(b),(n)) 277 #define closesocket(s) close(s) 278 #define ioctlsocket(a,b,c) ioctl((a),(b),(c)) 279 #endif 280 281 typedef int SOCKET; 282 #define INVALID_SOCKET (-1) 283 284 /* OpenVMS compatibility */ 285 #ifdef __vms 286 #define LIBDIR "__NA__" 287 #ifdef __alpha 288 #define HOST "alpha-openvms" 289 #else 290 #define HOST "vax-openvms" 291 #endif 292 #include <inet.h> 293 #include <unistd.h> 294 #else /* __vms */ 295 #include <syslog.h> 296 #endif /* __vms */ 297 298 /* Unix-specific headers */ 299 #include <signal.h> /* signal */ 300 #include <sys/wait.h> /* wait */ 301 #ifdef HAVE_LIMITS_H 302 #include <limits.h> /* INT_MAX */ 303 #endif 304 #ifdef HAVE_SYS_RESOURCE_H 305 #include <sys/resource.h> /* getrlimit */ 306 #endif 307 #ifdef HAVE_UNISTD_H 308 #include <unistd.h> /* getpid, fork, execvp, exit */ 309 #endif 310 #ifdef HAVE_STROPTS_H 311 #include <stropts.h> 312 #endif 313 #ifdef HAVE_MALLOC_H 314 #include <malloc.h> /* mallopt */ 315 #endif 316 #ifdef HAVE_SYS_SELECT_H 317 #include <sys/select.h> /* for aix */ 318 #endif 319 #include <dirent.h> 320 #ifdef HAVE_SYS_PARAM_H 321 #include <sys/param.h> /* MAXPATHLEN */ 322 #endif 323 324 #if defined(HAVE_POLL) && !defined(BROKEN_POLL) 325 #ifdef HAVE_POLL_H 326 #include <poll.h> 327 #define USE_POLL 328 #else /* HAVE_POLL_H */ 329 #ifdef HAVE_SYS_POLL_H 330 #include <sys/poll.h> 331 #define USE_POLL 332 #endif /* HAVE_SYS_POLL_H */ 333 #endif /* HAVE_POLL_H */ 334 #endif /* HAVE_POLL && !BROKEN_POLL */ 335 336 #ifdef HAVE_SYS_FILIO_H 337 #include <sys/filio.h> /* for FIONBIO */ 338 #endif 339 #include <pwd.h> 340 #ifdef HAVE_GRP_H 341 #include <grp.h> 342 #endif 343 #ifdef __BEOS__ 344 #include <posix/grp.h> 345 #endif 346 347 #ifdef HAVE_SYS_UIO_H 348 #include <sys/uio.h> /* struct iovec */ 349 #endif /* HAVE_SYS_UIO_H */ 350 351 /* BSD sockets */ 352 #include <netinet/in.h> /* struct sockaddr_in */ 353 #include <sys/socket.h> /* getpeername */ 354 #include <arpa/inet.h> /* inet_ntoa */ 355 #include <sys/time.h> /* select */ 356 #include <sys/ioctl.h> /* ioctl */ 357 #ifdef HAVE_SYS_UN_H 358 #include <sys/un.h> 359 #endif 360 #include <netinet/tcp.h> 361 #include <netdb.h> 362 #ifndef INADDR_ANY 363 #define INADDR_ANY (u32)0x00000000 364 #endif 365 #ifndef INADDR_LOOPBACK 366 #define INADDR_LOOPBACK (u32)0x7F000001 367 #endif 368 369 /* SunOS 4 */ 370 #if defined(sun) && !defined(__svr4__) && !defined(__SVR4) 371 #define atexit(a) on_exit((a), NULL) 372 extern int sys_nerr; 373 extern char *sys_errlist[]; 374 #define strerror(num) ((num)==0 ? "No error" : \ 375 ((num)>=sys_nerr ? "Unknown error" : sys_errlist[num])) 376 #endif /* SunOS 4 */ 377 378 /* AIX does not have SOL_TCP defined */ 379 #ifndef SOL_TCP 380 #define SOL_TCP SOL_SOCKET 381 #endif /* SOL_TCP */ 382 383 /* Linux */ 384 #ifdef __linux__ 385 #ifndef IP_FREEBIND 386 /* kernel headers without IP_FREEBIND definition */ 387 #define IP_FREEBIND 15 388 #endif /* IP_FREEBIND */ 389 #ifndef IP_TRANSPARENT 390 /* kernel headers without IP_TRANSPARENT definition */ 391 #define IP_TRANSPARENT 19 392 #endif /* IP_TRANSPARENT */ 393 #ifdef HAVE_LINUX_NETFILTER_IPV4_H 394 #include <limits.h> 395 #include <linux/types.h> 396 #include <linux/netfilter_ipv4.h> 397 #endif /* HAVE_LINUX_NETFILTER_IPV4_H */ 398 #endif /* __linux__ */ 399 #ifdef HAVE_SYS_SYSCALL_H 400 #include <sys/syscall.h> /* SYS_gettid */ 401 #endif 402 #ifdef HAVE_LINUX_SCHED_H 403 #include <linux/sched.h> /* SCHED_BATCH */ 404 #endif 405 406 #endif /* USE_WIN32 */ 407 408 #ifndef S_ISREG 409 #define S_ISREG(m) (((m)&S_IFMT)==S_IFREG) 410 #endif 411 412 /**************************************** OpenSSL headers */ 413 414 #define OPENSSL_THREAD_DEFINES 415 #include <openssl/opensslconf.h> 416 /* opensslv.h requires prior opensslconf.h to include -fips in version string */ 417 #include <openssl/opensslv.h> 418 419 #if OPENSSL_VERSION_NUMBER<0x0090700fL 420 #error OpenSSL 0.9.7 or later is required 421 #endif /* OpenSSL older than 0.9.7 */ 422 423 #if defined(USE_PTHREAD) && !defined(OPENSSL_THREADS) 424 #error OpenSSL library compiled without thread support 425 #endif /* !OPENSSL_THREADS && USE_PTHREAD */ 426 427 #if OPENSSL_VERSION_NUMBER<0x0090800fL 428 #define OPENSSL_NO_ECDH 429 #define OPENSSL_NO_COMP 430 #endif /* OpenSSL older than 0.9.8 */ 431 432 /* non-blocking OCSP API is not available before OpenSSL 0.9.8h */ 433 #if OPENSSL_VERSION_NUMBER<0x00908080L 434 #ifndef OPENSSL_NO_OCSP 435 #define OPENSSL_NO_OCSP 436 #endif /* !defined(OPENSSL_NO_OCSP) */ 437 #endif /* OpenSSL older than 0.9.8h */ 438 439 #if OPENSSL_VERSION_NUMBER<0x00908060L 440 #define OPENSSL_NO_TLSEXT 441 #endif /* OpenSSL older than 0.9.8f */ 442 443 #if OPENSSL_VERSION_NUMBER<0x10000000L 444 #define OPENSSL_NO_PSK 445 #endif /* OpenSSL older than 1.0.0 */ 446 447 #if OPENSSL_VERSION_NUMBER<0x10001000L || defined(OPENSSL_NO_TLS1) 448 #define OPENSSL_NO_TLS1_1 449 #define OPENSSL_NO_TLS1_2 450 #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */ 451 452 #if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) 453 #ifndef OPENSSL_NO_SSL2 454 #define OPENSSL_NO_SSL2 455 #endif /* !defined(OPENSSL_NO_SSL2) */ 456 #else /* OpenSSL older than 1.1.0 */ 457 #define X509_STORE_CTX_get0_chain(x) X509_STORE_CTX_get_chain(x) 458 #define OPENSSL_hexstr2buf string_to_hex 459 #endif /* OpenSSL 1.1.0 or newer */ 460 461 #if OPENSSL_VERSION_NUMBER<0x10101000L 462 #define OPENSSL_NO_TLS1_3 463 #endif /* OpenSSL older than 1.1.1 */ 464 465 #ifdef USE_WIN32 466 #define USE_FIPS 467 #endif 468 469 #include <openssl/conf.h> 470 #include <openssl/lhash.h> 471 #include <openssl/ssl.h> 472 #include <openssl/ui.h> 473 #include <openssl/err.h> 474 #include <openssl/crypto.h> /* for CRYPTO_* and SSLeay_version */ 475 #include <openssl/rand.h> 476 #include <openssl/bn.h> 477 #include <openssl/pkcs12.h> 478 #ifndef OPENSSL_NO_MD4 479 #include <openssl/md4.h> 480 #endif /* !defined(OPENSSL_NO_MD4) */ 481 #include <openssl/des.h> 482 #ifndef OPENSSL_NO_DH 483 #include <openssl/dh.h> 484 #if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) 485 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); 486 #endif /* OpenSSL older than 1.1.0 */ 487 #endif /* !defined(OPENSSL_NO_DH) */ 488 #ifndef OPENSSL_NO_ENGINE 489 #include <openssl/engine.h> 490 #endif /* !defined(OPENSSL_NO_ENGINE) */ 491 #ifndef OPENSSL_NO_OCSP 492 #include <openssl/ocsp.h> 493 #endif /* !defined(OPENSSL_NO_OCSP) */ 494 #ifndef OPENSSL_NO_COMP 495 /* not defined in public headers before OpenSSL 0.9.8 */ 496 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); 497 #endif /* !defined(OPENSSL_NO_COMP) */ 498 #if OPENSSL_VERSION_NUMBER>=0x30000000L 499 #include <openssl/provider.h> 500 #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ 501 502 #ifndef OPENSSL_VERSION 503 #define OPENSSL_VERSION SSLEAY_VERSION 504 #define OpenSSL_version_num() SSLeay() 505 #define OpenSSL_version(x) SSLeay_version(x) 506 #endif 507 508 /**************************************** other defines */ 509 510 /* always use IPv4 defaults! */ 511 #define DEFAULT_LOOPBACK "127.0.0.1" 512 #define DEFAULT_ANY "0.0.0.0" 513 #if 0 514 #define DEFAULT_LOOPBACK "::1" 515 #define DEFAULT_ANY "::" 516 #endif 517 518 #if defined (USE_WIN32) || defined (__vms) 519 #define LOG_EMERG 0 520 #define LOG_ALERT 1 521 #define LOG_CRIT 2 522 #define LOG_ERR 3 523 #define LOG_WARNING 4 524 #define LOG_NOTICE 5 525 #define LOG_INFO 6 526 #define LOG_DEBUG 7 527 #endif /* defined (USE_WIN32) || defined (__vms) */ 528 529 #ifndef offsetof 530 #define offsetof(T, F) ((unsigned)((char *)&((T *)0L)->F - (char *)0L)) 531 #endif 532 533 #endif /* defined COMMON_H */ 534 535 /* end of common.h */ 536