1 /* $NetBSD: ssl-bozo.c,v 1.22 2015/12/28 07:37:59 mrg Exp $ */ 2 3 /* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */ 4 5 /* 6 * Copyright (c) 1997-2014 Matthew R. Green 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer and 16 * dedication in the documentation and/or other materials provided 17 * with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 26 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 */ 32 33 /* this code implements SSL and backend IO for bozohttpd */ 34 35 #include <stdarg.h> 36 #include <stdio.h> 37 #include <syslog.h> 38 #include <unistd.h> 39 40 #include "bozohttpd.h" 41 42 #ifndef NO_SSL_SUPPORT 43 44 #include <openssl/ssl.h> 45 #include <openssl/err.h> 46 47 #ifndef USE_ARG 48 #define USE_ARG(x) /*LINTED*/(void)&(x) 49 #endif 50 51 #ifndef BOZO_SSL_CIPHERS 52 #define BOZO_SSL_CIPHERS \ 53 "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:" \ 54 "AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:" \ 55 "AES:" \ 56 "-SHA:" \ 57 "!aNULL:!eNULL:" \ 58 "!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:" \ 59 "!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:" \ 60 "!KRB5-DES-CBC3-SHA" 61 #endif 62 63 #ifndef BOZO_SSL_OPTIONS 64 #define BOZO_SSL_OPTIONS \ 65 (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1) 66 #endif 67 68 /* this structure encapsulates the ssl info */ 69 70 /* this structure encapsulates the ssl info */ 71 typedef struct sslinfo_t { 72 SSL_CTX *ssl_context; 73 const SSL_METHOD *ssl_method; 74 SSL *bozossl; 75 char *certificate_file; 76 char *privatekey_file; 77 char *ciphers; 78 } sslinfo_t; 79 80 /* 81 * bozo_clear_ssl_queue: print the contents of the SSL error queue 82 */ 83 static void 84 bozo_clear_ssl_queue(bozohttpd_t *httpd) 85 { 86 unsigned long sslcode = ERR_get_error(); 87 88 do { 89 static const char sslfmt[] = "SSL Error: %s:%s:%s"; 90 91 if (httpd->logstderr || isatty(STDERR_FILENO)) { 92 fprintf(stderr, sslfmt, 93 ERR_lib_error_string(sslcode), 94 ERR_func_error_string(sslcode), 95 ERR_reason_error_string(sslcode)); 96 } else { 97 syslog(LOG_ERR, sslfmt, 98 ERR_lib_error_string(sslcode), 99 ERR_func_error_string(sslcode), 100 ERR_reason_error_string(sslcode)); 101 } 102 } while (0 != (sslcode = ERR_get_error())); 103 } 104 105 /* 106 * bozo_ssl_warn works just like bozowarn, plus the SSL error queue 107 */ 108 BOZO_PRINTFLIKE(2, 3) static void 109 bozo_ssl_warn(bozohttpd_t *httpd, const char *fmt, ...) 110 { 111 va_list ap; 112 113 va_start(ap, fmt); 114 if (httpd->logstderr || isatty(STDERR_FILENO)) { 115 vfprintf(stderr, fmt, ap); 116 fputs("\n", stderr); 117 } else 118 vsyslog(LOG_ERR, fmt, ap); 119 va_end(ap); 120 121 bozo_clear_ssl_queue(httpd); 122 } 123 124 125 /* 126 * bozo_ssl_err works just like bozoerr, plus the SSL error queue 127 */ 128 BOZO_PRINTFLIKE(3, 4) BOZO_DEAD static void 129 bozo_ssl_err(bozohttpd_t *httpd, int code, const char *fmt, ...) 130 { 131 va_list ap; 132 133 va_start(ap, fmt); 134 if (httpd->logstderr || isatty(STDERR_FILENO)) { 135 vfprintf(stderr, fmt, ap); 136 fputs("\n", stderr); 137 } else 138 vsyslog(LOG_ERR, fmt, ap); 139 va_end(ap); 140 141 bozo_clear_ssl_queue(httpd); 142 exit(code); 143 } 144 145 /* 146 * bozo_check_error_queue: print warnings if the error isn't expected 147 */ 148 static void 149 bozo_check_error_queue(bozohttpd_t *httpd, const char *tag, int ret) 150 { 151 if (ret > 0) 152 return; 153 154 const sslinfo_t *sslinfo = httpd->sslinfo; 155 const int sslerr = SSL_get_error(sslinfo->bozossl, ret); 156 157 if (sslerr != SSL_ERROR_ZERO_RETURN && 158 sslerr != SSL_ERROR_SYSCALL && 159 sslerr != SSL_ERROR_NONE) 160 bozo_ssl_warn(httpd, "%s: SSL_ERROR %d", tag, sslerr); 161 } 162 163 static BOZO_PRINTFLIKE(2, 0) int 164 bozo_ssl_printf(bozohttpd_t *httpd, const char * fmt, va_list ap) 165 { 166 char *buf; 167 int nbytes; 168 169 if ((nbytes = vasprintf(&buf, fmt, ap)) != -1) { 170 const sslinfo_t *sslinfo = httpd->sslinfo; 171 int ret = SSL_write(sslinfo->bozossl, buf, nbytes); 172 bozo_check_error_queue(httpd, "write", ret); 173 } 174 175 free(buf); 176 177 return nbytes; 178 } 179 180 static ssize_t 181 bozo_ssl_read(bozohttpd_t *httpd, int fd, void *buf, size_t nbytes) 182 { 183 const sslinfo_t *sslinfo = httpd->sslinfo; 184 int ret; 185 186 USE_ARG(fd); 187 ret = SSL_read(sslinfo->bozossl, buf, (int)nbytes); 188 bozo_check_error_queue(httpd, "read", ret); 189 190 return (ssize_t)ret; 191 } 192 193 static ssize_t 194 bozo_ssl_write(bozohttpd_t *httpd, int fd, const void *buf, size_t nbytes) 195 { 196 const sslinfo_t *sslinfo = httpd->sslinfo; 197 int ret; 198 199 USE_ARG(fd); 200 ret = SSL_write(sslinfo->bozossl, buf, (int)nbytes); 201 bozo_check_error_queue(httpd, "write", ret); 202 203 return (ssize_t)ret; 204 } 205 206 void 207 bozo_ssl_init(bozohttpd_t *httpd) 208 { 209 sslinfo_t *sslinfo = httpd->sslinfo; 210 long options; 211 212 if (sslinfo == NULL || !sslinfo->certificate_file) 213 return; 214 SSL_library_init(); 215 SSL_load_error_strings(); 216 217 sslinfo->ssl_method = SSLv23_server_method(); 218 sslinfo->ssl_context = SSL_CTX_new(sslinfo->ssl_method); 219 220 if (NULL == sslinfo->ssl_context) 221 bozo_ssl_err(httpd, EXIT_FAILURE, 222 "SSL context creation failed"); 223 224 options = SSL_CTX_set_options(sslinfo->ssl_context, 225 BOZO_SSL_OPTIONS); 226 if ((options & BOZO_SSL_OPTIONS) != BOZO_SSL_OPTIONS) 227 bozo_ssl_err(httpd, EXIT_FAILURE, 228 "Error setting ssl options requested %#lx, got %#lx", 229 BOZO_SSL_OPTIONS, options); 230 231 if (!SSL_CTX_set_cipher_list(sslinfo->ssl_context, 232 sslinfo->ciphers ? sslinfo->ciphers : BOZO_SSL_CIPHERS)) 233 bozo_ssl_err(httpd, EXIT_FAILURE, 234 "Error setting cipher list '%s'", sslinfo->ciphers); 235 236 if (1 != SSL_CTX_use_certificate_chain_file(sslinfo->ssl_context, 237 sslinfo->certificate_file)) 238 bozo_ssl_err(httpd, EXIT_FAILURE, 239 "Unable to use certificate file '%s'", 240 sslinfo->certificate_file); 241 242 if (1 != SSL_CTX_use_PrivateKey_file(sslinfo->ssl_context, 243 sslinfo->privatekey_file, SSL_FILETYPE_PEM)) 244 bozo_ssl_err(httpd, EXIT_FAILURE, 245 "Unable to use private key file '%s'", 246 sslinfo->privatekey_file); 247 248 /* check consistency of key vs certificate */ 249 if (!SSL_CTX_check_private_key(sslinfo->ssl_context)) 250 bozo_ssl_err(httpd, EXIT_FAILURE, 251 "Check private key failed"); 252 } 253 254 /* 255 * returns non-zero for failure 256 */ 257 int 258 bozo_ssl_accept(bozohttpd_t *httpd) 259 { 260 sslinfo_t *sslinfo = httpd->sslinfo; 261 262 if (sslinfo == NULL || !sslinfo->ssl_context) 263 return 0; 264 265 sslinfo->bozossl = SSL_new(sslinfo->ssl_context); 266 if (sslinfo->bozossl == NULL) 267 bozoerr(httpd, 1, "SSL_new failed"); 268 269 SSL_set_rfd(sslinfo->bozossl, 0); 270 SSL_set_wfd(sslinfo->bozossl, 1); 271 272 const int ret = SSL_accept(sslinfo->bozossl); 273 bozo_check_error_queue(httpd, "accept", ret); 274 275 return ret != 1; 276 } 277 278 void 279 bozo_ssl_destroy(bozohttpd_t *httpd) 280 { 281 const sslinfo_t *sslinfo = httpd->sslinfo; 282 283 if (sslinfo && sslinfo->bozossl) 284 SSL_free(sslinfo->bozossl); 285 } 286 287 static sslinfo_t * 288 bozo_get_sslinfo(bozohttpd_t *httpd) 289 { 290 sslinfo_t *sslinfo; 291 if (httpd->sslinfo) 292 return httpd->sslinfo; 293 sslinfo = bozomalloc(httpd, sizeof(*sslinfo)); 294 if (sslinfo == NULL) 295 bozoerr(httpd, 1, "sslinfo allocation failed"); 296 memset(sslinfo, 0, sizeof(*sslinfo)); 297 return httpd->sslinfo = sslinfo; 298 } 299 300 void 301 bozo_ssl_set_opts(bozohttpd_t *httpd, const char *cert, const char *priv) 302 { 303 sslinfo_t *sslinfo = bozo_get_sslinfo(httpd); 304 305 sslinfo->certificate_file = bozostrdup(httpd, NULL, cert); 306 sslinfo->privatekey_file = bozostrdup(httpd, NULL, priv); 307 debug((httpd, DEBUG_NORMAL, "using cert/priv files: %s & %s", 308 sslinfo->certificate_file, 309 sslinfo->privatekey_file)); 310 if (!httpd->bindport) 311 httpd->bindport = bozostrdup(httpd, NULL, "https"); 312 } 313 314 void 315 bozo_ssl_set_ciphers(bozohttpd_t *httpd, const char *ciphers) 316 { 317 sslinfo_t *sslinfo = bozo_get_sslinfo(httpd); 318 319 sslinfo->ciphers = bozostrdup(httpd, NULL, ciphers); 320 debug((httpd, DEBUG_NORMAL, "using ciphers: %s", sslinfo->ciphers)); 321 } 322 323 #endif /* NO_SSL_SUPPORT */ 324 325 int 326 bozo_printf(bozohttpd_t *httpd, const char *fmt, ...) 327 { 328 va_list args; 329 int cc; 330 331 va_start(args, fmt); 332 #ifndef NO_SSL_SUPPORT 333 if (httpd->sslinfo) 334 cc = bozo_ssl_printf(httpd, fmt, args); 335 else 336 #endif 337 cc = vprintf(fmt, args); 338 va_end(args); 339 return cc; 340 } 341 342 ssize_t 343 bozo_read(bozohttpd_t *httpd, int fd, void *buf, size_t len) 344 { 345 #ifndef NO_SSL_SUPPORT 346 if (httpd->sslinfo) 347 return bozo_ssl_read(httpd, fd, buf, len); 348 #endif 349 return read(fd, buf, len); 350 } 351 352 ssize_t 353 bozo_write(bozohttpd_t *httpd, int fd, const void *buf, size_t len) 354 { 355 #ifndef NO_SSL_SUPPORT 356 if (httpd->sslinfo) 357 return bozo_ssl_write(httpd, fd, buf, len); 358 #endif 359 return write(fd, buf, len); 360 } 361 362 int 363 bozo_flush(bozohttpd_t *httpd, FILE *fp) 364 { 365 #ifndef NO_SSL_SUPPORT 366 if (httpd->sslinfo) 367 return 0; 368 #endif 369 return fflush(fp); 370 } 371