1 /* $OpenBSD: ssl.c,v 1.30 2015/12/30 12:08:34 benno Exp $ */ 2 3 /* 4 * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/types.h> 21 #include <sys/socket.h> 22 23 #include <limits.h> 24 #include <stdio.h> 25 #include <stdlib.h> 26 #include <event.h> 27 #include <unistd.h> 28 #include <string.h> 29 #include <imsg.h> 30 31 #include <openssl/ssl.h> 32 #include <openssl/err.h> 33 #include <openssl/engine.h> 34 35 #include "relayd.h" 36 37 void ssl_read(int, short, void *); 38 void ssl_write(int, short, void *); 39 void ssl_connect(int, short, void *); 40 void ssl_cleanup(struct ctl_tcp_event *); 41 int ssl_password_cb(char *, int, int, void *); 42 43 void 44 ssl_read(int s, short event, void *arg) 45 { 46 char rbuf[SMALL_READ_BUF_SIZE]; 47 struct ctl_tcp_event *cte = arg; 48 int retry_flag = EV_READ; 49 int tls_err = 0; 50 int ret; 51 52 if (event == EV_TIMEOUT) { 53 cte->host->up = HOST_DOWN; 54 ssl_cleanup(cte); 55 hce_notify_done(cte->host, HCE_TLS_READ_TIMEOUT); 56 return; 57 } 58 59 bzero(rbuf, sizeof(rbuf)); 60 61 ret = SSL_read(cte->ssl, rbuf, sizeof(rbuf)); 62 if (ret <= 0) { 63 tls_err = SSL_get_error(cte->ssl, ret); 64 switch (tls_err) { 65 case SSL_ERROR_WANT_READ: 66 retry_flag = EV_READ; 67 goto retry; 68 case SSL_ERROR_WANT_WRITE: 69 retry_flag = EV_WRITE; 70 goto retry; 71 case SSL_ERROR_ZERO_RETURN: /* FALLTHROUGH */ 72 case SSL_ERROR_SYSCALL: 73 if (ret == 0) { 74 cte->host->up = HOST_DOWN; 75 (void)cte->validate_close(cte); 76 ssl_cleanup(cte); 77 hce_notify_done(cte->host, cte->host->he); 78 return; 79 } 80 /* FALLTHROUGH */ 81 default: 82 cte->host->up = HOST_DOWN; 83 ssl_error(cte->host->conf.name, "cannot read"); 84 ssl_cleanup(cte); 85 hce_notify_done(cte->host, HCE_TLS_READ_ERROR); 86 break; 87 } 88 return; 89 } 90 if (ibuf_add(cte->buf, rbuf, ret) == -1) 91 fatal("ssl_read: buf_add error"); 92 if (cte->validate_read != NULL) { 93 if (cte->validate_read(cte) != 0) 94 goto retry; 95 96 ssl_cleanup(cte); 97 hce_notify_done(cte->host, cte->host->he); 98 return; 99 } 100 101 retry: 102 event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_read, 103 &cte->tv_start, &cte->table->conf.timeout, cte); 104 return; 105 } 106 107 void 108 ssl_write(int s, short event, void *arg) 109 { 110 struct ctl_tcp_event *cte = arg; 111 int retry_flag = EV_WRITE; 112 int tls_err = 0; 113 int len; 114 int ret; 115 116 if (event == EV_TIMEOUT) { 117 cte->host->up = HOST_DOWN; 118 ssl_cleanup(cte); 119 hce_notify_done(cte->host, HCE_TLS_WRITE_TIMEOUT); 120 return; 121 } 122 123 len = strlen(cte->table->sendbuf); 124 125 ret = SSL_write(cte->ssl, cte->table->sendbuf, len); 126 if (ret <= 0) { 127 tls_err = SSL_get_error(cte->ssl, ret); 128 switch (tls_err) { 129 case SSL_ERROR_WANT_READ: 130 retry_flag = EV_READ; 131 goto retry; 132 case SSL_ERROR_WANT_WRITE: 133 retry_flag = EV_WRITE; 134 goto retry; 135 default: 136 cte->host->up = HOST_DOWN; 137 ssl_error(cte->host->conf.name, "cannot write"); 138 ssl_cleanup(cte); 139 hce_notify_done(cte->host, HCE_TLS_WRITE_ERROR); 140 return; 141 } 142 } 143 if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL) 144 fatalx("ssl_write: cannot create dynamic buffer"); 145 146 event_again(&cte->ev, s, EV_TIMEOUT|EV_READ, ssl_read, 147 &cte->tv_start, &cte->table->conf.timeout, cte); 148 return; 149 retry: 150 event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_write, 151 &cte->tv_start, &cte->table->conf.timeout, cte); 152 } 153 154 void 155 ssl_connect(int s, short event, void *arg) 156 { 157 struct ctl_tcp_event *cte = arg; 158 int retry_flag = 0; 159 int tls_err = 0; 160 int ret; 161 162 if (event == EV_TIMEOUT) { 163 cte->host->up = HOST_DOWN; 164 hce_notify_done(cte->host, HCE_TLS_CONNECT_TIMEOUT); 165 ssl_cleanup(cte); 166 return; 167 } 168 169 ret = SSL_connect(cte->ssl); 170 if (ret <= 0) { 171 tls_err = SSL_get_error(cte->ssl, ret); 172 switch (tls_err) { 173 case SSL_ERROR_WANT_READ: 174 retry_flag = EV_READ; 175 goto retry; 176 case SSL_ERROR_WANT_WRITE: 177 retry_flag = EV_WRITE; 178 goto retry; 179 default: 180 cte->host->up = HOST_DOWN; 181 ssl_error(cte->host->conf.name, "cannot connect"); 182 hce_notify_done(cte->host, HCE_TLS_CONNECT_FAIL); 183 ssl_cleanup(cte); 184 return; 185 } 186 } 187 188 if (cte->table->conf.check == CHECK_TCP) { 189 cte->host->up = HOST_UP; 190 hce_notify_done(cte->host, HCE_TLS_CONNECT_OK); 191 ssl_cleanup(cte); 192 return; 193 } 194 if (cte->table->sendbuf != NULL) { 195 event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE, ssl_write, 196 &cte->tv_start, &cte->table->conf.timeout, cte); 197 return; 198 } 199 200 if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL) 201 fatalx("ssl_connect: cannot create dynamic buffer"); 202 event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_READ, ssl_read, 203 &cte->tv_start, &cte->table->conf.timeout, cte); 204 return; 205 206 retry: 207 event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_connect, 208 &cte->tv_start, &cte->table->conf.timeout, cte); 209 } 210 211 void 212 ssl_cleanup(struct ctl_tcp_event *cte) 213 { 214 close(cte->s); 215 if (cte->ssl != NULL) { 216 SSL_shutdown(cte->ssl); 217 SSL_clear(cte->ssl); 218 } 219 ibuf_free(cte->buf); 220 cte->buf = NULL; 221 } 222 223 void 224 ssl_error(const char *where, const char *what) 225 { 226 char errbuf[128]; 227 unsigned long code; 228 extern int debug; 229 230 if (!debug) 231 return; 232 for (; (code = ERR_get_error()) != 0 ;) { 233 ERR_error_string_n(code, errbuf, sizeof(errbuf)); 234 log_debug("SSL library error: %s: %s: %s", where, what, errbuf); 235 } 236 } 237 238 void 239 ssl_init(struct relayd *env) 240 { 241 static int initialized = 0; 242 243 if (initialized) 244 return; 245 246 SSL_library_init(); 247 SSL_load_error_strings(); 248 249 /* Init hardware crypto engines. */ 250 ENGINE_load_builtin_engines(); 251 ENGINE_register_all_complete(); 252 253 initialized = 1; 254 } 255 256 void 257 ssl_transaction(struct ctl_tcp_event *cte) 258 { 259 if (cte->ssl == NULL) { 260 cte->ssl = SSL_new(cte->table->ssl_ctx); 261 if (cte->ssl == NULL) { 262 ssl_error(cte->host->conf.name, "cannot create object"); 263 fatal("cannot create SSL object"); 264 } 265 } 266 267 if (SSL_set_fd(cte->ssl, cte->s) == 0) { 268 cte->host->up = HOST_UNKNOWN; 269 ssl_error(cte->host->conf.name, "cannot set fd"); 270 ssl_cleanup(cte); 271 hce_notify_done(cte->host, HCE_TLS_CONNECT_ERROR); 272 return; 273 } 274 SSL_set_connect_state(cte->ssl); 275 276 event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE, ssl_connect, 277 &cte->tv_start, &cte->table->conf.timeout, cte); 278 } 279 280 SSL_CTX * 281 ssl_ctx_create(struct relayd *env) 282 { 283 SSL_CTX *ctx; 284 285 ctx = SSL_CTX_new(SSLv23_client_method()); 286 if (ctx == NULL) { 287 ssl_error("ssl_ctx_create", "cannot create context"); 288 fatal("could not create SSL context"); 289 } 290 return (ctx); 291 } 292 293 int 294 ssl_password_cb(char *buf, int size, int rwflag, void *u) 295 { 296 size_t len; 297 if (u == NULL) { 298 bzero(buf, size); 299 return (0); 300 } 301 if ((len = strlcpy(buf, u, size)) >= (size_t)size) 302 return (0); 303 return (len); 304 } 305 306 char * 307 ssl_load_key(struct relayd *env, const char *name, off_t *len, char *pass) 308 { 309 FILE *fp; 310 EVP_PKEY *key = NULL; 311 BIO *bio = NULL; 312 long size; 313 char *data, *buf = NULL; 314 315 /* Initialize SSL library once */ 316 ssl_init(env); 317 318 /* 319 * Read (possibly) encrypted key from file 320 */ 321 if ((fp = fopen(name, "r")) == NULL) 322 return (NULL); 323 324 key = PEM_read_PrivateKey(fp, NULL, ssl_password_cb, pass); 325 fclose(fp); 326 if (key == NULL) 327 goto fail; 328 329 /* 330 * Write unencrypted key to memory buffer 331 */ 332 if ((bio = BIO_new(BIO_s_mem())) == NULL) 333 goto fail; 334 if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL)) 335 goto fail; 336 if ((size = BIO_get_mem_data(bio, &data)) <= 0) 337 goto fail; 338 if ((buf = calloc(1, size)) == NULL) 339 goto fail; 340 memcpy(buf, data, size); 341 342 BIO_free_all(bio); 343 EVP_PKEY_free(key); 344 345 *len = (off_t)size; 346 return (buf); 347 348 fail: 349 ssl_error(__func__, name); 350 351 free(buf); 352 if (bio != NULL) 353 BIO_free_all(bio); 354 if (key != NULL) 355 EVP_PKEY_free(key); 356 return (NULL); 357 } 358 359 X509 * 360 ssl_update_certificate(X509 *oldcert, EVP_PKEY *pkey, EVP_PKEY *capkey, 361 X509 *cacert) 362 { 363 char name[2][TLS_NAME_SIZE]; 364 X509 *cert = NULL; 365 366 name[0][0] = name[1][0] = '\0'; 367 if (!X509_NAME_oneline(X509_get_subject_name(oldcert), 368 name[0], sizeof(name[0])) || 369 !X509_NAME_oneline(X509_get_issuer_name(oldcert), 370 name[1], sizeof(name[1]))) 371 goto done; 372 373 if ((cert = X509_dup(oldcert)) == NULL) 374 goto done; 375 376 /* Update certificate key and use our CA as the issuer */ 377 X509_set_pubkey(cert, pkey); 378 X509_set_issuer_name(cert, X509_get_subject_name(cacert)); 379 380 /* Sign with our CA */ 381 if (!X509_sign(cert, capkey, EVP_sha1())) { 382 X509_free(cert); 383 cert = NULL; 384 } 385 386 #if DEBUG_CERT 387 log_debug("%s: subject %s", __func__, name[0]); 388 log_debug("%s: issuer %s", __func__, name[1]); 389 #if DEBUG > 2 390 X509_print_fp(stdout, cert); 391 #endif 392 #endif 393 394 done: 395 if (cert == NULL) 396 ssl_error(__func__, name[0]); 397 398 return (cert); 399 } 400 401 int 402 ssl_load_pkey(const void *data, size_t datalen, char *buf, off_t len, 403 X509 **x509ptr, EVP_PKEY **pkeyptr) 404 { 405 BIO *in; 406 X509 *x509 = NULL; 407 EVP_PKEY *pkey = NULL; 408 RSA *rsa = NULL; 409 void *exdata = NULL; 410 411 if ((in = BIO_new_mem_buf(buf, len)) == NULL) { 412 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_BUF_LIB); 413 return (0); 414 } 415 416 if ((x509 = PEM_read_bio_X509(in, NULL, 417 ssl_password_cb, NULL)) == NULL) { 418 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PEM_LIB); 419 goto fail; 420 } 421 422 if ((pkey = X509_get_pubkey(x509)) == NULL) { 423 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_X509_LIB); 424 goto fail; 425 } 426 427 BIO_free(in); 428 429 if (data != NULL && datalen) { 430 if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL || 431 (exdata = malloc(datalen)) == NULL) { 432 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_EVP_LIB); 433 goto fail; 434 } 435 436 memcpy(exdata, data, datalen); 437 RSA_set_ex_data(rsa, 0, exdata); 438 RSA_free(rsa); /* dereference, will be cleaned up with pkey */ 439 } 440 441 *x509ptr = x509; 442 *pkeyptr = pkey; 443 444 return (1); 445 446 fail: 447 if (rsa != NULL) 448 RSA_free(rsa); 449 if (in != NULL) 450 BIO_free(in); 451 if (pkey != NULL) 452 EVP_PKEY_free(pkey); 453 if (x509 != NULL) 454 X509_free(x509); 455 free(exdata); 456 457 return (0); 458 } 459 460 int 461 ssl_ctx_fake_private_key(SSL_CTX *ctx, const void *data, size_t datalen, 462 char *buf, off_t len, X509 **x509ptr, EVP_PKEY **pkeyptr) 463 { 464 int ret = 0; 465 EVP_PKEY *pkey = NULL; 466 X509 *x509 = NULL; 467 468 if (!ssl_load_pkey(data, datalen, buf, len, &x509, &pkey)) 469 return (0); 470 471 /* 472 * Use the public key as the "private" key - the secret key 473 * parameters are hidden in an extra process that will be 474 * contacted by the RSA engine. The SSL/TLS library needs at 475 * least the public key parameters in the current process. 476 */ 477 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 478 if (!ret) 479 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SSL_LIB); 480 481 if (pkeyptr != NULL) 482 *pkeyptr = pkey; 483 else if (pkey != NULL) 484 EVP_PKEY_free(pkey); 485 486 if (x509ptr != NULL) 487 *x509ptr = x509; 488 else if (x509 != NULL) 489 X509_free(x509); 490 491 return (ret); 492 } 493 494