1 /* $OpenBSD: ssl.c,v 1.25 2014/07/10 12:50:05 jsg Exp $ */ 2 3 /* 4 * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/param.h> 21 #include <sys/queue.h> 22 #include <sys/socket.h> 23 24 #include <net/if.h> 25 #include <netinet/in.h> 26 27 #include <limits.h> 28 #include <event.h> 29 #include <fcntl.h> 30 #include <unistd.h> 31 #include <string.h> 32 #include <stdlib.h> 33 #include <errno.h> 34 35 #include <openssl/ssl.h> 36 #include <openssl/err.h> 37 #include <openssl/engine.h> 38 #include <openssl/rsa.h> 39 40 #include "relayd.h" 41 42 void ssl_read(int, short, void *); 43 void ssl_write(int, short, void *); 44 void ssl_connect(int, short, void *); 45 void ssl_cleanup(struct ctl_tcp_event *); 46 int ssl_password_cb(char *, int, int, void *); 47 48 void 49 ssl_read(int s, short event, void *arg) 50 { 51 char rbuf[SMALL_READ_BUF_SIZE]; 52 struct ctl_tcp_event *cte = arg; 53 int retry_flag = EV_READ; 54 int ssl_err = 0; 55 int ret; 56 57 if (event == EV_TIMEOUT) { 58 cte->host->up = HOST_DOWN; 59 ssl_cleanup(cte); 60 hce_notify_done(cte->host, HCE_SSL_READ_TIMEOUT); 61 return; 62 } 63 64 bzero(rbuf, sizeof(rbuf)); 65 66 ret = SSL_read(cte->ssl, rbuf, sizeof(rbuf)); 67 if (ret <= 0) { 68 ssl_err = SSL_get_error(cte->ssl, ret); 69 switch (ssl_err) { 70 case SSL_ERROR_WANT_READ: 71 retry_flag = EV_READ; 72 goto retry; 73 case SSL_ERROR_WANT_WRITE: 74 retry_flag = EV_WRITE; 75 goto retry; 76 case SSL_ERROR_ZERO_RETURN: /* FALLTHROUGH */ 77 case SSL_ERROR_SYSCALL: 78 if (ret == 0) { 79 cte->host->up = HOST_DOWN; 80 (void)cte->validate_close(cte); 81 ssl_cleanup(cte); 82 hce_notify_done(cte->host, cte->host->he); 83 return; 84 } 85 /* FALLTHROUGH */ 86 default: 87 cte->host->up = HOST_DOWN; 88 ssl_error(cte->host->conf.name, "cannot read"); 89 ssl_cleanup(cte); 90 hce_notify_done(cte->host, HCE_SSL_READ_ERROR); 91 break; 92 } 93 return; 94 } 95 if (ibuf_add(cte->buf, rbuf, ret) == -1) 96 fatal("ssl_read: buf_add error"); 97 if (cte->validate_read != NULL) { 98 if (cte->validate_read(cte) != 0) 99 goto retry; 100 101 ssl_cleanup(cte); 102 hce_notify_done(cte->host, cte->host->he); 103 return; 104 } 105 106 retry: 107 event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_read, 108 &cte->tv_start, &cte->table->conf.timeout, cte); 109 return; 110 } 111 112 void 113 ssl_write(int s, short event, void *arg) 114 { 115 struct ctl_tcp_event *cte = arg; 116 int retry_flag = EV_WRITE; 117 int ssl_err = 0; 118 int len; 119 int ret; 120 121 if (event == EV_TIMEOUT) { 122 cte->host->up = HOST_DOWN; 123 ssl_cleanup(cte); 124 hce_notify_done(cte->host, HCE_SSL_WRITE_TIMEOUT); 125 return; 126 } 127 128 len = strlen(cte->table->sendbuf); 129 130 ret = SSL_write(cte->ssl, cte->table->sendbuf, len); 131 if (ret <= 0) { 132 ssl_err = SSL_get_error(cte->ssl, ret); 133 switch (ssl_err) { 134 case SSL_ERROR_WANT_READ: 135 retry_flag = EV_READ; 136 goto retry; 137 case SSL_ERROR_WANT_WRITE: 138 retry_flag = EV_WRITE; 139 goto retry; 140 default: 141 cte->host->up = HOST_DOWN; 142 ssl_error(cte->host->conf.name, "cannot write"); 143 ssl_cleanup(cte); 144 hce_notify_done(cte->host, HCE_SSL_WRITE_ERROR); 145 return; 146 } 147 } 148 if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL) 149 fatalx("ssl_write: cannot create dynamic buffer"); 150 151 event_again(&cte->ev, s, EV_TIMEOUT|EV_READ, ssl_read, 152 &cte->tv_start, &cte->table->conf.timeout, cte); 153 return; 154 retry: 155 event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_write, 156 &cte->tv_start, &cte->table->conf.timeout, cte); 157 } 158 159 void 160 ssl_connect(int s, short event, void *arg) 161 { 162 struct ctl_tcp_event *cte = arg; 163 int retry_flag = 0; 164 int ssl_err = 0; 165 int ret; 166 167 if (event == EV_TIMEOUT) { 168 cte->host->up = HOST_DOWN; 169 hce_notify_done(cte->host, HCE_SSL_CONNECT_TIMEOUT); 170 ssl_cleanup(cte); 171 return; 172 } 173 174 ret = SSL_connect(cte->ssl); 175 if (ret <= 0) { 176 ssl_err = SSL_get_error(cte->ssl, ret); 177 switch (ssl_err) { 178 case SSL_ERROR_WANT_READ: 179 retry_flag = EV_READ; 180 goto retry; 181 case SSL_ERROR_WANT_WRITE: 182 retry_flag = EV_WRITE; 183 goto retry; 184 default: 185 cte->host->up = HOST_DOWN; 186 ssl_error(cte->host->conf.name, "cannot connect"); 187 hce_notify_done(cte->host, HCE_SSL_CONNECT_FAIL); 188 ssl_cleanup(cte); 189 return; 190 } 191 } 192 193 if (cte->table->conf.check == CHECK_TCP) { 194 cte->host->up = HOST_UP; 195 hce_notify_done(cte->host, HCE_SSL_CONNECT_OK); 196 ssl_cleanup(cte); 197 return; 198 } 199 if (cte->table->sendbuf != NULL) { 200 event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE, ssl_write, 201 &cte->tv_start, &cte->table->conf.timeout, cte); 202 return; 203 } 204 205 if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL) 206 fatalx("ssl_connect: cannot create dynamic buffer"); 207 event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_READ, ssl_read, 208 &cte->tv_start, &cte->table->conf.timeout, cte); 209 return; 210 211 retry: 212 event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_connect, 213 &cte->tv_start, &cte->table->conf.timeout, cte); 214 } 215 216 void 217 ssl_cleanup(struct ctl_tcp_event *cte) 218 { 219 close(cte->s); 220 if (cte->ssl != NULL) { 221 SSL_shutdown(cte->ssl); 222 SSL_clear(cte->ssl); 223 } 224 if (cte->buf != NULL) { 225 ibuf_free(cte->buf); 226 cte->buf = NULL; 227 } 228 } 229 230 void 231 ssl_error(const char *where, const char *what) 232 { 233 char errbuf[128]; 234 unsigned long code; 235 extern int debug; 236 237 if (!debug) 238 return; 239 for (; (code = ERR_get_error()) != 0 ;) { 240 ERR_error_string_n(code, errbuf, sizeof(errbuf)); 241 log_debug("SSL library error: %s: %s: %s", where, what, errbuf); 242 } 243 } 244 245 void 246 ssl_init(struct relayd *env) 247 { 248 static int initialized = 0; 249 250 if (initialized) 251 return; 252 253 SSL_library_init(); 254 SSL_load_error_strings(); 255 256 /* Init hardware crypto engines. */ 257 ENGINE_load_builtin_engines(); 258 ENGINE_register_all_complete(); 259 260 initialized = 1; 261 } 262 263 void 264 ssl_transaction(struct ctl_tcp_event *cte) 265 { 266 if (cte->ssl == NULL) { 267 cte->ssl = SSL_new(cte->table->ssl_ctx); 268 if (cte->ssl == NULL) { 269 ssl_error(cte->host->conf.name, "cannot create object"); 270 fatal("cannot create SSL object"); 271 } 272 } 273 274 if (SSL_set_fd(cte->ssl, cte->s) == 0) { 275 cte->host->up = HOST_UNKNOWN; 276 ssl_error(cte->host->conf.name, "cannot set fd"); 277 ssl_cleanup(cte); 278 hce_notify_done(cte->host, HCE_SSL_CONNECT_ERROR); 279 return; 280 } 281 SSL_set_connect_state(cte->ssl); 282 283 event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE, ssl_connect, 284 &cte->tv_start, &cte->table->conf.timeout, cte); 285 } 286 287 SSL_CTX * 288 ssl_ctx_create(struct relayd *env) 289 { 290 SSL_CTX *ctx; 291 292 ctx = SSL_CTX_new(SSLv23_client_method()); 293 if (ctx == NULL) { 294 ssl_error("ssl_ctx_create", "cannot create context"); 295 fatal("could not create SSL context"); 296 } 297 return (ctx); 298 } 299 300 int 301 ssl_password_cb(char *buf, int size, int rwflag, void *u) 302 { 303 size_t len; 304 if (u == NULL) { 305 bzero(buf, size); 306 return (0); 307 } 308 if ((len = strlcpy(buf, u, size)) >= (size_t)size) 309 return (0); 310 return (len); 311 } 312 313 char * 314 ssl_load_key(struct relayd *env, const char *name, off_t *len, char *pass) 315 { 316 FILE *fp; 317 EVP_PKEY *key = NULL; 318 BIO *bio = NULL; 319 long size; 320 char *data, *buf = NULL; 321 322 /* Initialize SSL library once */ 323 ssl_init(env); 324 325 /* 326 * Read (possibly) encrypted key from file 327 */ 328 if ((fp = fopen(name, "r")) == NULL) 329 return (NULL); 330 331 key = PEM_read_PrivateKey(fp, NULL, ssl_password_cb, pass); 332 fclose(fp); 333 if (key == NULL) 334 goto fail; 335 336 /* 337 * Write unencrypted key to memory buffer 338 */ 339 if ((bio = BIO_new(BIO_s_mem())) == NULL) 340 goto fail; 341 if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL)) 342 goto fail; 343 if ((size = BIO_get_mem_data(bio, &data)) <= 0) 344 goto fail; 345 if ((buf = calloc(1, size)) == NULL) 346 goto fail; 347 memcpy(buf, data, size); 348 349 BIO_free_all(bio); 350 EVP_PKEY_free(key); 351 352 *len = (off_t)size; 353 return (buf); 354 355 fail: 356 ssl_error(__func__, name); 357 358 free(buf); 359 if (bio != NULL) 360 BIO_free_all(bio); 361 if (key != NULL) 362 EVP_PKEY_free(key); 363 return (NULL); 364 } 365 366 X509 * 367 ssl_update_certificate(X509 *oldcert, EVP_PKEY *pkey, EVP_PKEY *capkey, 368 X509 *cacert) 369 { 370 char name[2][SSL_NAME_SIZE]; 371 X509 *cert = NULL; 372 373 name[0][0] = name[1][0] = '\0'; 374 if (!X509_NAME_oneline(X509_get_subject_name(oldcert), 375 name[0], sizeof(name[0])) || 376 !X509_NAME_oneline(X509_get_issuer_name(oldcert), 377 name[1], sizeof(name[1]))) 378 goto done; 379 380 if ((cert = X509_dup(oldcert)) == NULL) 381 goto done; 382 383 /* Update certificate key and use our CA as the issuer */ 384 X509_set_pubkey(cert, pkey); 385 X509_set_issuer_name(cert, X509_get_subject_name(cacert)); 386 387 /* Sign with our CA */ 388 if (!X509_sign(cert, capkey, EVP_sha1())) { 389 X509_free(cert); 390 cert = NULL; 391 } 392 393 #if DEBUG_CERT 394 log_debug("%s: subject %s", __func__, name[0]); 395 log_debug("%s: issuer %s", __func__, name[1]); 396 #if DEBUG > 2 397 X509_print_fp(stdout, cert); 398 #endif 399 #endif 400 401 done: 402 if (cert == NULL) 403 ssl_error(__func__, name[0]); 404 405 return (cert); 406 } 407 408 int 409 ssl_load_pkey(const void *data, size_t datalen, char *buf, off_t len, 410 X509 **x509ptr, EVP_PKEY **pkeyptr) 411 { 412 BIO *in; 413 X509 *x509 = NULL; 414 EVP_PKEY *pkey = NULL; 415 RSA *rsa = NULL; 416 void *exdata = NULL; 417 418 if ((in = BIO_new_mem_buf(buf, len)) == NULL) { 419 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_BUF_LIB); 420 return (0); 421 } 422 423 if ((x509 = PEM_read_bio_X509(in, NULL, 424 ssl_password_cb, NULL)) == NULL) { 425 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PEM_LIB); 426 goto fail; 427 } 428 429 if ((pkey = X509_get_pubkey(x509)) == NULL) { 430 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_X509_LIB); 431 goto fail; 432 } 433 434 BIO_free(in); 435 436 if (data != NULL && datalen) { 437 if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL || 438 (exdata = malloc(datalen)) == NULL) { 439 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_EVP_LIB); 440 goto fail; 441 } 442 443 memcpy(exdata, data, datalen); 444 RSA_set_ex_data(rsa, 0, exdata); 445 RSA_free(rsa); /* dereference, will be cleaned up with pkey */ 446 } 447 448 *x509ptr = x509; 449 *pkeyptr = pkey; 450 451 return (1); 452 453 fail: 454 if (rsa != NULL) 455 RSA_free(rsa); 456 if (in != NULL) 457 BIO_free(in); 458 if (pkey != NULL) 459 EVP_PKEY_free(pkey); 460 if (x509 != NULL) 461 X509_free(x509); 462 463 return (0); 464 } 465 466 int 467 ssl_ctx_fake_private_key(SSL_CTX *ctx, const void *data, size_t datalen, 468 char *buf, off_t len, X509 **x509ptr, EVP_PKEY **pkeyptr) 469 { 470 int ret = 0; 471 EVP_PKEY *pkey = NULL; 472 X509 *x509 = NULL; 473 474 if (!ssl_load_pkey(data, datalen, buf, len, &x509, &pkey)) 475 return (0); 476 477 /* 478 * Use the public key as the "private" key - the secret key 479 * parameters are hidden in an extra process that will be 480 * contacted by the RSA engine. The SSL/TLS library needs at 481 * least the public key parameters in the current process. 482 */ 483 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 484 if (!ret) 485 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SSL_LIB); 486 487 if (pkeyptr != NULL) 488 *pkeyptr = pkey; 489 else if (pkey != NULL) 490 EVP_PKEY_free(pkey); 491 492 if (x509ptr != NULL) 493 *x509ptr = x509; 494 else if (x509 != NULL) 495 X509_free(x509); 496 497 return (ret); 498 } 499 500