1 /* $OpenBSD: ssl.c,v 1.31 2017/01/09 14:49:21 reyk Exp $ */ 2 3 /* 4 * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/types.h> 21 #include <sys/socket.h> 22 23 #include <limits.h> 24 #include <stdio.h> 25 #include <stdlib.h> 26 #include <event.h> 27 #include <unistd.h> 28 #include <string.h> 29 #include <imsg.h> 30 31 #include <openssl/ssl.h> 32 #include <openssl/err.h> 33 #include <openssl/engine.h> 34 35 #include "relayd.h" 36 37 void ssl_read(int, short, void *); 38 void ssl_write(int, short, void *); 39 void ssl_connect(int, short, void *); 40 void ssl_cleanup(struct ctl_tcp_event *); 41 int ssl_password_cb(char *, int, int, void *); 42 43 void 44 ssl_read(int s, short event, void *arg) 45 { 46 char rbuf[SMALL_READ_BUF_SIZE]; 47 struct ctl_tcp_event *cte = arg; 48 int retry_flag = EV_READ; 49 int tls_err = 0; 50 int ret; 51 52 if (event == EV_TIMEOUT) { 53 cte->host->up = HOST_DOWN; 54 ssl_cleanup(cte); 55 hce_notify_done(cte->host, HCE_TLS_READ_TIMEOUT); 56 return; 57 } 58 59 bzero(rbuf, sizeof(rbuf)); 60 61 ret = SSL_read(cte->ssl, rbuf, sizeof(rbuf)); 62 if (ret <= 0) { 63 tls_err = SSL_get_error(cte->ssl, ret); 64 switch (tls_err) { 65 case SSL_ERROR_WANT_READ: 66 retry_flag = EV_READ; 67 goto retry; 68 case SSL_ERROR_WANT_WRITE: 69 retry_flag = EV_WRITE; 70 goto retry; 71 case SSL_ERROR_ZERO_RETURN: /* FALLTHROUGH */ 72 case SSL_ERROR_SYSCALL: 73 if (ret == 0) { 74 cte->host->up = HOST_DOWN; 75 (void)cte->validate_close(cte); 76 ssl_cleanup(cte); 77 hce_notify_done(cte->host, cte->host->he); 78 return; 79 } 80 /* FALLTHROUGH */ 81 default: 82 cte->host->up = HOST_DOWN; 83 ssl_error(cte->host->conf.name, "cannot read"); 84 ssl_cleanup(cte); 85 hce_notify_done(cte->host, HCE_TLS_READ_ERROR); 86 break; 87 } 88 return; 89 } 90 if (ibuf_add(cte->buf, rbuf, ret) == -1) 91 fatal("ssl_read: buf_add error"); 92 if (cte->validate_read != NULL) { 93 if (cte->validate_read(cte) != 0) 94 goto retry; 95 96 ssl_cleanup(cte); 97 hce_notify_done(cte->host, cte->host->he); 98 return; 99 } 100 101 retry: 102 event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_read, 103 &cte->tv_start, &cte->table->conf.timeout, cte); 104 return; 105 } 106 107 void 108 ssl_write(int s, short event, void *arg) 109 { 110 struct ctl_tcp_event *cte = arg; 111 int retry_flag = EV_WRITE; 112 int tls_err = 0; 113 int len; 114 int ret; 115 116 if (event == EV_TIMEOUT) { 117 cte->host->up = HOST_DOWN; 118 ssl_cleanup(cte); 119 hce_notify_done(cte->host, HCE_TLS_WRITE_TIMEOUT); 120 return; 121 } 122 123 len = strlen(cte->table->sendbuf); 124 125 ret = SSL_write(cte->ssl, cte->table->sendbuf, len); 126 if (ret <= 0) { 127 tls_err = SSL_get_error(cte->ssl, ret); 128 switch (tls_err) { 129 case SSL_ERROR_WANT_READ: 130 retry_flag = EV_READ; 131 goto retry; 132 case SSL_ERROR_WANT_WRITE: 133 retry_flag = EV_WRITE; 134 goto retry; 135 default: 136 cte->host->up = HOST_DOWN; 137 ssl_error(cte->host->conf.name, "cannot write"); 138 ssl_cleanup(cte); 139 hce_notify_done(cte->host, HCE_TLS_WRITE_ERROR); 140 return; 141 } 142 } 143 if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL) 144 fatalx("ssl_write: cannot create dynamic buffer"); 145 146 event_again(&cte->ev, s, EV_TIMEOUT|EV_READ, ssl_read, 147 &cte->tv_start, &cte->table->conf.timeout, cte); 148 return; 149 retry: 150 event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_write, 151 &cte->tv_start, &cte->table->conf.timeout, cte); 152 } 153 154 void 155 ssl_connect(int s, short event, void *arg) 156 { 157 struct ctl_tcp_event *cte = arg; 158 int retry_flag = 0; 159 int tls_err = 0; 160 int ret; 161 162 if (event == EV_TIMEOUT) { 163 cte->host->up = HOST_DOWN; 164 hce_notify_done(cte->host, HCE_TLS_CONNECT_TIMEOUT); 165 ssl_cleanup(cte); 166 return; 167 } 168 169 ret = SSL_connect(cte->ssl); 170 if (ret <= 0) { 171 tls_err = SSL_get_error(cte->ssl, ret); 172 switch (tls_err) { 173 case SSL_ERROR_WANT_READ: 174 retry_flag = EV_READ; 175 goto retry; 176 case SSL_ERROR_WANT_WRITE: 177 retry_flag = EV_WRITE; 178 goto retry; 179 default: 180 cte->host->up = HOST_DOWN; 181 ssl_error(cte->host->conf.name, "cannot connect"); 182 hce_notify_done(cte->host, HCE_TLS_CONNECT_FAIL); 183 ssl_cleanup(cte); 184 return; 185 } 186 } 187 188 if (cte->table->conf.check == CHECK_TCP) { 189 cte->host->up = HOST_UP; 190 hce_notify_done(cte->host, HCE_TLS_CONNECT_OK); 191 ssl_cleanup(cte); 192 return; 193 } 194 if (cte->table->sendbuf != NULL) { 195 event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE, ssl_write, 196 &cte->tv_start, &cte->table->conf.timeout, cte); 197 return; 198 } 199 200 if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL) 201 fatalx("ssl_connect: cannot create dynamic buffer"); 202 event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_READ, ssl_read, 203 &cte->tv_start, &cte->table->conf.timeout, cte); 204 return; 205 206 retry: 207 event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_connect, 208 &cte->tv_start, &cte->table->conf.timeout, cte); 209 } 210 211 void 212 ssl_cleanup(struct ctl_tcp_event *cte) 213 { 214 close(cte->s); 215 if (cte->ssl != NULL) { 216 SSL_shutdown(cte->ssl); 217 SSL_clear(cte->ssl); 218 } 219 ibuf_free(cte->buf); 220 cte->buf = NULL; 221 } 222 223 void 224 ssl_error(const char *where, const char *what) 225 { 226 char errbuf[128]; 227 unsigned long code; 228 229 if (log_getverbose() < 2) 230 return; 231 for (; (code = ERR_get_error()) != 0 ;) { 232 ERR_error_string_n(code, errbuf, sizeof(errbuf)); 233 log_debug("SSL library error: %s: %s: %s", where, what, errbuf); 234 } 235 } 236 237 void 238 ssl_init(struct relayd *env) 239 { 240 static int initialized = 0; 241 242 if (initialized) 243 return; 244 245 SSL_library_init(); 246 SSL_load_error_strings(); 247 248 /* Init hardware crypto engines. */ 249 ENGINE_load_builtin_engines(); 250 ENGINE_register_all_complete(); 251 252 initialized = 1; 253 } 254 255 void 256 ssl_transaction(struct ctl_tcp_event *cte) 257 { 258 if (cte->ssl == NULL) { 259 cte->ssl = SSL_new(cte->table->ssl_ctx); 260 if (cte->ssl == NULL) { 261 ssl_error(cte->host->conf.name, "cannot create object"); 262 fatal("cannot create SSL object"); 263 } 264 } 265 266 if (SSL_set_fd(cte->ssl, cte->s) == 0) { 267 cte->host->up = HOST_UNKNOWN; 268 ssl_error(cte->host->conf.name, "cannot set fd"); 269 ssl_cleanup(cte); 270 hce_notify_done(cte->host, HCE_TLS_CONNECT_ERROR); 271 return; 272 } 273 SSL_set_connect_state(cte->ssl); 274 275 event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE, ssl_connect, 276 &cte->tv_start, &cte->table->conf.timeout, cte); 277 } 278 279 SSL_CTX * 280 ssl_ctx_create(struct relayd *env) 281 { 282 SSL_CTX *ctx; 283 284 ctx = SSL_CTX_new(SSLv23_client_method()); 285 if (ctx == NULL) { 286 ssl_error("ssl_ctx_create", "cannot create context"); 287 fatal("could not create SSL context"); 288 } 289 return (ctx); 290 } 291 292 int 293 ssl_password_cb(char *buf, int size, int rwflag, void *u) 294 { 295 size_t len; 296 if (u == NULL) { 297 bzero(buf, size); 298 return (0); 299 } 300 if ((len = strlcpy(buf, u, size)) >= (size_t)size) 301 return (0); 302 return (len); 303 } 304 305 char * 306 ssl_load_key(struct relayd *env, const char *name, off_t *len, char *pass) 307 { 308 FILE *fp; 309 EVP_PKEY *key = NULL; 310 BIO *bio = NULL; 311 long size; 312 char *data, *buf = NULL; 313 314 /* Initialize SSL library once */ 315 ssl_init(env); 316 317 /* 318 * Read (possibly) encrypted key from file 319 */ 320 if ((fp = fopen(name, "r")) == NULL) 321 return (NULL); 322 323 key = PEM_read_PrivateKey(fp, NULL, ssl_password_cb, pass); 324 fclose(fp); 325 if (key == NULL) 326 goto fail; 327 328 /* 329 * Write unencrypted key to memory buffer 330 */ 331 if ((bio = BIO_new(BIO_s_mem())) == NULL) 332 goto fail; 333 if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL)) 334 goto fail; 335 if ((size = BIO_get_mem_data(bio, &data)) <= 0) 336 goto fail; 337 if ((buf = calloc(1, size)) == NULL) 338 goto fail; 339 memcpy(buf, data, size); 340 341 BIO_free_all(bio); 342 EVP_PKEY_free(key); 343 344 *len = (off_t)size; 345 return (buf); 346 347 fail: 348 ssl_error(__func__, name); 349 350 free(buf); 351 if (bio != NULL) 352 BIO_free_all(bio); 353 if (key != NULL) 354 EVP_PKEY_free(key); 355 return (NULL); 356 } 357 358 X509 * 359 ssl_update_certificate(X509 *oldcert, EVP_PKEY *pkey, EVP_PKEY *capkey, 360 X509 *cacert) 361 { 362 char name[2][TLS_NAME_SIZE]; 363 X509 *cert = NULL; 364 365 name[0][0] = name[1][0] = '\0'; 366 if (!X509_NAME_oneline(X509_get_subject_name(oldcert), 367 name[0], sizeof(name[0])) || 368 !X509_NAME_oneline(X509_get_issuer_name(oldcert), 369 name[1], sizeof(name[1]))) 370 goto done; 371 372 if ((cert = X509_dup(oldcert)) == NULL) 373 goto done; 374 375 /* Update certificate key and use our CA as the issuer */ 376 X509_set_pubkey(cert, pkey); 377 X509_set_issuer_name(cert, X509_get_subject_name(cacert)); 378 379 /* Sign with our CA */ 380 if (!X509_sign(cert, capkey, EVP_sha1())) { 381 X509_free(cert); 382 cert = NULL; 383 } 384 385 #if DEBUG_CERT 386 log_debug("%s: subject %s", __func__, name[0]); 387 log_debug("%s: issuer %s", __func__, name[1]); 388 #if DEBUG > 2 389 X509_print_fp(stdout, cert); 390 #endif 391 #endif 392 393 done: 394 if (cert == NULL) 395 ssl_error(__func__, name[0]); 396 397 return (cert); 398 } 399 400 int 401 ssl_load_pkey(const void *data, size_t datalen, char *buf, off_t len, 402 X509 **x509ptr, EVP_PKEY **pkeyptr) 403 { 404 BIO *in; 405 X509 *x509 = NULL; 406 EVP_PKEY *pkey = NULL; 407 RSA *rsa = NULL; 408 void *exdata = NULL; 409 410 if ((in = BIO_new_mem_buf(buf, len)) == NULL) { 411 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_BUF_LIB); 412 return (0); 413 } 414 415 if ((x509 = PEM_read_bio_X509(in, NULL, 416 ssl_password_cb, NULL)) == NULL) { 417 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PEM_LIB); 418 goto fail; 419 } 420 421 if ((pkey = X509_get_pubkey(x509)) == NULL) { 422 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_X509_LIB); 423 goto fail; 424 } 425 426 BIO_free(in); 427 428 if (data != NULL && datalen) { 429 if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL || 430 (exdata = malloc(datalen)) == NULL) { 431 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_EVP_LIB); 432 goto fail; 433 } 434 435 memcpy(exdata, data, datalen); 436 RSA_set_ex_data(rsa, 0, exdata); 437 RSA_free(rsa); /* dereference, will be cleaned up with pkey */ 438 } 439 440 *x509ptr = x509; 441 *pkeyptr = pkey; 442 443 return (1); 444 445 fail: 446 if (rsa != NULL) 447 RSA_free(rsa); 448 if (in != NULL) 449 BIO_free(in); 450 if (pkey != NULL) 451 EVP_PKEY_free(pkey); 452 if (x509 != NULL) 453 X509_free(x509); 454 free(exdata); 455 456 return (0); 457 } 458 459 int 460 ssl_ctx_fake_private_key(SSL_CTX *ctx, const void *data, size_t datalen, 461 char *buf, off_t len, X509 **x509ptr, EVP_PKEY **pkeyptr) 462 { 463 int ret = 0; 464 EVP_PKEY *pkey = NULL; 465 X509 *x509 = NULL; 466 467 if (!ssl_load_pkey(data, datalen, buf, len, &x509, &pkey)) 468 return (0); 469 470 /* 471 * Use the public key as the "private" key - the secret key 472 * parameters are hidden in an extra process that will be 473 * contacted by the RSA engine. The SSL/TLS library needs at 474 * least the public key parameters in the current process. 475 */ 476 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 477 if (!ret) 478 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SSL_LIB); 479 480 if (pkeyptr != NULL) 481 *pkeyptr = pkey; 482 else if (pkey != NULL) 483 EVP_PKEY_free(pkey); 484 485 if (x509ptr != NULL) 486 *x509ptr = x509; 487 else if (x509 != NULL) 488 X509_free(x509); 489 490 return (ret); 491 } 492 493