1/* -*- Mode: C; c-file-style: "bsd" -*- */ 2/*- 3 * easy-tls.c -- generic TLS proxy. 4 * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $ 5 */ 6/*- 7 (c) Copyright 1999 Bodo Moeller. All rights reserved. 8 9 This is free software; you can redistributed and/or modify it 10 unter the terms of either 11 - the GNU General Public License as published by the 12 Free Software Foundation, version 1, or (at your option) 13 any later version, 14 or 15 - the following license: 16*/ 17/*- 18 * Redistribution and use in source and binary forms, with or without 19 * modification, are permitted provided that each of the following 20 * conditions is met: 21 * 22 * 1. Redistributions qualify as "freeware" or "Open Source Software" under 23 * one of the following terms: 24 * 25 * (a) Redistributions are made at no charge beyond the reasonable cost of 26 * materials and delivery. 27 * 28 * (b) Redistributions are accompanied by a copy of the Source Code 29 * or by an irrevocable offer to provide a copy of the Source Code 30 * for up to three years at the cost of materials and delivery. 31 * Such redistributions must allow further use, modification, and 32 * redistribution of the Source Code under substantially the same 33 * terms as this license. 34 * 35 * 2. Redistributions of source code must retain the above copyright 36 * notice, this list of conditions and the following disclaimer. 37 * 38 * 3. Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in 40 * the documentation and/or other materials provided with the 41 * distribution. 42 * 43 * 4. All advertising materials mentioning features or use of this 44 * software must display the following acknowledgment: 45 * "This product includes software developed by Bodo Moeller." 46 * (If available, substitute umlauted o for oe.) 47 * 48 * 5. Redistributions of any form whatsoever must retain the following 49 * acknowledgment: 50 * "This product includes software developed by Bodo Moeller." 51 * 52 * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY 53 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 54 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 55 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BODO MOELLER OR 56 * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 57 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 58 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 59 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 61 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 62 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 63 * OF THE POSSIBILITY OF SUCH DAMAGE. 64 */ 65/*- 66 * Attribution for OpenSSL library: 67 * 68 * This product includes cryptographic software written by Eric Young 69 * (eay@cryptsoft.com). This product includes software written by Tim 70 * Hudson (tjh@cryptsoft.com). 71 * This product includes software developed by the OpenSSL Project 72 * for use in the OpenSSL Toolkit. (http://www.openssl.org/) 73 */ 74 75static char const rcsid[] = 76 "$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $"; 77 78#include <assert.h> 79#include <errno.h> 80#include <fcntl.h> 81#include <limits.h> 82#include <stdarg.h> 83#include <stdio.h> 84#include <string.h> 85#include <sys/select.h> 86#include <sys/socket.h> 87#include <sys/stat.h> 88#include <sys/time.h> 89#include <sys/types.h> 90#include <sys/utsname.h> 91#include <unistd.h> 92 93#include <openssl/crypto.h> 94#include <openssl/dh.h> 95#include <openssl/dsa.h> 96#include <openssl/err.h> 97#include <openssl/evp.h> 98#include <openssl/opensslv.h> 99#include <openssl/pem.h> 100#include <openssl/rand.h> 101#ifndef NO_RSA 102# include <openssl/rsa.h> 103#endif 104#include <openssl/ssl.h> 105#include <openssl/x509.h> 106#include <openssl/x509_vfy.h> 107 108#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */ 109# error "This program needs OpenSSL 0.9.4 or later." 110#endif 111 112#include "easy-tls.h" /* include after <openssl/ssl.h> if both are 113 * needed */ 114 115#if TLS_INFO_SIZE > PIPE_BUF 116# if PIPE_BUF < 512 117# error "PIPE_BUF < 512" /* non-POSIX */ 118# endif 119# error "TLS_INFO_SIZE > PIPE_BUF" 120#endif 121 122/*****************************************************************************/ 123 124#ifdef TLS_APP 125# include TLS_APP 126#endif 127 128/*- 129 * Applications can define: 130 * TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg) 131 * TLS_CUMULATE_ERRORS 132 * TLS_ERROR_BUFSIZ 133 * TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg) 134 */ 135 136#ifndef TLS_APP_PROCESS_INIT 137# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0) 138#endif 139 140#ifndef TLS_ERROR_BUFSIZ 141# define TLS_ERROR_BUFSIZ (10*160) 142#endif 143#if TLS_ERROR_BUFSIZ < 2 /* {'\n',0} */ 144# error "TLS_ERROR_BUFSIZE is too small." 145#endif 146 147#ifndef TLS_APP_ERRFLUSH 148# define TLS_APP_ERRFLUSH tls_app_errflush 149static void 150tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg) 151{ 152 fputs(errbuf, stderr); 153} 154#endif 155 156/*****************************************************************************/ 157 158#ifdef DEBUG_TLS 159# define DEBUG_MSG(x) fprintf(stderr," %s\n",x) 160# define DEBUG_MSG2(x,y) fprintf(stderr, " %s: %d\n",x,y) 161static int tls_loop_count = 0; 162static int tls_select_count = 0; 163#else 164# define DEBUG_MSG(x) (void)0 165# define DEBUG_MSG2(x,y) (void)0 166#endif 167 168static void tls_rand_seed_uniquely(void); 169static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, 170 int client_p); 171static int tls_socket_nonblocking(int fd); 172 173static int tls_child_p = 0; 174static void *tls_child_apparg; 175 176struct tls_start_proxy_args tls_start_proxy_defaultargs(void) 177{ 178 struct tls_start_proxy_args ret; 179 180 ret.fd = -1; 181 ret.client_p = -1; 182 ret.ctx = NULL; 183 ret.pid = NULL; 184 ret.infofd = NULL; 185 186 return ret; 187} 188 189/*- 190 * Slice in TLS proxy process at fd. 191 * Return value: 192 * 0 ok (*pid is set to child's PID if pid != NULL), 193 * < 0 look at errno 194 * > 0 other error 195 * (return value encodes place of error) 196 * 197 */ 198int tls_start_proxy(struct tls_start_proxy_args a, void *apparg) 199{ 200 int fds[2] = { -1, -1 }; 201 int infofds[2] = { -1, -1 }; 202 int r, getfd, getfl; 203 int ret; 204 205 DEBUG_MSG2("tls_start_proxy fd", a.fd); 206 DEBUG_MSG2("tls_start_proxy client_p", a.client_p); 207 208 if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL) 209 return 1; 210 211 if (a.pid != NULL) { 212 *a.pid = 0; 213 } 214 if (a.infofd != NULL) { 215 *a.infofd = -1; 216 } 217 218 r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds); 219 if (r == -1) 220 return -1; 221 if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) { 222 ret = 2; 223 goto err; 224 } 225 if (a.infofd != NULL) { 226 r = pipe(infofds); 227 if (r == -1) { 228 ret = -3; 229 goto err; 230 } 231 } 232 233 r = fork(); 234 if (r == -1) { 235 ret = -4; 236 goto err; 237 } 238 if (r == 0) { 239 DEBUG_MSG("fork"); 240 tls_child_p = 1; 241 tls_child_apparg = apparg; 242 close(fds[1]); 243 if (infofds[0] != -1) 244 close(infofds[0]); 245 TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg); 246 DEBUG_MSG("TLS_APP_PROCESS_INIT"); 247 tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p); 248 exit(0); 249 } 250 if (a.pid != NULL) 251 *a.pid = r; 252 if (infofds[1] != -1) { 253 close(infofds[1]); 254 infofds[1] = -1; 255 } 256 /* install fds[1] in place of fd: */ 257 close(fds[0]); 258 fds[0] = -1; 259 getfd = fcntl(a.fd, F_GETFD); 260 getfl = fcntl(a.fd, F_GETFL); 261 r = dup2(fds[1], a.fd); 262 close(fds[1]); 263 fds[1] = -1; 264 if (r == -1) { 265 ret = -5; 266 goto err; 267 } 268 if (getfd != 1) 269 fcntl(a.fd, F_SETFD, getfd); 270 if (getfl & O_NONBLOCK) 271 (void)tls_socket_nonblocking(a.fd); 272 if (a.infofd != NULL) 273 *a.infofd = infofds[0]; 274 return 0; 275 276 err: 277 if (fds[0] != -1) 278 close(fds[0]); 279 if (fds[1] != -1) 280 close(fds[1]); 281 if (infofds[0] != -1) 282 close(infofds[0]); 283 if (infofds[1] != -1) 284 close(infofds[1]); 285 return ret; 286} 287 288/*****************************************************************************/ 289 290static char errbuf[TLS_ERROR_BUFSIZ]; 291static size_t errbuf_i = 0; 292 293static void tls_errflush(void *apparg) 294{ 295 if (errbuf_i == 0) 296 return; 297 298 assert(errbuf_i < sizeof errbuf); 299 assert(errbuf[errbuf_i] == 0); 300 if (errbuf_i == sizeof errbuf - 1) { 301 /* make sure we have a newline, even if string has been truncated */ 302 errbuf[errbuf_i - 1] = '\n'; 303 } 304 305 /* 306 * TLS_APP_ERRFLUSH may modify the string as needed, e.g. substitute 307 * other characters for \n for convenience 308 */ 309 TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg); 310 311 errbuf_i = 0; 312} 313 314static void tls_errprintf(int flush, void *apparg, const char *fmt, ...) 315{ 316 va_list args; 317 int r; 318 319 if (errbuf_i < sizeof errbuf - 1) { 320 size_t n; 321 322 va_start(args, fmt); 323 n = (sizeof errbuf) - errbuf_i; 324 r = vsnprintf(errbuf + errbuf_i, n, fmt, args); 325 if (r >= n) 326 r = n - 1; 327 if (r >= 0) { 328 errbuf_i += r; 329 } else { 330 errbuf_i = sizeof errbuf - 1; 331 errbuf[errbuf_i] = '\0'; 332 } 333 assert(errbuf_i < sizeof errbuf); 334 assert(errbuf[errbuf_i] == 0); 335 } 336#ifndef TLS_CUMULATE_ERRORS 337 tls_errflush(apparg); 338#else 339 if (flush) 340 tls_errflush(apparg); 341#endif 342} 343 344/* 345 * app_prefix.. are for additional information provided by caller. If OpenSSL 346 * error queue is empty, print default_text ("???" if NULL). 347 */ 348static char *tls_openssl_errors(const char *app_prefix_1, 349 const char *app_prefix_2, 350 const char *default_text, void *apparg) 351{ 352 static char reasons[255]; 353 size_t reasons_i; 354 unsigned long err; 355 const char *file; 356 int line; 357 const char *data; 358 int flags; 359 char *errstring; 360 int printed_something = 0; 361 362 reasons_i = 0; 363 364 assert(app_prefix_1 != NULL); 365 assert(app_prefix_2 != NULL); 366 367 if (default_text == NULL) 368 default_text = "?" "?" "?"; 369 370 while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { 371 if (reasons_i < sizeof reasons) { 372 size_t n; 373 int r; 374 375 n = (sizeof reasons) - reasons_i; 376 r = snprintf(reasons + reasons_i, n, "%s%s", 377 (reasons_i > 0 ? ", " : ""), 378 ERR_reason_error_string(err)); 379 if (r >= n) 380 r = n - 1; 381 if (r >= 0) { 382 reasons_i += r; 383 } else { 384 reasons_i = sizeof reasons; 385 } 386 assert(reasons_i <= sizeof reasons); 387 } 388 389 errstring = ERR_error_string(err, NULL); 390 assert(errstring != NULL); 391 tls_errprintf(0, apparg, "OpenSSL error%s%s: %s:%s:%d:%s\n", 392 app_prefix_1, app_prefix_2, errstring, file, line, 393 (flags & ERR_TXT_STRING) ? data : ""); 394 printed_something = 1; 395 } 396 397 if (!printed_something) { 398 assert(reasons_i == 0); 399 snprintf(reasons, sizeof reasons, "%s", default_text); 400 tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1, 401 app_prefix_2, default_text); 402 } 403#ifdef TLS_CUMULATE_ERRORS 404 tls_errflush(apparg); 405#endif 406 assert(errbuf_i == 0); 407 408 return reasons; 409} 410 411/*****************************************************************************/ 412 413static int tls_init_done = 0; 414 415static int tls_init(void *apparg) 416{ 417 if (tls_init_done) 418 return 0; 419 420 SSL_load_error_strings(); 421 if (!SSL_library_init() /* aka SSLeay_add_ssl_algorithms() */ ) { 422 tls_errprintf(1, apparg, "SSL_library_init failed.\n"); 423 return -1; 424 } 425 tls_init_done = 1; 426 tls_rand_seed(); 427 return 0; 428} 429 430/*****************************************************************************/ 431 432static void tls_rand_seed_uniquely(void) 433{ 434 struct { 435 pid_t pid; 436 time_t time; 437 void *stack; 438 } data; 439 440 data.pid = getpid(); 441 data.time = time(NULL); 442 data.stack = (void *)&data; 443 444 RAND_seed((const void *)&data, sizeof data); 445} 446 447void tls_rand_seed(void) 448{ 449 struct { 450 struct utsname uname; 451 int uname_1; 452 int uname_2; 453 uid_t uid; 454 uid_t euid; 455 gid_t gid; 456 gid_t egid; 457 } data; 458 459 data.uname_1 = uname(&data.uname); 460 data.uname_2 = errno; /* Let's hope that uname fails randomly :-) */ 461 462 data.uid = getuid(); 463 data.euid = geteuid(); 464 data.gid = getgid(); 465 data.egid = getegid(); 466 467 RAND_seed((const void *)&data, sizeof data); 468 tls_rand_seed_uniquely(); 469} 470 471static int tls_rand_seeded_p = 0; 472 473#define my_MIN_SEED_BYTES 256 /* struct stat can be larger than 128 */ 474int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg) 475{ 476 /* 477 * Seed OpenSSL's random number generator from file. Try to read n bytes 478 * if n > 0, whole file if n == 0. 479 */ 480 481 int r; 482 483 if (tls_init(apparg) == -1) 484 return -1; 485 tls_rand_seed(); 486 487 r = RAND_load_file(filename, 488 (n > 0 && n < LONG_MAX) ? (long)n : LONG_MAX); 489 /* 490 * r is the number of bytes filled into the random number generator, 491 * which are taken from "stat(filename, ...)" in addition to the file 492 * contents. 493 */ 494 assert(1 < my_MIN_SEED_BYTES); 495 /* 496 * We need to detect at least those cases when the file does not exist at 497 * all. With current versions of OpenSSL, this should do it: 498 */ 499 if (n == 0) 500 n = my_MIN_SEED_BYTES; 501 if (r < n) { 502 tls_errprintf(1, apparg, 503 "rand_seed_from_file: could not read %d bytes from %s.\n", 504 n, filename); 505 return -1; 506 } else { 507 tls_rand_seeded_p = 1; 508 return 0; 509 } 510} 511 512void tls_rand_seed_from_memory(const void *buf, size_t n) 513{ 514 size_t i = 0; 515 516 while (i < n) { 517 size_t rest = n - i; 518 int chunk = rest < INT_MAX ? (int)rest : INT_MAX; 519 RAND_seed((const char *)buf + i, chunk); 520 i += chunk; 521 } 522 tls_rand_seeded_p = 1; 523} 524 525/*****************************************************************************/ 526 527struct tls_x509_name_string { 528 char str[100]; 529}; 530 531static void 532tls_get_x509_subject_name_oneline(X509 *cert, 533 struct tls_x509_name_string *namestring) 534{ 535 X509_NAME *name; 536 537 if (cert == NULL) { 538 namestring->str[0] = '\0'; 539 return; 540 } 541 542 name = X509_get_subject_name(cert); /* does not increment any reference 543 * counter */ 544 545 assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */ 546 547 if (name == NULL) { 548 namestring->str[0] = '?'; 549 namestring->str[1] = 0; 550 } else { 551 size_t len; 552 553 X509_NAME_oneline(name, namestring->str, sizeof namestring->str); 554 len = strlen(namestring->str); 555 assert(namestring->str[len] == 0); 556 assert(len < sizeof namestring->str); 557 558 if (len + 1 == sizeof namestring->str) { 559 /* 560 * (Probably something was cut off.) Does not really work -- 561 * X509_NAME_oneline truncates after name components, we cannot 562 * tell from the result whether anything is missing. 563 */ 564 565 assert(namestring->str[len] == 0); 566 namestring->str[--len] = '.'; 567 namestring->str[--len] = '.'; 568 namestring->str[--len] = '.'; 569 } 570 } 571} 572 573/*****************************************************************************/ 574 575/* to hinder OpenSSL from asking for passphrases */ 576static int no_passphrase_callback(char *buf, int num, int w, void *arg) 577{ 578 return -1; 579} 580 581#if OPENSSL_VERSION_NUMBER >= 0x00907000L 582static int verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg) 583#else 584static int verify_dont_fail_cb(X509_STORE_CTX *c) 585#endif 586{ 587 int i; 588 589 i = X509_verify_cert(c); /* sets c->error */ 590#if OPENSSL_VERSION_NUMBER >= 0x00905000L /* don't allow unverified 591 * certificates -- they could 592 * survive session reuse, but 593 * OpenSSL < 0.9.5-dev does not 594 * preserve their verify_result */ 595 if (i == 0) 596 return 1; 597 else 598#endif 599 return i; 600} 601 602static DH *tls_dhe1024 = NULL; /* generating these takes a while, so do it 603 * just once */ 604 605void tls_set_dhe1024(int i, void *apparg) 606{ 607 DSA *dsaparams; 608 DH *dhparams; 609 const char *seed[] = { ";-) :-( :-) :-( ", 610 ";-) :-( :-) :-( ", 611 "Random String no. 12", 612 ";-) :-( :-) :-( ", 613 "hackers have even mo", /* from jargon file */ 614 }; 615 unsigned char seedbuf[20]; 616 617 tls_init(apparg); 618 if (i >= 0) { 619 i %= sizeof seed / sizeof seed[0]; 620 assert(strlen(seed[i]) == 20); 621 memcpy(seedbuf, seed[i], 20); 622 dsaparams = 623 DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL); 624 } else { 625 /* random parameters (may take a while) */ 626 dsaparams = 627 DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL); 628 } 629 630 if (dsaparams == NULL) { 631 tls_openssl_errors("", "", NULL, apparg); 632 return; 633 } 634 dhparams = DSA_dup_DH(dsaparams); 635 DSA_free(dsaparams); 636 if (dhparams == NULL) { 637 tls_openssl_errors("", "", NULL, apparg); 638 return; 639 } 640 if (tls_dhe1024 != NULL) 641 DH_free(tls_dhe1024); 642 tls_dhe1024 = dhparams; 643} 644 645struct tls_create_ctx_args tls_create_ctx_defaultargs(void) 646{ 647 struct tls_create_ctx_args ret; 648 649 ret.client_p = 0; 650 ret.certificate_file = NULL; 651 ret.key_file = NULL; 652 ret.ca_file = NULL; 653 ret.verify_depth = -1; 654 ret.fail_unless_verified = 0; 655 ret.export_p = 0; 656 657 return ret; 658} 659 660SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) 661{ 662 int r; 663 static long context_num = 0; 664 SSL_CTX *ret; 665 const char *err_pref_1 = "", *err_pref_2 = ""; 666 667 if (tls_init(apparg) == -1) 668 return NULL; 669 670 ret = 671 SSL_CTX_new((a.client_p ? SSLv23_client_method : 672 SSLv23_server_method) ()); 673 674 if (ret == NULL) 675 goto err; 676 677 SSL_CTX_set_default_passwd_cb(ret, no_passphrase_callback); 678 SSL_CTX_set_mode(ret, SSL_MODE_ENABLE_PARTIAL_WRITE); 679 680 if ((a.certificate_file != NULL) || (a.key_file != NULL)) { 681 if (a.key_file == NULL) { 682 tls_errprintf(1, apparg, "Need a key file.\n"); 683 goto err_return; 684 } 685 if (a.certificate_file == NULL) { 686 tls_errprintf(1, apparg, "Need a certificate chain file.\n"); 687 goto err_return; 688 } 689 690 if (!SSL_CTX_use_PrivateKey_file(ret, a.key_file, SSL_FILETYPE_PEM)) 691 goto err; 692 if (!tls_rand_seeded_p) { 693 /* 694 * particularly paranoid people may not like this -- so provide 695 * your own random seeding before calling this 696 */ 697 if (tls_rand_seed_from_file(a.key_file, 0, apparg) == -1) 698 goto err_return; 699 } 700 if (!SSL_CTX_use_certificate_chain_file(ret, a.certificate_file)) 701 goto err; 702 if (!SSL_CTX_check_private_key(ret)) { 703 tls_errprintf(1, apparg, 704 "Private key \"%s\" does not match certificate \"%s\".\n", 705 a.key_file, a.certificate_file); 706 goto err_peek; 707 } 708 } 709 710 if ((a.ca_file != NULL) || (a.verify_depth > 0)) { 711 context_num++; 712 r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num, 713 (unsigned int)sizeof context_num); 714 if (!r) 715 goto err; 716 717 SSL_CTX_set_verify(ret, 718 SSL_VERIFY_PEER | (a.fail_unless_verified ? 719 SSL_VERIFY_FAIL_IF_NO_PEER_CERT 720 : 0), 0); 721 if (!a.fail_unless_verified) 722 SSL_CTX_set_cert_verify_callback(ret, verify_dont_fail_cb, NULL); 723 724 if (a.verify_depth > 0) 725 SSL_CTX_set_verify_depth(ret, a.verify_depth); 726 727 if (a.ca_file != NULL) { 728 /* does not report failure if file does not exist ... */ 729 /* NULL argument means no CA-directory */ 730 r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL); 731 if (!r) { 732 err_pref_1 = " while processing certificate file "; 733 err_pref_2 = a.ca_file; 734 goto err; 735 } 736 737 if (!a.client_p) { 738 /* 739 * SSL_load_client_CA_file is a misnomer, it just creates a 740 * list of CNs. 741 */ 742 SSL_CTX_set_client_CA_list(ret, 743 SSL_load_client_CA_file 744 (a.ca_file)); 745 /* 746 * SSL_CTX_set_client_CA_list does not have a return value; 747 * it does not really need one, but make sure (we really test 748 * if SSL_load_client_CA_file worked) 749 */ 750 if (SSL_CTX_get_client_CA_list(ret) == NULL) { 751 tls_errprintf(1, apparg, 752 "Could not set client CA list from \"%s\".\n", 753 a.ca_file); 754 goto err_peek; 755 } 756 } 757 } 758 } 759 760 if (!a.client_p) { 761 if (tls_dhe1024 == NULL) { 762 int i; 763 764 if (RAND_bytes((unsigned char *)&i, sizeof i) <= 0) 765 goto err_return; 766 /* 767 * make sure that i is non-negative -- pick one of the provided 768 * seeds 769 */ 770 if (i < 0) 771 i = -i; 772 if (i < 0) 773 i = 0; 774 tls_set_dhe1024(i, apparg); 775 if (tls_dhe1024 == NULL) 776 goto err_return; 777 } 778 779 if (!SSL_CTX_set_tmp_dh(ret, tls_dhe1024)) 780 goto err; 781 782 /* avoid small subgroup attacks: */ 783 SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE); 784 } 785#ifndef NO_RSA 786 if (!a.client_p && a.export_p) { 787 RSA *tmpkey; 788 789 tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL); 790 if (tmpkey == NULL) 791 goto err; 792 if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) { 793 RSA_free(tmpkey); 794 goto err; 795 } 796 RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */ 797 } 798#endif 799 800 return ret; 801 802 err_peek: 803 if (!ERR_peek_error()) 804 goto err_return; 805 err: 806 tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg); 807 err_return: 808 if (ret != NULL) 809 SSL_CTX_free(ret); 810 return NULL; 811} 812 813/*****************************************************************************/ 814 815static int tls_socket_nonblocking(int fd) 816{ 817 int v, r; 818 819 v = fcntl(fd, F_GETFL, 0); 820 if (v == -1) { 821 if (errno == EINVAL) 822 return 0; /* already shut down -- ignore */ 823 return -1; 824 } 825 r = fcntl(fd, F_SETFL, v | O_NONBLOCK); 826 if (r == -1) { 827 if (errno == EINVAL) 828 return 0; /* already shut down -- ignore */ 829 return -1; 830 } 831 return 0; 832} 833 834static int max(int a, int b) 835{ 836 return a > b ? a : b; 837} 838 839/* timeout, -1 means no timeout */ 840static void 841tls_sockets_select(int read_select_1, int read_select_2, int write_select_1, 842 int write_select_2, int seconds) 843{ 844 int maxfd, n; 845 fd_set reads, writes; 846 struct timeval timeout; 847 struct timeval *timeout_p; 848 849 assert(read_select_1 >= -1 && read_select_2 >= -1 && write_select_1 >= -1 850 && write_select_2 >= -1); 851 assert(read_select_1 < FD_SETSIZE && read_select_2 < FD_SETSIZE - 1 852 && write_select_1 < FD_SETSIZE - 1 853 && write_select_2 < FD_SETSIZE - 1); 854 855 maxfd = 856 max(max(read_select_1, read_select_2), 857 max(write_select_1, write_select_2)); 858 assert(maxfd >= 0); 859 860 FD_ZERO(&reads); 861 FD_ZERO(&writes); 862 863 for (n = 0; n < 4; ++n) { 864 int i = n % 2; 865 int w = n >= 2; 866 /* loop over all (i, w) in {0,1}x{0,1} */ 867 int fd; 868 869 if (i == 0 && w == 0) 870 fd = read_select_1; 871 else if (i == 1 && w == 0) 872 fd = read_select_2; 873 else if (i == 0 && w == 1) 874 fd = write_select_1; 875 else { 876 assert(i == 1 && w == 1); 877 fd = write_select_2; 878 } 879 880 if (fd >= 0) { 881 if (w == 0) 882 FD_SET(fd, &reads); 883 else /* w == 1 */ 884 FD_SET(fd, &writes); 885 } 886 } 887 888 if (seconds >= 0) { 889 timeout.tv_sec = seconds; 890 timeout.tv_usec = 0; 891 timeout_p = &timeout; 892 } else 893 timeout_p = NULL; 894 895 DEBUG_MSG2("select no.", ++tls_select_count); 896 select(maxfd + 1, &reads, &writes, (fd_set *) NULL, timeout_p); 897 DEBUG_MSG("cont."); 898} 899 900/*****************************************************************************/ 901 902#define TUNNELBUFSIZE (16*1024) 903struct tunnelbuf { 904 char buf[TUNNELBUFSIZE]; 905 size_t len; 906 size_t offset; 907}; 908 909static int tls_connect_attempt(SSL *, int *write_select, int *read_select, 910 int *closed, int *progress, 911 const char **err_pref); 912 913static int tls_accept_attempt(SSL *, int *write_select, int *read_select, 914 int *closed, int *progress, 915 const char **err_pref); 916 917static int tls_write_attempt(SSL *, struct tunnelbuf *, int *write_select, 918 int *read_select, int *closed, int *progress, 919 const char **err_pref); 920 921static int tls_read_attempt(SSL *, struct tunnelbuf *, int *write_select, 922 int *read_select, int *closed, int *progress, 923 const char **err_pref); 924 925static int write_attempt(int fd, struct tunnelbuf *, int *select, int *closed, 926 int *progress); 927 928static int read_attempt(int fd, struct tunnelbuf *, int *select, int *closed, 929 int *progress); 930 931static void write_info(SSL *ssl, int *info_fd) 932{ 933 if (*info_fd != -1) { 934 long v; 935 int v_ok; 936 struct tls_x509_name_string peer; 937 char infobuf[TLS_INFO_SIZE]; 938 int r; 939 940 DEBUG_MSG("write_info"); 941 v = SSL_get_verify_result(ssl); 942 v_ok = (v == X509_V_OK) ? 'A' : 'E'; /* Auth./Error */ 943 { 944 X509 *peercert; 945 946 peercert = SSL_get_peer_certificate(ssl); 947 tls_get_x509_subject_name_oneline(peercert, &peer); 948 if (peercert != NULL) 949 X509_free(peercert); 950 } 951 if (peer.str[0] == '\0') 952 v_ok = '0'; /* no cert at all */ 953 else if (strchr(peer.str, '\n')) { 954 /* should not happen, but make sure */ 955 *strchr(peer.str, '\n') = '\0'; 956 } 957 r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok, 958 X509_verify_cert_error_string(v), peer.str); 959 DEBUG_MSG2("snprintf", r); 960 if (r == -1 || r >= sizeof infobuf) 961 r = sizeof infobuf - 1; 962 write(*info_fd, infobuf, r); 963 close(*info_fd); 964 *info_fd = -1; 965 } 966} 967 968/* tls_proxy expects that all fds are closed after return */ 969static void 970tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p) 971{ 972 struct tunnelbuf clear_to_tls, tls_to_clear; 973 SSL *ssl; 974 BIO *rbio, *wbio; 975 int closed, in_handshake; 976 const char *err_pref_1 = "", *err_pref_2 = ""; 977 const char *err_def = NULL; 978 979 assert(clear_fd != -1); 980 assert(tls_fd != -1); 981 assert(clear_fd < FD_SETSIZE); 982 assert(tls_fd < FD_SETSIZE); 983 /* info_fd may be -1 */ 984 assert(ctx != NULL); 985 986 tls_rand_seed_uniquely(); 987 988 tls_socket_nonblocking(clear_fd); 989 DEBUG_MSG2("clear_fd", clear_fd); 990 tls_socket_nonblocking(tls_fd); 991 DEBUG_MSG2("tls_fd", tls_fd); 992 993 ssl = SSL_new(ctx); 994 if (ssl == NULL) 995 goto err; 996 DEBUG_MSG("SSL_new"); 997 if (!SSL_set_fd(ssl, tls_fd)) 998 goto err; 999 rbio = SSL_get_rbio(ssl); 1000 wbio = SSL_get_wbio(ssl); /* should be the same, but who cares */ 1001 assert(rbio != NULL); 1002 assert(wbio != NULL); 1003 if (client_p) 1004 SSL_set_connect_state(ssl); 1005 else 1006 SSL_set_accept_state(ssl); 1007 1008 closed = 0; 1009 in_handshake = 1; 1010 tls_to_clear.len = 0; 1011 tls_to_clear.offset = 0; 1012 clear_to_tls.len = 0; 1013 clear_to_tls.offset = 0; 1014 1015 err_def = "I/O error"; 1016 1017 /* 1018 * loop finishes as soon as we detect that one side closed; when all 1019 * (program and OS) buffers have enough space, the data from the last 1020 * succesful read in each direction is transferred before close 1021 */ 1022 do { 1023 int clear_read_select = 0, clear_write_select = 0, 1024 tls_read_select = 0, tls_write_select = 0, progress = 0; 1025 int r; 1026 unsigned long num_read = BIO_number_read(rbio), 1027 num_written = BIO_number_written(wbio); 1028 1029 DEBUG_MSG2("loop iteration", ++tls_loop_count); 1030 1031 if (in_handshake) { 1032 DEBUG_MSG("in_handshake"); 1033 if (client_p) 1034 r = tls_connect_attempt(ssl, &tls_write_select, 1035 &tls_read_select, &closed, &progress, 1036 &err_pref_1); 1037 else 1038 r = tls_accept_attempt(ssl, &tls_write_select, 1039 &tls_read_select, &closed, &progress, 1040 &err_pref_1); 1041 if (r != 0) { 1042 write_info(ssl, &info_fd); 1043 goto err; 1044 } 1045 if (closed) 1046 goto err_return; 1047 if (!SSL_in_init(ssl)) { 1048 in_handshake = 0; 1049 write_info(ssl, &info_fd); 1050 } 1051 } 1052 1053 if (clear_to_tls.len != 0 && !in_handshake) { 1054 assert(!closed); 1055 1056 r = tls_write_attempt(ssl, &clear_to_tls, &tls_write_select, 1057 &tls_read_select, &closed, &progress, 1058 &err_pref_1); 1059 if (r != 0) 1060 goto err; 1061 if (closed) { 1062 assert(progress); 1063 tls_to_clear.offset = 0; 1064 tls_to_clear.len = 0; 1065 } 1066 } 1067 1068 if (tls_to_clear.len != 0) { 1069 assert(!closed); 1070 1071 r = write_attempt(clear_fd, &tls_to_clear, &clear_write_select, 1072 &closed, &progress); 1073 if (r != 0) 1074 goto err_return; 1075 if (closed) { 1076 assert(progress); 1077 clear_to_tls.offset = 0; 1078 clear_to_tls.len = 0; 1079 } 1080 } 1081 1082 if (!closed) { 1083 if (clear_to_tls.offset + clear_to_tls.len < 1084 sizeof clear_to_tls.buf) { 1085 r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select, 1086 &closed, &progress); 1087 if (r != 0) 1088 goto err_return; 1089 if (closed) { 1090 r = SSL_shutdown(ssl); 1091 DEBUG_MSG2("SSL_shutdown", r); 1092 } 1093 } 1094 } 1095 1096 if (!closed && !in_handshake) { 1097 if (tls_to_clear.offset + tls_to_clear.len < 1098 sizeof tls_to_clear.buf) { 1099 r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select, 1100 &tls_read_select, &closed, &progress, 1101 &err_pref_1); 1102 if (r != 0) 1103 goto err; 1104 if (closed) { 1105 r = SSL_shutdown(ssl); 1106 DEBUG_MSG2("SSL_shutdown", r); 1107 } 1108 } 1109 } 1110 1111 if (!progress) { 1112 DEBUG_MSG("!progress?"); 1113 if (num_read != BIO_number_read(rbio) 1114 || num_written != BIO_number_written(wbio)) 1115 progress = 1; 1116 1117 if (!progress) { 1118 DEBUG_MSG("!progress"); 1119 assert(clear_read_select || tls_read_select 1120 || clear_write_select || tls_write_select); 1121 tls_sockets_select(clear_read_select ? clear_fd : -1, 1122 tls_read_select ? tls_fd : -1, 1123 clear_write_select ? clear_fd : -1, 1124 tls_write_select ? tls_fd : -1, -1); 1125 } 1126 } 1127 } while (!closed); 1128 return; 1129 1130 err: 1131 tls_openssl_errors(err_pref_1, err_pref_2, err_def, tls_child_apparg); 1132 err_return: 1133 return; 1134} 1135 1136static int 1137tls_get_error(SSL *ssl, int r, int *write_select, int *read_select, 1138 int *closed, int *progress) 1139{ 1140 int err = SSL_get_error(ssl, r); 1141 1142 if (err == SSL_ERROR_NONE) { 1143 assert(r > 0); 1144 *progress = 1; 1145 return 0; 1146 } 1147 1148 assert(r <= 0); 1149 1150 switch (err) { 1151 case SSL_ERROR_ZERO_RETURN: 1152 assert(r == 0); 1153 *closed = 1; 1154 *progress = 1; 1155 return 0; 1156 1157 case SSL_ERROR_WANT_WRITE: 1158 *write_select = 1; 1159 return 0; 1160 1161 case SSL_ERROR_WANT_READ: 1162 *read_select = 1; 1163 return 0; 1164 } 1165 1166 return -1; 1167} 1168 1169static int 1170tls_connect_attempt(SSL *ssl, int *write_select, int *read_select, 1171 int *closed, int *progress, const char **err_pref) 1172{ 1173 int n, r; 1174 1175 DEBUG_MSG("tls_connect_attempt"); 1176 n = SSL_connect(ssl); 1177 DEBUG_MSG2("SSL_connect", n); 1178 r = tls_get_error(ssl, n, write_select, read_select, closed, progress); 1179 if (r == -1) 1180 *err_pref = " during SSL_connect"; 1181 return r; 1182} 1183 1184static int 1185tls_accept_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, 1186 int *progress, const char **err_pref) 1187{ 1188 int n, r; 1189 1190 DEBUG_MSG("tls_accept_attempt"); 1191 n = SSL_accept(ssl); 1192 DEBUG_MSG2("SSL_accept", n); 1193 r = tls_get_error(ssl, n, write_select, read_select, closed, progress); 1194 if (r == -1) 1195 *err_pref = " during SSL_accept"; 1196 return r; 1197} 1198 1199static int 1200tls_write_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, 1201 int *read_select, int *closed, int *progress, 1202 const char **err_pref) 1203{ 1204 int n, r; 1205 1206 DEBUG_MSG("tls_write_attempt"); 1207 n = SSL_write(ssl, buf->buf + buf->offset, buf->len); 1208 DEBUG_MSG2("SSL_write", n); 1209 r = tls_get_error(ssl, n, write_select, read_select, closed, progress); 1210 if (n > 0) { 1211 buf->len -= n; 1212 assert(buf->len >= 0); 1213 if (buf->len == 0) 1214 buf->offset = 0; 1215 else 1216 buf->offset += n; 1217 } 1218 if (r == -1) 1219 *err_pref = " during SSL_write"; 1220 return r; 1221} 1222 1223static int 1224tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, 1225 int *read_select, int *closed, int *progress, 1226 const char **err_pref) 1227{ 1228 int n, r; 1229 size_t total; 1230 1231 DEBUG_MSG("tls_read_attempt"); 1232 total = buf->offset + buf->len; 1233 assert(total < sizeof buf->buf); 1234 n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total); 1235 DEBUG_MSG2("SSL_read", n); 1236 r = tls_get_error(ssl, n, write_select, read_select, closed, progress); 1237 if (n > 0) { 1238 buf->len += n; 1239 assert(buf->offset + buf->len <= sizeof buf->buf); 1240 } 1241 if (r == -1) 1242 *err_pref = " during SSL_read"; 1243 return r; 1244} 1245 1246static int get_error(int r, int *select, int *closed, int *progress) 1247{ 1248 if (r >= 0) { 1249 *progress = 1; 1250 if (r == 0) 1251 *closed = 1; 1252 return 0; 1253 } else { 1254 assert(r == -1); 1255 if (errno == EAGAIN || errno == EWOULDBLOCK) { 1256 *select = 1; 1257 return 0; 1258 } else if (errno == EPIPE) { 1259 *progress = 1; 1260 *closed = 1; 1261 return 0; 1262 } else 1263 return -1; 1264 } 1265} 1266 1267static int write_attempt(int fd, struct tunnelbuf *buf, int *select, 1268 int *closed, int *progress) 1269{ 1270 int n, r; 1271 1272 DEBUG_MSG("write_attempt"); 1273 n = write(fd, buf->buf + buf->offset, buf->len); 1274 DEBUG_MSG2("write", n); 1275 r = get_error(n, select, closed, progress); 1276 if (n > 0) { 1277 buf->len -= n; 1278 assert(buf->len >= 0); 1279 if (buf->len == 0) 1280 buf->offset = 0; 1281 else 1282 buf->offset += n; 1283 } 1284 if (r == -1) 1285 tls_errprintf(1, tls_child_apparg, "write error: %s\n", 1286 strerror(errno)); 1287 return r; 1288} 1289 1290static int 1291read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, 1292 int *progress) 1293{ 1294 int n, r; 1295 size_t total; 1296 1297 DEBUG_MSG("read_attempt"); 1298 total = buf->offset + buf->len; 1299 assert(total < sizeof buf->buf); 1300 n = read(fd, buf->buf + total, (sizeof buf->buf) - total); 1301 DEBUG_MSG2("read", n); 1302 r = get_error(n, select, closed, progress); 1303 if (n > 0) { 1304 buf->len += n; 1305 assert(buf->offset + buf->len <= sizeof buf->buf); 1306 } 1307 if (r == -1) 1308 tls_errprintf(1, tls_child_apparg, "read error: %s\n", 1309 strerror(errno)); 1310 return r; 1311} 1312