easy-tls.c revision 296465
1/* -*- Mode: C; c-file-style: "bsd" -*- */ 2/*- 3 * easy-tls.c -- generic TLS proxy. 4 * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $ 5 */ 6/*- 7 (c) Copyright 1999 Bodo Moeller. All rights reserved. 8 9 This is free software; you can redistributed and/or modify it 10 unter the terms of either 11 - the GNU General Public License as published by the 12 Free Software Foundation, version 1, or (at your option) 13 any later version, 14 or 15 - the following license: 16*/ 17/*- 18 * Redistribution and use in source and binary forms, with or without 19 * modification, are permitted provided that each of the following 20 * conditions is met: 21 * 22 * 1. Redistributions qualify as "freeware" or "Open Source Software" under 23 * one of the following terms: 24 * 25 * (a) Redistributions are made at no charge beyond the reasonable cost of 26 * materials and delivery. 27 * 28 * (b) Redistributions are accompanied by a copy of the Source Code 29 * or by an irrevocable offer to provide a copy of the Source Code 30 * for up to three years at the cost of materials and delivery. 31 * Such redistributions must allow further use, modification, and 32 * redistribution of the Source Code under substantially the same 33 * terms as this license. 34 * 35 * 2. Redistributions of source code must retain the above copyright 36 * notice, this list of conditions and the following disclaimer. 37 * 38 * 3. Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in 40 * the documentation and/or other materials provided with the 41 * distribution. 42 * 43 * 4. All advertising materials mentioning features or use of this 44 * software must display the following acknowledgment: 45 * "This product includes software developed by Bodo Moeller." 46 * (If available, substitute umlauted o for oe.) 47 * 48 * 5. Redistributions of any form whatsoever must retain the following 49 * acknowledgment: 50 * "This product includes software developed by Bodo Moeller." 51 * 52 * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY 53 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 54 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 55 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BODO MOELLER OR 56 * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 57 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 58 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 59 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 61 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 62 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 63 * OF THE POSSIBILITY OF SUCH DAMAGE. 64 */ 65/*- 66 * Attribution for OpenSSL library: 67 * 68 * This product includes cryptographic software written by Eric Young 69 * (eay@cryptsoft.com). This product includes software written by Tim 70 * Hudson (tjh@cryptsoft.com). 71 * This product includes software developed by the OpenSSL Project 72 * for use in the OpenSSL Toolkit. (http://www.openssl.org/) 73 */ 74 75static char const rcsid[] = 76 "$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $"; 77 78#include <assert.h> 79#include <errno.h> 80#include <fcntl.h> 81#include <limits.h> 82#include <stdarg.h> 83#include <stdio.h> 84#include <string.h> 85#include <sys/select.h> 86#include <sys/socket.h> 87#include <sys/stat.h> 88#include <sys/time.h> 89#include <sys/types.h> 90#include <sys/utsname.h> 91#include <unistd.h> 92 93#include <openssl/crypto.h> 94#include <openssl/dh.h> 95#include <openssl/dsa.h> 96#include <openssl/err.h> 97#include <openssl/evp.h> 98#include <openssl/opensslv.h> 99#include <openssl/pem.h> 100#include <openssl/rand.h> 101#ifndef NO_RSA 102# include <openssl/rsa.h> 103#endif 104#include <openssl/ssl.h> 105#include <openssl/x509.h> 106#include <openssl/x509_vfy.h> 107 108#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */ 109# error "This program needs OpenSSL 0.9.4 or later." 110#endif 111 112#include "easy-tls.h" /* include after <openssl/ssl.h> if both are 113 * needed */ 114 115#if TLS_INFO_SIZE > PIPE_BUF 116# if PIPE_BUF < 512 117# error "PIPE_BUF < 512" /* non-POSIX */ 118# endif 119# error "TLS_INFO_SIZE > PIPE_BUF" 120#endif 121 122/*****************************************************************************/ 123 124#ifdef TLS_APP 125# include TLS_APP 126#endif 127 128/*- 129 * Applications can define: 130 * TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg) 131 * TLS_CUMULATE_ERRORS 132 * TLS_ERROR_BUFSIZ 133 * TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg) 134 */ 135 136#ifndef TLS_APP_PROCESS_INIT 137# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0) 138#endif 139 140#ifndef TLS_ERROR_BUFSIZ 141# define TLS_ERROR_BUFSIZ (10*160) 142#endif 143#if TLS_ERROR_BUFSIZ < 2 /* {'\n',0} */ 144# error "TLS_ERROR_BUFSIZE is too small." 145#endif 146 147#ifndef TLS_APP_ERRFLUSH 148# define TLS_APP_ERRFLUSH tls_app_errflush 149static void 150tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg) 151{ 152 fputs(errbuf, stderr); 153} 154#endif 155 156/*****************************************************************************/ 157 158#ifdef DEBUG_TLS 159# define DEBUG_MSG(x) fprintf(stderr," %s\n",x) 160# define DEBUG_MSG2(x,y) fprintf(stderr, " %s: %d\n",x,y) 161static int tls_loop_count = 0; 162static int tls_select_count = 0; 163#else 164# define DEBUG_MSG(x) (void)0 165# define DEBUG_MSG2(x,y) (void)0 166#endif 167 168static void tls_rand_seed_uniquely(void); 169static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, 170 int client_p); 171static int tls_socket_nonblocking(int fd); 172 173static int tls_child_p = 0; 174static void *tls_child_apparg; 175 176struct tls_start_proxy_args tls_start_proxy_defaultargs(void) 177{ 178 struct tls_start_proxy_args ret; 179 180 ret.fd = -1; 181 ret.client_p = -1; 182 ret.ctx = NULL; 183 ret.pid = NULL; 184 ret.infofd = NULL; 185 186 return ret; 187} 188 189/*- 190 * Slice in TLS proxy process at fd. 191 * Return value: 192 * 0 ok (*pid is set to child's PID if pid != NULL), 193 * < 0 look at errno 194 * > 0 other error 195 * (return value encodes place of error) 196 * 197 */ 198int tls_start_proxy(struct tls_start_proxy_args a, void *apparg) 199{ 200 int fds[2] = { -1, -1 }; 201 int infofds[2] = { -1, -1 }; 202 int r, getfd, getfl; 203 int ret; 204 205 DEBUG_MSG2("tls_start_proxy fd", a.fd); 206 DEBUG_MSG2("tls_start_proxy client_p", a.client_p); 207 208 if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL) 209 return 1; 210 211 if (a.pid != NULL) { 212 *a.pid = 0; 213 } 214 if (a.infofd != NULL) { 215 *a.infofd = -1; 216 } 217 218 r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds); 219 if (r == -1) 220 return -1; 221 if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) { 222 ret = 2; 223 goto err; 224 } 225 if (a.infofd != NULL) { 226 r = pipe(infofds); 227 if (r == -1) { 228 ret = -3; 229 goto err; 230 } 231 } 232 233 r = fork(); 234 if (r == -1) { 235 ret = -4; 236 goto err; 237 } 238 if (r == 0) { 239 DEBUG_MSG("fork"); 240 tls_child_p = 1; 241 tls_child_apparg = apparg; 242 close(fds[1]); 243 if (infofds[0] != -1) 244 close(infofds[0]); 245 TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg); 246 DEBUG_MSG("TLS_APP_PROCESS_INIT"); 247 tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p); 248 exit(0); 249 } 250 if (a.pid != NULL) 251 *a.pid = r; 252 if (infofds[1] != -1) { 253 close(infofds[1]); 254 infofds[1] = -1; 255 } 256 /* install fds[1] in place of fd: */ 257 close(fds[0]); 258 fds[0] = -1; 259 getfd = fcntl(a.fd, F_GETFD); 260 getfl = fcntl(a.fd, F_GETFL); 261 r = dup2(fds[1], a.fd); 262 close(fds[1]); 263 fds[1] = -1; 264 if (r == -1) { 265 ret = -5; 266 goto err; 267 } 268 if (getfd != 1) 269 fcntl(a.fd, F_SETFD, getfd); 270 if (getfl & O_NONBLOCK) 271 (void)tls_socket_nonblocking(a.fd); 272 if (a.infofd != NULL) 273 *a.infofd = infofds[0]; 274 return 0; 275 276 err: 277 if (fds[0] != -1) 278 close(fds[0]); 279 if (fds[1] != -1) 280 close(fds[1]); 281 if (infofds[0] != -1) 282 close(infofds[0]); 283 if (infofds[1] != -1) 284 close(infofds[1]); 285 return ret; 286} 287 288/*****************************************************************************/ 289 290static char errbuf[TLS_ERROR_BUFSIZ]; 291static size_t errbuf_i = 0; 292 293static void tls_errflush(void *apparg) 294{ 295 if (errbuf_i == 0) 296 return; 297 298 assert(errbuf_i < sizeof errbuf); 299 assert(errbuf[errbuf_i] == 0); 300 if (errbuf_i == sizeof errbuf - 1) { 301 /* make sure we have a newline, even if string has been truncated */ 302 errbuf[errbuf_i - 1] = '\n'; 303 } 304 305 /* 306 * TLS_APP_ERRFLUSH may modify the string as needed, e.g. substitute 307 * other characters for \n for convenience 308 */ 309 TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg); 310 311 errbuf_i = 0; 312} 313 314static void tls_errprintf(int flush, void *apparg, const char *fmt, ...) 315{ 316 va_list args; 317 int r; 318 319 if (errbuf_i < sizeof errbuf - 1) { 320 size_t n; 321 322 va_start(args, fmt); 323 n = (sizeof errbuf) - errbuf_i; 324 r = vsnprintf(errbuf + errbuf_i, n, fmt, args); 325 if (r >= n) 326 r = n - 1; 327 if (r >= 0) { 328 errbuf_i += r; 329 } else { 330 errbuf_i = sizeof errbuf - 1; 331 errbuf[errbuf_i] = '\0'; 332 } 333 assert(errbuf_i < sizeof errbuf); 334 assert(errbuf[errbuf_i] == 0); 335 } 336#ifndef TLS_CUMULATE_ERRORS 337 tls_errflush(apparg); 338#else 339 if (flush) 340 tls_errflush(apparg); 341#endif 342} 343 344/* 345 * app_prefix.. are for additional information provided by caller. If OpenSSL 346 * error queue is empty, print default_text ("???" if NULL). 347 */ 348static char *tls_openssl_errors(const char *app_prefix_1, 349 const char *app_prefix_2, 350 const char *default_text, void *apparg) 351{ 352 static char reasons[255]; 353 size_t reasons_i; 354 unsigned long err; 355 const char *file; 356 int line; 357 const char *data; 358 int flags; 359 char *errstring; 360 int printed_something = 0; 361 362 reasons_i = 0; 363 364 assert(app_prefix_1 != NULL); 365 assert(app_prefix_2 != NULL); 366 367 if (default_text == NULL) 368 default_text = "?" "?" "?"; 369 370 while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { 371 if (reasons_i < sizeof reasons) { 372 size_t n; 373 int r; 374 375 n = (sizeof reasons) - reasons_i; 376 r = snprintf(reasons + reasons_i, n, "%s%s", 377 (reasons_i > 0 ? ", " : ""), 378 ERR_reason_error_string(err)); 379 if (r >= n) 380 r = n - 1; 381 if (r >= 0) { 382 reasons_i += r; 383 } else { 384 reasons_i = sizeof reasons; 385 } 386 assert(reasons_i <= sizeof reasons); 387 } 388 389 errstring = ERR_error_string(err, NULL); 390 assert(errstring != NULL); 391 tls_errprintf(0, apparg, "OpenSSL error%s%s: %s:%s:%d:%s\n", 392 app_prefix_1, app_prefix_2, errstring, file, line, 393 (flags & ERR_TXT_STRING) ? data : ""); 394 printed_something = 1; 395 } 396 397 if (!printed_something) { 398 assert(reasons_i == 0); 399 snprintf(reasons, sizeof reasons, "%s", default_text); 400 tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1, 401 app_prefix_2, default_text); 402 } 403#ifdef TLS_CUMULATE_ERRORS 404 tls_errflush(apparg); 405#endif 406 assert(errbuf_i == 0); 407 408 return reasons; 409} 410 411/*****************************************************************************/ 412 413static int tls_init_done = 0; 414 415static int tls_init(void *apparg) 416{ 417 if (tls_init_done) 418 return 0; 419 420 SSL_load_error_strings(); 421 if (!SSL_library_init() /* aka SSLeay_add_ssl_algorithms() */ ) { 422 tls_errprintf(1, apparg, "SSL_library_init failed.\n"); 423 return -1; 424 } 425 tls_init_done = 1; 426 tls_rand_seed(); 427 return 0; 428} 429 430/*****************************************************************************/ 431 432static void tls_rand_seed_uniquely(void) 433{ 434 struct { 435 pid_t pid; 436 time_t time; 437 void *stack; 438 } data; 439 440 data.pid = getpid(); 441 data.time = time(NULL); 442 data.stack = (void *)&data; 443 444 RAND_seed((const void *)&data, sizeof data); 445} 446 447void tls_rand_seed(void) 448{ 449 struct { 450 struct utsname uname; 451 int uname_1; 452 int uname_2; 453 uid_t uid; 454 uid_t euid; 455 gid_t gid; 456 gid_t egid; 457 } data; 458 459 data.uname_1 = uname(&data.uname); 460 data.uname_2 = errno; /* Let's hope that uname fails randomly :-) */ 461 462 data.uid = getuid(); 463 data.euid = geteuid(); 464 data.gid = getgid(); 465 data.egid = getegid(); 466 467 RAND_seed((const void *)&data, sizeof data); 468 tls_rand_seed_uniquely(); 469} 470 471static int tls_rand_seeded_p = 0; 472 473#define my_MIN_SEED_BYTES 256 /* struct stat can be larger than 128 */ 474int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg) 475{ 476 /* 477 * Seed OpenSSL's random number generator from file. Try to read n bytes 478 * if n > 0, whole file if n == 0. 479 */ 480 481 int r; 482 483 if (tls_init(apparg) == -1) 484 return -1; 485 tls_rand_seed(); 486 487 r = RAND_load_file(filename, 488 (n > 0 && n < LONG_MAX) ? (long)n : LONG_MAX); 489 /* 490 * r is the number of bytes filled into the random number generator, 491 * which are taken from "stat(filename, ...)" in addition to the file 492 * contents. 493 */ 494 assert(1 < my_MIN_SEED_BYTES); 495 /* 496 * We need to detect at least those cases when the file does not exist at 497 * all. With current versions of OpenSSL, this should do it: 498 */ 499 if (n == 0) 500 n = my_MIN_SEED_BYTES; 501 if (r < n) { 502 tls_errprintf(1, apparg, 503 "rand_seed_from_file: could not read %d bytes from %s.\n", 504 n, filename); 505 return -1; 506 } else { 507 tls_rand_seeded_p = 1; 508 return 0; 509 } 510} 511 512void tls_rand_seed_from_memory(const void *buf, size_t n) 513{ 514 size_t i = 0; 515 516 while (i < n) { 517 size_t rest = n - i; 518 int chunk = rest < INT_MAX ? (int)rest : INT_MAX; 519 RAND_seed((const char *)buf + i, chunk); 520 i += chunk; 521 } 522 tls_rand_seeded_p = 1; 523} 524 525/*****************************************************************************/ 526 527struct tls_x509_name_string { 528 char str[100]; 529}; 530 531static void 532tls_get_x509_subject_name_oneline(X509 *cert, 533 struct tls_x509_name_string *namestring) 534{ 535 X509_NAME *name; 536 537 if (cert == NULL) { 538 namestring->str[0] = '\0'; 539 return; 540 } 541 542 name = X509_get_subject_name(cert); /* does not increment any reference 543 * counter */ 544 545 assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */ 546 547 if (name == NULL) { 548 namestring->str[0] = '?'; 549 namestring->str[1] = 0; 550 } else { 551 size_t len; 552 553 X509_NAME_oneline(name, namestring->str, sizeof namestring->str); 554 len = strlen(namestring->str); 555 assert(namestring->str[len] == 0); 556 assert(len < sizeof namestring->str); 557 558 if (len + 1 == sizeof namestring->str) { 559 /* 560 * (Probably something was cut off.) Does not really work -- 561 * X509_NAME_oneline truncates after name components, we cannot 562 * tell from the result whether anything is missing. 563 */ 564 565 assert(namestring->str[len] == 0); 566 namestring->str[--len] = '.'; 567 namestring->str[--len] = '.'; 568 namestring->str[--len] = '.'; 569 } 570 } 571} 572 573/*****************************************************************************/ 574 575/* to hinder OpenSSL from asking for passphrases */ 576static int no_passphrase_callback(char *buf, int num, int w, void *arg) 577{ 578 return -1; 579} 580 581#if OPENSSL_VERSION_NUMBER >= 0x00907000L 582static int verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg) 583#else 584static int verify_dont_fail_cb(X509_STORE_CTX *c) 585#endif 586{ 587 int i; 588 589 i = X509_verify_cert(c); /* sets c->error */ 590#if OPENSSL_VERSION_NUMBER >= 0x00905000L /* don't allow unverified 591 * certificates -- they could 592 * survive session reuse, but 593 * OpenSSL < 0.9.5-dev does not 594 * preserve their verify_result */ 595 if (i == 0) 596 return 1; 597 else 598#endif 599 return i; 600} 601 602static DH *tls_dhe1024 = NULL; /* generating these takes a while, so do it 603 * just once */ 604 605void tls_set_dhe1024(int i, void *apparg) 606{ 607 DSA *dsaparams; 608 DH *dhparams; 609 const char *seed[] = { ";-) :-( :-) :-( ", 610 ";-) :-( :-) :-( ", 611 "Random String no. 12", 612 ";-) :-( :-) :-( ", 613 "hackers have even mo", /* from jargon file */ 614 }; 615 unsigned char seedbuf[20]; 616 617 tls_init(apparg); 618 if (i >= 0) { 619 i %= sizeof seed / sizeof seed[0]; 620 assert(strlen(seed[i]) == 20); 621 memcpy(seedbuf, seed[i], 20); 622 dsaparams = 623 DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL); 624 } else { 625 /* random parameters (may take a while) */ 626 dsaparams = 627 DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL); 628 } 629 630 if (dsaparams == NULL) { 631 tls_openssl_errors("", "", NULL, apparg); 632 return; 633 } 634 dhparams = DSA_dup_DH(dsaparams); 635 DSA_free(dsaparams); 636 if (dhparams == NULL) { 637 tls_openssl_errors("", "", NULL, apparg); 638 return; 639 } 640 if (tls_dhe1024 != NULL) 641 DH_free(tls_dhe1024); 642 tls_dhe1024 = dhparams; 643} 644 645struct tls_create_ctx_args tls_create_ctx_defaultargs(void) 646{ 647 struct tls_create_ctx_args ret; 648 649 ret.client_p = 0; 650 ret.certificate_file = NULL; 651 ret.key_file = NULL; 652 ret.ca_file = NULL; 653 ret.verify_depth = -1; 654 ret.fail_unless_verified = 0; 655 ret.export_p = 0; 656 657 return ret; 658} 659 660SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) 661{ 662 int r; 663 static long context_num = 0; 664 SSL_CTX *ret; 665 const char *err_pref_1 = "", *err_pref_2 = ""; 666 667 if (tls_init(apparg) == -1) 668 return NULL; 669 670 ret = 671 SSL_CTX_new((a.client_p ? SSLv23_client_method : 672 SSLv23_server_method) ()); 673 674 if (ret == NULL) 675 goto err; 676 677 SSL_CTX_set_default_passwd_cb(ret, no_passphrase_callback); 678 SSL_CTX_set_mode(ret, SSL_MODE_ENABLE_PARTIAL_WRITE); 679 680 if ((a.certificate_file != NULL) || (a.key_file != NULL)) { 681 if (a.key_file == NULL) { 682 tls_errprintf(1, apparg, "Need a key file.\n"); 683 goto err_return; 684 } 685 if (a.certificate_file == NULL) { 686 tls_errprintf(1, apparg, "Need a certificate chain file.\n"); 687 goto err_return; 688 } 689 690 if (!SSL_CTX_use_PrivateKey_file(ret, a.key_file, SSL_FILETYPE_PEM)) 691 goto err; 692 if (!tls_rand_seeded_p) { 693 /* 694 * particularly paranoid people may not like this -- so provide 695 * your own random seeding before calling this 696 */ 697 if (tls_rand_seed_from_file(a.key_file, 0, apparg) == -1) 698 goto err_return; 699 } 700 if (!SSL_CTX_use_certificate_chain_file(ret, a.certificate_file)) 701 goto err; 702 if (!SSL_CTX_check_private_key(ret)) { 703 tls_errprintf(1, apparg, 704 "Private key \"%s\" does not match certificate \"%s\".\n", 705 a.key_file, a.certificate_file); 706 goto err_peek; 707 } 708 } 709 710 if ((a.ca_file != NULL) || (a.verify_depth > 0)) { 711 context_num++; 712 r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num, 713 (unsigned int)sizeof context_num); 714 if (!r) 715 goto err; 716 717 SSL_CTX_set_verify(ret, 718 SSL_VERIFY_PEER | (a.fail_unless_verified ? 719 SSL_VERIFY_FAIL_IF_NO_PEER_CERT 720 : 0), 0); 721 if (!a.fail_unless_verified) 722 SSL_CTX_set_cert_verify_callback(ret, verify_dont_fail_cb, NULL); 723 724 if (a.verify_depth > 0) 725 SSL_CTX_set_verify_depth(ret, a.verify_depth); 726 727 if (a.ca_file != NULL) { 728 /* does not report failure if file does not exist ... */ 729 /* NULL argument means no CA-directory */ 730 r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL); 731 if (!r) { 732 err_pref_1 = " while processing certificate file "; 733 err_pref_2 = a.ca_file; 734 goto err; 735 } 736 737 if (!a.client_p) { 738 /* 739 * SSL_load_client_CA_file is a misnomer, it just creates a 740 * list of CNs. 741 */ 742 SSL_CTX_set_client_CA_list(ret, 743 SSL_load_client_CA_file 744 (a.ca_file)); 745 /* 746 * SSL_CTX_set_client_CA_list does not have a return value; 747 * it does not really need one, but make sure (we really test 748 * if SSL_load_client_CA_file worked) 749 */ 750 if (SSL_CTX_get_client_CA_list(ret) == NULL) { 751 tls_errprintf(1, apparg, 752 "Could not set client CA list from \"%s\".\n", 753 a.ca_file); 754 goto err_peek; 755 } 756 } 757 } 758 } 759 760 if (!a.client_p) { 761 if (tls_dhe1024 == NULL) { 762 int i; 763 764 RAND_bytes((unsigned char *)&i, sizeof i); 765 /* 766 * make sure that i is non-negative -- pick one of the provided 767 * seeds 768 */ 769 if (i < 0) 770 i = -i; 771 if (i < 0) 772 i = 0; 773 tls_set_dhe1024(i, apparg); 774 if (tls_dhe1024 == NULL) 775 goto err_return; 776 } 777 778 if (!SSL_CTX_set_tmp_dh(ret, tls_dhe1024)) 779 goto err; 780 781 /* avoid small subgroup attacks: */ 782 SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE); 783 } 784#ifndef NO_RSA 785 if (!a.client_p && a.export_p) { 786 RSA *tmpkey; 787 788 tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL); 789 if (tmpkey == NULL) 790 goto err; 791 if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) { 792 RSA_free(tmpkey); 793 goto err; 794 } 795 RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */ 796 } 797#endif 798 799 return ret; 800 801 err_peek: 802 if (!ERR_peek_error()) 803 goto err_return; 804 err: 805 tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg); 806 err_return: 807 if (ret != NULL) 808 SSL_CTX_free(ret); 809 return NULL; 810} 811 812/*****************************************************************************/ 813 814static int tls_socket_nonblocking(int fd) 815{ 816 int v, r; 817 818 v = fcntl(fd, F_GETFL, 0); 819 if (v == -1) { 820 if (errno == EINVAL) 821 return 0; /* already shut down -- ignore */ 822 return -1; 823 } 824 r = fcntl(fd, F_SETFL, v | O_NONBLOCK); 825 if (r == -1) { 826 if (errno == EINVAL) 827 return 0; /* already shut down -- ignore */ 828 return -1; 829 } 830 return 0; 831} 832 833static int max(int a, int b) 834{ 835 return a > b ? a : b; 836} 837 838/* timeout, -1 means no timeout */ 839static void 840tls_sockets_select(int read_select_1, int read_select_2, int write_select_1, 841 int write_select_2, int seconds) 842{ 843 int maxfd, n; 844 fd_set reads, writes; 845 struct timeval timeout; 846 struct timeval *timeout_p; 847 848 assert(read_select_1 >= -1 && read_select_2 >= -1 && write_select_1 >= -1 849 && write_select_2 >= -1); 850 assert(read_select_1 < FD_SETSIZE && read_select_2 < FD_SETSIZE - 1 851 && write_select_1 < FD_SETSIZE - 1 852 && write_select_2 < FD_SETSIZE - 1); 853 854 maxfd = 855 max(max(read_select_1, read_select_2), 856 max(write_select_1, write_select_2)); 857 assert(maxfd >= 0); 858 859 FD_ZERO(&reads); 860 FD_ZERO(&writes); 861 862 for (n = 0; n < 4; ++n) { 863 int i = n % 2; 864 int w = n >= 2; 865 /* loop over all (i, w) in {0,1}x{0,1} */ 866 int fd; 867 868 if (i == 0 && w == 0) 869 fd = read_select_1; 870 else if (i == 1 && w == 0) 871 fd = read_select_2; 872 else if (i == 0 && w == 1) 873 fd = write_select_1; 874 else { 875 assert(i == 1 && w == 1); 876 fd = write_select_2; 877 } 878 879 if (fd >= 0) { 880 if (w == 0) 881 FD_SET(fd, &reads); 882 else /* w == 1 */ 883 FD_SET(fd, &writes); 884 } 885 } 886 887 if (seconds >= 0) { 888 timeout.tv_sec = seconds; 889 timeout.tv_usec = 0; 890 timeout_p = &timeout; 891 } else 892 timeout_p = NULL; 893 894 DEBUG_MSG2("select no.", ++tls_select_count); 895 select(maxfd + 1, &reads, &writes, (fd_set *) NULL, timeout_p); 896 DEBUG_MSG("cont."); 897} 898 899/*****************************************************************************/ 900 901#define TUNNELBUFSIZE (16*1024) 902struct tunnelbuf { 903 char buf[TUNNELBUFSIZE]; 904 size_t len; 905 size_t offset; 906}; 907 908static int tls_connect_attempt(SSL *, int *write_select, int *read_select, 909 int *closed, int *progress, 910 const char **err_pref); 911 912static int tls_accept_attempt(SSL *, int *write_select, int *read_select, 913 int *closed, int *progress, 914 const char **err_pref); 915 916static int tls_write_attempt(SSL *, struct tunnelbuf *, int *write_select, 917 int *read_select, int *closed, int *progress, 918 const char **err_pref); 919 920static int tls_read_attempt(SSL *, struct tunnelbuf *, int *write_select, 921 int *read_select, int *closed, int *progress, 922 const char **err_pref); 923 924static int write_attempt(int fd, struct tunnelbuf *, int *select, int *closed, 925 int *progress); 926 927static int read_attempt(int fd, struct tunnelbuf *, int *select, int *closed, 928 int *progress); 929 930static void write_info(SSL *ssl, int *info_fd) 931{ 932 if (*info_fd != -1) { 933 long v; 934 int v_ok; 935 struct tls_x509_name_string peer; 936 char infobuf[TLS_INFO_SIZE]; 937 int r; 938 939 DEBUG_MSG("write_info"); 940 v = SSL_get_verify_result(ssl); 941 v_ok = (v == X509_V_OK) ? 'A' : 'E'; /* Auth./Error */ 942 { 943 X509 *peercert; 944 945 peercert = SSL_get_peer_certificate(ssl); 946 tls_get_x509_subject_name_oneline(peercert, &peer); 947 if (peercert != NULL) 948 X509_free(peercert); 949 } 950 if (peer.str[0] == '\0') 951 v_ok = '0'; /* no cert at all */ 952 else if (strchr(peer.str, '\n')) { 953 /* should not happen, but make sure */ 954 *strchr(peer.str, '\n') = '\0'; 955 } 956 r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok, 957 X509_verify_cert_error_string(v), peer.str); 958 DEBUG_MSG2("snprintf", r); 959 if (r == -1 || r >= sizeof infobuf) 960 r = sizeof infobuf - 1; 961 write(*info_fd, infobuf, r); 962 close(*info_fd); 963 *info_fd = -1; 964 } 965} 966 967/* tls_proxy expects that all fds are closed after return */ 968static void 969tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p) 970{ 971 struct tunnelbuf clear_to_tls, tls_to_clear; 972 SSL *ssl; 973 BIO *rbio, *wbio; 974 int closed, in_handshake; 975 const char *err_pref_1 = "", *err_pref_2 = ""; 976 const char *err_def = NULL; 977 978 assert(clear_fd != -1); 979 assert(tls_fd != -1); 980 assert(clear_fd < FD_SETSIZE); 981 assert(tls_fd < FD_SETSIZE); 982 /* info_fd may be -1 */ 983 assert(ctx != NULL); 984 985 tls_rand_seed_uniquely(); 986 987 tls_socket_nonblocking(clear_fd); 988 DEBUG_MSG2("clear_fd", clear_fd); 989 tls_socket_nonblocking(tls_fd); 990 DEBUG_MSG2("tls_fd", tls_fd); 991 992 ssl = SSL_new(ctx); 993 if (ssl == NULL) 994 goto err; 995 DEBUG_MSG("SSL_new"); 996 if (!SSL_set_fd(ssl, tls_fd)) 997 goto err; 998 rbio = SSL_get_rbio(ssl); 999 wbio = SSL_get_wbio(ssl); /* should be the same, but who cares */ 1000 assert(rbio != NULL); 1001 assert(wbio != NULL); 1002 if (client_p) 1003 SSL_set_connect_state(ssl); 1004 else 1005 SSL_set_accept_state(ssl); 1006 1007 closed = 0; 1008 in_handshake = 1; 1009 tls_to_clear.len = 0; 1010 tls_to_clear.offset = 0; 1011 clear_to_tls.len = 0; 1012 clear_to_tls.offset = 0; 1013 1014 err_def = "I/O error"; 1015 1016 /* 1017 * loop finishes as soon as we detect that one side closed; when all 1018 * (program and OS) buffers have enough space, the data from the last 1019 * succesful read in each direction is transferred before close 1020 */ 1021 do { 1022 int clear_read_select = 0, clear_write_select = 0, 1023 tls_read_select = 0, tls_write_select = 0, progress = 0; 1024 int r; 1025 unsigned long num_read = BIO_number_read(rbio), 1026 num_written = BIO_number_written(wbio); 1027 1028 DEBUG_MSG2("loop iteration", ++tls_loop_count); 1029 1030 if (in_handshake) { 1031 DEBUG_MSG("in_handshake"); 1032 if (client_p) 1033 r = tls_connect_attempt(ssl, &tls_write_select, 1034 &tls_read_select, &closed, &progress, 1035 &err_pref_1); 1036 else 1037 r = tls_accept_attempt(ssl, &tls_write_select, 1038 &tls_read_select, &closed, &progress, 1039 &err_pref_1); 1040 if (r != 0) { 1041 write_info(ssl, &info_fd); 1042 goto err; 1043 } 1044 if (closed) 1045 goto err_return; 1046 if (!SSL_in_init(ssl)) { 1047 in_handshake = 0; 1048 write_info(ssl, &info_fd); 1049 } 1050 } 1051 1052 if (clear_to_tls.len != 0 && !in_handshake) { 1053 assert(!closed); 1054 1055 r = tls_write_attempt(ssl, &clear_to_tls, &tls_write_select, 1056 &tls_read_select, &closed, &progress, 1057 &err_pref_1); 1058 if (r != 0) 1059 goto err; 1060 if (closed) { 1061 assert(progress); 1062 tls_to_clear.offset = 0; 1063 tls_to_clear.len = 0; 1064 } 1065 } 1066 1067 if (tls_to_clear.len != 0) { 1068 assert(!closed); 1069 1070 r = write_attempt(clear_fd, &tls_to_clear, &clear_write_select, 1071 &closed, &progress); 1072 if (r != 0) 1073 goto err_return; 1074 if (closed) { 1075 assert(progress); 1076 clear_to_tls.offset = 0; 1077 clear_to_tls.len = 0; 1078 } 1079 } 1080 1081 if (!closed) { 1082 if (clear_to_tls.offset + clear_to_tls.len < 1083 sizeof clear_to_tls.buf) { 1084 r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select, 1085 &closed, &progress); 1086 if (r != 0) 1087 goto err_return; 1088 if (closed) { 1089 r = SSL_shutdown(ssl); 1090 DEBUG_MSG2("SSL_shutdown", r); 1091 } 1092 } 1093 } 1094 1095 if (!closed && !in_handshake) { 1096 if (tls_to_clear.offset + tls_to_clear.len < 1097 sizeof tls_to_clear.buf) { 1098 r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select, 1099 &tls_read_select, &closed, &progress, 1100 &err_pref_1); 1101 if (r != 0) 1102 goto err; 1103 if (closed) { 1104 r = SSL_shutdown(ssl); 1105 DEBUG_MSG2("SSL_shutdown", r); 1106 } 1107 } 1108 } 1109 1110 if (!progress) { 1111 DEBUG_MSG("!progress?"); 1112 if (num_read != BIO_number_read(rbio) 1113 || num_written != BIO_number_written(wbio)) 1114 progress = 1; 1115 1116 if (!progress) { 1117 DEBUG_MSG("!progress"); 1118 assert(clear_read_select || tls_read_select 1119 || clear_write_select || tls_write_select); 1120 tls_sockets_select(clear_read_select ? clear_fd : -1, 1121 tls_read_select ? tls_fd : -1, 1122 clear_write_select ? clear_fd : -1, 1123 tls_write_select ? tls_fd : -1, -1); 1124 } 1125 } 1126 } while (!closed); 1127 return; 1128 1129 err: 1130 tls_openssl_errors(err_pref_1, err_pref_2, err_def, tls_child_apparg); 1131 err_return: 1132 return; 1133} 1134 1135static int 1136tls_get_error(SSL *ssl, int r, int *write_select, int *read_select, 1137 int *closed, int *progress) 1138{ 1139 int err = SSL_get_error(ssl, r); 1140 1141 if (err == SSL_ERROR_NONE) { 1142 assert(r > 0); 1143 *progress = 1; 1144 return 0; 1145 } 1146 1147 assert(r <= 0); 1148 1149 switch (err) { 1150 case SSL_ERROR_ZERO_RETURN: 1151 assert(r == 0); 1152 *closed = 1; 1153 *progress = 1; 1154 return 0; 1155 1156 case SSL_ERROR_WANT_WRITE: 1157 *write_select = 1; 1158 return 0; 1159 1160 case SSL_ERROR_WANT_READ: 1161 *read_select = 1; 1162 return 0; 1163 } 1164 1165 return -1; 1166} 1167 1168static int 1169tls_connect_attempt(SSL *ssl, int *write_select, int *read_select, 1170 int *closed, int *progress, const char **err_pref) 1171{ 1172 int n, r; 1173 1174 DEBUG_MSG("tls_connect_attempt"); 1175 n = SSL_connect(ssl); 1176 DEBUG_MSG2("SSL_connect", n); 1177 r = tls_get_error(ssl, n, write_select, read_select, closed, progress); 1178 if (r == -1) 1179 *err_pref = " during SSL_connect"; 1180 return r; 1181} 1182 1183static int 1184tls_accept_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, 1185 int *progress, const char **err_pref) 1186{ 1187 int n, r; 1188 1189 DEBUG_MSG("tls_accept_attempt"); 1190 n = SSL_accept(ssl); 1191 DEBUG_MSG2("SSL_accept", n); 1192 r = tls_get_error(ssl, n, write_select, read_select, closed, progress); 1193 if (r == -1) 1194 *err_pref = " during SSL_accept"; 1195 return r; 1196} 1197 1198static int 1199tls_write_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, 1200 int *read_select, int *closed, int *progress, 1201 const char **err_pref) 1202{ 1203 int n, r; 1204 1205 DEBUG_MSG("tls_write_attempt"); 1206 n = SSL_write(ssl, buf->buf + buf->offset, buf->len); 1207 DEBUG_MSG2("SSL_write", n); 1208 r = tls_get_error(ssl, n, write_select, read_select, closed, progress); 1209 if (n > 0) { 1210 buf->len -= n; 1211 assert(buf->len >= 0); 1212 if (buf->len == 0) 1213 buf->offset = 0; 1214 else 1215 buf->offset += n; 1216 } 1217 if (r == -1) 1218 *err_pref = " during SSL_write"; 1219 return r; 1220} 1221 1222static int 1223tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, 1224 int *read_select, int *closed, int *progress, 1225 const char **err_pref) 1226{ 1227 int n, r; 1228 size_t total; 1229 1230 DEBUG_MSG("tls_read_attempt"); 1231 total = buf->offset + buf->len; 1232 assert(total < sizeof buf->buf); 1233 n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total); 1234 DEBUG_MSG2("SSL_read", n); 1235 r = tls_get_error(ssl, n, write_select, read_select, closed, progress); 1236 if (n > 0) { 1237 buf->len += n; 1238 assert(buf->offset + buf->len <= sizeof buf->buf); 1239 } 1240 if (r == -1) 1241 *err_pref = " during SSL_read"; 1242 return r; 1243} 1244 1245static int get_error(int r, int *select, int *closed, int *progress) 1246{ 1247 if (r >= 0) { 1248 *progress = 1; 1249 if (r == 0) 1250 *closed = 1; 1251 return 0; 1252 } else { 1253 assert(r == -1); 1254 if (errno == EAGAIN || errno == EWOULDBLOCK) { 1255 *select = 1; 1256 return 0; 1257 } else if (errno == EPIPE) { 1258 *progress = 1; 1259 *closed = 1; 1260 return 0; 1261 } else 1262 return -1; 1263 } 1264} 1265 1266static int write_attempt(int fd, struct tunnelbuf *buf, int *select, 1267 int *closed, int *progress) 1268{ 1269 int n, r; 1270 1271 DEBUG_MSG("write_attempt"); 1272 n = write(fd, buf->buf + buf->offset, buf->len); 1273 DEBUG_MSG2("write", n); 1274 r = get_error(n, select, closed, progress); 1275 if (n > 0) { 1276 buf->len -= n; 1277 assert(buf->len >= 0); 1278 if (buf->len == 0) 1279 buf->offset = 0; 1280 else 1281 buf->offset += n; 1282 } 1283 if (r == -1) 1284 tls_errprintf(1, tls_child_apparg, "write error: %s\n", 1285 strerror(errno)); 1286 return r; 1287} 1288 1289static int 1290read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, 1291 int *progress) 1292{ 1293 int n, r; 1294 size_t total; 1295 1296 DEBUG_MSG("read_attempt"); 1297 total = buf->offset + buf->len; 1298 assert(total < sizeof buf->buf); 1299 n = read(fd, buf->buf + total, (sizeof buf->buf) - total); 1300 DEBUG_MSG2("read", n); 1301 r = get_error(n, select, closed, progress); 1302 if (n > 0) { 1303 buf->len += n; 1304 assert(buf->offset + buf->len <= sizeof buf->buf); 1305 } 1306 if (r == -1) 1307 tls_errprintf(1, tls_child_apparg, "read error: %s\n", 1308 strerror(errno)); 1309 return r; 1310} 1311