citadel/serv_crypto.c

   1 /* $Id$ */
   2
   3 #include <string.h>
   4 #include <unistd.h>
   5 #include <sys/types.h>
   6 #include "sysdep.h"
   7
   8 #ifdef HAVE_OPENSSL
   9 #include <openssl/ssl.h>
  10 #include <openssl/err.h>
  11 #include <openssl/rand.h>
  12 #endif
  13
  14 #if TIME_WITH_SYS_TIME
  15 # include <sys/time.h>
  16 # include <time.h>
  17 #else
  18 # if HAVE_SYS_TIME_H
  19 #  include <sys/time.h>
  20 # else
  21 #  include <time.h>
  22 # endif
  23 #endif
  24
  25 #ifdef HAVE_PTHREAD_H
  26 #include <pthread.h>
  27 #endif
  28
  29 #ifdef HAVE_SYS_SELECT_H
  30 #include <sys/select.h>
  31 #endif
  32
  33 #include <stdio.h>
  34 #include "server.h"
  35 #include "serv_crypto.h"
  36 #include "sysdep_decls.h"
  37 #include "serv_extensions.h"
  38
  39
  40 #ifdef HAVE_OPENSSL
  41 SSL_CTX *ssl_ctx;                               /* SSL context */
  42 pthread_mutex_t **SSLCritters;                  /* Things needing locking */
  43
  44 static unsigned long id_callback(void) {
  45         return (unsigned long)pthread_self();
  46 }
  47
  48 void init_ssl(void)
  49 {
  50         SSL_METHOD *ssl_method;
  51         DH *dh;
  52
  53         if (!access("/var/run/egd-pool", F_OK))
  54                 RAND_egd("/var/run/egd-pool");
  55
  56         if (!RAND_status()) {
  57                 lprintf(2, "PRNG not adequately seeded, won't do SSL/TLS\n");
  58                 return;
  59         }
  60         SSLCritters = mallok(CRYPTO_num_locks() * sizeof (pthread_mutex_t *));
  61         if (!SSLCritters) {
  62                 lprintf(1, "citserver: can't allocate memory!!\n");
  63                 /* Nothing's been initialized, just die */
  64                 exit(1);
  65         } else {
  66                 int a;
  67
  68                 for (a=0; a<CRYPTO_num_locks(); a++) {
  69                         SSLCritters[a] = mallok(sizeof (pthread_mutex_t));
  70                         if (!SSLCritters[a]) {
  71                                 lprintf(1, "citserver: can't allocate memory!!\n");
  72                                 /* Nothing's been initialized, just die */
  73                                 exit(1);
  74                         }
  75                         pthread_mutex_init(SSLCritters[a], NULL);
  76                 }
  77         }
  78
  79         /*
  80          * Initialize SSL transport layer
  81          */
  82         SSL_library_init();
  83         SSL_load_error_strings();
  84         ssl_method = SSLv23_server_method();
  85         if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
  86                 lprintf(2, "SSL_CTX_new failed: %s\n",
  87                                 ERR_reason_error_string(ERR_get_error()));
  88                 return;
  89         }
  90         if (!(SSL_CTX_set_cipher_list(ssl_ctx, CIT_CIPHERS))) {
  91                 lprintf(2, "SSL: No ciphers available\n");
  92                 SSL_CTX_free(ssl_ctx);
  93                 ssl_ctx = NULL;
  94                 return;
  95         }
  96 #if 0
  97 #if SSLEAY_VERSION_NUMBER >= 0x00906000L
  98         SSL_CTX_set_mode(ssl_ctx, SSL_CTX_get_mode(ssl_ctx) |
  99                         SSL_MODE_AUTO_RETRY);
 100 #endif
 101 #endif
 102         CRYPTO_set_locking_callback(ssl_lock);
 103         CRYPTO_set_id_callback(id_callback);
 104
 105         /* Load DH parameters into the context */
 106         dh = DH_new();
 107         if (!dh) {
 108                 lprintf(2, "init_ssl() can't allocate a DH object: %s\n",
 109                                 ERR_reason_error_string(ERR_get_error()));
 110                 SSL_CTX_free(ssl_ctx);
 111                 ssl_ctx = NULL;
 112                 return;
 113         }
 114         if (!(BN_hex2bn(&(dh->p), DH_P))) {
 115                 lprintf(2, "init_ssl() can't assign DH_P: %s\n",
 116                                 ERR_reason_error_string(ERR_get_error()));
 117                 SSL_CTX_free(ssl_ctx);
 118                 ssl_ctx = NULL;
 119                 return;
 120         }
 121         if (!(BN_hex2bn(&(dh->g), DH_G))) {
 122                 lprintf(2, "init_ssl() can't assign DH_G: %s\n",
 123                                 ERR_reason_error_string(ERR_get_error()));
 124                 SSL_CTX_free(ssl_ctx);
 125                 ssl_ctx = NULL;
 126                 return;
 127         }
 128         dh->length = DH_L;
 129         SSL_CTX_set_tmp_dh(ssl_ctx, dh);
 130         DH_free(dh);
 131
 132         /* Finally let the server know we're here */
 133         CtdlRegisterProtoHook(cmd_stls, "STLS", "Start SSL/TLS session");
 134         CtdlRegisterProtoHook(cmd_gtls, "GTLS", "Get SSL/TLS session status");
 135         CtdlRegisterSessionHook(endtls, EVT_STOP);
 136 }
 137
 138
 139 /*
 140  * client_write_ssl() Send binary data to the client encrypted.
 141  */
 142 void client_write_ssl(char *buf, int nbytes)
 143 {
 144         int retval;
 145         int nremain;
 146         char junk[1];
 147
 148         nremain = nbytes;
 149
 150         while (nremain > 0) {
 151                 if (SSL_want_write(CC->ssl)) {
 152                         if ((SSL_read(CC->ssl, junk, 0)) < 1) {
 153                                 lprintf(9, "SSL_read in client_write:\n");
 154                                 ERR_print_errors_fp(stderr);
 155                         }
 156                 }
 157                 retval = SSL_write(CC->ssl, &buf[nbytes - nremain], nremain);
 158                 lprintf(9, "SSL_write(%d) returned %d\n", nremain, retval);
 159                 if (retval < 1) {
 160                         long errval;
 161
 162                         errval = SSL_get_error(CC->ssl, retval);
 163                         if (errval == SSL_ERROR_WANT_READ ||
 164                                         errval == SSL_ERROR_WANT_WRITE) {
 165                                 sleep(1);
 166                                 continue;
 167                         }
 168                         lprintf(9, "SSL_write: error %ld: %s\n",
 169                                 errval,
 170                                 ERR_error_string(errval, NULL)
 171                         );
 172                         endtls();
 173                         client_write(&buf[nbytes - nremain], nremain);
 174                         return;
 175                 }
 176                 nremain -= retval;
 177         }
 178 }
 179
 180
 181 /*
 182  * client_read_ssl() - read data from the encrypted layer.
 183  */
 184 int client_read_ssl(char *buf, int bytes, int timeout)
 185 {
 186         int len,rlen;
 187         fd_set rfds;
 188         struct timeval tv;
 189         int retval;
 190         int s;
 191         char junk[1];
 192
 193         len = 0;
 194         while(len<bytes) {
 195                 FD_ZERO(&rfds);
 196                 s = BIO_get_fd(CC->ssl->rbio, NULL);
 197                 FD_SET(s, &rfds);
 198                 tv.tv_sec = timeout;
 199                 tv.tv_usec = 0;
 200
 201                 retval = select(s+1, &rfds, NULL, NULL, &tv);
 202
 203                 if (FD_ISSET(s, &rfds) == 0) {
 204                         return(0);
 205                 }
 206
 207                 if (SSL_want_read(CC->ssl)) {
 208                         if ((SSL_write(CC->ssl, junk, 0)) < 1) {
 209                                 lprintf(9, "SSL_write in client_read:\n");
 210                                 ERR_print_errors_fp(stderr);
 211                         }
 212                 }
 213                 rlen = SSL_read(CC->ssl, &buf[len], bytes-len);
 214                 lprintf(9, "SSL_read(%d) returned %d\n", bytes-len, rlen);
 215                 if (rlen<1) {
 216                         long errval;
 217
 218                         errval = SSL_get_error(CC->ssl, rlen);
 219                         if (errval == SSL_ERROR_WANT_READ ||
 220                                         errval == SSL_ERROR_WANT_WRITE) {
 221                                 sleep(1);
 222                                 continue;
 223                         }
 224                         lprintf(9, "SSL_read: error %ld: %s\n",
 225                                 errval,
 226                                 ERR_error_string(errval, NULL)
 227                         );
 228                         endtls();
 229                         return (client_read_to(&buf[len], bytes - len, timeout));
 230                 }
 231                 len += rlen;
 232         }
 233         return(1);
 234 }
 235
 236
 237 /*
 238  * cmd_stls() starts SSL/TLS encryption for the current session
 239  */
 240 void cmd_stls(char *params)
 241 {
 242         int retval, bits, alg_bits;
 243
 244         if (!ssl_ctx) {
 245                 cprintf("%d No SSL_CTX available\n", ERROR);
 246                 return;
 247         }
 248         if (!(CC->ssl = SSL_new(ssl_ctx))) {
 249                 lprintf(2, "SSL_new failed: %s\n",
 250                                 ERR_reason_error_string(ERR_peek_error()));
 251                 cprintf("%d SSL_new: %s\n", ERROR,
 252                                 ERR_reason_error_string(ERR_get_error()));
 253                 return;
 254         }
 255         if (!(SSL_set_fd(CC->ssl, CC->client_socket))) {
 256                 lprintf(2, "SSL_set_fd failed: %s\n",
 257                                 ERR_reason_error_string(ERR_peek_error()));
 258                 SSL_free(CC->ssl);
 259                 CC->ssl = NULL;
 260                 cprintf("%d SSL_set_fd: %s\n", ERROR,
 261                                 ERR_reason_error_string(ERR_get_error()));
 262                 return;
 263         }
 264         cprintf("%d \n", CIT_OK);
 265         retval = SSL_accept(CC->ssl);
 266         if (retval < 1) {
 267                 /*
 268                  * Can't notify the client of an error here; they will
 269                  * discover the problem at the SSL layer and should
 270                  * revert to unencrypted communications.
 271                  */
 272                 long errval;
 273
 274                 errval = SSL_get_error(CC->ssl, retval);
 275                 lprintf(2, "SSL_accept failed: %s\n",
 276                                 ERR_reason_error_string(ERR_get_error()));
 277                 SSL_free(CC->ssl);
 278                 CC->ssl = NULL;
 279                 return;
 280         }
 281         BIO_set_close(CC->ssl->rbio, BIO_NOCLOSE);
 282         bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(CC->ssl), &alg_bits);
 283         lprintf(3, "SSL/TLS using %s on %s (%d of %d bits)\n",
 284                         SSL_CIPHER_get_name(SSL_get_current_cipher(CC->ssl)),
 285                         SSL_CIPHER_get_version(SSL_get_current_cipher(CC->ssl)),
 286                         bits, alg_bits);
 287         CC->redirect_ssl = 1;
 288 }
 289
 290
 291 /*
 292  * cmd_gtls() returns status info about the TLS connection
 293  */
 294 void cmd_gtls(char *params)
 295 {
 296         int bits, alg_bits;
 297
 298         if (!CC->ssl || !CC->redirect_ssl) {
 299                 cprintf("%d Session is not encrypted.\n", ERROR);
 300                 return;
 301         }
 302         bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(CC->ssl), &alg_bits);
 303         cprintf("%d %s|%s|%d|%d\n", CIT_OK,
 304                 SSL_CIPHER_get_version(SSL_get_current_cipher(CC->ssl)),
 305                 SSL_CIPHER_get_name(SSL_get_current_cipher(CC->ssl)),
 306                 alg_bits, bits);
 307 }
 308
 309
 310 /*
 311  * endtls() shuts down the TLS connection
 312  *
 313  * WARNING:  This may make your session vulnerable to a known plaintext
 314  * attack in the current implmentation.
 315  */
 316 void endtls(void)
 317 {
 318         lprintf(7, "Ending SSL/TLS\n");
 319
 320         if (!CC->ssl) {
 321                 CC->redirect_ssl = 0;
 322                 return;
 323         }
 324
 325         SSL_shutdown(CC->ssl);
 326         SSL_free(CC->ssl);
 327         CC->ssl = NULL;
 328         CC->redirect_ssl = 0;
 329 }
 330
 331
 332 /*
 333  * ssl_lock() callback for OpenSSL mutex locks
 334  */
 335 void ssl_lock(int mode, int n, const char *file, int line)
 336 {
 337         if (mode & CRYPTO_LOCK)
 338                 pthread_mutex_lock(SSLCritters[n]);
 339         else
 340                 pthread_mutex_unlock(SSLCritters[n]);
 341 }
 342 #endif /* HAVE_OPENSSL */