citadel/serv_crypto.c

   1 /* $Id$ */
   2
   3 #include <unistd.h>
   4 #include <sys/types.h>
   5 #include "sysdep.h"
   6
   7 #ifdef HAVE_OPENSSL
   8 #include <openssl/ssl.h>
   9 #include <openssl/err.h>
  10 #include <openssl/rand.h>
  11 #endif
  12
  13 #if TIME_WITH_SYS_TIME
  14 # include <sys/time.h>
  15 # include <time.h>
  16 #else
  17 # if HAVE_SYS_TIME_H
  18 #  include <sys/time.h>
  19 # else
  20 #  include <time.h>
  21 # endif
  22 #endif
  23
  24 #ifdef HAVE_PTHREAD_H
  25 #include <pthread.h>
  26 #endif
  27
  28 #ifdef HAVE_SYS_SELECT_H
  29 #include <sys/select.h>
  30 #endif
  31
  32 #include <stdio.h>
  33 #include "server.h"
  34 #include "serv_crypto.h"
  35 #include "sysdep_decls.h"
  36 #include "dynloader.h"
  37
  38
  39 #ifdef HAVE_OPENSSL
  40 SSL_CTX *ssl_ctx;                               /* SSL context */
  41 pthread_mutex_t **SSLCritters;                  /* Things needing locking */
  42
  43
  44 void init_ssl(void)
  45 {
  46         SSL_METHOD *ssl_method;
  47         DH *dh;
  48
  49         if (!RAND_status()) {
  50                 lprintf(2, "PRNG not adequately seeded, won't do SSL/TLS\n");
  51                 return;
  52         }
  53         SSLCritters = mallok(CRYPTO_num_locks() * sizeof (pthread_mutex_t *));
  54         if (!SSLCritters) {
  55                 lprintf(1, "citserver: can't allocate memory!!\n");
  56                 /* Nothing's been initialized, just die */
  57                 exit(1);
  58         } else {
  59                 int a;
  60
  61                 for (a=0; a<CRYPTO_num_locks(); a++) {
  62                         SSLCritters[a] = mallok(sizeof (pthread_mutex_t));
  63                         if (!SSLCritters[a]) {
  64                                 lprintf(1, "citserver: can't allocate memory!!\n");
  65                                 /* Nothing's been initialized, just die */
  66                                 exit(1);
  67                         }
  68                         pthread_mutex_init(SSLCritters[a], NULL);
  69                 }
  70         }
  71
  72         /*
  73          * Initialize SSL transport layer
  74          */
  75         SSL_library_init();
  76         SSL_load_error_strings();
  77         ssl_method = SSLv23_server_method();
  78         if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
  79                 lprintf(2, "SSL_CTX_new failed: %s\n",
  80                                 ERR_reason_error_string(ERR_get_error()));
  81                 return;
  82         }
  83         if (!(SSL_CTX_set_cipher_list(ssl_ctx, CIT_CIPHERS))) {
  84                 lprintf(2, "SSL: No ciphers available\n");
  85                 SSL_CTX_free(ssl_ctx);
  86                 ssl_ctx = NULL;
  87                 return;
  88         }
  89 #if 0
  90 #if SSLEAY_VERSION_NUMBER >= 0x00906000L
  91         SSL_CTX_set_mode(ssl_ctx, SSL_CTX_get_mode(ssl_ctx) |
  92                         SSL_MODE_AUTO_RETRY);
  93 #endif
  94 #endif
  95         CRYPTO_set_locking_callback(ssl_lock);
  96         CRYPTO_set_id_callback(pthread_self);
  97
  98         /* Load DH parameters into the context */
  99         dh = DH_new();
 100         if (!dh) {
 101                 lprintf(2, "init_ssl() can't allocate a DH object: %s\n",
 102                                 ERR_reason_error_string(ERR_get_error()));
 103                 SSL_CTX_free(ssl_ctx);
 104                 ssl_ctx = NULL;
 105                 return;
 106         }
 107         if (!(BN_hex2bn(&(dh->p), DH_P))) {
 108                 lprintf(2, "init_ssl() can't assign DH_P: %s\n",
 109                                 ERR_reason_error_string(ERR_get_error()));
 110                 SSL_CTX_free(ssl_ctx);
 111                 ssl_ctx = NULL;
 112                 return;
 113         }
 114         if (!(BN_hex2bn(&(dh->g), DH_G))) {
 115                 lprintf(2, "init_ssl() can't assign DH_G: %s\n",
 116                                 ERR_reason_error_string(ERR_get_error()));
 117                 SSL_CTX_free(ssl_ctx);
 118                 ssl_ctx = NULL;
 119                 return;
 120         }
 121         dh->length = DH_L;
 122         SSL_CTX_set_tmp_dh(ssl_ctx, dh);
 123         DH_free(dh);
 124
 125         /* Finally let the server know we're here */
 126         CtdlRegisterProtoHook(cmd_stls, "STLS", "Start SSL/TLS session");
 127         CtdlRegisterProtoHook(cmd_gtls, "GTLS", "Get SSL/TLS session status");
 128         CtdlRegisterProtoHook(cmd_etls, "ETLS", "End SSL/TLS session");
 129         CtdlRegisterSessionHook(endtls_atlogout, EVT_STOP);
 130 }
 131
 132
 133 /*
 134  * client_write_ssl() Send binary data to the client encrypted.
 135  */
 136 void client_write_ssl(char *buf, int nbytes)
 137 {
 138         int retval;
 139         int nremain;
 140         char junk[1];
 141
 142         nremain = nbytes;
 143
 144         while (nremain > 0) {
 145                 if (SSL_want_write(CC->ssl)) {
 146                         if ((SSL_read(CC->ssl, junk, 0)) < 1) {
 147                                 lprintf(9, "SSL_read in client_write:\n");
 148                                 ERR_print_errors_fp(stderr);
 149                         }
 150                 }
 151                 retval = SSL_write(CC->ssl, &buf[nbytes - nremain], nremain);
 152                 if (retval < 1) {
 153                         long errval;
 154
 155                         errval = SSL_get_error(CC->ssl, retval);
 156                         if (errval == SSL_ERROR_WANT_READ ||
 157                                         errval == SSL_ERROR_WANT_WRITE) {
 158                                 sleep(1);
 159                                 continue;
 160                         }
 161                         lprintf(9, "SSL_write got error %ld\n", errval);
 162                         endtls(1);
 163                         client_write(&buf[nbytes - nremain], nremain);
 164                         return;
 165                 }
 166                 nremain -= retval;
 167         }
 168 }
 169
 170
 171 /*
 172  * client_read_ssl() - read data from the encrypted layer.
 173  */
 174 int client_read_ssl(char *buf, int bytes, int timeout)
 175 {
 176         int len,rlen;
 177         fd_set rfds;
 178         struct timeval tv;
 179         int retval;
 180         int s;
 181         char junk[1];
 182
 183         len = 0;
 184         while(len<bytes) {
 185                 FD_ZERO(&rfds);
 186                 s = BIO_get_fd(CC->ssl->rbio, NULL);
 187                 FD_SET(s, &rfds);
 188                 tv.tv_sec = timeout;
 189                 tv.tv_usec = 0;
 190
 191                 retval = select(s+1, &rfds, NULL, NULL, &tv);
 192
 193                 if (FD_ISSET(s, &rfds) == 0) {
 194                         return(0);
 195                 }
 196
 197                 if (SSL_want_read(CC->ssl)) {
 198                         if ((SSL_write(CC->ssl, junk, 0)) < 1) {
 199                                 lprintf(9, "SSL_write in client_read:\n");
 200                                 ERR_print_errors_fp(stderr);
 201                         }
 202                 }
 203                 rlen = SSL_read(CC->ssl, &buf[len], bytes-len);
 204                 if (rlen<1) {
 205                         long errval;
 206
 207                         errval = SSL_get_error(CC->ssl, rlen);
 208                         if (errval == SSL_ERROR_WANT_READ ||
 209                                         errval == SSL_ERROR_WANT_WRITE) {
 210                                 sleep(1);
 211                                 continue;
 212                         }
 213                         lprintf(9, "SSL_read got error %ld\n", errval);
 214                         endtls(1);
 215                         return (client_read_to(&buf[len], bytes - len, timeout));
 216                 }
 217                 len += rlen;
 218         }
 219         return(1);
 220 }
 221
 222
 223 /*
 224  * cmd_stls() starts SSL/TLS encryption for the current session
 225  */
 226 void cmd_stls(char *params)
 227 {
 228         int retval, bits, alg_bits;
 229
 230         if (!ssl_ctx) {
 231                 cprintf("%d No SSL_CTX available\n", ERROR);
 232                 return;
 233         }
 234         if (!(CC->ssl = SSL_new(ssl_ctx))) {
 235                 lprintf(2, "SSL_new failed: %s\n",
 236                                 ERR_reason_error_string(ERR_peek_error()));
 237                 cprintf("%d SSL_new: %s\n", ERROR,
 238                                 ERR_reason_error_string(ERR_get_error()));
 239                 return;
 240         }
 241         if (!(SSL_set_fd(CC->ssl, CC->client_socket))) {
 242                 lprintf(2, "SSL_set_fd failed: %s\n",
 243                                 ERR_reason_error_string(ERR_peek_error()));
 244                 SSL_free(CC->ssl);
 245                 CC->ssl = NULL;
 246                 cprintf("%d SSL_set_fd: %s\n", ERROR,
 247                                 ERR_reason_error_string(ERR_get_error()));
 248                 return;
 249         }
 250         cprintf("%d \n", OK);
 251         retval = SSL_accept(CC->ssl);
 252         if (retval < 1) {
 253                 /*
 254                  * Can't notify the client of an error here; they will
 255                  * discover the problem at the SSL layer and should
 256                  * revert to unencrypted communications.
 257                  */
 258                 long errval;
 259
 260                 errval = SSL_get_error(CC->ssl, retval);
 261                 lprintf(2, "SSL_accept failed: %s\n",
 262                                 ERR_reason_error_string(ERR_get_error()));
 263                 SSL_free(CC->ssl);
 264                 CC->ssl = NULL;
 265                 return;
 266         }
 267         BIO_set_close(CC->ssl->rbio, BIO_NOCLOSE);
 268         bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(CC->ssl), &alg_bits);
 269         lprintf(3, "SSL/TLS using %s on %s (%d of %d bits)\n",
 270                         SSL_CIPHER_get_name(SSL_get_current_cipher(CC->ssl)),
 271                         SSL_CIPHER_get_version(SSL_get_current_cipher(CC->ssl)),
 272                         bits, alg_bits);
 273         CC->redirect_ssl = 1;
 274 }
 275
 276
 277 /*
 278  * cmd_gtls() returns status info about the TLS connection
 279  */
 280 void cmd_gtls(char *params)
 281 {
 282         int bits, alg_bits;
 283
 284         if (!CC->ssl || !CC->redirect_ssl) {
 285                 cprintf("%d Session is not encrypted.\n", ERROR);
 286                 return;
 287         }
 288         bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(CC->ssl), &alg_bits);
 289         cprintf("%d %s|%s|%d|%d\n", OK,
 290                 SSL_CIPHER_get_version(SSL_get_current_cipher(CC->ssl)),
 291                 SSL_CIPHER_get_name(SSL_get_current_cipher(CC->ssl)),
 292                 alg_bits, bits);
 293 }
 294
 295
 296 /* Logout function hook */
 297 void endtls_atlogout(void)
 298 {
 299         endtls(1);
 300 }
 301
 302
 303 /* Command function hook */
 304 void cmd_etls(char *params)
 305 {
 306         endtls(0);
 307 }
 308
 309
 310 /*
 311  * endtls() shuts down the TLS connection
 312  * Parameter is NULL for client request, CitContext * for server request
 313  *
 314  * WARNING:  This may make your session vulnerable to a known plaintext
 315  * attack in the current implmentation.
 316  */
 317 void endtls(int who)
 318 {
 319         lprintf(7, "Ending SSL/TLS%s\n",
 320                         (who) ? "" : " at client request");
 321
 322         if (!who) {
 323                 if (!CC->ssl) {
 324                         cprintf("%d Connection is not encrypted.\n", ERROR);
 325                         return;
 326                 }
 327                 cprintf("%d Now stop encryption.\n", OK);
 328         } else if (!CC->ssl) {
 329                 return;
 330         }
 331
 332         SSL_shutdown(CC->ssl);
 333         SSL_free(CC->ssl);
 334         CC->ssl = NULL;
 335         CC->redirect_ssl = 0;
 336 }
 337
 338
 339 /*
 340  * ssl_lock() callback for OpenSSL mutex locks
 341  */
 342 void ssl_lock(int mode, int n, const char *file, int line)
 343 {
 344         if (mode & CRYPTO_LOCK)
 345                 pthread_mutex_lock(SSLCritters[n]);
 346         else
 347                 pthread_mutex_unlock(SSLCritters[n]);
 348 }
 349 #endif /* HAVE_OPENSSL */