citadel/serv_crypto.c

   1 /* $Id$ */
   2
   3 #include <string.h>
   4 #include <unistd.h>
   5 #include <sys/types.h>
   6 #include "sysdep.h"
   7
   8 #ifdef HAVE_OPENSSL
   9 #include <openssl/ssl.h>
  10 #include <openssl/err.h>
  11 #include <openssl/rand.h>
  12 #endif
  13
  14 #if TIME_WITH_SYS_TIME
  15 # include <sys/time.h>
  16 # include <time.h>
  17 #else
  18 # if HAVE_SYS_TIME_H
  19 #  include <sys/time.h>
  20 # else
  21 #  include <time.h>
  22 # endif
  23 #endif
  24
  25 #ifdef HAVE_PTHREAD_H
  26 #include <pthread.h>
  27 #endif
  28
  29 #ifdef HAVE_SYS_SELECT_H
  30 #include <sys/select.h>
  31 #endif
  32
  33 #include <stdio.h>
  34 #include "server.h"
  35 #include "serv_crypto.h"
  36 #include "sysdep_decls.h"
  37 #include "dynloader.h"
  38
  39
  40 #ifdef HAVE_OPENSSL
  41 SSL_CTX *ssl_ctx;                               /* SSL context */
  42 pthread_mutex_t **SSLCritters;                  /* Things needing locking */
  43
  44 static unsigned long id_callback(void) {
  45         return pthread_self();
  46 }
  47
  48 void init_ssl(void)
  49 {
  50         SSL_METHOD *ssl_method;
  51         DH *dh;
  52
  53         if (!RAND_status()) {
  54                 lprintf(2, "PRNG not adequately seeded, won't do SSL/TLS\n");
  55                 return;
  56         }
  57         SSLCritters = mallok(CRYPTO_num_locks() * sizeof (pthread_mutex_t *));
  58         if (!SSLCritters) {
  59                 lprintf(1, "citserver: can't allocate memory!!\n");
  60                 /* Nothing's been initialized, just die */
  61                 exit(1);
  62         } else {
  63                 int a;
  64
  65                 for (a=0; a<CRYPTO_num_locks(); a++) {
  66                         SSLCritters[a] = mallok(sizeof (pthread_mutex_t));
  67                         if (!SSLCritters[a]) {
  68                                 lprintf(1, "citserver: can't allocate memory!!\n");
  69                                 /* Nothing's been initialized, just die */
  70                                 exit(1);
  71                         }
  72                         pthread_mutex_init(SSLCritters[a], NULL);
  73                 }
  74         }
  75
  76         /*
  77          * Initialize SSL transport layer
  78          */
  79         SSL_library_init();
  80         SSL_load_error_strings();
  81         ssl_method = SSLv23_server_method();
  82         if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
  83                 lprintf(2, "SSL_CTX_new failed: %s\n",
  84                                 ERR_reason_error_string(ERR_get_error()));
  85                 return;
  86         }
  87         if (!(SSL_CTX_set_cipher_list(ssl_ctx, CIT_CIPHERS))) {
  88                 lprintf(2, "SSL: No ciphers available\n");
  89                 SSL_CTX_free(ssl_ctx);
  90                 ssl_ctx = NULL;
  91                 return;
  92         }
  93 #if 0
  94 #if SSLEAY_VERSION_NUMBER >= 0x00906000L
  95         SSL_CTX_set_mode(ssl_ctx, SSL_CTX_get_mode(ssl_ctx) |
  96                         SSL_MODE_AUTO_RETRY);
  97 #endif
  98 #endif
  99         CRYPTO_set_locking_callback(ssl_lock);
 100         CRYPTO_set_id_callback(id_callback);
 101
 102         /* Load DH parameters into the context */
 103         dh = DH_new();
 104         if (!dh) {
 105                 lprintf(2, "init_ssl() can't allocate a DH object: %s\n",
 106                                 ERR_reason_error_string(ERR_get_error()));
 107                 SSL_CTX_free(ssl_ctx);
 108                 ssl_ctx = NULL;
 109                 return;
 110         }
 111         if (!(BN_hex2bn(&(dh->p), DH_P))) {
 112                 lprintf(2, "init_ssl() can't assign DH_P: %s\n",
 113                                 ERR_reason_error_string(ERR_get_error()));
 114                 SSL_CTX_free(ssl_ctx);
 115                 ssl_ctx = NULL;
 116                 return;
 117         }
 118         if (!(BN_hex2bn(&(dh->g), DH_G))) {
 119                 lprintf(2, "init_ssl() can't assign DH_G: %s\n",
 120                                 ERR_reason_error_string(ERR_get_error()));
 121                 SSL_CTX_free(ssl_ctx);
 122                 ssl_ctx = NULL;
 123                 return;
 124         }
 125         dh->length = DH_L;
 126         SSL_CTX_set_tmp_dh(ssl_ctx, dh);
 127         DH_free(dh);
 128
 129         /* Finally let the server know we're here */
 130         CtdlRegisterProtoHook(cmd_stls, "STLS", "Start SSL/TLS session");
 131         CtdlRegisterProtoHook(cmd_gtls, "GTLS", "Get SSL/TLS session status");
 132         CtdlRegisterSessionHook(endtls, EVT_STOP);
 133 }
 134
 135
 136 /*
 137  * client_write_ssl() Send binary data to the client encrypted.
 138  */
 139 void client_write_ssl(char *buf, int nbytes)
 140 {
 141         int retval;
 142         int nremain;
 143         char junk[1];
 144
 145         nremain = nbytes;
 146
 147         while (nremain > 0) {
 148                 if (SSL_want_write(CC->ssl)) {
 149                         if ((SSL_read(CC->ssl, junk, 0)) < 1) {
 150                                 lprintf(9, "SSL_read in client_write:\n");
 151                                 ERR_print_errors_fp(stderr);
 152                         }
 153                 }
 154                 retval = SSL_write(CC->ssl, &buf[nbytes - nremain], nremain);
 155                 if (retval < 1) {
 156                         long errval;
 157
 158                         errval = SSL_get_error(CC->ssl, retval);
 159                         if (errval == SSL_ERROR_WANT_READ ||
 160                                         errval == SSL_ERROR_WANT_WRITE) {
 161                                 sleep(1);
 162                                 continue;
 163                         }
 164                         lprintf(9, "SSL_write got error %ld\n", errval);
 165                         endtls();
 166                         client_write(&buf[nbytes - nremain], nremain);
 167                         return;
 168                 }
 169                 nremain -= retval;
 170         }
 171 }
 172
 173
 174 /*
 175  * client_read_ssl() - read data from the encrypted layer.
 176  */
 177 int client_read_ssl(char *buf, int bytes, int timeout)
 178 {
 179         int len,rlen;
 180         fd_set rfds;
 181         struct timeval tv;
 182         int retval;
 183         int s;
 184         char junk[1];
 185
 186         len = 0;
 187         while(len<bytes) {
 188                 FD_ZERO(&rfds);
 189                 s = BIO_get_fd(CC->ssl->rbio, NULL);
 190                 FD_SET(s, &rfds);
 191                 tv.tv_sec = timeout;
 192                 tv.tv_usec = 0;
 193
 194                 retval = select(s+1, &rfds, NULL, NULL, &tv);
 195
 196                 if (FD_ISSET(s, &rfds) == 0) {
 197                         return(0);
 198                 }
 199
 200                 if (SSL_want_read(CC->ssl)) {
 201                         if ((SSL_write(CC->ssl, junk, 0)) < 1) {
 202                                 lprintf(9, "SSL_write in client_read:\n");
 203                                 ERR_print_errors_fp(stderr);
 204                         }
 205                 }
 206                 rlen = SSL_read(CC->ssl, &buf[len], bytes-len);
 207                 if (rlen<1) {
 208                         long errval;
 209
 210                         errval = SSL_get_error(CC->ssl, rlen);
 211                         if (errval == SSL_ERROR_WANT_READ ||
 212                                         errval == SSL_ERROR_WANT_WRITE) {
 213                                 sleep(1);
 214                                 continue;
 215                         }
 216                         lprintf(9, "SSL_read got error %ld\n", errval);
 217                         endtls();
 218                         return (client_read_to(&buf[len], bytes - len, timeout));
 219                 }
 220                 len += rlen;
 221         }
 222         return(1);
 223 }
 224
 225
 226 /*
 227  * cmd_stls() starts SSL/TLS encryption for the current session
 228  */
 229 void cmd_stls(char *params)
 230 {
 231         int retval, bits, alg_bits;
 232
 233         if (!ssl_ctx) {
 234                 cprintf("%d No SSL_CTX available\n", ERROR);
 235                 return;
 236         }
 237         if (!(CC->ssl = SSL_new(ssl_ctx))) {
 238                 lprintf(2, "SSL_new failed: %s\n",
 239                                 ERR_reason_error_string(ERR_peek_error()));
 240                 cprintf("%d SSL_new: %s\n", ERROR,
 241                                 ERR_reason_error_string(ERR_get_error()));
 242                 return;
 243         }
 244         if (!(SSL_set_fd(CC->ssl, CC->client_socket))) {
 245                 lprintf(2, "SSL_set_fd failed: %s\n",
 246                                 ERR_reason_error_string(ERR_peek_error()));
 247                 SSL_free(CC->ssl);
 248                 CC->ssl = NULL;
 249                 cprintf("%d SSL_set_fd: %s\n", ERROR,
 250                                 ERR_reason_error_string(ERR_get_error()));
 251                 return;
 252         }
 253         cprintf("%d \n", OK);
 254         retval = SSL_accept(CC->ssl);
 255         if (retval < 1) {
 256                 /*
 257                  * Can't notify the client of an error here; they will
 258                  * discover the problem at the SSL layer and should
 259                  * revert to unencrypted communications.
 260                  */
 261                 long errval;
 262
 263                 errval = SSL_get_error(CC->ssl, retval);
 264                 lprintf(2, "SSL_accept failed: %s\n",
 265                                 ERR_reason_error_string(ERR_get_error()));
 266                 SSL_free(CC->ssl);
 267                 CC->ssl = NULL;
 268                 return;
 269         }
 270         BIO_set_close(CC->ssl->rbio, BIO_NOCLOSE);
 271         bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(CC->ssl), &alg_bits);
 272         lprintf(3, "SSL/TLS using %s on %s (%d of %d bits)\n",
 273                         SSL_CIPHER_get_name(SSL_get_current_cipher(CC->ssl)),
 274                         SSL_CIPHER_get_version(SSL_get_current_cipher(CC->ssl)),
 275                         bits, alg_bits);
 276         CC->redirect_ssl = 1;
 277 }
 278
 279
 280 /*
 281  * cmd_gtls() returns status info about the TLS connection
 282  */
 283 void cmd_gtls(char *params)
 284 {
 285         int bits, alg_bits;
 286
 287         if (!CC->ssl || !CC->redirect_ssl) {
 288                 cprintf("%d Session is not encrypted.\n", ERROR);
 289                 return;
 290         }
 291         bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(CC->ssl), &alg_bits);
 292         cprintf("%d %s|%s|%d|%d\n", OK,
 293                 SSL_CIPHER_get_version(SSL_get_current_cipher(CC->ssl)),
 294                 SSL_CIPHER_get_name(SSL_get_current_cipher(CC->ssl)),
 295                 alg_bits, bits);
 296 }
 297
 298
 299 /*
 300  * endtls() shuts down the TLS connection
 301  *
 302  * WARNING:  This may make your session vulnerable to a known plaintext
 303  * attack in the current implmentation.
 304  */
 305 void endtls(void)
 306 {
 307         lprintf(7, "Ending SSL/TLS\n");
 308
 309         if (!CC->ssl) {
 310                 CC->redirect_ssl = 0;
 311                 return;
 312         }
 313
 314         SSL_shutdown(CC->ssl);
 315         SSL_free(CC->ssl);
 316         CC->ssl = NULL;
 317         CC->redirect_ssl = 0;
 318 }
 319
 320
 321 /*
 322  * ssl_lock() callback for OpenSSL mutex locks
 323  */
 324 void ssl_lock(int mode, int n, const char *file, int line)
 325 {
 326         if (mode & CRYPTO_LOCK)
 327                 pthread_mutex_lock(SSLCritters[n]);
 328         else
 329                 pthread_mutex_unlock(SSLCritters[n]);
 330 }
 331 #endif /* HAVE_OPENSSL */