projects / citadel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
OpenSSL no longer requires thread locking callbacks. REMOVED FROM WEBCIT CLASSIC
[citadel.git] / webcit / crypto.c
1 /*
2  * Copyright (c) 1996-2017 by the citadel.org team
3  *
4  * This program is open source software.  You can redistribute it and/or
5  * modify it under the terms of the GNU General Public License, version 3.
6  * 
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10  * GNU General Public License for more details.
11  */
12
13 #include "sysdep.h"
14 #ifdef HAVE_OPENSSL
15
16 #include "webcit.h"
17 #include "webserver.h"
18
19 /* where to find the keys */
20 #define CTDL_CRYPTO_DIR         ctdl_key_dir
21 #define CTDL_KEY_PATH           file_crpt_file_key
22 #define CTDL_CSR_PATH           file_crpt_file_csr
23 #define CTDL_CER_PATH           file_crpt_file_cer
24 #define SIGN_DAYS               3650                    /* how long our certificate should live */
25
26 SSL_CTX *ssl_ctx;               /* SSL context */
27 char *ssl_cipher_list = DEFAULT_SSL_CIPHER_LIST;
28
29 pthread_key_t ThreadSSL;        /* Per-thread SSL context */
30
31 void shutdown_ssl(void) {
32         ERR_free_strings();
33 }
34
35
36 void generate_key(char *keyfilename) {
37         int ret = 0;
38         RSA *rsa = NULL;
39         BIGNUM *bne = NULL;
40         int bits = 2048;
41         unsigned long e = RSA_F4;
42         FILE *fp;
43
44         if (access(keyfilename, R_OK) == 0) {
45                 return;
46         }
47
48         syslog(LOG_INFO, "crypto: generating RSA key pair");
49  
50         // generate rsa key
51         bne = BN_new();
52         ret = BN_set_word(bne,e);
53         if (ret != 1) {
54                 goto free_all;
55         }
56  
57         rsa = RSA_new();
58         ret = RSA_generate_key_ex(rsa, bits, bne, NULL);
59         if (ret != 1) {
60                 goto free_all;
61         }
62
63         // write the key file
64         fp = fopen(keyfilename, "w");
65         if (fp != NULL) {
66                 chmod(file_crpt_file_key, 0600);
67                 if (PEM_write_RSAPrivateKey(fp, /* the file */
68                                         rsa,    /* the key */
69                                         NULL,   /* no enc */
70                                         NULL,   /* no passphr */
71                                         0,      /* no passphr */
72                                         NULL,   /* no callbk */
73                                         NULL    /* no callbk */
74                 ) != 1) {
75                         syslog(LOG_ERR, "crypto: cannot write key: %s", ERR_reason_error_string(ERR_get_error()));
76                         unlink(keyfilename);
77                 }
78                 fclose(fp);
79         }
80
81     // 4. free
82 free_all:
83     RSA_free(rsa);
84     BN_free(bne);
85 }
86
87
88 /*
89  * initialize ssl engine, load certs and initialize openssl internals
90  */
91 void init_ssl(void)
92 {
93         const SSL_METHOD *ssl_method;
94         RSA *rsa=NULL;
95         X509_REQ *req = NULL;
96         X509 *cer = NULL;
97         EVP_PKEY *pk = NULL;
98         EVP_PKEY *req_pkey = NULL;
99         X509_NAME *name = NULL;
100         FILE *fp;
101         char buf[SIZ];
102         int rv = 0;
103
104 #ifndef OPENSSL_NO_EGD
105         if (!access("/var/run/egd-pool", F_OK)) {
106                 RAND_egd("/var/run/egd-pool");
107         }
108 #endif
109
110         if (!RAND_status()) {
111                 syslog(LOG_WARNING, "PRNG not adequately seeded, won't do SSL/TLS\n");
112                 return;
113         }
114
115         /*
116          * Initialize SSL transport layer
117          */
118         SSL_library_init();
119         SSL_load_error_strings();
120         ssl_method = SSLv23_server_method();
121         if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
122                 syslog(LOG_WARNING, "SSL_CTX_new failed: %s\n", ERR_reason_error_string(ERR_get_error()));
123                 return;
124         }
125
126         syslog(LOG_INFO, "Requesting cipher list: %s\n", ssl_cipher_list);
127         if (!(SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher_list))) {
128                 syslog(LOG_WARNING, "SSL_CTX_set_cipher_list failed: %s\n", ERR_reason_error_string(ERR_get_error()));
129                 return;
130         }
131
132         CRYPTO_set_locking_callback(ssl_lock);
133         CRYPTO_set_id_callback(id_callback);
134
135         /*
136          * Get our certificates in order. (FIXME: dirify. this is a setup job.)
137          * First, create the key/cert directory if it's not there already...
138          */
139         mkdir(CTDL_CRYPTO_DIR, 0700);
140
141         /*
142          * Before attempting to generate keys/certificates, first try
143          * link to them from the Citadel server if it's on the same host.
144          * We ignore any error return because it either meant that there
145          * was nothing in Citadel to link from (in which case we just
146          * generate new files) or the target files already exist (which
147          * is not fatal either).
148          */
149         if (!strcasecmp(ctdlhost, "uds")) {
150                 sprintf(buf, "%s/keys/citadel.key", ctdlport);
151                 rv = symlink(buf, CTDL_KEY_PATH);
152                 if (!rv) syslog(LOG_DEBUG, "%s\n", strerror(errno));
153                 sprintf(buf, "%s/keys/citadel.csr", ctdlport);
154                 rv = symlink(buf, CTDL_CSR_PATH);
155                 if (!rv) syslog(LOG_DEBUG, "%s\n", strerror(errno));
156                 sprintf(buf, "%s/keys/citadel.cer", ctdlport);
157                 rv = symlink(buf, CTDL_CER_PATH);
158                 if (!rv) syslog(LOG_DEBUG, "%s\n", strerror(errno));
159         }
160
161         /*
162          * If we still don't have a private key, generate one.
163          */
164         generate_key(CTDL_KEY_PATH);
165
166         /*
167          * If there is no certificate file on disk, we will be generating a self-signed certificate
168          * in the next step.  Therefore, if we have neither a CSR nor a certificate, generate
169          * the CSR in this step so that the next step may commence.
170          */
171         if ( (access(CTDL_CER_PATH, R_OK) != 0) && (access(CTDL_CSR_PATH, R_OK) != 0) ) {
172                 syslog(LOG_INFO, "Generating a certificate signing request.\n");
173
174                 /*
175                  * Read our key from the file.  No, we don't just keep this
176                  * in memory from the above key-generation function, because
177                  * there is the possibility that the key was already on disk
178                  * and we didn't just generate it now.
179                  */
180                 fp = fopen(CTDL_KEY_PATH, "r");
181                 if (fp) {
182                         rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
183                         fclose(fp);
184                 }
185
186                 if (rsa) {
187
188                         /** Create a public key from the private key */
189                         if (pk=EVP_PKEY_new(), pk != NULL) {
190                                 EVP_PKEY_assign_RSA(pk, rsa);
191                                 if (req = X509_REQ_new(), req != NULL) {
192                                         const char *env;
193                                         /* Set the public key */
194                                         X509_REQ_set_pubkey(req, pk);
195                                         X509_REQ_set_version(req, 0L);
196
197                                         name = X509_REQ_get_subject_name(req);
198
199                                         /* Tell it who we are */
200
201                                         /*
202                                          * We used to add these fields to the subject, but
203                                          * now we don't.  Someone doing this for real isn't
204                                          * going to use the webcit-generated CSR anyway.
205                                          *
206                                         X509_NAME_add_entry_by_txt(name, "C",
207                                                 MBSTRING_ASC, "US", -1, -1, 0);
208                                         *
209                                         X509_NAME_add_entry_by_txt(name, "ST",
210                                                 MBSTRING_ASC, "New York", -1, -1, 0);
211                                         *
212                                         X509_NAME_add_entry_by_txt(name, "L",
213                                                 MBSTRING_ASC, "Mount Kisco", -1, -1, 0);
214                                         */
215
216                                         env = getenv("O");
217                                         if (env == NULL)
218                                                 env = "Organization name",
219
220                                         X509_NAME_add_entry_by_txt(
221                                                 name, "O",
222                                                 MBSTRING_ASC, 
223                                                 (unsigned char*)env, 
224                                                 -1, -1, 0
225                                         );
226
227                                         env = getenv("OU");
228                                         if (env == NULL)
229                                                 env = "Citadel server";
230
231                                         X509_NAME_add_entry_by_txt(
232                                                 name, "OU",
233                                                 MBSTRING_ASC, 
234                                                 (unsigned char*)env, 
235                                                 -1, -1, 0
236                                         );
237
238                                         env = getenv("CN");
239                                         if (env == NULL)
240                                                 env = "*";
241
242                                         X509_NAME_add_entry_by_txt(
243                                                 name, "CN",
244                                                 MBSTRING_ASC, 
245                                                 (unsigned char*)env,
246                                                 -1, -1, 0
247                                         );
248                                 
249                                         X509_REQ_set_subject_name(req, name);
250
251                                         /* Sign the CSR */
252                                         if (!X509_REQ_sign(req, pk, EVP_md5())) {
253                                                 syslog(LOG_WARNING, "X509_REQ_sign(): error\n");
254                                         }
255                                         else {
256                                                 /* Write it to disk. */ 
257                                                 fp = fopen(CTDL_CSR_PATH, "w");
258                                                 if (fp != NULL) {
259                                                         chmod(CTDL_CSR_PATH, 0600);
260                                                         PEM_write_X509_REQ(fp, req);
261                                                         fclose(fp);
262                                                 }
263                                                 else {
264                                                         syslog(LOG_WARNING, "Cannot write key: %s\n", CTDL_CSR_PATH);
265                                                         ShutDownWebcit();
266                                                         exit(0);
267                                                 }
268                                         }
269
270                                         X509_REQ_free(req);
271                                 }
272                         }
273
274                         RSA_free(rsa);
275                 }
276
277                 else {
278                         syslog(LOG_WARNING, "Unable to read private key.\n");
279                 }
280         }
281
282
283
284         /*
285          * Generate a self-signed certificate if we don't have one.
286          */
287         if (access(CTDL_CER_PATH, R_OK) != 0) {
288                 syslog(LOG_INFO, "Generating a self-signed certificate.\n");
289
290                 /* Same deal as before: always read the key from disk because
291                  * it may or may not have just been generated.
292                  */
293                 fp = fopen(CTDL_KEY_PATH, "r");
294                 if (fp) {
295                         rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
296                         fclose(fp);
297                 }
298
299                 /* This also holds true for the CSR. */
300                 req = NULL;
301                 cer = NULL;
302                 pk = NULL;
303                 if (rsa) {
304                         if (pk=EVP_PKEY_new(), pk != NULL) {
305                                 EVP_PKEY_assign_RSA(pk, rsa);
306                         }
307
308                         fp = fopen(CTDL_CSR_PATH, "r");
309                         if (fp) {
310                                 req = PEM_read_X509_REQ(fp, NULL, NULL, NULL);
311                                 fclose(fp);
312                         }
313
314                         if (req) {
315                                 if (cer = X509_new(), cer != NULL) {
316
317                                         ASN1_INTEGER_set(X509_get_serialNumber(cer), 0);
318                                         X509_set_issuer_name(cer, X509_REQ_get_subject_name(req));
319                                         X509_set_subject_name(cer, X509_REQ_get_subject_name(req));
320                                         X509_gmtime_adj(X509_get_notBefore(cer), 0);
321                                         X509_gmtime_adj(X509_get_notAfter(cer),(long)60*60*24*SIGN_DAYS);
322
323                                         req_pkey = X509_REQ_get_pubkey(req);
324                                         X509_set_pubkey(cer, req_pkey);
325                                         EVP_PKEY_free(req_pkey);
326                                         
327                                         /* Sign the cert */
328                                         if (!X509_sign(cer, pk, EVP_md5())) {
329                                                 syslog(LOG_WARNING, "X509_sign(): error\n");
330                                         }
331                                         else {
332                                                 /* Write it to disk. */ 
333                                                 fp = fopen(CTDL_CER_PATH, "w");
334                                                 if (fp != NULL) {
335                                                         chmod(CTDL_CER_PATH, 0600);
336                                                         PEM_write_X509(fp, cer);
337                                                         fclose(fp);
338                                                 }
339                                                 else {
340                                                         syslog(LOG_WARNING, "Cannot write key: %s\n", CTDL_CER_PATH);
341                                                         ShutDownWebcit();
342                                                         exit(0);
343                                                 }
344                                         }
345                                         X509_free(cer);
346                                 }
347                         }
348
349                         RSA_free(rsa);
350                 }
351         }
352
353         /*
354          * Now try to bind to the key and certificate.
355          * Note that we use SSL_CTX_use_certificate_chain_file() which allows
356          * the certificate file to contain intermediate certificates.
357          */
358         SSL_CTX_use_certificate_chain_file(ssl_ctx, CTDL_CER_PATH);
359         SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM);
360         if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
361                 syslog(LOG_WARNING, "crypto: cannot install certificate: %s\n", ERR_reason_error_string(ERR_get_error()));
362         }
363 }
364
365
366 /*
367  * starts SSL/TLS encryption for the current session.
368  */
369 int starttls(int sock) {
370         int retval, bits, alg_bits;/*r; */
371         SSL *newssl;
372
373         pthread_setspecific(ThreadSSL, NULL);
374
375         if (!ssl_ctx) {
376                 return(1);
377         }
378         if (!(newssl = SSL_new(ssl_ctx))) {
379                 syslog(LOG_WARNING, "SSL_new failed: %s\n", ERR_reason_error_string(ERR_get_error()));
380                 return(2);
381         }
382         if (!(SSL_set_fd(newssl, sock))) {
383                 syslog(LOG_WARNING, "SSL_set_fd failed: %s\n", ERR_reason_error_string(ERR_get_error()));
384                 SSL_free(newssl);
385                 return(3);
386         }
387         retval = SSL_accept(newssl);
388         if (retval < 1) {
389                 /*
390                  * Can't notify the client of an error here; they will
391                  * discover the problem at the SSL layer and should
392                  * revert to unencrypted communications.
393                  */
394                 long errval;
395                 const char *ssl_error_reason = NULL;
396
397                 errval = SSL_get_error(newssl, retval);
398                 ssl_error_reason = ERR_reason_error_string(ERR_get_error());
399                 if (ssl_error_reason == NULL) {
400                         syslog(LOG_WARNING, "SSL_accept failed: errval=%ld, retval=%d %s\n", errval, retval, strerror(errval));
401                 }
402                 else {
403                         syslog(LOG_WARNING, "SSL_accept failed: %s\n", ssl_error_reason);
404                 }
405                 sleeeeeeeeeep(1);
406                 retval = SSL_accept(newssl);
407         }
408         if (retval < 1) {
409                 long errval;
410                 const char *ssl_error_reason = NULL;
411
412                 errval = SSL_get_error(newssl, retval);
413                 ssl_error_reason = ERR_reason_error_string(ERR_get_error());
414                 if (ssl_error_reason == NULL) {
415                         syslog(LOG_WARNING, "SSL_accept failed: errval=%ld, retval=%d (%s)\n", errval, retval, strerror(errval));
416                 }
417                 else {
418                         syslog(LOG_WARNING, "SSL_accept failed: %s\n", ssl_error_reason);
419                 }
420                 SSL_free(newssl);
421                 newssl = NULL;
422                 return(4);
423         }
424         else {
425                 syslog(LOG_INFO, "SSL_accept success\n");
426         }
427         /*r = */BIO_set_close(SSL_get_rbio(newssl), BIO_NOCLOSE);
428         bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(newssl), &alg_bits);
429         syslog(LOG_INFO, "SSL/TLS using %s on %s (%d of %d bits)\n",
430                 SSL_CIPHER_get_name(SSL_get_current_cipher(newssl)),
431                 SSL_CIPHER_get_version(SSL_get_current_cipher(newssl)),
432                 bits, alg_bits);
433
434         pthread_setspecific(ThreadSSL, newssl);
435         syslog(LOG_INFO, "SSL started\n");
436         return(0);
437 }
438
439
440
441 /*
442  * shuts down the TLS connection
443  *
444  * WARNING:  This may make your session vulnerable to a known plaintext
445  * attack in the current implmentation.
446  */
447 void endtls(void)
448 {
449         /*SSL_CTX *ctx;*/
450
451         if (THREADSSL == NULL) return;
452
453         syslog(LOG_INFO, "Ending SSL/TLS\n");
454         SSL_shutdown(THREADSSL);
455         /*ctx = */SSL_get_SSL_CTX(THREADSSL);
456
457         /* I don't think this is needed, and it crashes the server anyway
458          *
459          *      if (ctx != NULL) {
460          *              syslog(LOG_DEBUG, "Freeing CTX at %x\n", (int)ctx );
461          *              SSL_CTX_free(ctx);
462          *      }
463          */
464
465         SSL_free(THREADSSL);
466         pthread_setspecific(ThreadSSL, NULL);
467 }
468
469
470 /*
471  * Send binary data to the client encrypted.
472  */
473 int client_write_ssl(const StrBuf *Buf)
474 {
475         const char *buf;
476         int retval;
477         int nremain;
478         long nbytes;
479         char junk[1];
480
481         if (THREADSSL == NULL) return -1;
482
483         nbytes = nremain = StrLength(Buf);
484         buf = ChrPtr(Buf);
485
486         while (nremain > 0) {
487                 if (SSL_want_write(THREADSSL)) {
488                         if ((SSL_read(THREADSSL, junk, 0)) < 1) {
489                                 syslog(LOG_WARNING, "SSL_read in client_write: %s\n",
490                                                 ERR_reason_error_string(ERR_get_error()));
491                         }
492                 }
493                 retval = SSL_write(THREADSSL, &buf[nbytes - nremain], nremain);
494                 if (retval < 1) {
495                         long errval;
496
497                         errval = SSL_get_error(THREADSSL, retval);
498                         if (errval == SSL_ERROR_WANT_READ || errval == SSL_ERROR_WANT_WRITE) {
499                                 sleeeeeeeeeep(1);
500                                 continue;
501                         }
502                         syslog(LOG_WARNING, "SSL_write got error %ld, ret %d\n", errval, retval);
503                         if (retval == -1) {
504                                 syslog(LOG_WARNING, "errno is %d\n", errno);
505                         }
506                         endtls();
507                         return -1;
508                 }
509                 nremain -= retval;
510         }
511         return 0;
512 }
513
514
515 /*
516  * read data from the encrypted layer.
517  */
518 int client_read_sslbuffer(StrBuf *buf, int timeout)
519 {
520         char sbuf[16384]; /* OpenSSL communicates in 16k blocks, so let's speak its native tongue. */
521         int rlen;
522         char junk[1];
523         SSL *pssl = THREADSSL;
524
525         if (pssl == NULL) return(-1);
526
527         while (1) {
528                 if (SSL_want_read(pssl)) {
529                         if ((SSL_write(pssl, junk, 0)) < 1) {
530                                 syslog(LOG_WARNING, "SSL_write in client_read\n");
531                         }
532                 }
533                 rlen = SSL_read(pssl, sbuf, sizeof(sbuf));
534                 if (rlen < 1) {
535                         long errval;
536
537                         errval = SSL_get_error(pssl, rlen);
538                         if (errval == SSL_ERROR_WANT_READ || errval == SSL_ERROR_WANT_WRITE) {
539                                 sleeeeeeeeeep(1);
540                                 continue;
541                         }
542                         syslog(LOG_WARNING, "SSL_read got error %ld\n", errval);
543                         endtls();
544                         return (-1);
545                 }
546                 StrBufAppendBufPlain(buf, sbuf, rlen, 0);
547                 return rlen;
548         }
549         return (0);
550 }
551
552 #endif                          /* HAVE_OPENSSL */
Citadel server, clients, utilities