1 /* Copyright (C) 2008 Board of Trustees, Leland Stanford Jr. University.
3 * Permission is hereby granted, free of charge, to any person obtaining a copy
4 * of this software and associated documentation files (the "Software"), to
5 * deal in the Software without restriction, including without limitation the
6 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
7 * sell copies of the Software, and to permit persons to whom the Software is
8 * furnished to do so, subject to the following conditions:
10 * The above copyright notice and this permission notice shall be included in
11 * all copies or substantial portions of the Software.
13 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
18 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 #include "vconn-ssl.h"
27 #include <netinet/tcp.h>
28 #include <openssl/err.h>
29 #include <openssl/ssl.h>
33 #include "socket-util.h"
36 #include "ofp-print.h"
40 #define THIS_MODULE VLM_vconn_ssl
59 enum session_type type;
66 /* SSL context created by ssl_init(). */
69 /* Required configuration. */
70 static bool has_private_key, has_certificate, has_ca_cert;
72 static int ssl_init(void);
73 static int do_ssl_init(void);
74 static void connect_completed(struct ssl_vconn *, int error);
75 static bool ssl_wants_io(int ssl_error);
76 static void ssl_close(struct vconn *);
77 static bool state_machine(struct ssl_vconn *sslv);
78 static DH *tmp_dh_callback(SSL *ssl, int is_export UNUSED, int keylength);
81 new_ssl_vconn(const char *name, int fd, enum session_type type,
82 struct vconn **vconnp)
84 struct ssl_vconn *sslv;
89 /* Check for all the needful configuration. */
90 if (!has_private_key) {
91 VLOG_ERR("Private key must be configured to use SSL");
94 if (!has_certificate) {
95 VLOG_ERR("Certificate must be configured to use SSL");
99 VLOG_ERR("CA certificate must be configured to use SSL");
102 if (!SSL_CTX_check_private_key(ctx)) {
103 VLOG_ERR("Private key does not match certificate public key");
107 /* Make 'fd' non-blocking and disable Nagle. */
108 retval = set_nonblocking(fd);
110 VLOG_ERR("%s: set_nonblocking: %s", name, strerror(retval));
114 retval = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof on);
116 VLOG_ERR("%s: setsockopt(TCP_NODELAY): %s", name, strerror(errno));
121 /* Create and configure OpenSSL stream. */
124 VLOG_ERR("SSL_new: %s", ERR_error_string(ERR_get_error(), NULL));
128 if (SSL_set_fd(ssl, fd) == 0) {
129 VLOG_ERR("SSL_set_fd: %s", ERR_error_string(ERR_get_error(), NULL));
133 /* Create and return the ssl_vconn. */
134 sslv = xmalloc(sizeof *sslv);
135 sslv->vconn.class = &ssl_vconn_class;
136 sslv->state = STATE_SSL_CONNECTING;
142 *vconnp = &sslv->vconn;
153 static struct ssl_vconn *
154 ssl_vconn_cast(struct vconn *vconn)
156 assert(vconn->class == &ssl_vconn_class);
157 return CONTAINER_OF(vconn, struct ssl_vconn, vconn);
161 ssl_open(const char *name, char *suffix, struct vconn **vconnp)
163 char *save_ptr, *host_name, *port_string;
164 struct sockaddr_in sin;
173 /* Glibc 2.7 has a bug in strtok_r when compiling with optimization that
174 * can cause segfaults here:
175 * http://sources.redhat.com/bugzilla/show_bug.cgi?id=5614.
176 * Using "::" instead of the obvious ":" works around it. */
177 host_name = strtok_r(suffix, "::", &save_ptr);
178 port_string = strtok_r(NULL, "::", &save_ptr);
180 fatal(0, "%s: bad peer name format", name);
183 memset(&sin, 0, sizeof sin);
184 sin.sin_family = AF_INET;
185 if (lookup_ip(host_name, &sin.sin_addr)) {
188 sin.sin_port = htons(port_string && *port_string ? atoi(port_string)
192 fd = socket(AF_INET, SOCK_STREAM, 0);
194 VLOG_ERR("%s: socket: %s", name, strerror(errno));
198 /* Connect socket (blocking). */
199 retval = connect(fd, (struct sockaddr *) &sin, sizeof sin);
202 VLOG_ERR("%s: connect: %s", name, strerror(error));
207 /* Make an ssl_vconn for the socket. */
208 return new_ssl_vconn(name, fd, CLIENT, vconnp);
212 ssl_close(struct vconn *vconn)
214 struct ssl_vconn *sslv = ssl_vconn_cast(vconn);
221 ssl_want_io_to_events(SSL *ssl, short int *events)
223 if (SSL_want_read(ssl)) {
226 } else if (SSL_want_write(ssl)) {
235 ssl_prepoll(struct vconn *vconn, int want, struct pollfd *pfd)
237 struct ssl_vconn *sslv = ssl_vconn_cast(vconn);
239 if (!state_machine(sslv)) {
240 switch (sslv->state) {
241 case STATE_SSL_CONNECTING:
242 if (!ssl_want_io_to_events(sslv->ssl, &pfd->events)) {
243 /* state_machine() should have transitioned us away to another
251 } else if (sslv->connect_error) {
254 } else if (!ssl_want_io_to_events(sslv->ssl, &pfd->events)) {
255 if (want & WANT_RECV) {
256 pfd->events |= POLLIN;
258 if (want & WANT_SEND || sslv->txbuf) {
259 pfd->events |= POLLOUT;
266 ssl_postpoll(struct vconn *vconn, short int *revents)
268 struct ssl_vconn *sslv = ssl_vconn_cast(vconn);
269 if (!state_machine(sslv)) {
271 } else if (sslv->connect_error) {
273 } else if (*revents & POLLOUT && sslv->txbuf) {
274 ssize_t n = SSL_write(sslv->ssl, sslv->txbuf->data, sslv->txbuf->size);
276 buffer_pull(sslv->txbuf, n);
277 if (sslv->txbuf->size == 0) {
278 buffer_delete(sslv->txbuf);
283 *revents &= ~POLLOUT;
289 interpret_ssl_error(const char *function, int ret, int error)
293 VLOG_ERR("%s: unexpected SSL_ERROR_NONE", function);
296 case SSL_ERROR_ZERO_RETURN:
297 VLOG_ERR("%s: unexpected SSL_ERROR_ZERO_RETURN", function);
300 case SSL_ERROR_WANT_READ:
301 case SSL_ERROR_WANT_WRITE:
304 case SSL_ERROR_WANT_CONNECT:
305 VLOG_ERR("%s: unexpected SSL_ERROR_WANT_CONNECT", function);
308 case SSL_ERROR_WANT_ACCEPT:
309 VLOG_ERR("%s: unexpected SSL_ERROR_WANT_ACCEPT", function);
312 case SSL_ERROR_WANT_X509_LOOKUP:
313 VLOG_ERR("%s: unexpected SSL_ERROR_WANT_X509_LOOKUP", function);
316 case SSL_ERROR_SYSCALL: {
317 int queued_error = ERR_get_error();
318 if (queued_error == 0) {
321 VLOG_WARN("%s: system error (%s)", function, strerror(status));
324 VLOG_WARN("%s: unexpected SSL connection close", function);
328 VLOG_DBG("%s: %s", function, ERR_error_string(queued_error, NULL));
333 case SSL_ERROR_SSL: {
334 int queued_error = ERR_get_error();
335 if (queued_error != 0) {
336 VLOG_DBG("%s: %s", function, ERR_error_string(queued_error, NULL));
338 VLOG_ERR("%s: SSL_ERROR_SSL without queued error", function);
344 VLOG_ERR("%s: bad SSL error code %d", function, error);
351 ssl_recv(struct vconn *vconn, struct buffer **bufferp)
353 struct ssl_vconn *sslv = ssl_vconn_cast(vconn);
358 if (!state_machine(sslv)) {
360 } else if (sslv->connect_error) {
361 return sslv->connect_error;
364 if (sslv->rxbuf == NULL) {
365 sslv->rxbuf = buffer_new(1564);
370 if (sizeof(struct ofp_header) > rx->size) {
371 want_bytes = sizeof(struct ofp_header) - rx->size;
373 struct ofp_header *oh = rx->data;
374 size_t length = ntohs(oh->length);
375 if (length < sizeof(struct ofp_header)) {
376 VLOG_ERR("received too-short ofp_header (%zu bytes)", length);
379 want_bytes = length - rx->size;
381 buffer_reserve_tailroom(rx, want_bytes);
383 /* Behavior of zero-byte SSL_read is poorly defined. */
384 assert(want_bytes > 0);
386 ret = SSL_read(sslv->ssl, buffer_tail(rx), want_bytes);
389 if (ret == want_bytes) {
390 if (rx->size > sizeof(struct ofp_header)) {
400 int error = SSL_get_error(sslv->ssl, ret);
401 if (error == SSL_ERROR_ZERO_RETURN) {
402 /* Connection closed (EOF). */
404 VLOG_WARN("SSL_read: unexpected connection close");
410 return interpret_ssl_error("SSL_read", ret, error);
416 ssl_send(struct vconn *vconn, struct buffer *buffer)
418 struct ssl_vconn *sslv = ssl_vconn_cast(vconn);
421 if (!state_machine(sslv)) {
423 } else if (sslv->connect_error) {
424 return sslv->connect_error;
431 ret = SSL_write(sslv->ssl, buffer->data, buffer->size);
433 if (ret == buffer->size) {
434 buffer_delete(buffer);
436 sslv->txbuf = buffer;
437 buffer_pull(buffer, ret);
441 int error = SSL_get_error(sslv->ssl, ret);
442 if (error == SSL_ERROR_ZERO_RETURN) {
443 /* Connection closed (EOF). */
444 VLOG_WARN("SSL_write: connection close");
447 return interpret_ssl_error("SSL_write", ret, error);
452 struct vconn_class ssl_vconn_class = {
456 .prepoll = ssl_prepoll,
457 .postpoll = ssl_postpoll,
470 static struct pssl_vconn *
471 pssl_vconn_cast(struct vconn *vconn)
473 assert(vconn->class == &pssl_vconn_class);
474 return CONTAINER_OF(vconn, struct pssl_vconn, vconn);
478 pssl_open(const char *name, char *suffix, struct vconn **vconnp)
480 struct sockaddr_in sin;
481 struct pssl_vconn *pssl;
484 unsigned int yes = 1;
492 fd = socket(AF_INET, SOCK_STREAM, 0);
495 VLOG_ERR("%s: socket: %s", name, strerror(error));
499 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof yes) < 0) {
501 VLOG_ERR("%s: setsockopt(SO_REUSEADDR): %s", name, strerror(errno));
505 memset(&sin, 0, sizeof sin);
506 sin.sin_family = AF_INET;
507 sin.sin_addr.s_addr = htonl(INADDR_ANY);
508 sin.sin_port = htons(atoi(suffix) ? atoi(suffix) : OFP_SSL_PORT);
509 retval = bind(fd, (struct sockaddr *) &sin, sizeof sin);
512 VLOG_ERR("%s: bind: %s", name, strerror(error));
517 retval = listen(fd, 10);
520 VLOG_ERR("%s: listen: %s", name, strerror(error));
525 retval = set_nonblocking(fd);
527 VLOG_ERR("%s: set_nonblocking: %s", name, strerror(retval));
532 pssl = xmalloc(sizeof *pssl);
533 pssl->vconn.class = &pssl_vconn_class;
535 *vconnp = &pssl->vconn;
540 pssl_close(struct vconn *vconn)
542 struct pssl_vconn *pssl = pssl_vconn_cast(vconn);
548 pssl_prepoll(struct vconn *vconn, int want, struct pollfd *pfd)
550 struct pssl_vconn *pssl = pssl_vconn_cast(vconn);
552 if (want & WANT_ACCEPT) {
553 pfd->events |= POLLIN;
559 pssl_accept(struct vconn *vconn, struct vconn **new_vconnp)
561 struct pssl_vconn *pssl = pssl_vconn_cast(vconn);
564 new_fd = accept(pssl->fd, NULL, NULL);
567 if (error != EAGAIN) {
568 VLOG_DBG("pssl: accept: %s", strerror(error));
573 return new_ssl_vconn("ssl" /* FIXME */, new_fd, SERVER, new_vconnp);
576 struct vconn_class pssl_vconn_class = {
580 .prepoll = pssl_prepoll,
581 .accept = pssl_accept,
585 * Returns true if OpenSSL error is WANT_READ or WANT_WRITE, indicating that
586 * OpenSSL is requesting that we call it back when the socket is ready for read
587 * or writing, respectively.
590 ssl_wants_io(int ssl_error)
592 return (ssl_error == SSL_ERROR_WANT_WRITE
593 || ssl_error == SSL_ERROR_WANT_READ);
599 static int init_status = -1;
600 if (init_status < 0) {
601 init_status = do_ssl_init();
602 assert(init_status >= 0);
613 SSL_load_error_strings();
615 method = TLSv1_method();
616 if (method == NULL) {
617 VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL));
621 ctx = SSL_CTX_new(method);
623 VLOG_ERR("SSL_CTX_new: %s", ERR_error_string(ERR_get_error(), NULL));
626 SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
627 SSL_CTX_set_tmp_dh_callback(ctx, tmp_dh_callback);
628 SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
629 SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
630 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
637 state_machine(struct ssl_vconn *sslv)
639 if (sslv->state == STATE_SSL_CONNECTING) {
640 int ret = (sslv->type == CLIENT
641 ? SSL_connect(sslv->ssl) : SSL_accept(sslv->ssl));
643 int error = SSL_get_error(sslv->ssl, ret);
644 if (ret < 0 && ssl_wants_io(error)) {
645 /* Stay in this state to repeat the SSL_connect later. */
648 interpret_ssl_error((sslv->type == CLIENT ? "SSL_connect"
649 : "SSL_accept"), ret, error);
650 shutdown(sslv->fd, SHUT_RDWR);
651 connect_completed(sslv, EPROTO);
654 connect_completed(sslv, 0);
657 return sslv->state == STATE_CONNECTED;
661 connect_completed(struct ssl_vconn *sslv, int error)
663 sslv->state = STATE_CONNECTED;
664 sslv->connect_error = error;
668 tmp_dh_callback(SSL *ssl, int is_export UNUSED, int keylength)
673 DH *(*constructor)(void);
676 static struct dh dh_table[] = {
677 {1024, NULL, get_dh1024},
678 {2048, NULL, get_dh2048},
679 {4096, NULL, get_dh4096},
684 for (dh = dh_table; dh < &dh_table[ARRAY_SIZE(dh_table)]; dh++) {
685 if (dh->keylength == keylength) {
687 dh->dh = dh->constructor();
689 fatal(ENOMEM, "out of memory constructing "
690 "Diffie-Hellman parameters");
696 VLOG_ERR("no Diffie-Hellman parameters for key length %d", keylength);
701 vconn_ssl_set_private_key_file(const char *file_name)
706 if (SSL_CTX_use_PrivateKey_file(ctx, file_name, SSL_FILETYPE_PEM) != 1) {
707 VLOG_ERR("SSL_use_PrivateKey_file: %s",
708 ERR_error_string(ERR_get_error(), NULL));
711 has_private_key = true;
715 vconn_ssl_set_certificate_file(const char *file_name)
720 if (SSL_CTX_use_certificate_chain_file(ctx, file_name) != 1) {
721 VLOG_ERR("SSL_use_certificate_file: %s",
722 ERR_error_string(ERR_get_error(), NULL));
725 has_certificate = true;
729 vconn_ssl_set_ca_cert_file(const char *file_name)
731 STACK_OF(X509_NAME) *ca_list;
737 /* Set up list of CAs that the server will accept from the client. */
738 ca_list = SSL_load_client_CA_file(file_name);
739 if (ca_list == NULL) {
740 VLOG_ERR("SSL_load_client_CA_file: %s",
741 ERR_error_string(ERR_get_error(), NULL));
744 SSL_CTX_set_client_CA_list(ctx, ca_list);
746 /* Set up CAs for OpenSSL to trust in verifying the peer's certificate. */
747 if (SSL_CTX_load_verify_locations(ctx, file_name, NULL) != 1) {
748 VLOG_ERR("SSL_load_verify_locations: %s",
749 ERR_error_string(ERR_get_error(), NULL));