X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=lib%2Fstream-ssl.c;h=851e7a76fa3d07c0d912aeecf4bcab34dea2a045;hb=5136ce492c414f377f7be9ae32b259abb9f76580;hp=004a5e4fd9ee4be4616e8f4ccca2a10ea3d9b616;hpb=deb1f4336ce5a795e21997e2c394347c00063800;p=sliver-openvswitch.git diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index 004a5e4fd..851e7a76f 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -37,13 +37,13 @@ #include "packets.h" #include "poll-loop.h" #include "socket-util.h" -#include "socket-util.h" #include "util.h" #include "stream-provider.h" #include "stream.h" - +#include "timeval.h" #include "vlog.h" -#define THIS_MODULE VLM_stream_ssl + +VLOG_DEFINE_THIS_MODULE(stream_ssl) /* Active SSL. */ @@ -66,6 +66,7 @@ struct ssl_stream int fd; SSL *ssl; struct ofpbuf *txbuf; + unsigned int session_nr; /* rx_want and tx_want record the result of the last call to SSL_read() * and SSL_write(), respectively: @@ -124,25 +125,41 @@ struct ssl_stream * deadlock and livelock situations above. */ int rx_want, tx_want; + + /* A few bytes of header data in case SSL negotiation fails. */ + uint8_t head[2]; + short int n_head; }; /* SSL context created by ssl_init(). */ static SSL_CTX *ctx; -/* Required configuration. */ -static bool has_private_key, has_certificate, has_ca_cert; +struct ssl_config_file { + bool read; /* Whether the file was successfully read. */ + char *file_name; /* Configured file name, if any. */ + struct timespec mtime; /* File mtime as of last time we read it. */ +}; + +/* SSL configuration files. */ +static struct ssl_config_file private_key; +static struct ssl_config_file certificate; +static struct ssl_config_file ca_cert; + +/* Ordinarily, the SSL client and server verify each other's certificates using + * a CA certificate. Setting this to false disables this behavior. (This is a + * security risk.) */ +static bool verify_peer_cert = true; /* Ordinarily, we require a CA certificate for the peer to be locally - * available. 'has_ca_cert' is true when this is the case, and neither of the - * following variables matter. - * - * We can, however, bootstrap the CA certificate from the peer at the beginning - * of our first connection then use that certificate on all subsequent - * connections, saving it to a file for use in future runs also. In this case, - * 'has_ca_cert' is false, 'bootstrap_ca_cert' is true, and 'ca_cert_file' - * names the file to be saved. */ + * available. We can, however, bootstrap the CA certificate from the peer at + * the beginning of our first connection then use that certificate on all + * subsequent connections, saving it to a file for use in future runs also. In + * this case, 'bootstrap_ca_cert' is true. */ static bool bootstrap_ca_cert; -static char *ca_cert_file; + +/* Session number. Used in debug logging messages to uniquely identify a + * session. */ +static unsigned int next_session_nr; /* Who knows what can trigger various SSL errors, so let's throttle them down * quite a bit. */ @@ -157,6 +174,10 @@ static int interpret_ssl_error(const char *function, int ret, int error, int *want); static DH *tmp_dh_callback(SSL *ssl, int is_export OVS_UNUSED, int keylength); static void log_ca_cert(const char *file_name, X509 *cert); +static void stream_ssl_set_ca_cert_file__(const char *file_name, + bool bootstrap); +static void ssl_protocol_cb(int write_p, int version, int content_type, + const void *, size_t, SSL *, void *sslv_); static short int want_to_poll_events(int want) @@ -190,15 +211,15 @@ new_ssl_stream(const char *name, int fd, enum session_type type, /* Check for all the needful configuration. */ retval = 0; - if (!has_private_key) { + if (!private_key.read) { VLOG_ERR("Private key must be configured to use SSL"); retval = ENOPROTOOPT; } - if (!has_certificate) { + if (!certificate.read) { VLOG_ERR("Certificate must be configured to use SSL"); retval = ENOPROTOOPT; } - if (!has_ca_cert && !bootstrap_ca_cert) { + if (!ca_cert.read && verify_peer_cert && !bootstrap_ca_cert) { VLOG_ERR("CA certificate must be configured to use SSL"); retval = ENOPROTOOPT; } @@ -237,7 +258,7 @@ new_ssl_stream(const char *name, int fd, enum session_type type, retval = ENOPROTOOPT; goto error; } - if (bootstrap_ca_cert && type == CLIENT) { + if (!verify_peer_cert || (bootstrap_ca_cert && type == CLIENT)) { SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); } @@ -254,6 +275,14 @@ new_ssl_stream(const char *name, int fd, enum session_type type, sslv->ssl = ssl; sslv->txbuf = NULL; sslv->rx_want = sslv->tx_want = SSL_NOTHING; + sslv->session_nr = next_session_nr++; + sslv->n_head = 0; + + if (VLOG_IS_DBG_ENABLED()) { + SSL_set_msg_callback(ssl, ssl_protocol_cb); + SSL_set_msg_callback_arg(ssl, sslv); + } + *streamp = &sslv->stream; return 0; @@ -298,7 +327,7 @@ do_ca_cert_bootstrap(struct stream *stream) { struct ssl_stream *sslv = ssl_stream_cast(stream); STACK_OF(X509) *chain; - X509 *ca_cert; + X509 *cert; FILE *file; int error; int fd; @@ -309,11 +338,11 @@ do_ca_cert_bootstrap(struct stream *stream) "peer"); return EPROTO; } - ca_cert = sk_X509_value(chain, sk_X509_num(chain) - 1); + cert = sk_X509_value(chain, sk_X509_num(chain) - 1); - /* Check that 'ca_cert' is self-signed. Otherwise it is not a CA + /* Check that 'cert' is self-signed. Otherwise it is not a CA * certificate and we should not attempt to use it as one. */ - error = X509_check_issued(ca_cert, ca_cert); + error = X509_check_issued(cert, cert); if (error) { VLOG_ERR("could not bootstrap CA cert: obtained certificate is " "not self-signed (%s)", @@ -325,16 +354,16 @@ do_ca_cert_bootstrap(struct stream *stream) return EPROTO; } - fd = open(ca_cert_file, O_CREAT | O_EXCL | O_WRONLY, 0444); + fd = open(ca_cert.file_name, O_CREAT | O_EXCL | O_WRONLY, 0444); if (fd < 0) { if (errno == EEXIST) { VLOG_INFO("reading CA cert %s created by another process", - ca_cert_file); - stream_ssl_set_ca_cert_file(ca_cert_file, true); + ca_cert.file_name); + stream_ssl_set_ca_cert_file(ca_cert.file_name, true); return EPROTO; } else { VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s", - ca_cert_file, strerror(errno)); + ca_cert.file_name, strerror(errno)); return errno; } } @@ -344,41 +373,42 @@ do_ca_cert_bootstrap(struct stream *stream) int error = errno; VLOG_ERR("could not bootstrap CA cert: fdopen failed: %s", strerror(error)); - unlink(ca_cert_file); + unlink(ca_cert.file_name); return error; } - if (!PEM_write_X509(file, ca_cert)) { + if (!PEM_write_X509(file, cert)) { VLOG_ERR("could not bootstrap CA cert: PEM_write_X509 to %s failed: " - "%s", ca_cert_file, ERR_error_string(ERR_get_error(), NULL)); + "%s", ca_cert.file_name, + ERR_error_string(ERR_get_error(), NULL)); fclose(file); - unlink(ca_cert_file); + unlink(ca_cert.file_name); return EIO; } if (fclose(file)) { int error = errno; VLOG_ERR("could not bootstrap CA cert: writing %s failed: %s", - ca_cert_file, strerror(error)); - unlink(ca_cert_file); + ca_cert.file_name, strerror(error)); + unlink(ca_cert.file_name); return error; } - VLOG_INFO("successfully bootstrapped CA cert to %s", ca_cert_file); - log_ca_cert(ca_cert_file, ca_cert); + VLOG_INFO("successfully bootstrapped CA cert to %s", ca_cert.file_name); + log_ca_cert(ca_cert.file_name, cert); bootstrap_ca_cert = false; - has_ca_cert = true; + ca_cert.read = true; - /* SSL_CTX_add_client_CA makes a copy of ca_cert's relevant data. */ - SSL_CTX_add_client_CA(ctx, ca_cert); + /* SSL_CTX_add_client_CA makes a copy of cert's relevant data. */ + SSL_CTX_add_client_CA(ctx, cert); /* SSL_CTX_use_certificate() takes ownership of the certificate passed in. - * 'ca_cert' is owned by sslv->ssl, so we need to duplicate it. */ - ca_cert = X509_dup(ca_cert); - if (!ca_cert) { + * 'cert' is owned by sslv->ssl, so we need to duplicate it. */ + cert = X509_dup(cert); + if (!cert) { out_of_memory(); } - if (SSL_CTX_load_verify_locations(ctx, ca_cert_file, NULL) != 1) { + if (SSL_CTX_load_verify_locations(ctx, ca_cert.file_name, NULL) != 1) { VLOG_ERR("SSL_CTX_load_verify_locations: %s", ERR_error_string(ERR_get_error(), NULL)); return EPROTO; @@ -403,6 +433,13 @@ ssl_connect(struct stream *stream) /* Fall through. */ case STATE_SSL_CONNECTING: + /* Capture the first few bytes of received data so that we can guess + * what kind of funny data we've been sent if SSL negotation fails. */ + if (sslv->n_head <= 0) { + sslv->n_head = recv(sslv->fd, sslv->head, sizeof sslv->head, + MSG_PEEK); + } + retval = (sslv->type == CLIENT ? SSL_connect(sslv->ssl) : SSL_accept(sslv->ssl)); if (retval != 1) { @@ -414,13 +451,16 @@ ssl_connect(struct stream *stream) interpret_ssl_error((sslv->type == CLIENT ? "SSL_connect" : "SSL_accept"), retval, error, &unused); shutdown(sslv->fd, SHUT_RDWR); + stream_report_content(sslv->head, sslv->n_head, STREAM_SSL, + THIS_MODULE, stream_get_name(stream)); return EPROTO; } } else if (bootstrap_ca_cert) { return do_ca_cert_bootstrap(stream); - } else if ((SSL_get_verify_mode(sslv->ssl) - & (SSL_VERIFY_NONE | SSL_VERIFY_PEER)) - != SSL_VERIFY_PEER) { + } else if (verify_peer_cert + && ((SSL_get_verify_mode(sslv->ssl) + & (SSL_VERIFY_NONE | SSL_VERIFY_PEER)) + != SSL_VERIFY_PEER)) { /* Two or more SSL connections completed at the same time while we * were in bootstrap mode. Only one of these can finish the * bootstrap successfully. The other one(s) must be rejected @@ -452,6 +492,11 @@ ssl_close(struct stream *stream) * background. */ SSL_shutdown(sslv->ssl); + /* SSL_shutdown() might have signaled an error, in which case we need to + * flush it out of the OpenSSL error queue or the next OpenSSL operation + * will falsely signal an error. */ + ERR_clear_error(); + SSL_free(sslv->ssl); close(sslv->fd); free(sslv); @@ -899,13 +944,41 @@ tmp_dh_callback(SSL *ssl OVS_UNUSED, int is_export OVS_UNUSED, int keylength) bool stream_ssl_is_configured(void) { - return has_private_key || has_certificate || has_ca_cert; + return private_key.file_name || certificate.file_name || ca_cert.file_name; +} + +static bool +update_ssl_config(struct ssl_config_file *config, const char *file_name) +{ + struct timespec mtime; + + if (ssl_init() || !file_name) { + return false; + } + + /* If the file name hasn't changed and neither has the file contents, stop + * here. */ + get_mtime(file_name, &mtime); + if (config->file_name + && !strcmp(config->file_name, file_name) + && mtime.tv_sec == config->mtime.tv_sec + && mtime.tv_nsec == config->mtime.tv_nsec) { + return false; + } + + /* Update 'config'. */ + config->mtime = mtime; + if (file_name != config->file_name) { + free(config->file_name); + config->file_name = xstrdup(file_name); + } + return true; } void stream_ssl_set_private_key_file(const char *file_name) { - if (ssl_init()) { + if (!update_ssl_config(&private_key, file_name)) { return; } if (SSL_CTX_use_PrivateKey_file(ctx, file_name, SSL_FILETYPE_PEM) != 1) { @@ -913,13 +986,13 @@ stream_ssl_set_private_key_file(const char *file_name) ERR_error_string(ERR_get_error(), NULL)); return; } - has_private_key = true; + private_key.read = true; } void stream_ssl_set_certificate_file(const char *file_name) { - if (ssl_init()) { + if (!update_ssl_config(&certificate, file_name)) { return; } if (SSL_CTX_use_certificate_chain_file(ctx, file_name) != 1) { @@ -927,7 +1000,7 @@ stream_ssl_set_certificate_file(const char *file_name) ERR_error_string(ERR_get_error(), NULL)); return; } - has_certificate = true; + certificate.read = true; } /* Reads the X509 certificate or certificates in file 'file_name'. On success, @@ -1047,25 +1120,19 @@ log_ca_cert(const char *file_name, X509 *cert) ds_destroy(&fp); } -/* Sets 'file_name' as the name of the file from which to read the CA - * certificate used to verify the peer within SSL connections. If 'bootstrap' - * is false, the file must exist. If 'bootstrap' is false, then the file is - * read if it is exists; if it does not, then it will be created from the CA - * certificate received from the peer on the first SSL connection. */ -void -stream_ssl_set_ca_cert_file(const char *file_name, bool bootstrap) +static void +stream_ssl_set_ca_cert_file__(const char *file_name, bool bootstrap) { X509 **certs; size_t n_certs; struct stat s; - if (ssl_init()) { - return; - } - - if (bootstrap && stat(file_name, &s) && errno == ENOENT) { + if (!strcmp(file_name, "none")) { + verify_peer_cert = false; + VLOG_WARN("Peer certificate validation disabled " + "(this is a security risk)"); + } else if (bootstrap && stat(file_name, &s) && errno == ENOENT) { bootstrap_ca_cert = true; - ca_cert_file = xstrdup(file_name); } else if (!read_cert_file(file_name, &certs, &n_certs)) { size_t i; @@ -1091,6 +1158,117 @@ stream_ssl_set_ca_cert_file(const char *file_name, bool bootstrap) return; } - has_ca_cert = true; + bootstrap_ca_cert = false; + } + ca_cert.read = true; +} + +/* Sets 'file_name' as the name of the file from which to read the CA + * certificate used to verify the peer within SSL connections. If 'bootstrap' + * is false, the file must exist. If 'bootstrap' is false, then the file is + * read if it is exists; if it does not, then it will be created from the CA + * certificate received from the peer on the first SSL connection. */ +void +stream_ssl_set_ca_cert_file(const char *file_name, bool bootstrap) +{ + if (!update_ssl_config(&ca_cert, file_name)) { + return; + } + + stream_ssl_set_ca_cert_file__(file_name, bootstrap); +} + +/* SSL protocol logging. */ + +static const char * +ssl_alert_level_to_string(uint8_t type) +{ + switch (type) { + case 1: return "warning"; + case 2: return "fatal"; + default: return ""; } } + +static const char * +ssl_alert_description_to_string(uint8_t type) +{ + switch (type) { + case 0: return "close_notify"; + case 10: return "unexpected_message"; + case 20: return "bad_record_mac"; + case 21: return "decryption_failed"; + case 22: return "record_overflow"; + case 30: return "decompression_failure"; + case 40: return "handshake_failure"; + case 42: return "bad_certificate"; + case 43: return "unsupported_certificate"; + case 44: return "certificate_revoked"; + case 45: return "certificate_expired"; + case 46: return "certificate_unknown"; + case 47: return "illegal_parameter"; + case 48: return "unknown_ca"; + case 49: return "access_denied"; + case 50: return "decode_error"; + case 51: return "decrypt_error"; + case 60: return "export_restriction"; + case 70: return "protocol_version"; + case 71: return "insufficient_security"; + case 80: return "internal_error"; + case 90: return "user_canceled"; + case 100: return "no_renegotiation"; + default: return ""; + } +} + +static const char * +ssl_handshake_type_to_string(uint8_t type) +{ + switch (type) { + case 0: return "hello_request"; + case 1: return "client_hello"; + case 2: return "server_hello"; + case 11: return "certificate"; + case 12: return "server_key_exchange"; + case 13: return "certificate_request"; + case 14: return "server_hello_done"; + case 15: return "certificate_verify"; + case 16: return "client_key_exchange"; + case 20: return "finished"; + default: return ""; + } +} + +static void +ssl_protocol_cb(int write_p, int version OVS_UNUSED, int content_type, + const void *buf_, size_t len, SSL *ssl OVS_UNUSED, void *sslv_) +{ + const struct ssl_stream *sslv = sslv_; + const uint8_t *buf = buf_; + struct ds details; + + if (!VLOG_IS_DBG_ENABLED()) { + return; + } + + ds_init(&details); + if (content_type == 20) { + ds_put_cstr(&details, "change_cipher_spec"); + } else if (content_type == 21) { + ds_put_format(&details, "alert: %s, %s", + ssl_alert_level_to_string(buf[0]), + ssl_alert_description_to_string(buf[1])); + } else if (content_type == 22) { + ds_put_format(&details, "handshake: %s", + ssl_handshake_type_to_string(buf[0])); + } else { + ds_put_format(&details, "type %d", content_type); + } + + VLOG_DBG("%s%u%s%s %s (%zu bytes)", + sslv->type == CLIENT ? "client" : "server", + sslv->session_nr, write_p ? "-->" : "<--", + stream_get_name(&sslv->stream), ds_cstr(&details), len); + + ds_destroy(&details); +}