X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=lib%2Fstream-ssl.c;h=c373ca960b64476107a9962ada6f920fbdf811b0;hb=7431e17196fdb1c3189d67e3aeed4adeab4cf479;hp=a93c00642171c1be4f60fc7c7cafeb2563b7aea0;hpb=e68f6dea5404b9cb4c0d7f3501bf276af646a372;p=sliver-openvswitch.git diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index a93c00642..c373ca960 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks. + * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,7 +17,6 @@ #include #include "stream-ssl.h" #include "dhparams.h" -#include #include #include #include @@ -26,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -34,7 +34,7 @@ #include #include "coverage.h" #include "dynamic-string.h" -#include "leak-checker.h" +#include "entropy.h" #include "ofpbuf.h" #include "openflow/openflow.h" #include "packets.h" @@ -49,9 +49,6 @@ VLOG_DEFINE_THIS_MODULE(stream_ssl); -COVERAGE_DEFINE(ssl_session); -COVERAGE_DEFINE(ssl_session_reused); - /* Active SSL. */ enum ssl_state { @@ -140,20 +137,6 @@ struct ssl_stream /* SSL context created by ssl_init(). */ static SSL_CTX *ctx; -/* Maps from stream target (e.g. "127.0.0.1:1234") to SSL_SESSION *. The - * sessions are those from the last SSL connection to the given target. - * OpenSSL caches server-side sessions internally, so this cache is only used - * for client connections. - * - * The stream_ssl module owns a reference to each of the sessions in this - * table, so they must be freed with SSL_SESSION_free() when they are no - * longer needed. */ -static struct shash client_sessions = SHASH_INITIALIZER(&client_sessions); - -/* Maximum number of client sessions to cache. Ordinarily I'd expect that one - * session would be sufficient but this should cover it. */ -#define MAX_CLIENT_SESSION_CACHE 16 - struct ssl_config_file { bool read; /* Whether the file was successfully read. */ char *file_name; /* Configured file name, if any. */ @@ -221,8 +204,8 @@ want_to_poll_events(int want) static int new_ssl_stream(const char *name, int fd, enum session_type type, - enum ssl_state state, const struct sockaddr_in *remote, - struct stream **streamp) + enum ssl_state state, const struct sockaddr_in *remote, + struct stream **streamp) { struct sockaddr_in local; socklen_t local_len = sizeof local; @@ -245,7 +228,7 @@ new_ssl_stream(const char *name, int fd, enum session_type type, VLOG_ERR("CA certificate must be configured to use SSL"); retval = ENOPROTOOPT; } - if (!SSL_CTX_check_private_key(ctx)) { + if (!retval && !SSL_CTX_check_private_key(ctx)) { VLOG_ERR("Private key does not match certificate public key: %s", ERR_error_string(ERR_get_error(), NULL)); retval = ENOPROTOOPT; @@ -283,13 +266,6 @@ new_ssl_stream(const char *name, int fd, enum session_type type, if (!verify_peer_cert || (bootstrap_ca_cert && type == CLIENT)) { SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); } - if (type == CLIENT) { - /* Grab SSL session information from the cache. */ - SSL_SESSION *session = shash_find_data(&client_sessions, name); - if (session && SSL_set_session(ssl, session) != 1) { - interpret_queued_ssl_error("SSL_set_session"); - } - } /* Create and return the ssl_stream. */ sslv = xmalloc(sizeof *sslv); @@ -331,7 +307,7 @@ ssl_stream_cast(struct stream *stream) } static int -ssl_open(const char *name, char *suffix, struct stream **streamp) +ssl_open(const char *name, char *suffix, struct stream **streamp, uint8_t dscp) { struct sockaddr_in sin; int error, fd; @@ -341,7 +317,8 @@ ssl_open(const char *name, char *suffix, struct stream **streamp) return error; } - error = inet_open_active(SOCK_STREAM, suffix, OFP_SSL_PORT, &sin, &fd); + error = inet_open_active(SOCK_STREAM, suffix, OFP_SSL_PORT, &sin, &fd, + dscp); if (fd >= 0) { int state = error ? STATE_TCP_CONNECTING : STATE_SSL_CONNECTING; return new_ssl_stream(name, fd, CLIENT, state, &sin, streamp); @@ -437,6 +414,7 @@ do_ca_cert_bootstrap(struct stream *stream) if (!cert) { out_of_memory(); } + SSL_CTX_set_cert_store(ctx, X509_STORE_new()); if (SSL_CTX_load_verify_locations(ctx, ca_cert.file_name, NULL) != 1) { VLOG_ERR("SSL_CTX_load_verify_locations: %s", ERR_error_string(ERR_get_error(), NULL)); @@ -446,58 +424,6 @@ do_ca_cert_bootstrap(struct stream *stream) return EPROTO; } -static void -ssl_delete_session(struct shash_node *node) -{ - SSL_SESSION *session = node->data; - SSL_SESSION_free(session); - shash_delete(&client_sessions, node); -} - -/* Find and free any previously cached session for 'stream''s target. */ -static void -ssl_flush_session(struct stream *stream) -{ - struct shash_node *node; - - node = shash_find(&client_sessions, stream_get_name(stream)); - if (node) { - ssl_delete_session(node); - } -} - -/* Add 'stream''s session to the cache for its target, so that it will be - * reused for future SSL connections to the same target. */ -static void -ssl_cache_session(struct stream *stream) -{ - struct ssl_stream *sslv = ssl_stream_cast(stream); - SSL_SESSION *session; - - /* Get session from stream. */ - session = SSL_get1_session(sslv->ssl); - if (session) { - SSL_SESSION *old_session; - - old_session = shash_replace(&client_sessions, stream_get_name(stream), - session); - if (old_session) { - /* Free the session that we replaced. (We might actually have - * session == old_session, but either way we have to free it to - * avoid leaking a reference.) */ - SSL_SESSION_free(old_session); - } else if (shash_count(&client_sessions) > MAX_CLIENT_SESSION_CACHE) { - for (;;) { - struct shash_node *node = shash_random_node(&client_sessions); - if (node->data != session) { - ssl_delete_session(node); - break; - } - } - } - } -} - static int ssl_connect(struct stream *stream) { @@ -515,7 +441,7 @@ ssl_connect(struct stream *stream) case STATE_SSL_CONNECTING: /* Capture the first few bytes of received data so that we can guess - * what kind of funny data we've been sent if SSL negotation fails. */ + * what kind of funny data we've been sent if SSL negotiation fails. */ if (sslv->n_head <= 0) { sslv->n_head = recv(sslv->fd, sslv->head, sizeof sslv->head, MSG_PEEK); @@ -530,17 +456,6 @@ ssl_connect(struct stream *stream) } else { int unused; - if (sslv->type == CLIENT) { - /* Delete any cached session for this stream's target. - * Otherwise a single error causes recurring errors that - * don't resolve until the SSL client or server is - * restarted. (It can take dozens of reused connections to - * see this behavior, so this is difficult to test.) If we - * delete the session on the first error, though, the error - * only occurs once and then resolves itself. */ - ssl_flush_session(stream); - } - interpret_ssl_error((sslv->type == CLIENT ? "SSL_connect" : "SSL_accept"), retval, error, &unused); shutdown(sslv->fd, SHUT_RDWR); @@ -562,14 +477,9 @@ ssl_connect(struct stream *stream) * certificate, but that's more trouble than it's worth. These * connections will succeed the next time they retry, assuming that * they have a certificate against the correct CA.) */ - VLOG_ERR("rejecting SSL connection during bootstrap race window"); + VLOG_INFO("rejecting SSL connection during bootstrap race window"); return EPROTO; } else { - /* Statistics. */ - COVERAGE_INC(ssl_session); - if (SSL_session_reused(sslv->ssl)) { - COVERAGE_INC(ssl_session_reused); - } return 0; } } @@ -590,8 +500,6 @@ ssl_close(struct stream *stream) * background. */ SSL_shutdown(sslv->ssl); - ssl_cache_session(stream); - /* SSL_shutdown() might have signaled an error, in which case we need to * flush it out of the OpenSSL error queue or the next OpenSSL operation * will falsely signal an error. */ @@ -689,7 +597,7 @@ ssl_recv(struct stream *stream, void *buffer, size_t n) ssize_t ret; /* Behavior of zero-byte SSL_read is poorly defined. */ - assert(n > 0); + ovs_assert(n > 0); old_state = SSL_get_state(sslv->ssl); ret = SSL_read(sslv->ssl, buffer, n); @@ -765,7 +673,6 @@ ssl_send(struct stream *stream, const void *buffer, size_t n) ssl_clear_txbuf(sslv); return n; case EAGAIN: - leak_checker_claim(buffer); return n; default: sslv->txbuf = NULL; @@ -845,8 +752,9 @@ ssl_wait(struct stream *stream, enum stream_wait_type wait) } } -struct stream_class ssl_stream_class = { +const struct stream_class ssl_stream_class = { "ssl", /* name */ + true, /* needs_probes */ ssl_open, /* open */ ssl_close, /* close */ ssl_connect, /* connect */ @@ -865,7 +773,7 @@ struct pssl_pstream int fd; }; -struct pstream_class pssl_pstream_class; +const struct pstream_class pssl_pstream_class; static struct pssl_pstream * pssl_pstream_cast(struct pstream *pstream) @@ -875,7 +783,8 @@ pssl_pstream_cast(struct pstream *pstream) } static int -pssl_open(const char *name OVS_UNUSED, char *suffix, struct pstream **pstreamp) +pssl_open(const char *name OVS_UNUSED, char *suffix, struct pstream **pstreamp, + uint8_t dscp) { struct pssl_pstream *pssl; struct sockaddr_in sin; @@ -888,15 +797,16 @@ pssl_open(const char *name OVS_UNUSED, char *suffix, struct pstream **pstreamp) return retval; } - fd = inet_open_passive(SOCK_STREAM, suffix, OFP_SSL_PORT, &sin); + fd = inet_open_passive(SOCK_STREAM, suffix, OFP_SSL_PORT, &sin, dscp); if (fd < 0) { return -fd; } sprintf(bound_name, "pssl:%"PRIu16":"IP_FMT, - ntohs(sin.sin_port), IP_ARGS(&sin.sin_addr.s_addr)); + ntohs(sin.sin_port), IP_ARGS(sin.sin_addr.s_addr)); pssl = xmalloc(sizeof *pssl); pstream_init(&pssl->pstream, &pssl_pstream_class, bound_name); + pstream_set_bound_port(&pssl->pstream, sin.sin_port); pssl->fd = fd; *pstreamp = &pssl->pstream; return 0; @@ -935,12 +845,12 @@ pssl_accept(struct pstream *pstream, struct stream **new_streamp) return error; } - sprintf(name, "ssl:"IP_FMT, IP_ARGS(&sin.sin_addr)); + sprintf(name, "ssl:"IP_FMT, IP_ARGS(sin.sin_addr.s_addr)); if (sin.sin_port != htons(OFP_SSL_PORT)) { sprintf(strchr(name, '\0'), ":%"PRIu16, ntohs(sin.sin_port)); } return new_ssl_stream(name, new_fd, SERVER, STATE_SSL_CONNECTING, &sin, - new_streamp); + new_streamp); } static void @@ -950,12 +860,21 @@ pssl_wait(struct pstream *pstream) poll_fd_wait(pssl->fd, POLLIN); } -struct pstream_class pssl_pstream_class = { +static int +pssl_set_dscp(struct pstream *pstream, uint8_t dscp) +{ + struct pssl_pstream *pssl = pssl_pstream_cast(pstream); + return set_dscp(pssl->fd, dscp); +} + +const struct pstream_class pssl_pstream_class = { "pssl", + true, pssl_open, pssl_close, pssl_accept, pssl_wait, + pssl_set_dscp, }; /* @@ -976,7 +895,7 @@ ssl_init(void) static int init_status = -1; if (init_status < 0) { init_status = do_ssl_init(); - assert(init_status >= 0); + ovs_assert(init_status >= 0); } return init_status; } @@ -989,9 +908,39 @@ do_ssl_init(void) SSL_library_init(); SSL_load_error_strings(); + if (!RAND_status()) { + /* We occasionally see OpenSSL fail to seed its random number generator + * in heavily loaded hypervisors. I suspect the following scenario: + * + * 1. OpenSSL calls read() to get 32 bytes from /dev/urandom. + * 2. The kernel generates 10 bytes of randomness and copies it out. + * 3. A signal arrives (perhaps SIGALRM). + * 4. The kernel interrupts the system call to service the signal. + * 5. Userspace gets 10 bytes of entropy. + * 6. OpenSSL doesn't read again to get the final 22 bytes. Therefore + * OpenSSL doesn't have enough entropy to consider itself + * initialized. + * + * The only part I'm not entirely sure about is #6, because the OpenSSL + * code is so hard to read. */ + uint8_t seed[32]; + int retval; + + VLOG_WARN("OpenSSL random seeding failed, reseeding ourselves"); + + retval = get_entropy(seed, sizeof seed); + if (retval) { + VLOG_ERR("failed to obtain entropy (%s)", + ovs_retval_to_string(retval)); + return retval > 0 ? retval : ENOPROTOOPT; + } + + RAND_seed(seed, sizeof seed); + } + /* New OpenSSL changed TLSv1_method() to return a "const" pointer, so the * cast is needed to avoid a warning with those newer versions. */ - method = (SSL_METHOD *) TLSv1_method(); + method = CONST_CAST(SSL_METHOD *, TLSv1_method()); if (method == NULL) { VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL)); return ENOPROTOOPT; @@ -1009,17 +958,6 @@ do_ssl_init(void) SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); - /* We have to set a session context ID string in 'ctx' because OpenSSL - * otherwise refuses to use a cached session on the server side when - * SSL_VERIFY_PEER is set. And it not only refuses to use the cached - * session, it actually generates an error and kills the connection. - * According to a comment in ssl_get_prev_session() in OpenSSL's - * ssl/ssl_sess.c, this is intentional behavior. - * - * Any context string is OK, as long as one is set. */ - SSL_CTX_set_session_id_context(ctx, (const unsigned char *) PACKAGE, - strlen(PACKAGE)); - return 0; } @@ -1320,6 +1258,7 @@ stream_ssl_set_ca_cert_file__(const char *file_name, /* Set up CAs for OpenSSL to trust in verifying the peer's * certificate. */ + SSL_CTX_set_cert_store(ctx, X509_STORE_new()); if (SSL_CTX_load_verify_locations(ctx, file_name, NULL) != 1) { VLOG_ERR("SSL_CTX_load_verify_locations: %s", ERR_error_string(ERR_get_error(), NULL));