X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=lib%2Fvconn-ssl.c;h=4bc123b5846dfc3265fbb4627c513aea1c035c04;hb=c07c7f5e9e09a4f436ee7f1514cdae759c34b0ba;hp=32c61f1225bf6cbbb638212f7b0b38d65f4caf81;hpb=cf6207b610f15e73984e94c6c84ee07730ec746b;p=sliver-openvswitch.git diff --git a/lib/vconn-ssl.c b/lib/vconn-ssl.c index 32c61f122..4bc123b58 100644 --- a/lib/vconn-ssl.c +++ b/lib/vconn-ssl.c @@ -1,38 +1,61 @@ -/* Copyright (C) 2008 Board of Trustees, Leland Stanford Jr. University. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to - * deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS - * IN THE SOFTWARE. +/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford + * Junior University + * + * We are making the OpenFlow specification and associated documentation + * (Software) available for public use and benefit with the expectation + * that others will use, modify and enhance the Software and contribute + * those enhancements back to the community. However, since we would + * like to make the Software available for broadest use, with as few + * restrictions as possible permission is hereby granted, free of + * charge, to any person obtaining a copy of this Software to deal in + * the Software under the copyrights without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * The name and trademarks of copyright holder(s) may NOT be used in + * advertising or publicity pertaining to the Software or any + * derivatives without specific, written prior permission. */ +#include #include "vconn-ssl.h" #include "dhparams.h" #include +#include #include +#include +#include #include #include #include +#include #include +#include +#include #include -#include "buffer.h" +#include "dynamic-string.h" +#include "ofpbuf.h" +#include "openflow.h" +#include "packets.h" +#include "poll-loop.h" +#include "socket-util.h" #include "socket-util.h" #include "util.h" -#include "openflow.h" -#include "ofp-print.h" +#include "vconn-provider.h" #include "vconn.h" #include "vlog.h" @@ -41,8 +64,8 @@ /* Active SSL. */ enum ssl_state { - STATE_SSL_CONNECTING, - STATE_CONNECTED + STATE_TCP_CONNECTING, + STATE_SSL_CONNECTING }; enum session_type { @@ -58,8 +81,67 @@ struct ssl_vconn enum session_type type; int fd; SSL *ssl; - struct buffer *rxbuf; - struct buffer *txbuf; + struct ofpbuf *rxbuf; + struct ofpbuf *txbuf; + struct poll_waiter *tx_waiter; + + /* rx_want and tx_want record the result of the last call to SSL_read() + * and SSL_write(), respectively: + * + * - If the call reported that data needed to be read from the file + * descriptor, the corresponding member is set to SSL_READING. + * + * - If the call reported that data needed to be written to the file + * descriptor, the corresponding member is set to SSL_WRITING. + * + * - Otherwise, the member is set to SSL_NOTHING, indicating that the + * call completed successfully (or with an error) and that there is no + * need to block. + * + * These are needed because there is no way to ask OpenSSL what a data read + * or write would require without giving it a buffer to receive into or + * data to send, respectively. (Note that the SSL_want() status is + * overwritten by each SSL_read() or SSL_write() call, so we can't rely on + * its value.) + * + * A single call to SSL_read() or SSL_write() can perform both reading + * and writing and thus invalidate not one of these values but actually + * both. Consider this situation, for example: + * + * - SSL_write() blocks on a read, so tx_want gets SSL_READING. + * + * - SSL_read() laters succeeds reading from 'fd' and clears out the + * whole receive buffer, so rx_want gets SSL_READING. + * + * - Client calls vconn_wait(WAIT_RECV) and vconn_wait(WAIT_SEND) and + * blocks. + * + * - Now we're stuck blocking until the peer sends us data, even though + * SSL_write() could now succeed, which could easily be a deadlock + * condition. + * + * On the other hand, we can't reset both tx_want and rx_want on every call + * to SSL_read() or SSL_write(), because that would produce livelock, + * e.g. in this situation: + * + * - SSL_write() blocks, so tx_want gets SSL_READING or SSL_WRITING. + * + * - SSL_read() blocks, so rx_want gets SSL_READING or SSL_WRITING, + * but tx_want gets reset to SSL_NOTHING. + * + * - Client calls vconn_wait(WAIT_RECV) and vconn_wait(WAIT_SEND) and + * blocks. + * + * - Client wakes up immediately since SSL_NOTHING in tx_want indicates + * that no blocking is necessary. + * + * The solution we adopt here is to set tx_want to SSL_NOTHING after + * calling SSL_read() only if the SSL state of the connection changed, + * which indicates that an SSL-level renegotiation made some progress, and + * similarly for rx_want and SSL_write(). This prevents both the + * deadlock and livelock situations above. + */ + int rx_want, tx_want; }; /* SSL context created by ssl_init(). */ @@ -68,16 +150,53 @@ static SSL_CTX *ctx; /* Required configuration. */ static bool has_private_key, has_certificate, has_ca_cert; +/* Ordinarily, we require a CA certificate for the peer to be locally + * available. 'has_ca_cert' is true when this is the case, and neither of the + * following variables matter. + * + * We can, however, bootstrap the CA certificate from the peer at the beginning + * of our first connection then use that certificate on all subsequent + * connections, saving it to a file for use in future runs also. In this case, + * 'has_ca_cert' is false, 'bootstrap_ca_cert' is true, and 'ca_cert_file' + * names the file to be saved. */ +static bool bootstrap_ca_cert; +static char *ca_cert_file; + +/* Who knows what can trigger various SSL errors, so let's throttle them down + * quite a bit. */ +static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 25); + static int ssl_init(void); static int do_ssl_init(void); -static void connect_completed(struct ssl_vconn *, int error); static bool ssl_wants_io(int ssl_error); static void ssl_close(struct vconn *); -static bool state_machine(struct ssl_vconn *sslv); +static int interpret_ssl_error(const char *function, int ret, int error, + int *want); +static void ssl_tx_poll_callback(int fd, short int revents, void *vconn_); static DH *tmp_dh_callback(SSL *ssl, int is_export UNUSED, int keylength); +static void log_ca_cert(const char *file_name, X509 *cert); + +short int +want_to_poll_events(int want) +{ + switch (want) { + case SSL_NOTHING: + NOT_REACHED(); + + case SSL_READING: + return POLLIN; + + case SSL_WRITING: + return POLLOUT; + + default: + NOT_REACHED(); + } +} static int new_ssl_vconn(const char *name, int fd, enum session_type type, + enum ssl_state state, const struct sockaddr_in *sin, struct vconn **vconnp) { struct ssl_vconn *sslv; @@ -94,22 +213,17 @@ new_ssl_vconn(const char *name, int fd, enum session_type type, VLOG_ERR("Certificate must be configured to use SSL"); goto error; } - if (!has_ca_cert) { + if (!has_ca_cert && !bootstrap_ca_cert) { VLOG_ERR("CA certificate must be configured to use SSL"); goto error; } if (!SSL_CTX_check_private_key(ctx)) { - VLOG_ERR("Private key does not match certificate public key"); + VLOG_ERR("Private key does not match certificate public key: %s", + ERR_error_string(ERR_get_error(), NULL)); goto error; } - /* Make 'fd' non-blocking and disable Nagle. */ - retval = set_nonblocking(fd); - if (retval) { - VLOG_ERR("%s: set_nonblocking: %s", name, strerror(retval)); - close(fd); - return retval; - } + /* Disable Nagle. */ retval = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof on); if (retval) { VLOG_ERR("%s: setsockopt(TCP_NODELAY): %s", name, strerror(errno)); @@ -120,24 +234,30 @@ new_ssl_vconn(const char *name, int fd, enum session_type type, /* Create and configure OpenSSL stream. */ ssl = SSL_new(ctx); if (ssl == NULL) { - VLOG_DBG("SSL_new: %s", ERR_error_string(ERR_get_error(), NULL)); + VLOG_ERR("SSL_new: %s", ERR_error_string(ERR_get_error(), NULL)); close(fd); return ENOPROTOOPT; } if (SSL_set_fd(ssl, fd) == 0) { - VLOG_DBG("SSL_set_fd: %s", ERR_error_string(ERR_get_error(), NULL)); + VLOG_ERR("SSL_set_fd: %s", ERR_error_string(ERR_get_error(), NULL)); goto error; } + if (bootstrap_ca_cert && type == CLIENT) { + SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); + } /* Create and return the ssl_vconn. */ sslv = xmalloc(sizeof *sslv); - sslv->vconn.class = &ssl_vconn_class; - sslv->state = STATE_SSL_CONNECTING; + vconn_init(&sslv->vconn, &ssl_vconn_class, EAGAIN, sin->sin_addr.s_addr, + name); + sslv->state = state; sslv->type = type; sslv->fd = fd; sslv->ssl = ssl; sslv->rxbuf = NULL; sslv->txbuf = NULL; + sslv->tx_waiter = NULL; + sslv->rx_want = sslv->tx_want = SSL_NOTHING; *vconnp = &sslv->vconn; return 0; @@ -152,7 +272,7 @@ error: static struct ssl_vconn * ssl_vconn_cast(struct vconn *vconn) { - assert(vconn->class == &ssl_vconn_class); + vconn_assert_class(vconn, &ssl_vconn_class); return CONTAINER_OF(vconn, struct ssl_vconn, vconn); } @@ -176,7 +296,8 @@ ssl_open(const char *name, char *suffix, struct vconn **vconnp) host_name = strtok_r(suffix, "::", &save_ptr); port_string = strtok_r(NULL, "::", &save_ptr); if (!host_name) { - fatal(0, "%s: bad peer name format", name); + ofp_error(0, "%s: bad peer name format", name); + return EAFNOSUPPORT; } memset(&sin, 0, sizeof sin); @@ -193,123 +314,213 @@ ssl_open(const char *name, char *suffix, struct vconn **vconnp) VLOG_ERR("%s: socket: %s", name, strerror(errno)); return errno; } + retval = set_nonblocking(fd); + if (retval) { + close(fd); + return retval; + } - /* Connect socket (blocking). */ + /* Connect socket. */ retval = connect(fd, (struct sockaddr *) &sin, sizeof sin); if (retval < 0) { - int error = errno; - VLOG_ERR("%s: connect: %s", name, strerror(error)); - close(fd); - return error; + if (errno == EINPROGRESS) { + return new_ssl_vconn(name, fd, CLIENT, STATE_TCP_CONNECTING, + &sin, vconnp); + } else { + int error = errno; + VLOG_ERR("%s: connect: %s", name, strerror(error)); + close(fd); + return error; + } + } else { + return new_ssl_vconn(name, fd, CLIENT, STATE_SSL_CONNECTING, + &sin, vconnp); } - - /* Make an ssl_vconn for the socket. */ - return new_ssl_vconn(name, fd, CLIENT, vconnp); } -static void -ssl_close(struct vconn *vconn) +static int +do_ca_cert_bootstrap(struct vconn *vconn) { struct ssl_vconn *sslv = ssl_vconn_cast(vconn); - SSL_free(sslv->ssl); - close(sslv->fd); - free(sslv); -} + STACK_OF(X509) *chain; + X509 *ca_cert; + FILE *file; + int error; + int fd; -static bool -ssl_want_io_to_events(SSL *ssl, short int *events) -{ - if (SSL_want_read(ssl)) { - *events |= POLLIN; - return true; - } else if (SSL_want_write(ssl)) { - *events |= POLLOUT; - return true; - } else { - return false; + chain = SSL_get_peer_cert_chain(sslv->ssl); + if (!chain || !sk_X509_num(chain)) { + VLOG_ERR("could not bootstrap CA cert: no certificate presented by " + "peer"); + return EPROTO; + } + ca_cert = sk_X509_value(chain, sk_X509_num(chain) - 1); + + /* Check that 'ca_cert' is self-signed. Otherwise it is not a CA + * certificate and we should not attempt to use it as one. */ + error = X509_check_issued(ca_cert, ca_cert); + if (error) { + VLOG_ERR("could not bootstrap CA cert: obtained certificate is " + "not self-signed (%s)", + X509_verify_cert_error_string(error)); + if (sk_X509_num(chain) < 2) { + VLOG_ERR("only one certificate was received, so probably the peer " + "is not configured to send its CA certificate"); + } + return EPROTO; + } + + fd = open(ca_cert_file, O_CREAT | O_EXCL | O_WRONLY, 0444); + if (fd < 0) { + VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s", + ca_cert_file, strerror(errno)); + return errno; + } + + file = fdopen(fd, "w"); + if (!file) { + int error = errno; + VLOG_ERR("could not bootstrap CA cert: fdopen failed: %s", + strerror(error)); + unlink(ca_cert_file); + return error; + } + + if (!PEM_write_X509(file, ca_cert)) { + VLOG_ERR("could not bootstrap CA cert: PEM_write_X509 to %s failed: " + "%s", ca_cert_file, ERR_error_string(ERR_get_error(), NULL)); + fclose(file); + unlink(ca_cert_file); + return EIO; + } + + if (fclose(file)) { + int error = errno; + VLOG_ERR("could not bootstrap CA cert: writing %s failed: %s", + ca_cert_file, strerror(error)); + unlink(ca_cert_file); + return error; } + + VLOG_WARN("successfully bootstrapped CA cert to %s", ca_cert_file); + log_ca_cert(ca_cert_file, ca_cert); + bootstrap_ca_cert = false; + has_ca_cert = true; + + /* SSL_CTX_add_client_CA makes a copy of ca_cert's relevant data. */ + SSL_CTX_add_client_CA(ctx, ca_cert); + + /* SSL_CTX_use_certificate() takes ownership of the certificate passed in. + * 'ca_cert' is owned by sslv->ssl, so we need to duplicate it. */ + ca_cert = X509_dup(ca_cert); + if (!ca_cert) { + out_of_memory(); + } + if (SSL_CTX_load_verify_locations(ctx, ca_cert_file, NULL) != 1) { + VLOG_ERR("SSL_CTX_load_verify_locations: %s", + ERR_error_string(ERR_get_error(), NULL)); + return EPROTO; + } + VLOG_WARN("killing successful connection to retry using CA cert"); + return EPROTO; } -static bool -ssl_prepoll(struct vconn *vconn, int want, struct pollfd *pfd) +static int +ssl_connect(struct vconn *vconn) { struct ssl_vconn *sslv = ssl_vconn_cast(vconn); - pfd->fd = sslv->fd; - if (!state_machine(sslv)) { - switch (sslv->state) { - case STATE_SSL_CONNECTING: - if (!ssl_want_io_to_events(sslv->ssl, &pfd->events)) { - /* state_machine() should have transitioned us away to another - * state. */ - NOT_REACHED(); - } - break; - default: - NOT_REACHED(); - } - } else if (sslv->connect_error) { - pfd->events = 0; - return true; - } else if (!ssl_want_io_to_events(sslv->ssl, &pfd->events)) { - if (want & WANT_RECV) { - pfd->events |= POLLIN; + int retval; + + switch (sslv->state) { + case STATE_TCP_CONNECTING: + retval = check_connection_completion(sslv->fd); + if (retval) { + return retval; } - if (want & WANT_SEND || sslv->txbuf) { - pfd->events |= POLLOUT; + sslv->state = STATE_SSL_CONNECTING; + /* Fall through. */ + + case STATE_SSL_CONNECTING: + retval = (sslv->type == CLIENT + ? SSL_connect(sslv->ssl) : SSL_accept(sslv->ssl)); + if (retval != 1) { + int error = SSL_get_error(sslv->ssl, retval); + if (retval < 0 && ssl_wants_io(error)) { + return EAGAIN; + } else { + int unused; + interpret_ssl_error((sslv->type == CLIENT ? "SSL_connect" + : "SSL_accept"), retval, error, &unused); + shutdown(sslv->fd, SHUT_RDWR); + return EPROTO; + } + } else if (bootstrap_ca_cert) { + return do_ca_cert_bootstrap(vconn); + } else if ((SSL_get_verify_mode(sslv->ssl) + & (SSL_VERIFY_NONE | SSL_VERIFY_PEER)) + != SSL_VERIFY_PEER) { + /* Two or more SSL connections completed at the same time while we + * were in bootstrap mode. Only one of these can finish the + * bootstrap successfully. The other one(s) must be rejected + * because they were not verified against the bootstrapped CA + * certificate. (Alternatively we could verify them against the CA + * certificate, but that's more trouble than it's worth. These + * connections will succeed the next time they retry, assuming that + * they have a certificate against the correct CA.) */ + VLOG_ERR("rejecting SSL connection during bootstrap race window"); + return EPROTO; + } else { + return 0; } } - return false; + + NOT_REACHED(); } static void -ssl_postpoll(struct vconn *vconn, short int *revents) +ssl_close(struct vconn *vconn) { struct ssl_vconn *sslv = ssl_vconn_cast(vconn); - if (!state_machine(sslv)) { - *revents = 0; - } else if (sslv->connect_error) { - *revents |= POLLERR; - } else if (*revents & POLLOUT && sslv->txbuf) { - ssize_t n = SSL_write(sslv->ssl, sslv->txbuf->data, sslv->txbuf->size); - if (n > 0) { - buffer_pull(sslv->txbuf, n); - if (sslv->txbuf->size == 0) { - buffer_delete(sslv->txbuf); - sslv->txbuf = NULL; - } - } - if (sslv->txbuf) { - *revents &= ~POLLOUT; - } - } + poll_cancel(sslv->tx_waiter); + SSL_free(sslv->ssl); + close(sslv->fd); + free(sslv); } static int -interpret_ssl_error(const char *function, int ret, int error) +interpret_ssl_error(const char *function, int ret, int error, + int *want) { + *want = SSL_NOTHING; + switch (error) { case SSL_ERROR_NONE: - VLOG_ERR("%s: unexpected SSL_ERROR_NONE", function); + VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_NONE", function); break; case SSL_ERROR_ZERO_RETURN: - VLOG_ERR("%s: unexpected SSL_ERROR_ZERO_RETURN", function); + VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_ZERO_RETURN", function); break; case SSL_ERROR_WANT_READ: + *want = SSL_READING; + return EAGAIN; + case SSL_ERROR_WANT_WRITE: + *want = SSL_WRITING; return EAGAIN; case SSL_ERROR_WANT_CONNECT: - VLOG_ERR("%s: unexpected SSL_ERROR_WANT_CONNECT", function); + VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_CONNECT", function); break; case SSL_ERROR_WANT_ACCEPT: - VLOG_ERR("%s: unexpected SSL_ERROR_WANT_ACCEPT", function); + VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_ACCEPT", function); break; case SSL_ERROR_WANT_X509_LOOKUP: - VLOG_ERR("%s: unexpected SSL_ERROR_WANT_X509_LOOKUP", function); + VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_X509_LOOKUP", + function); break; case SSL_ERROR_SYSCALL: { @@ -317,14 +528,17 @@ interpret_ssl_error(const char *function, int ret, int error) if (queued_error == 0) { if (ret < 0) { int status = errno; - VLOG_WARN("%s: system error (%s)", function, strerror(status)); + VLOG_WARN_RL(&rl, "%s: system error (%s)", + function, strerror(status)); return status; } else { - VLOG_WARN("%s: unexpected SSL connection close", function); + VLOG_WARN_RL(&rl, "%s: unexpected SSL connection close", + function); return EPROTO; } } else { - VLOG_DBG("%s: %s", function, ERR_error_string(queued_error, NULL)); + VLOG_WARN_RL(&rl, "%s: %s", + function, ERR_error_string(queued_error, NULL)); break; } } @@ -332,36 +546,33 @@ interpret_ssl_error(const char *function, int ret, int error) case SSL_ERROR_SSL: { int queued_error = ERR_get_error(); if (queued_error != 0) { - VLOG_DBG("%s: %s", function, ERR_error_string(queued_error, NULL)); + VLOG_WARN_RL(&rl, "%s: %s", + function, ERR_error_string(queued_error, NULL)); } else { - VLOG_ERR("%s: SSL_ERROR_SSL without queued error", function); + VLOG_ERR_RL(&rl, "%s: SSL_ERROR_SSL without queued error", + function); } break; } default: - VLOG_ERR("%s: bad SSL error code %d", function, error); + VLOG_ERR_RL(&rl, "%s: bad SSL error code %d", function, error); break; } return EIO; } static int -ssl_recv(struct vconn *vconn, struct buffer **bufferp) +ssl_recv(struct vconn *vconn, struct ofpbuf **bufferp) { struct ssl_vconn *sslv = ssl_vconn_cast(vconn); - struct buffer *rx; + struct ofpbuf *rx; size_t want_bytes; + int old_state; ssize_t ret; - if (!state_machine(sslv)) { - return EAGAIN; - } else if (sslv->connect_error) { - return sslv->connect_error; - } - if (sslv->rxbuf == NULL) { - sslv->rxbuf = buffer_new(1564); + sslv->rxbuf = ofpbuf_new(1564); } rx = sslv->rxbuf; @@ -372,17 +583,33 @@ again: struct ofp_header *oh = rx->data; size_t length = ntohs(oh->length); if (length < sizeof(struct ofp_header)) { - VLOG_ERR("received too-short ofp_header (%zu bytes)", length); + VLOG_ERR_RL(&rl, "received too-short ofp_header (%zu bytes)", + length); return EPROTO; } want_bytes = length - rx->size; + if (!want_bytes) { + *bufferp = rx; + sslv->rxbuf = NULL; + return 0; + } } - buffer_reserve_tailroom(rx, want_bytes); + ofpbuf_prealloc_tailroom(rx, want_bytes); /* Behavior of zero-byte SSL_read is poorly defined. */ assert(want_bytes > 0); - ret = SSL_read(sslv->ssl, buffer_tail(rx), want_bytes); + old_state = SSL_get_state(sslv->ssl); + ret = SSL_read(sslv->ssl, ofpbuf_tail(rx), want_bytes); + if (old_state != SSL_get_state(sslv->ssl)) { + sslv->tx_want = SSL_NOTHING; + if (sslv->tx_waiter) { + poll_cancel(sslv->tx_waiter); + ssl_tx_poll_callback(sslv->fd, POLLIN, vconn); + } + } + sslv->rx_want = SSL_NOTHING; + if (ret > 0) { rx->size += ret; if (ret == want_bytes) { @@ -400,84 +627,185 @@ again: if (error == SSL_ERROR_ZERO_RETURN) { /* Connection closed (EOF). */ if (rx->size) { - VLOG_WARN("SSL_read: unexpected connection close"); + VLOG_WARN_RL(&rl, "SSL_read: unexpected connection close"); return EPROTO; } else { return EOF; } } else { - return interpret_ssl_error("SSL_read", ret, error); + return interpret_ssl_error("SSL_read", ret, error, &sslv->rx_want); } } } +static void +ssl_clear_txbuf(struct ssl_vconn *sslv) +{ + ofpbuf_delete(sslv->txbuf); + sslv->txbuf = NULL; + sslv->tx_waiter = NULL; +} + +static void +ssl_register_tx_waiter(struct vconn *vconn) +{ + struct ssl_vconn *sslv = ssl_vconn_cast(vconn); + sslv->tx_waiter = poll_fd_callback(sslv->fd, + want_to_poll_events(sslv->tx_want), + ssl_tx_poll_callback, vconn); +} + static int -ssl_send(struct vconn *vconn, struct buffer *buffer) +ssl_do_tx(struct vconn *vconn) { struct ssl_vconn *sslv = ssl_vconn_cast(vconn); - ssize_t ret; - if (!state_machine(sslv)) { - return EAGAIN; - } else if (sslv->connect_error) { - return sslv->connect_error; + for (;;) { + int old_state = SSL_get_state(sslv->ssl); + int ret = SSL_write(sslv->ssl, sslv->txbuf->data, sslv->txbuf->size); + if (old_state != SSL_get_state(sslv->ssl)) { + sslv->rx_want = SSL_NOTHING; + } + sslv->tx_want = SSL_NOTHING; + if (ret > 0) { + ofpbuf_pull(sslv->txbuf, ret); + if (sslv->txbuf->size == 0) { + return 0; + } + } else { + int ssl_error = SSL_get_error(sslv->ssl, ret); + if (ssl_error == SSL_ERROR_ZERO_RETURN) { + VLOG_WARN_RL(&rl, "SSL_write: connection closed"); + return EPIPE; + } else { + return interpret_ssl_error("SSL_write", ret, ssl_error, + &sslv->tx_want); + } + } + } +} + +static void +ssl_tx_poll_callback(int fd UNUSED, short int revents UNUSED, void *vconn_) +{ + struct vconn *vconn = vconn_; + struct ssl_vconn *sslv = ssl_vconn_cast(vconn); + int error = ssl_do_tx(vconn); + if (error != EAGAIN) { + ssl_clear_txbuf(sslv); + } else { + ssl_register_tx_waiter(vconn); } +} + +static int +ssl_send(struct vconn *vconn, struct ofpbuf *buffer) +{ + struct ssl_vconn *sslv = ssl_vconn_cast(vconn); if (sslv->txbuf) { return EAGAIN; + } else { + int error; + + sslv->txbuf = buffer; + error = ssl_do_tx(vconn); + switch (error) { + case 0: + ssl_clear_txbuf(sslv); + return 0; + case EAGAIN: + ssl_register_tx_waiter(vconn); + return 0; + default: + sslv->txbuf = NULL; + return error; + } } +} - ret = SSL_write(sslv->ssl, buffer->data, buffer->size); - if (ret > 0) { - if (ret == buffer->size) { - buffer_delete(buffer); +static void +ssl_wait(struct vconn *vconn, enum vconn_wait_type wait) +{ + struct ssl_vconn *sslv = ssl_vconn_cast(vconn); + + switch (wait) { + case WAIT_CONNECT: + if (vconn_connect(vconn) != EAGAIN) { + poll_immediate_wake(); } else { - sslv->txbuf = buffer; - buffer_pull(buffer, ret); + switch (sslv->state) { + case STATE_TCP_CONNECTING: + poll_fd_wait(sslv->fd, POLLOUT); + break; + + case STATE_SSL_CONNECTING: + /* ssl_connect() called SSL_accept() or SSL_connect(), which + * set up the status that we test here. */ + poll_fd_wait(sslv->fd, + want_to_poll_events(SSL_want(sslv->ssl))); + break; + + default: + NOT_REACHED(); + } } - return 0; - } else { - int error = SSL_get_error(sslv->ssl, ret); - if (error == SSL_ERROR_ZERO_RETURN) { - /* Connection closed (EOF). */ - VLOG_WARN("SSL_write: connection close"); - return EPIPE; + break; + + case WAIT_RECV: + if (sslv->rx_want != SSL_NOTHING) { + poll_fd_wait(sslv->fd, want_to_poll_events(sslv->rx_want)); + } else { + poll_immediate_wake(); + } + break; + + case WAIT_SEND: + if (!sslv->txbuf) { + /* We have room in our tx queue. */ + poll_immediate_wake(); } else { - return interpret_ssl_error("SSL_write", ret, error); + /* The call to ssl_tx_poll_callback() will wake us up. */ } + break; + + default: + NOT_REACHED(); } } struct vconn_class ssl_vconn_class = { - .name = "ssl", - .open = ssl_open, - .close = ssl_close, - .prepoll = ssl_prepoll, - .postpoll = ssl_postpoll, - .recv = ssl_recv, - .send = ssl_send, + "ssl", /* name */ + ssl_open, /* open */ + ssl_close, /* close */ + ssl_connect, /* connect */ + ssl_recv, /* recv */ + ssl_send, /* send */ + ssl_wait, /* wait */ }; /* Passive SSL. */ -struct pssl_vconn +struct pssl_pvconn { - struct vconn vconn; + struct pvconn pvconn; int fd; }; -static struct pssl_vconn * -pssl_vconn_cast(struct vconn *vconn) +struct pvconn_class pssl_pvconn_class; + +static struct pssl_pvconn * +pssl_pvconn_cast(struct pvconn *pvconn) { - assert(vconn->class == &pssl_vconn_class); - return CONTAINER_OF(vconn, struct pssl_vconn, vconn); + pvconn_assert_class(pvconn, &pssl_pvconn_class); + return CONTAINER_OF(pvconn, struct pssl_pvconn, pvconn); } static int -pssl_open(const char *name, char *suffix, struct vconn **vconnp) +pssl_open(const char *name, char *suffix, struct pvconn **pvconnp) { struct sockaddr_in sin; - struct pssl_vconn *pssl; + struct pssl_pvconn *pssl; int retval; int fd; unsigned int yes = 1; @@ -523,67 +851,77 @@ pssl_open(const char *name, char *suffix, struct vconn **vconnp) retval = set_nonblocking(fd); if (retval) { - VLOG_ERR("%s: set_nonblocking: %s", name, strerror(retval)); close(fd); return retval; } pssl = xmalloc(sizeof *pssl); - pssl->vconn.class = &pssl_vconn_class; + pvconn_init(&pssl->pvconn, &pssl_pvconn_class, name); pssl->fd = fd; - *vconnp = &pssl->vconn; + *pvconnp = &pssl->pvconn; return 0; } static void -pssl_close(struct vconn *vconn) +pssl_close(struct pvconn *pvconn) { - struct pssl_vconn *pssl = pssl_vconn_cast(vconn); + struct pssl_pvconn *pssl = pssl_pvconn_cast(pvconn); close(pssl->fd); free(pssl); } -static bool -pssl_prepoll(struct vconn *vconn, int want, struct pollfd *pfd) -{ - struct pssl_vconn *pssl = pssl_vconn_cast(vconn); - pfd->fd = pssl->fd; - if (want & WANT_ACCEPT) { - pfd->events |= POLLIN; - } - return false; -} - static int -pssl_accept(struct vconn *vconn, struct vconn **new_vconnp) +pssl_accept(struct pvconn *pvconn, struct vconn **new_vconnp) { - struct pssl_vconn *pssl = pssl_vconn_cast(vconn); + struct pssl_pvconn *pssl = pssl_pvconn_cast(pvconn); + struct sockaddr_in sin; + socklen_t sin_len = sizeof sin; + char name[128]; int new_fd; + int error; - new_fd = accept(pssl->fd, NULL, NULL); + new_fd = accept(pssl->fd, &sin, &sin_len); if (new_fd < 0) { int error = errno; if (error != EAGAIN) { - VLOG_DBG("pssl: accept: %s", strerror(error)); + VLOG_DBG_RL(&rl, "accept: %s", strerror(error)); } return error; } - return new_ssl_vconn("ssl" /* FIXME */, new_fd, SERVER, new_vconnp); + error = set_nonblocking(new_fd); + if (error) { + close(new_fd); + return error; + } + + sprintf(name, "ssl:"IP_FMT, IP_ARGS(&sin.sin_addr)); + if (sin.sin_port != htons(OFP_SSL_PORT)) { + sprintf(strchr(name, '\0'), ":%"PRIu16, ntohs(sin.sin_port)); + } + return new_ssl_vconn(name, new_fd, SERVER, STATE_SSL_CONNECTING, &sin, + new_vconnp); } -struct vconn_class pssl_vconn_class = { - .name = "pssl", - .open = pssl_open, - .close = pssl_close, - .prepoll = pssl_prepoll, - .accept = pssl_accept, +static void +pssl_wait(struct pvconn *pvconn) +{ + struct pssl_pvconn *pssl = pssl_pvconn_cast(pvconn); + poll_fd_wait(pssl->fd, POLLIN); +} + +struct pvconn_class pssl_pvconn_class = { + "pssl", + pssl_open, + pssl_close, + pssl_accept, + pssl_wait, }; /* * Returns true if OpenSSL error is WANT_READ or WANT_WRITE, indicating that * OpenSSL is requesting that we call it back when the socket is ready for read - * or writing (respectively. + * or writing, respectively. */ static bool ssl_wants_io(int ssl_error) @@ -632,37 +970,6 @@ do_ssl_init(void) return 0; } -static bool -state_machine(struct ssl_vconn *sslv) -{ - if (sslv->state == STATE_SSL_CONNECTING) { - int ret = (sslv->type == CLIENT - ? SSL_connect(sslv->ssl) : SSL_accept(sslv->ssl)); - if (ret != 1) { - int error = SSL_get_error(sslv->ssl, ret); - if (ret < 0 && ssl_wants_io(error)) { - /* Stay in this state to repeat the SSL_connect later. */ - return false; - } else { - interpret_ssl_error((sslv->type == CLIENT ? "SSL_connect" - : "SSL_accept"), ret, error); - shutdown(sslv->fd, SHUT_RDWR); - connect_completed(sslv, EPROTO); - } - } else { - connect_completed(sslv, 0); - } - } - return sslv->state == STATE_CONNECTED; -} - -static void -connect_completed(struct ssl_vconn *sslv, int error) -{ - sslv->state = STATE_CONNECTED; - sslv->connect_error = error; -} - static DH * tmp_dh_callback(SSL *ssl, int is_export UNUSED, int keylength) { @@ -673,7 +980,6 @@ tmp_dh_callback(SSL *ssl, int is_export UNUSED, int keylength) }; static struct dh dh_table[] = { - {512, NULL, get_dh512}, {1024, NULL, get_dh1024}, {2048, NULL, get_dh2048}, {4096, NULL, get_dh4096}, @@ -681,22 +987,30 @@ tmp_dh_callback(SSL *ssl, int is_export UNUSED, int keylength) struct dh *dh; - for (dh = dh_table; dh < &dh[ARRAY_SIZE(dh_table)]; dh++) { + for (dh = dh_table; dh < &dh_table[ARRAY_SIZE(dh_table)]; dh++) { if (dh->keylength == keylength) { if (!dh->dh) { dh->dh = dh->constructor(); if (!dh->dh) { - fatal(ENOMEM, "out of memory constructing " - "Diffie-Hellman parameters"); + ofp_fatal(ENOMEM, "out of memory constructing " + "Diffie-Hellman parameters"); } } return dh->dh; } } - VLOG_ERR("no Diffie-Hellman parameters for key length %d", keylength); + VLOG_ERR_RL(&rl, "no Diffie-Hellman parameters for key length %d", + keylength); return NULL; } +/* Returns true if SSL is at least partially configured. */ +bool +vconn_ssl_is_configured(void) +{ + return has_private_key || has_certificate || has_ca_cert; +} + void vconn_ssl_set_private_key_file(const char *file_name) { @@ -725,30 +1039,167 @@ vconn_ssl_set_certificate_file(const char *file_name) has_certificate = true; } +/* Reads the X509 certificate or certificates in file 'file_name'. On success, + * stores the address of the first element in an array of pointers to + * certificates in '*certs' and the number of certificates in the array in + * '*n_certs', and returns 0. On failure, stores a null pointer in '*certs', 0 + * in '*n_certs', and returns a positive errno value. + * + * The caller is responsible for freeing '*certs'. */ +int +read_cert_file(const char *file_name, X509 ***certs, size_t *n_certs) +{ + FILE *file; + size_t allocated_certs = 0; + + *certs = NULL; + *n_certs = 0; + + file = fopen(file_name, "r"); + if (!file) { + VLOG_ERR("failed to open %s for reading: %s", + file_name, strerror(errno)); + return errno; + } + + for (;;) { + X509 *certificate; + int c; + + /* Read certificate from file. */ + certificate = PEM_read_X509(file, NULL, NULL, NULL); + if (!certificate) { + size_t i; + + VLOG_ERR("PEM_read_X509 failed reading %s: %s", + file_name, ERR_error_string(ERR_get_error(), NULL)); + for (i = 0; i < *n_certs; i++) { + X509_free((*certs)[i]); + } + free(*certs); + *certs = NULL; + *n_certs = 0; + return EIO; + } + + /* Add certificate to array. */ + if (*n_certs >= allocated_certs) { + allocated_certs = 1 + 2 * allocated_certs; + *certs = xrealloc(*certs, sizeof *certs * allocated_certs); + } + (*certs)[(*n_certs)++] = certificate; + + /* Are there additional certificates in the file? */ + do { + c = getc(file); + } while (isspace(c)); + if (c == EOF) { + break; + } + ungetc(c, file); + } + fclose(file); + return 0; +} + + +/* Sets 'file_name' as the name of a file containing one or more X509 + * certificates to send to the peer. Typical use in OpenFlow is to send the CA + * certificate to the peer, which enables a switch to pick up the controller's + * CA certificate on its first connection. */ void -vconn_ssl_set_ca_cert_file(const char *file_name) +vconn_ssl_set_peer_ca_cert_file(const char *file_name) { - STACK_OF(X509_NAME) *ca_list; + X509 **certs; + size_t n_certs; + size_t i; if (ssl_init()) { return; } - /* Set up list of CAs that the server will accept from the client. */ - ca_list = SSL_load_client_CA_file(file_name); - if (ca_list == NULL) { - VLOG_ERR("SSL_load_client_CA_file: %s", - ERR_error_string(ERR_get_error(), NULL)); - return; + if (!read_cert_file(file_name, &certs, &n_certs)) { + for (i = 0; i < n_certs; i++) { + if (SSL_CTX_add_extra_chain_cert(ctx, certs[i]) != 1) { + VLOG_ERR("SSL_CTX_add_extra_chain_cert: %s", + ERR_error_string(ERR_get_error(), NULL)); + } + } + free(certs); } - SSL_CTX_set_client_CA_list(ctx, ca_list); +} - /* Set up CAs for OpenSSL to trust in verifying the peer's certificate. */ - if (SSL_CTX_load_verify_locations(ctx, file_name, NULL) != 1) { - VLOG_ERR("SSL_load_verify_locations: %s", - ERR_error_string(ERR_get_error(), NULL)); +/* Logs fingerprint of CA certificate 'cert' obtained from 'file_name'. */ +static void +log_ca_cert(const char *file_name, X509 *cert) +{ + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int n_bytes; + struct ds fp; + char *subject; + + ds_init(&fp); + if (!X509_digest(cert, EVP_sha1(), digest, &n_bytes)) { + ds_put_cstr(&fp, ""); + } else { + unsigned int i; + for (i = 0; i < n_bytes; i++) { + if (i) { + ds_put_char(&fp, ':'); + } + ds_put_format(&fp, "%02hhx", digest[i]); + } + } + subject = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + VLOG_WARN("Trusting CA cert from %s (%s) (fingerprint %s)", file_name, + subject ? subject : "", ds_cstr(&fp)); + free(subject); + ds_destroy(&fp); +} + +/* Sets 'file_name' as the name of the file from which to read the CA + * certificate used to verify the peer within SSL connections. If 'bootstrap' + * is false, the file must exist. If 'bootstrap' is false, then the file is + * read if it is exists; if it does not, then it will be created from the CA + * certificate received from the peer on the first SSL connection. */ +void +vconn_ssl_set_ca_cert_file(const char *file_name, bool bootstrap) +{ + X509 **certs; + size_t n_certs; + struct stat s; + + if (ssl_init()) { return; } - has_ca_cert = true; + if (bootstrap && stat(file_name, &s) && errno == ENOENT) { + bootstrap_ca_cert = true; + ca_cert_file = xstrdup(file_name); + } else if (!read_cert_file(file_name, &certs, &n_certs)) { + size_t i; + + /* Set up list of CAs that the server will accept from the client. */ + for (i = 0; i < n_certs; i++) { + /* SSL_CTX_add_client_CA makes a copy of the relevant data. */ + if (SSL_CTX_add_client_CA(ctx, certs[i]) != 1) { + VLOG_ERR("failed to add client certificate %d from %s: %s", + i, file_name, + ERR_error_string(ERR_get_error(), NULL)); + } else { + log_ca_cert(file_name, certs[i]); + } + X509_free(certs[i]); + } + + /* Set up CAs for OpenSSL to trust in verifying the peer's + * certificate. */ + if (SSL_CTX_load_verify_locations(ctx, file_name, NULL) != 1) { + VLOG_ERR("SSL_CTX_load_verify_locations: %s", + ERR_error_string(ERR_get_error(), NULL)); + return; + } + + has_ca_cert = true; + } }