]> git.proxmox.com Git - mirror_ovs.git/blame - lib/stream-ssl.c
projects / mirror_ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dpif-netlink: Use netlink helpers for packet_type.
[mirror_ovs.git] / lib / stream-ssl.c
CommitLineData
9467fe62 1/*
922fed06 2 * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc.
9467fe62
BP		 3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <config.h>
18#include "stream-ssl.h"
19#include "dhparams.h"
9467fe62
BP		 20#include <ctype.h>
21#include <errno.h>
22#include <inttypes.h>
23#include <string.h>
bd6b7545
GC		 24#include <sys/types.h>
25#include <sys/socket.h>
9467fe62
BP		 26#include <netinet/tcp.h>
27#include <openssl/err.h>
47ebcf25 28#include <openssl/rand.h>
9467fe62
BP		 29#include <openssl/ssl.h>
30#include <openssl/x509v3.h>
31#include <poll.h>
5ea1366b 32#include <fcntl.h>
9467fe62
BP		 33#include <sys/stat.h>
34#include <unistd.h>
f2f7be86 35#include "coverage.h"
3e8a2ad1 36#include "openvswitch/dynamic-string.h"
47ebcf25 37#include "entropy.h"
64c96779 38#include "openvswitch/ofpbuf.h"
9467fe62
BP		 39#include "openflow/openflow.h"
40#include "packets.h"
41#include "poll-loop.h"
ee89ea7b 42#include "openvswitch/shash.h"
9467fe62 43#include "socket-util.h"
9467fe62
BP		 44#include "util.h"
45#include "stream-provider.h"
46#include "stream.h"
415f6c0b 47#include "timeval.h"
e6211adc 48#include "openvswitch/vlog.h"
5136ce49 49
5ea1366b
GS		 50#ifdef _WIN32
51/* Ref: https://www.openssl.org/support/faq.html#PROG2
52 * Your application must link against the same version of the Win32 C-Runtime
53 * against which your openssl libraries were linked. The default version for
54 * OpenSSL is /MD - "Multithreaded DLL". If we compile Open vSwitch with
55 * something other than /MD, instead of re-compiling OpenSSL
56 * toolkit, openssl/applink.c can be #included. Also, it is important
57 * to add CRYPTO_malloc_init prior first call to OpenSSL.
58 *
59 * XXX: The behavior of the following #include when Open vSwitch is
60 * compiled with /MD is not tested. */
61#include <openssl/applink.c>
62#define SHUT_RDWR SD_BOTH
5ea1366b
GS		 63#endif
64
d98e6007 65VLOG_DEFINE_THIS_MODULE(stream_ssl);
9467fe62
BP		 66
67/* Active SSL. */
68
69enum ssl_state {
70 STATE_TCP_CONNECTING,
71 STATE_SSL_CONNECTING
72};
73
74enum session_type {
75 CLIENT,
76 SERVER
77};
78
79struct ssl_stream
80{
81 struct stream stream;
82 enum ssl_state state;
9467fe62
BP		 83 enum session_type type;
84 int fd;
85 SSL *ssl;
86 struct ofpbuf *txbuf;
ff1760f1 87 unsigned int session_nr;
9467fe62
BP		 88
89 /* rx_want and tx_want record the result of the last call to SSL_read()
90 * and SSL_write(), respectively:
91 *
92 * - If the call reported that data needed to be read from the file
93 * descriptor, the corresponding member is set to SSL_READING.
94 *
95 * - If the call reported that data needed to be written to the file
96 * descriptor, the corresponding member is set to SSL_WRITING.
97 *
98 * - Otherwise, the member is set to SSL_NOTHING, indicating that the
99 * call completed successfully (or with an error) and that there is no
100 * need to block.
101 *
102 * These are needed because there is no way to ask OpenSSL what a data read
103 * or write would require without giving it a buffer to receive into or
104 * data to send, respectively. (Note that the SSL_want() status is
105 * overwritten by each SSL_read() or SSL_write() call, so we can't rely on
106 * its value.)
107 *
108 * A single call to SSL_read() or SSL_write() can perform both reading
109 * and writing and thus invalidate not one of these values but actually
110 * both. Consider this situation, for example:
111 *
112 * - SSL_write() blocks on a read, so tx_want gets SSL_READING.
113 *
114 * - SSL_read() laters succeeds reading from 'fd' and clears out the
115 * whole receive buffer, so rx_want gets SSL_READING.
116 *
117 * - Client calls stream_wait(STREAM_RECV) and stream_wait(STREAM_SEND)
118 * and blocks.
119 *
120 * - Now we're stuck blocking until the peer sends us data, even though
121 * SSL_write() could now succeed, which could easily be a deadlock
122 * condition.
123 *
124 * On the other hand, we can't reset both tx_want and rx_want on every call
125 * to SSL_read() or SSL_write(), because that would produce livelock,
126 * e.g. in this situation:
127 *
128 * - SSL_write() blocks, so tx_want gets SSL_READING or SSL_WRITING.
129 *
130 * - SSL_read() blocks, so rx_want gets SSL_READING or SSL_WRITING,
131 * but tx_want gets reset to SSL_NOTHING.
132 *
133 * - Client calls stream_wait(STREAM_RECV) and stream_wait(STREAM_SEND)
134 * and blocks.
135 *
136 * - Client wakes up immediately since SSL_NOTHING in tx_want indicates
137 * that no blocking is necessary.
138 *
139 * The solution we adopt here is to set tx_want to SSL_NOTHING after
140 * calling SSL_read() only if the SSL state of the connection changed,
141 * which indicates that an SSL-level renegotiation made some progress, and
142 * similarly for rx_want and SSL_write(). This prevents both the
143 * deadlock and livelock situations above.
144 */
145 int rx_want, tx_want;
1e3c0047 146
ff1760f1 147 /* A few bytes of header data in case SSL negotiation fails. */
1e3c0047
BP		 148 uint8_t head[2];
149 short int n_head;
9467fe62
BP		 150};
151
152/* SSL context created by ssl_init(). */
153static SSL_CTX *ctx;
154
415f6c0b
BP		 155struct ssl_config_file {
156 bool read; /* Whether the file was successfully read. */
157 char *file_name; /* Configured file name, if any. */
9cb07887 158 struct timespec mtime; /* File mtime as of last time we read it. */
415f6c0b
BP		 159};
160
161/* SSL configuration files. */
162static struct ssl_config_file private_key;
163static struct ssl_config_file certificate;
164static struct ssl_config_file ca_cert;
e18a1d08
ER		 165static char *ssl_protocols = "TLSv1,TLSv1.1,TLSv1.2";
166static char *ssl_ciphers = "HIGH:!aNULL:!MD5";
9467fe62 167
ba104a1e
BP		 168/* Ordinarily, the SSL client and server verify each other's certificates using
169 * a CA certificate. Setting this to false disables this behavior. (This is a
170 * security risk.) */
171static bool verify_peer_cert = true;
172
9467fe62 173/* Ordinarily, we require a CA certificate for the peer to be locally
415f6c0b
BP		 174 * available. We can, however, bootstrap the CA certificate from the peer at
175 * the beginning of our first connection then use that certificate on all
176 * subsequent connections, saving it to a file for use in future runs also. In
177 * this case, 'bootstrap_ca_cert' is true. */
9467fe62 178static bool bootstrap_ca_cert;
9467fe62 179
ff1760f1
BP		 180/* Session number. Used in debug logging messages to uniquely identify a
181 * session. */
182static unsigned int next_session_nr;
183
9467fe62
BP		 184/* Who knows what can trigger various SSL errors, so let's throttle them down
185 * quite a bit. */
186static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 25);
187
188static int ssl_init(void);
189static int do_ssl_init(void);
190static bool ssl_wants_io(int ssl_error);
191static void ssl_close(struct stream *);
192static void ssl_clear_txbuf(struct ssl_stream *);
246f5b5e 193static void interpret_queued_ssl_error(const char *function);
9467fe62
BP		 194static int interpret_ssl_error(const char *function, int ret, int error,
195 int *want);
67a4917b 196static DH *tmp_dh_callback(SSL *ssl, int is_export OVS_UNUSED, int keylength);
9467fe62 197static void log_ca_cert(const char *file_name, X509 *cert);
415f6c0b 198static void stream_ssl_set_ca_cert_file__(const char *file_name,
f1484874 199 bool bootstrap, bool force);
ff1760f1
BP		 200static void ssl_protocol_cb(int write_p, int version, int content_type,
201 const void *, size_t, SSL *, void *sslv_);
f1484874 202static bool update_ssl_config(struct ssl_config_file *, const char *file_name);
5ea1366b 203static int sock_errno(void);
9467fe62
BP		 204
205static short int
206want_to_poll_events(int want)
207{
208 switch (want) {
209 case SSL_NOTHING:
428b2edd 210 OVS_NOT_REACHED();
9467fe62
BP		 211
212 case SSL_READING:
213 return POLLIN;
214
215 case SSL_WRITING:
216 return POLLOUT;
217
218 default:
428b2edd 219 OVS_NOT_REACHED();
9467fe62
BP		 220 }
221}
222
b7636967 223/* Takes ownership of 'name'. */
9467fe62 224static int
b7636967 225new_ssl_stream(char *name, int fd, enum session_type type,
a8d81967 226 enum ssl_state state, struct stream **streamp)
9467fe62 227{
9467fe62
BP		 228 struct ssl_stream *sslv;
229 SSL *ssl = NULL;
9467fe62
BP		 230 int retval;
231
232 /* Check for all the needful configuration. */
233 retval = 0;
415f6c0b 234 if (!private_key.read) {
9467fe62
BP		 235 VLOG_ERR("Private key must be configured to use SSL");
236 retval = ENOPROTOOPT;
237 }
415f6c0b 238 if (!certificate.read) {
9467fe62
BP		 239 VLOG_ERR("Certificate must be configured to use SSL");
240 retval = ENOPROTOOPT;
241 }
ba104a1e 242 if (!ca_cert.read && verify_peer_cert && !bootstrap_ca_cert) {
9467fe62
BP		 243 VLOG_ERR("CA certificate must be configured to use SSL");
244 retval = ENOPROTOOPT;
245 }
b6d729ad 246 if (!retval && !SSL_CTX_check_private_key(ctx)) {
9467fe62
BP		 247 VLOG_ERR("Private key does not match certificate public key: %s",
248 ERR_error_string(ERR_get_error(), NULL));
249 retval = ENOPROTOOPT;
250 }
251 if (retval) {
252 goto error;
253 }
254
8b768391
LS		 255 /* Disable Nagle.
256 * On windows platforms, this can only be called upon TCP connected.
257 */
258 if (state == STATE_SSL_CONNECTING) {
b7cefbf7 259 setsockopt_tcp_nodelay(fd);
9467fe62
BP		 260 }
261
262 /* Create and configure OpenSSL stream. */
263 ssl = SSL_new(ctx);
264 if (ssl == NULL) {
265 VLOG_ERR("SSL_new: %s", ERR_error_string(ERR_get_error(), NULL));
266 retval = ENOPROTOOPT;
267 goto error;
268 }
269 if (SSL_set_fd(ssl, fd) == 0) {
270 VLOG_ERR("SSL_set_fd: %s", ERR_error_string(ERR_get_error(), NULL));
271 retval = ENOPROTOOPT;
272 goto error;
273 }
ba104a1e 274 if (!verify_peer_cert || (bootstrap_ca_cert && type == CLIENT)) {
9467fe62
BP		 275 SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
276 }
277
278 /* Create and return the ssl_stream. */
279 sslv = xmalloc(sizeof *sslv);
280 stream_init(&sslv->stream, &ssl_stream_class, EAGAIN, name);
9467fe62
BP		 281 sslv->state = state;
282 sslv->type = type;
283 sslv->fd = fd;
284 sslv->ssl = ssl;
285 sslv->txbuf = NULL;
286 sslv->rx_want = sslv->tx_want = SSL_NOTHING;
ff1760f1 287 sslv->session_nr = next_session_nr++;
1e3c0047 288 sslv->n_head = 0;
ff1760f1
BP		 289
290 if (VLOG_IS_DBG_ENABLED()) {
291 SSL_set_msg_callback(ssl, ssl_protocol_cb);
292 SSL_set_msg_callback_arg(ssl, sslv);
293 }
294
9467fe62
BP		 295 *streamp = &sslv->stream;
296 return 0;
297
298error:
299 if (ssl) {
300 SSL_free(ssl);
301 }
5ea1366b 302 closesocket(fd);
9467fe62
BP		 303 return retval;
304}
305
306static struct ssl_stream *
307ssl_stream_cast(struct stream *stream)
308{
309 stream_assert_class(stream, &ssl_stream_class);
310 return CONTAINER_OF(stream, struct ssl_stream, stream);
311}
312
313static int
f125905c 314ssl_open(const char *name, char *suffix, struct stream **streamp, uint8_t dscp)
9467fe62 315{
9467fe62
BP		 316 int error, fd;
317
318 error = ssl_init();
319 if (error) {
320 return error;
321 }
322
d4763d1d 323 error = inet_open_active(SOCK_STREAM, suffix, OFP_PORT, NULL, &fd,
f125905c 324 dscp);
9467fe62
BP		 325 if (fd >= 0) {
326 int state = error ? STATE_TCP_CONNECTING : STATE_SSL_CONNECTING;
b7636967 327 return new_ssl_stream(xstrdup(name), fd, CLIENT, state, streamp);
9467fe62 328 } else {
10a89ef0 329 VLOG_ERR("%s: connect: %s", name, ovs_strerror(error));
9467fe62
BP		 330 return error;
331 }
332}
333
334static int
335do_ca_cert_bootstrap(struct stream *stream)
336{
337 struct ssl_stream *sslv = ssl_stream_cast(stream);
338 STACK_OF(X509) *chain;
415f6c0b 339 X509 *cert;
9467fe62
BP		 340 FILE *file;
341 int error;
342 int fd;
343
344 chain = SSL_get_peer_cert_chain(sslv->ssl);
345 if (!chain || !sk_X509_num(chain)) {
346 VLOG_ERR("could not bootstrap CA cert: no certificate presented by "
347 "peer");
348 return EPROTO;
349 }
415f6c0b 350 cert = sk_X509_value(chain, sk_X509_num(chain) - 1);
9467fe62 351
415f6c0b 352 /* Check that 'cert' is self-signed. Otherwise it is not a CA
9467fe62 353 * certificate and we should not attempt to use it as one. */
415f6c0b 354 error = X509_check_issued(cert, cert);
9467fe62
BP		 355 if (error) {
356 VLOG_ERR("could not bootstrap CA cert: obtained certificate is "
357 "not self-signed (%s)",
358 X509_verify_cert_error_string(error));
359 if (sk_X509_num(chain) < 2) {
360 VLOG_ERR("only one certificate was received, so probably the peer "
361 "is not configured to send its CA certificate");
362 }
363 return EPROTO;
364 }
365
415f6c0b 366 fd = open(ca_cert.file_name, O_CREAT | O_EXCL | O_WRONLY, 0444);
9467fe62 367 if (fd < 0) {
deb1f433 368 if (errno == EEXIST) {
f1484874
BP		 369 VLOG_INFO_RL(&rl, "reading CA cert %s created by another process",
370 ca_cert.file_name);
371 stream_ssl_set_ca_cert_file__(ca_cert.file_name, true, true);
deb1f433
BP		 372 return EPROTO;
373 } else {
374 VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s",
10a89ef0 375 ca_cert.file_name, ovs_strerror(errno));
deb1f433
BP		 376 return errno;
377 }
9467fe62
BP		 378 }
379
380 file = fdopen(fd, "w");
381 if (!file) {
2a022368 382 error = errno;
9467fe62 383 VLOG_ERR("could not bootstrap CA cert: fdopen failed: %s",
10a89ef0 384 ovs_strerror(error));
415f6c0b 385 unlink(ca_cert.file_name);
9467fe62
BP		 386 return error;
387 }
388
415f6c0b 389 if (!PEM_write_X509(file, cert)) {
9467fe62 390 VLOG_ERR("could not bootstrap CA cert: PEM_write_X509 to %s failed: "
415f6c0b
BP		 391 "%s", ca_cert.file_name,
392 ERR_error_string(ERR_get_error(), NULL));
9467fe62 393 fclose(file);
415f6c0b 394 unlink(ca_cert.file_name);
9467fe62
BP		 395 return EIO;
396 }
397
398 if (fclose(file)) {
2a022368 399 error = errno;
9467fe62 400 VLOG_ERR("could not bootstrap CA cert: writing %s failed: %s",
10a89ef0 401 ca_cert.file_name, ovs_strerror(error));
415f6c0b 402 unlink(ca_cert.file_name);
9467fe62
BP		 403 return error;
404 }
405
415f6c0b
BP		 406 VLOG_INFO("successfully bootstrapped CA cert to %s", ca_cert.file_name);
407 log_ca_cert(ca_cert.file_name, cert);
9467fe62 408 bootstrap_ca_cert = false;
415f6c0b 409 ca_cert.read = true;
9467fe62 410
415f6c0b
BP		 411 /* SSL_CTX_add_client_CA makes a copy of cert's relevant data. */
412 SSL_CTX_add_client_CA(ctx, cert);
9467fe62 413
e6a8ca62 414 SSL_CTX_set_cert_store(ctx, X509_STORE_new());
415f6c0b 415 if (SSL_CTX_load_verify_locations(ctx, ca_cert.file_name, NULL) != 1) {
9467fe62
BP		 416 VLOG_ERR("SSL_CTX_load_verify_locations: %s",
417 ERR_error_string(ERR_get_error(), NULL));
418 return EPROTO;
419 }
420 VLOG_INFO("killing successful connection to retry using CA cert");
421 return EPROTO;
422}
423
c19ae4cc
LR		 424static char *
425get_peer_common_name(const struct ssl_stream *sslv)
426{
427 X509 *peer_cert = SSL_get_peer_certificate(sslv->ssl);
428 if (!peer_cert) {
429 return NULL;
430 }
431
432 int cn_index = X509_NAME_get_index_by_NID(X509_get_subject_name(peer_cert),
433 NID_commonName, -1);
434 if (cn_index < 0) {
435 return NULL;
436 }
437
438 X509_NAME_ENTRY *cn_entry = X509_NAME_get_entry(
439 X509_get_subject_name(peer_cert), cn_index);
440 if (!cn_entry) {
441 return NULL;
442 }
443
444 ASN1_STRING *cn_data = X509_NAME_ENTRY_get_data(cn_entry);
445 if (!cn_data) {
446 return NULL;
447 }
448
449 const char *cn;
450#if OPENSSL_VERSION_NUMBER < 0x10100000L
451 /* ASN1_STRING_data() is deprecated as of OpenSSL version 1.1 */
452 cn = (const char *)ASN1_STRING_data(cn_data);
453#else
454 cn = (const char *)ASN1_STRING_get0_data(cn_data);
455 #endif
456 return xstrdup(cn);
457}
458
9467fe62
BP		 459static int
460ssl_connect(struct stream *stream)
461{
462 struct ssl_stream *sslv = ssl_stream_cast(stream);
463 int retval;
464
465 switch (sslv->state) {
466 case STATE_TCP_CONNECTING:
467 retval = check_connection_completion(sslv->fd);
468 if (retval) {
469 return retval;
470 }
471 sslv->state = STATE_SSL_CONNECTING;
b7cefbf7 472 setsockopt_tcp_nodelay(sslv->fd);
9467fe62
BP		 473 /* Fall through. */
474
475 case STATE_SSL_CONNECTING:
1e3c0047 476 /* Capture the first few bytes of received data so that we can guess
ec9f40dc 477 * what kind of funny data we've been sent if SSL negotiation fails. */
1e3c0047
BP		 478 if (sslv->n_head <= 0) {
479 sslv->n_head = recv(sslv->fd, sslv->head, sizeof sslv->head,
480 MSG_PEEK);
481 }
482
9467fe62
BP		 483 retval = (sslv->type == CLIENT
484 ? SSL_connect(sslv->ssl) : SSL_accept(sslv->ssl));
485 if (retval != 1) {
486 int error = SSL_get_error(sslv->ssl, retval);
487 if (retval < 0 && ssl_wants_io(error)) {
488 return EAGAIN;
489 } else {
490 int unused;
f2f7be86 491
9467fe62
BP		 492 interpret_ssl_error((sslv->type == CLIENT ? "SSL_connect"
493 : "SSL_accept"), retval, error, &unused);
494 shutdown(sslv->fd, SHUT_RDWR);
1e3c0047 495 stream_report_content(sslv->head, sslv->n_head, STREAM_SSL,
922fed06 496 &this_module, stream_get_name(stream));
9467fe62
BP		 497 return EPROTO;
498 }
499 } else if (bootstrap_ca_cert) {
500 return do_ca_cert_bootstrap(stream);
ba104a1e
BP		 501 } else if (verify_peer_cert
502 && ((SSL_get_verify_mode(sslv->ssl)
503 & (SSL_VERIFY_NONE | SSL_VERIFY_PEER))
504 != SSL_VERIFY_PEER)) {
9467fe62
BP		 505 /* Two or more SSL connections completed at the same time while we
506 * were in bootstrap mode. Only one of these can finish the
507 * bootstrap successfully. The other one(s) must be rejected
508 * because they were not verified against the bootstrapped CA
509 * certificate. (Alternatively we could verify them against the CA
510 * certificate, but that's more trouble than it's worth. These
511 * connections will succeed the next time they retry, assuming that
512 * they have a certificate against the correct CA.) */
1ee62357 513 VLOG_INFO("rejecting SSL connection during bootstrap race window");
9467fe62
BP		 514 return EPROTO;
515 } else {
c19ae4cc
LR		 516 char *cn = get_peer_common_name(sslv);
517
518 if (cn) {
519 stream_set_peer_id(stream, cn);
520 free(cn);
521 }
9467fe62
BP		 522 return 0;
523 }
524 }
525
428b2edd 526 OVS_NOT_REACHED();
9467fe62
BP		 527}
528
529static void
530ssl_close(struct stream *stream)
531{
532 struct ssl_stream *sslv = ssl_stream_cast(stream);
533 ssl_clear_txbuf(sslv);
5e4641a1
BP		 534
535 /* Attempt clean shutdown of the SSL connection. This will work most of
536 * the time, as long as the kernel send buffer has some free space and the
537 * SSL connection isn't renegotiating, etc. That has to be good enough,
538 * since we don't have any way to continue the close operation in the
539 * background. */
540 SSL_shutdown(sslv->ssl);
541
3d47699c
BP		 542 /* SSL_shutdown() might have signaled an error, in which case we need to
543 * flush it out of the OpenSSL error queue or the next OpenSSL operation
544 * will falsely signal an error. */
545 ERR_clear_error();
546
9467fe62 547 SSL_free(sslv->ssl);
5ea1366b 548 closesocket(sslv->fd);
9467fe62
BP		 549 free(sslv);
550}
551
246f5b5e
BP		 552static void
553interpret_queued_ssl_error(const char *function)
554{
555 int queued_error = ERR_get_error();
556 if (queued_error != 0) {
557 VLOG_WARN_RL(&rl, "%s: %s",
558 function, ERR_error_string(queued_error, NULL));
559 } else {
560 VLOG_ERR_RL(&rl, "%s: SSL_ERROR_SSL without queued error", function);
561 }
562}
563
9467fe62
BP		 564static int
565interpret_ssl_error(const char *function, int ret, int error,
566 int *want)
567{
568 *want = SSL_NOTHING;
569
570 switch (error) {
571 case SSL_ERROR_NONE:
572 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_NONE", function);
573 break;
574
575 case SSL_ERROR_ZERO_RETURN:
576 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_ZERO_RETURN", function);
577 break;
578
579 case SSL_ERROR_WANT_READ:
580 *want = SSL_READING;
581 return EAGAIN;
582
583 case SSL_ERROR_WANT_WRITE:
584 *want = SSL_WRITING;
585 return EAGAIN;
586
587 case SSL_ERROR_WANT_CONNECT:
588 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_CONNECT", function);
589 break;
590
591 case SSL_ERROR_WANT_ACCEPT:
592 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_ACCEPT", function);
593 break;
594
595 case SSL_ERROR_WANT_X509_LOOKUP:
596 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_X509_LOOKUP",
597 function);
598 break;
599
600 case SSL_ERROR_SYSCALL: {
601 int queued_error = ERR_get_error();
602 if (queued_error == 0) {
603 if (ret < 0) {
604 int status = errno;
605 VLOG_WARN_RL(&rl, "%s: system error (%s)",
10a89ef0 606 function, ovs_strerror(status));
9467fe62
BP		 607 return status;
608 } else {
609 VLOG_WARN_RL(&rl, "%s: unexpected SSL connection close",
610 function);
611 return EPROTO;
612 }
613 } else {
614 VLOG_WARN_RL(&rl, "%s: %s",
615 function, ERR_error_string(queued_error, NULL));
616 break;
617 }
618 }
619
246f5b5e
BP		 620 case SSL_ERROR_SSL:
621 interpret_queued_ssl_error(function);
9467fe62 622 break;
9467fe62
BP		 623
624 default:
625 VLOG_ERR_RL(&rl, "%s: bad SSL error code %d", function, error);
626 break;
627 }
628 return EIO;
629}
630
631static ssize_t
632ssl_recv(struct stream *stream, void *buffer, size_t n)
633{
634 struct ssl_stream *sslv = ssl_stream_cast(stream);
635 int old_state;
636 ssize_t ret;
637
638 /* Behavior of zero-byte SSL_read is poorly defined. */
cb22974d 639 ovs_assert(n > 0);
9467fe62
BP		 640
641 old_state = SSL_get_state(sslv->ssl);
642 ret = SSL_read(sslv->ssl, buffer, n);
643 if (old_state != SSL_get_state(sslv->ssl)) {
644 sslv->tx_want = SSL_NOTHING;
645 }
646 sslv->rx_want = SSL_NOTHING;
647
648 if (ret > 0) {
649 return ret;
650 } else {
651 int error = SSL_get_error(sslv->ssl, ret);
652 if (error == SSL_ERROR_ZERO_RETURN) {
653 return 0;
654 } else {
2b494771
BP		 655 return -interpret_ssl_error("SSL_read", ret, error,
656 &sslv->rx_want);
9467fe62
BP		 657 }
658 }
659}
660
661static void
662ssl_clear_txbuf(struct ssl_stream *sslv)
663{
664 ofpbuf_delete(sslv->txbuf);
665 sslv->txbuf = NULL;
666}
667
668static int
669ssl_do_tx(struct stream *stream)
670{
671 struct ssl_stream *sslv = ssl_stream_cast(stream);
672
673 for (;;) {
674 int old_state = SSL_get_state(sslv->ssl);
560d3df7 675 int ret = SSL_write(sslv->ssl, sslv->txbuf->data, sslv->txbuf->size);
9467fe62
BP		 676 if (old_state != SSL_get_state(sslv->ssl)) {
677 sslv->rx_want = SSL_NOTHING;
678 }
679 sslv->tx_want = SSL_NOTHING;
680 if (ret > 0) {
681 ofpbuf_pull(sslv->txbuf, ret);
560d3df7 682 if (sslv->txbuf->size == 0) {
9467fe62
BP		 683 return 0;
684 }
685 } else {
686 int ssl_error = SSL_get_error(sslv->ssl, ret);
687 if (ssl_error == SSL_ERROR_ZERO_RETURN) {
688 VLOG_WARN_RL(&rl, "SSL_write: connection closed");
689 return EPIPE;
690 } else {
691 return interpret_ssl_error("SSL_write", ret, ssl_error,
692 &sslv->tx_want);
693 }
694 }
695 }
696}
697
698static ssize_t
699ssl_send(struct stream *stream, const void *buffer, size_t n)
700{
701 struct ssl_stream *sslv = ssl_stream_cast(stream);
702
703 if (sslv->txbuf) {
2b494771 704 return -EAGAIN;
9467fe62
BP		 705 } else {
706 int error;
707
708 sslv->txbuf = ofpbuf_clone_data(buffer, n);
709 error = ssl_do_tx(stream);
710 switch (error) {
711 case 0:
712 ssl_clear_txbuf(sslv);
2b494771 713 return n;
9467fe62 714 case EAGAIN:
2b494771 715 return n;
9467fe62 716 default:
5c8f8763 717 ssl_clear_txbuf(sslv);
2b494771 718 return -error;
9467fe62
BP		 719 }
720 }
721}
722
723static void
724ssl_run(struct stream *stream)
725{
726 struct ssl_stream *sslv = ssl_stream_cast(stream);
727
728 if (sslv->txbuf && ssl_do_tx(stream) != EAGAIN) {
729 ssl_clear_txbuf(sslv);
730 }
731}
732
733static void
734ssl_run_wait(struct stream *stream)
735{
736 struct ssl_stream *sslv = ssl_stream_cast(stream);
737
738 if (sslv->tx_want != SSL_NOTHING) {
1ca3348e 739 poll_fd_wait(sslv->fd, want_to_poll_events(sslv->tx_want));
9467fe62
BP		 740 }
741}
742
743static void
744ssl_wait(struct stream *stream, enum stream_wait_type wait)
745{
746 struct ssl_stream *sslv = ssl_stream_cast(stream);
747
748 switch (wait) {
749 case STREAM_CONNECT:
750 if (stream_connect(stream) != EAGAIN) {
751 poll_immediate_wake();
752 } else {
753 switch (sslv->state) {
754 case STATE_TCP_CONNECTING:
1ca3348e 755 poll_fd_wait(sslv->fd, POLLOUT);
9467fe62
BP		 756 break;
757
758 case STATE_SSL_CONNECTING:
759 /* ssl_connect() called SSL_accept() or SSL_connect(), which
760 * set up the status that we test here. */
1ca3348e
GS		 761 poll_fd_wait(sslv->fd,
762 want_to_poll_events(SSL_want(sslv->ssl)));
9467fe62
BP		 763 break;
764
765 default:
428b2edd 766 OVS_NOT_REACHED();
9467fe62
BP		 767 }
768 }
769 break;
770
771 case STREAM_RECV:
772 if (sslv->rx_want != SSL_NOTHING) {
1ca3348e 773 poll_fd_wait(sslv->fd, want_to_poll_events(sslv->rx_want));
9467fe62
BP		 774 } else {
775 poll_immediate_wake();
776 }
777 break;
778
779 case STREAM_SEND:
780 if (!sslv->txbuf) {
781 /* We have room in our tx queue. */
782 poll_immediate_wake();
783 } else {
784 /* stream_run_wait() will do the right thing; don't bother with
785 * redundancy. */
786 }
787 break;
788
789 default:
428b2edd 790 OVS_NOT_REACHED();
9467fe62
BP		 791 }
792}
793
da327b18 794const struct stream_class ssl_stream_class = {
9467fe62 795 "ssl", /* name */
f1936eb6 796 true, /* needs_probes */
9467fe62
BP		 797 ssl_open, /* open */
798 ssl_close, /* close */
799 ssl_connect, /* connect */
800 ssl_recv, /* recv */
801 ssl_send, /* send */
802 ssl_run, /* run */
803 ssl_run_wait, /* run_wait */
804 ssl_wait, /* wait */
805};
806\f
807/* Passive SSL. */
808
809struct pssl_pstream
810{
811 struct pstream pstream;
812 int fd;
813};
814
da327b18 815const struct pstream_class pssl_pstream_class;
9467fe62
BP		 816
817static struct pssl_pstream *
818pssl_pstream_cast(struct pstream *pstream)
819{
820 pstream_assert_class(pstream, &pssl_pstream_class);
821 return CONTAINER_OF(pstream, struct pssl_pstream, pstream);
822}
823
824static int
f125905c
MM		 825pssl_open(const char *name OVS_UNUSED, char *suffix, struct pstream **pstreamp,
826 uint8_t dscp)
9467fe62 827{
e731d71b 828 struct sockaddr_storage ss;
9467fe62 829 struct pssl_pstream *pssl;
e731d71b 830 uint16_t port;
9467fe62
BP		 831 int retval;
832 int fd;
833
834 retval = ssl_init();
835 if (retval) {
836 return retval;
837 }
838
d4763d1d 839 fd = inet_open_passive(SOCK_STREAM, suffix, OFP_PORT, &ss, dscp, true);
9467fe62
BP		 840 if (fd < 0) {
841 return -fd;
842 }
e731d71b
AS		 843
844 port = ss_get_port(&ss);
fd245f1d
BP		 845
846 struct ds bound_name = DS_EMPTY_INITIALIZER;
847 ds_put_format(&bound_name, "pssl:%"PRIu16":", port);
848 ss_format_address(&ss, &bound_name);
9467fe62
BP		 849
850 pssl = xmalloc(sizeof *pssl);
fd245f1d
BP		 851 pstream_init(&pssl->pstream, &pssl_pstream_class,
852 ds_steal_cstr(&bound_name));
e731d71b 853 pstream_set_bound_port(&pssl->pstream, htons(port));
9467fe62
BP		 854 pssl->fd = fd;
855 *pstreamp = &pssl->pstream;
fd245f1d 856
9467fe62
BP		 857 return 0;
858}
859
860static void
861pssl_close(struct pstream *pstream)
862{
863 struct pssl_pstream *pssl = pssl_pstream_cast(pstream);
5ea1366b 864 closesocket(pssl->fd);
9467fe62
BP		 865 free(pssl);
866}
867
868static int
869pssl_accept(struct pstream *pstream, struct stream **new_streamp)
870{
871 struct pssl_pstream *pssl = pssl_pstream_cast(pstream);
e731d71b
AS		 872 struct sockaddr_storage ss;
873 socklen_t ss_len = sizeof ss;
9467fe62
BP		 874 int new_fd;
875 int error;
876
e731d71b 877 new_fd = accept(pssl->fd, (struct sockaddr *) &ss, &ss_len);
9467fe62 878 if (new_fd < 0) {
5ea1366b
GS		 879 error = sock_errno();
880#ifdef _WIN32
881 if (error == WSAEWOULDBLOCK) {
882 error = EAGAIN;
883 }
884#endif
9467fe62 885 if (error != EAGAIN) {
5ea1366b 886 VLOG_DBG_RL(&rl, "accept: %s", sock_strerror(error));
9467fe62
BP		 887 }
888 return error;
889 }
890
891 error = set_nonblocking(new_fd);
892 if (error) {
5ea1366b 893 closesocket(new_fd);
9467fe62
BP		 894 return error;
895 }
896
fd245f1d
BP		 897 struct ds name = DS_EMPTY_INITIALIZER;
898 ds_put_cstr(&name, "ssl:");
899 ss_format_address(&ss, &name);
900 ds_put_format(&name, ":%"PRIu16, ss_get_port(&ss));
901 return new_ssl_stream(ds_steal_cstr(&name), new_fd, SERVER,
902 STATE_SSL_CONNECTING, new_streamp);
9467fe62
BP		 903}
904
905static void
906pssl_wait(struct pstream *pstream)
907{
908 struct pssl_pstream *pssl = pssl_pstream_cast(pstream);
1ca3348e 909 poll_fd_wait(pssl->fd, POLLIN);
9467fe62
BP		 910}
911
da327b18 912const struct pstream_class pssl_pstream_class = {
9467fe62 913 "pssl",
f1936eb6 914 true,
9467fe62
BP		 915 pssl_open,
916 pssl_close,
917 pssl_accept,
918 pssl_wait,
919};
920\f
921/*
922 * Returns true if OpenSSL error is WANT_READ or WANT_WRITE, indicating that
923 * OpenSSL is requesting that we call it back when the socket is ready for read
924 * or writing, respectively.
925 */
926static bool
927ssl_wants_io(int ssl_error)
928{
929 return (ssl_error == SSL_ERROR_WANT_WRITE
930 || ssl_error == SSL_ERROR_WANT_READ);
931}
932
933static int
934ssl_init(void)
935{
936 static int init_status = -1;
937 if (init_status < 0) {
938 init_status = do_ssl_init();
cb22974d 939 ovs_assert(init_status >= 0);
9467fe62
BP		 940 }
941 return init_status;
942}
943
944static int
945do_ssl_init(void)
946{
947 SSL_METHOD *method;
948
5ea1366b
GS		 949#ifdef _WIN32
950 /* The following call is needed if we "#include <openssl/applink.c>". */
951 CRYPTO_malloc_init();
952#endif
9467fe62
BP		 953 SSL_library_init();
954 SSL_load_error_strings();
955
47ebcf25
BP		 956 if (!RAND_status()) {
957 /* We occasionally see OpenSSL fail to seed its random number generator
958 * in heavily loaded hypervisors. I suspect the following scenario:
959 *
960 * 1. OpenSSL calls read() to get 32 bytes from /dev/urandom.
961 * 2. The kernel generates 10 bytes of randomness and copies it out.
962 * 3. A signal arrives (perhaps SIGALRM).
963 * 4. The kernel interrupts the system call to service the signal.
964 * 5. Userspace gets 10 bytes of entropy.
965 * 6. OpenSSL doesn't read again to get the final 22 bytes. Therefore
966 * OpenSSL doesn't have enough entropy to consider itself
967 * initialized.
968 *
969 * The only part I'm not entirely sure about is #6, because the OpenSSL
970 * code is so hard to read. */
971 uint8_t seed[32];
972 int retval;
973
974 VLOG_WARN("OpenSSL random seeding failed, reseeding ourselves");
975
976 retval = get_entropy(seed, sizeof seed);
977 if (retval) {
978 VLOG_ERR("failed to obtain entropy (%s)",
979 ovs_retval_to_string(retval));
980 return retval > 0 ? retval : ENOPROTOOPT;
981 }
982
983 RAND_seed(seed, sizeof seed);
984 }
985
b56ea5d5
BP		 986 /* OpenSSL has a bunch of "connection methods": SSLv2_method(),
987 * SSLv3_method(), TLSv1_method(), SSLv23_method(), ... Most of these
988 * support exactly one version of SSL, e.g. TLSv1_method() supports TLSv1
989 * only, not any earlier *or later* version. The only exception is
990 * SSLv23_method(), which in fact supports *any* version of SSL and TLS.
991 * We don't want SSLv2 or SSLv3 support, so we turn it off below with
992 * SSL_CTX_set_options().
993 *
994 * The cast is needed to avoid a warning with newer versions of OpenSSL in
995 * which SSLv23_method() returns a "const" pointer. */
996 method = CONST_CAST(SSL_METHOD *, SSLv23_method());
9467fe62
BP		 997 if (method == NULL) {
998 VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL));
999 return ENOPROTOOPT;
1000 }
1001
1002 ctx = SSL_CTX_new(method);
1003 if (ctx == NULL) {
1004 VLOG_ERR("SSL_CTX_new: %s", ERR_error_string(ERR_get_error(), NULL));
1005 return ENOPROTOOPT;
1006 }
1007 SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
1008 SSL_CTX_set_tmp_dh_callback(ctx, tmp_dh_callback);
1009 SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
1010 SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1011 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1012 NULL);
895107e4 1013 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
e18a1d08 1014 SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!MD5");
9467fe62
BP		 1015
1016 return 0;
1017}
1018
1019static DH *
67a4917b 1020tmp_dh_callback(SSL *ssl OVS_UNUSED, int is_export OVS_UNUSED, int keylength)
9467fe62
BP		 1021{
1022 struct dh {
1023 int keylength;
1024 DH *dh;
1025 DH *(*constructor)(void);
1026 };
1027
1028 static struct dh dh_table[] = {
1029 {1024, NULL, get_dh1024},
1030 {2048, NULL, get_dh2048},
1031 {4096, NULL, get_dh4096},
1032 };
1033
1034 struct dh *dh;
1035
1036 for (dh = dh_table; dh < &dh_table[ARRAY_SIZE(dh_table)]; dh++) {
1037 if (dh->keylength == keylength) {
1038 if (!dh->dh) {
1039 dh->dh = dh->constructor();
1040 if (!dh->dh) {
1d2c568d 1041 out_of_memory();
9467fe62
BP		 1042 }
1043 }
1044 return dh->dh;
1045 }
1046 }
1047 VLOG_ERR_RL(&rl, "no Diffie-Hellman parameters for key length %d",
1048 keylength);
1049 return NULL;
1050}
1051
1052/* Returns true if SSL is at least partially configured. */
1053bool
d295e8e9 1054stream_ssl_is_configured(void)
9467fe62 1055{
415f6c0b
BP		 1056 return private_key.file_name || certificate.file_name || ca_cert.file_name;
1057}
1058
1059static bool
1060update_ssl_config(struct ssl_config_file *config, const char *file_name)
1061{
9cb07887 1062 struct timespec mtime;
e68f6dea 1063 int error;
9cb07887
BP		 1064
1065 if (ssl_init() || !file_name) {
1066 return false;
1067 }
1068
1069 /* If the file name hasn't changed and neither has the file contents, stop
1070 * here. */
e68f6dea
BP		 1071 error = get_mtime(file_name, &mtime);
1072 if (error && error != ENOENT) {
10a89ef0
BP		 1073 VLOG_ERR_RL(&rl, "%s: stat failed (%s)",
1074 file_name, ovs_strerror(error));
e68f6dea 1075 }
9cb07887
BP		 1076 if (config->file_name
1077 && !strcmp(config->file_name, file_name)
1078 && mtime.tv_sec == config->mtime.tv_sec
1079 && mtime.tv_nsec == config->mtime.tv_nsec) {
415f6c0b
BP		 1080 return false;
1081 }
1082
2b1a27a1 1083 /* Update 'config'. */
9cb07887 1084 config->mtime = mtime;
2b1a27a1
BP		 1085 if (file_name != config->file_name) {
1086 free(config->file_name);
1087 config->file_name = xstrdup(file_name);
1088 }
415f6c0b 1089 return true;
9467fe62
BP		 1090}
1091
6f1e91b1
BP		 1092static void
1093stream_ssl_set_private_key_file__(const char *file_name)
1094{
1095 if (SSL_CTX_use_PrivateKey_file(ctx, file_name, SSL_FILETYPE_PEM) == 1) {
1096 private_key.read = true;
1097 } else {
1098 VLOG_ERR("SSL_use_PrivateKey_file: %s",
1099 ERR_error_string(ERR_get_error(), NULL));
1100 }
1101}
1102
9467fe62
BP		 1103void
1104stream_ssl_set_private_key_file(const char *file_name)
1105{
6f1e91b1
BP		 1106 if (update_ssl_config(&private_key, file_name)) {
1107 stream_ssl_set_private_key_file__(file_name);
9467fe62 1108 }
6f1e91b1
BP		 1109}
1110
1111static void
1112stream_ssl_set_certificate_file__(const char *file_name)
1113{
1b494f3e 1114 if (SSL_CTX_use_certificate_file(ctx, file_name, SSL_FILETYPE_PEM) == 1) {
6f1e91b1
BP		 1115 certificate.read = true;
1116 } else {
1117 VLOG_ERR("SSL_use_certificate_file: %s",
9467fe62 1118 ERR_error_string(ERR_get_error(), NULL));
9467fe62 1119 }
9467fe62
BP		 1120}
1121
1122void
1123stream_ssl_set_certificate_file(const char *file_name)
1124{
6f1e91b1
BP		 1125 if (update_ssl_config(&certificate, file_name)) {
1126 stream_ssl_set_certificate_file__(file_name);
9467fe62 1127 }
6f1e91b1
BP		 1128}
1129
1130/* Sets the private key and certificate files in one operation. Use this
1131 * interface, instead of calling stream_ssl_set_private_key_file() and
1132 * stream_ssl_set_certificate_file() individually, in the main loop of a
1133 * long-running program whose key and certificate might change at runtime.
1134 *
1135 * This is important because of OpenSSL's behavior. If an OpenSSL context
1136 * already has a certificate, and stream_ssl_set_private_key_file() is called
1137 * to install a new private key, OpenSSL will report an error because the new
1138 * private key does not match the old certificate. The other order, of setting
1139 * a new certificate, then setting a new private key, does work.
1140 *
1141 * If this were the only problem, calling stream_ssl_set_certificate_file()
1142 * before stream_ssl_set_private_key_file() would fix it. But, if the private
1143 * key is changed before the certificate (e.g. someone "scp"s or "mv"s the new
1144 * private key in place before the certificate), then OpenSSL would reject that
1145 * change, and then the change of certificate would succeed, but there would be
1146 * no associated private key (because it had only changed once and therefore
1147 * there was no point in re-reading it).
1148 *
1149 * This function avoids both problems by, whenever either the certificate or
1150 * the private key file changes, re-reading both of them, in the correct order.
1151 */
1152void
1153stream_ssl_set_key_and_cert(const char *private_key_file,
1154 const char *certificate_file)
1155{
1156 if (update_ssl_config(&private_key, private_key_file)
1157 || update_ssl_config(&certificate, certificate_file)) {
1158 stream_ssl_set_certificate_file__(certificate_file);
1159 stream_ssl_set_private_key_file__(private_key_file);
9467fe62 1160 }
9467fe62
BP		 1161}
1162
e18a1d08
ER		 1163/* Sets SSL ciphers based on string input. Aborts with an error message
1164 * if 'arg' is invalid. */
1165void
1166stream_ssl_set_ciphers(const char *arg)
1167{
1168 if (ssl_init() || !arg || !strcmp(ssl_ciphers, arg)) {
1169 return;
1170 }
1171 if (SSL_CTX_set_cipher_list(ctx,arg) == 0) {
1172 VLOG_ERR("SSL_CTX_set_cipher_list: %s",
1173 ERR_error_string(ERR_get_error(), NULL));
1174 }
1175 ssl_ciphers = xstrdup(arg);
1176}
1177
1178/* Set SSL protocols based on the string input. Aborts with an error message
1179 * if 'arg' is invalid. */
1180void
1181stream_ssl_set_protocols(const char *arg)
1182{
1183 if (ssl_init() || !arg || !strcmp(arg, ssl_protocols)){
1184 return;
1185 }
1186
1187 /* Start with all the flags off and turn them on as requested. */
1188 long protocol_flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
1189 protocol_flags |= SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
1190
1191 char *s = xstrdup(arg);
1192 char *save_ptr = NULL;
1193 char *word = strtok_r(s, " ,\t", &save_ptr);
1194 if (word == NULL) {
1195 VLOG_ERR("SSL protocol settings invalid");
1196 goto exit;
1197 }
1198 while (word != NULL) {
1199 long on_flag;
1200 if (!strcasecmp(word, "TLSv1.2")){
1201 on_flag = SSL_OP_NO_TLSv1_2;
1202 } else if (!strcasecmp(word, "TLSv1.1")){
1203 on_flag = SSL_OP_NO_TLSv1_1;
1204 } else if (!strcasecmp(word, "TLSv1")){
1205 on_flag = SSL_OP_NO_TLSv1;
1206 } else {
1207 VLOG_ERR("%s: SSL protocol not recognized", word);
1208 goto exit;
1209 }
1210 /* Reverse the no flag and mask it out in the flags
1211 * to turn on that protocol. */
1212 protocol_flags &= ~on_flag;
1213 word = strtok_r(NULL, " ,\t", &save_ptr);
1214 };
1215
1216 /* Set the actual options. */
1217 SSL_CTX_set_options(ctx, protocol_flags);
1218
1219 ssl_protocols = xstrdup(arg);
1220
1221exit:
1222 free(s);
1223}
1224
9467fe62
BP		 1225/* Reads the X509 certificate or certificates in file 'file_name'. On success,
1226 * stores the address of the first element in an array of pointers to
1227 * certificates in '*certs' and the number of certificates in the array in
1228 * '*n_certs', and returns 0. On failure, stores a null pointer in '*certs', 0
1229 * in '*n_certs', and returns a positive errno value.
1230 *
1231 * The caller is responsible for freeing '*certs'. */
1232static int
1233read_cert_file(const char *file_name, X509 ***certs, size_t *n_certs)
1234{
1235 FILE *file;
1236 size_t allocated_certs = 0;
1237
1238 *certs = NULL;
1239 *n_certs = 0;
1240
1241 file = fopen(file_name, "r");
1242 if (!file) {
1243 VLOG_ERR("failed to open %s for reading: %s",
10a89ef0 1244 file_name, ovs_strerror(errno));
9467fe62
BP		 1245 return errno;
1246 }
1247
1248 for (;;) {
1249 X509 *certificate;
1250 int c;
1251
1252 /* Read certificate from file. */
1253 certificate = PEM_read_X509(file, NULL, NULL, NULL);
1254 if (!certificate) {
1255 size_t i;
1256
1257 VLOG_ERR("PEM_read_X509 failed reading %s: %s",
1258 file_name, ERR_error_string(ERR_get_error(), NULL));
1259 for (i = 0; i < *n_certs; i++) {
1260 X509_free((*certs)[i]);
1261 }
1262 free(*certs);
1263 *certs = NULL;
1264 *n_certs = 0;
0ded15d4 1265 fclose(file);
9467fe62
BP		 1266 return EIO;
1267 }
1268
1269 /* Add certificate to array. */
1270 if (*n_certs >= allocated_certs) {
1271 *certs = x2nrealloc(*certs, &allocated_certs, sizeof **certs);
1272 }
1273 (*certs)[(*n_certs)++] = certificate;
1274
1275 /* Are there additional certificates in the file? */
1276 do {
1277 c = getc(file);
1278 } while (isspace(c));
1279 if (c == EOF) {
1280 break;
1281 }
1282 ungetc(c, file);
1283 }
1284 fclose(file);
1285 return 0;
1286}
1287
1288
1289/* Sets 'file_name' as the name of a file containing one or more X509
1290 * certificates to send to the peer. Typical use in OpenFlow is to send the CA
1291 * certificate to the peer, which enables a switch to pick up the controller's
1292 * CA certificate on its first connection. */
1293void
1294stream_ssl_set_peer_ca_cert_file(const char *file_name)
1295{
1296 X509 **certs;
1297 size_t n_certs;
1298 size_t i;
1299
1300 if (ssl_init()) {
1301 return;
1302 }
1303
1304 if (!read_cert_file(file_name, &certs, &n_certs)) {
1305 for (i = 0; i < n_certs; i++) {
1306 if (SSL_CTX_add_extra_chain_cert(ctx, certs[i]) != 1) {
1307 VLOG_ERR("SSL_CTX_add_extra_chain_cert: %s",
1308 ERR_error_string(ERR_get_error(), NULL));
1309 }
1310 }
1311 free(certs);
1312 }
1313}
1314
1315/* Logs fingerprint of CA certificate 'cert' obtained from 'file_name'. */
1316static void
1317log_ca_cert(const char *file_name, X509 *cert)
1318{
1319 unsigned char digest[EVP_MAX_MD_SIZE];
1320 unsigned int n_bytes;
1321 struct ds fp;
1322 char *subject;
1323
1324 ds_init(&fp);
1325 if (!X509_digest(cert, EVP_sha1(), digest, &n_bytes)) {
1326 ds_put_cstr(&fp, "<out of memory>");
1327 } else {
1328 unsigned int i;
1329 for (i = 0; i < n_bytes; i++) {
1330 if (i) {
1331 ds_put_char(&fp, ':');
1332 }
34582733 1333 ds_put_format(&fp, "%02x", digest[i]);
9467fe62
BP		 1334 }
1335 }
1336 subject = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
1337 VLOG_INFO("Trusting CA cert from %s (%s) (fingerprint %s)", file_name,
1338 subject ? subject : "<out of memory>", ds_cstr(&fp));
3c7b5c2d 1339 OPENSSL_free(subject);
9467fe62
BP		 1340 ds_destroy(&fp);
1341}
1342
415f6c0b 1343static void
f1484874
BP		 1344stream_ssl_set_ca_cert_file__(const char *file_name,
1345 bool bootstrap, bool force)
9467fe62 1346{
9467fe62
BP		 1347 struct stat s;
1348
f1484874
BP		 1349 if (!update_ssl_config(&ca_cert, file_name) && !force) {
1350 return;
1351 }
1352
ba104a1e
BP		 1353 if (!strcmp(file_name, "none")) {
1354 verify_peer_cert = false;
1355 VLOG_WARN("Peer certificate validation disabled "
1356 "(this is a security risk)");
1357 } else if (bootstrap && stat(file_name, &s) && errno == ENOENT) {
9467fe62 1358 bootstrap_ca_cert = true;
01960474
L		 1359 } else {
1360 STACK_OF(X509_NAME) *cert_names = SSL_load_client_CA_file(file_name);
1361 if (cert_names) {
1362 /* Set up list of CAs that the server will accept from the
1363 * client. */
1364 SSL_CTX_set_client_CA_list(ctx, cert_names);
1365
1366 /* Set up CAs for OpenSSL to trust in verifying the peer's
1367 * certificate. */
1368 SSL_CTX_set_cert_store(ctx, X509_STORE_new());
1369 if (SSL_CTX_load_verify_locations(ctx, file_name, NULL) != 1) {
1370 VLOG_ERR("SSL_CTX_load_verify_locations: %s",
9467fe62 1371 ERR_error_string(ERR_get_error(), NULL));
01960474 1372 return;
9467fe62 1373 }
01960474
L		 1374 bootstrap_ca_cert = false;
1375 } else {
1376 VLOG_ERR("failed to load client certificates from %s: %s",
1377 file_name, ERR_error_string(ERR_get_error(), NULL));
9467fe62 1378 }
9467fe62 1379 }
415f6c0b 1380 ca_cert.read = true;
9467fe62 1381}
415f6c0b
BP		 1382
1383/* Sets 'file_name' as the name of the file from which to read the CA
1384 * certificate used to verify the peer within SSL connections. If 'bootstrap'
1385 * is false, the file must exist. If 'bootstrap' is false, then the file is
1386 * read if it is exists; if it does not, then it will be created from the CA
1387 * certificate received from the peer on the first SSL connection. */
1388void
1389stream_ssl_set_ca_cert_file(const char *file_name, bool bootstrap)
1390{
f1484874 1391 stream_ssl_set_ca_cert_file__(file_name, bootstrap, false);
415f6c0b 1392}
ff1760f1
BP		 1393\f
1394/* SSL protocol logging. */
1395
1396static const char *
1397ssl_alert_level_to_string(uint8_t type)
1398{
1399 switch (type) {
1400 case 1: return "warning";
1401 case 2: return "fatal";
1402 default: return "<unknown>";
1403 }
1404}
415f6c0b 1405
ff1760f1
BP		 1406static const char *
1407ssl_alert_description_to_string(uint8_t type)
1408{
1409 switch (type) {
1410 case 0: return "close_notify";
1411 case 10: return "unexpected_message";
1412 case 20: return "bad_record_mac";
1413 case 21: return "decryption_failed";
1414 case 22: return "record_overflow";
1415 case 30: return "decompression_failure";
1416 case 40: return "handshake_failure";
1417 case 42: return "bad_certificate";
1418 case 43: return "unsupported_certificate";
1419 case 44: return "certificate_revoked";
1420 case 45: return "certificate_expired";
1421 case 46: return "certificate_unknown";
1422 case 47: return "illegal_parameter";
1423 case 48: return "unknown_ca";
1424 case 49: return "access_denied";
1425 case 50: return "decode_error";
1426 case 51: return "decrypt_error";
1427 case 60: return "export_restriction";
1428 case 70: return "protocol_version";
1429 case 71: return "insufficient_security";
1430 case 80: return "internal_error";
1431 case 90: return "user_canceled";
1432 case 100: return "no_renegotiation";
1433 default: return "<unknown>";
1434 }
1435}
415f6c0b 1436
ff1760f1
BP		 1437static const char *
1438ssl_handshake_type_to_string(uint8_t type)
1439{
1440 switch (type) {
1441 case 0: return "hello_request";
1442 case 1: return "client_hello";
1443 case 2: return "server_hello";
1444 case 11: return "certificate";
1445 case 12: return "server_key_exchange";
1446 case 13: return "certificate_request";
1447 case 14: return "server_hello_done";
1448 case 15: return "certificate_verify";
1449 case 16: return "client_key_exchange";
1450 case 20: return "finished";
1451 default: return "<unknown>";
1452 }
1453}
1454
1455static void
1456ssl_protocol_cb(int write_p, int version OVS_UNUSED, int content_type,
1457 const void *buf_, size_t len, SSL *ssl OVS_UNUSED, void *sslv_)
1458{
1459 const struct ssl_stream *sslv = sslv_;
1460 const uint8_t *buf = buf_;
1461 struct ds details;
1462
1463 if (!VLOG_IS_DBG_ENABLED()) {
1464 return;
1465 }
1466
1467 ds_init(&details);
1468 if (content_type == 20) {
1469 ds_put_cstr(&details, "change_cipher_spec");
1470 } else if (content_type == 21) {
1471 ds_put_format(&details, "alert: %s, %s",
1472 ssl_alert_level_to_string(buf[0]),
1473 ssl_alert_description_to_string(buf[1]));
1474 } else if (content_type == 22) {
1475 ds_put_format(&details, "handshake: %s",
1476 ssl_handshake_type_to_string(buf[0]));
1477 } else {
1478 ds_put_format(&details, "type %d", content_type);
1479 }
1480
34582733 1481 VLOG_DBG("%s%u%s%s %s (%"PRIuSIZE" bytes)",
ff1760f1
BP		 1482 sslv->type == CLIENT ? "client" : "server",
1483 sslv->session_nr, write_p ? "-->" : "<--",
1484 stream_get_name(&sslv->stream), ds_cstr(&details), len);
1485
1486 ds_destroy(&details);
1487}
openvswitch mirror