]> git.proxmox.com Git - ovs.git/blame - lib/stream-ssl.c
projects / ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ofpbuf: Introduce access api for base, data and size.
[ovs.git] / lib / stream-ssl.c
CommitLineData
9467fe62 1/*
e731d71b 2 * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
9467fe62
BP		 3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <config.h>
18#include "stream-ssl.h"
19#include "dhparams.h"
9467fe62
BP		 20#include <ctype.h>
21#include <errno.h>
22#include <inttypes.h>
23#include <string.h>
bd6b7545
GC		 24#include <sys/types.h>
25#include <sys/socket.h>
9467fe62
BP		 26#include <netinet/tcp.h>
27#include <openssl/err.h>
47ebcf25 28#include <openssl/rand.h>
9467fe62
BP		 29#include <openssl/ssl.h>
30#include <openssl/x509v3.h>
31#include <poll.h>
5ea1366b 32#include <fcntl.h>
9467fe62
BP		 33#include <sys/stat.h>
34#include <unistd.h>
f2f7be86 35#include "coverage.h"
9467fe62 36#include "dynamic-string.h"
47ebcf25 37#include "entropy.h"
9467fe62
BP		 38#include "ofpbuf.h"
39#include "openflow/openflow.h"
40#include "packets.h"
41#include "poll-loop.h"
f2f7be86 42#include "shash.h"
9467fe62 43#include "socket-util.h"
9467fe62
BP		 44#include "util.h"
45#include "stream-provider.h"
46#include "stream.h"
415f6c0b 47#include "timeval.h"
9467fe62 48#include "vlog.h"
5136ce49 49
5ea1366b
GS		 50#ifdef _WIN32
51/* Ref: https://www.openssl.org/support/faq.html#PROG2
52 * Your application must link against the same version of the Win32 C-Runtime
53 * against which your openssl libraries were linked. The default version for
54 * OpenSSL is /MD - "Multithreaded DLL". If we compile Open vSwitch with
55 * something other than /MD, instead of re-compiling OpenSSL
56 * toolkit, openssl/applink.c can be #included. Also, it is important
57 * to add CRYPTO_malloc_init prior first call to OpenSSL.
58 *
59 * XXX: The behavior of the following #include when Open vSwitch is
60 * compiled with /MD is not tested. */
61#include <openssl/applink.c>
62#define SHUT_RDWR SD_BOTH
5ea1366b
GS		 63#endif
64
d98e6007 65VLOG_DEFINE_THIS_MODULE(stream_ssl);
9467fe62
BP		 66
67/* Active SSL. */
68
69enum ssl_state {
70 STATE_TCP_CONNECTING,
71 STATE_SSL_CONNECTING
72};
73
74enum session_type {
75 CLIENT,
76 SERVER
77};
78
79struct ssl_stream
80{
81 struct stream stream;
82 enum ssl_state state;
9467fe62
BP		 83 enum session_type type;
84 int fd;
5ea1366b 85 HANDLE wevent;
9467fe62
BP		 86 SSL *ssl;
87 struct ofpbuf *txbuf;
ff1760f1 88 unsigned int session_nr;
9467fe62
BP		 89
90 /* rx_want and tx_want record the result of the last call to SSL_read()
91 * and SSL_write(), respectively:
92 *
93 * - If the call reported that data needed to be read from the file
94 * descriptor, the corresponding member is set to SSL_READING.
95 *
96 * - If the call reported that data needed to be written to the file
97 * descriptor, the corresponding member is set to SSL_WRITING.
98 *
99 * - Otherwise, the member is set to SSL_NOTHING, indicating that the
100 * call completed successfully (or with an error) and that there is no
101 * need to block.
102 *
103 * These are needed because there is no way to ask OpenSSL what a data read
104 * or write would require without giving it a buffer to receive into or
105 * data to send, respectively. (Note that the SSL_want() status is
106 * overwritten by each SSL_read() or SSL_write() call, so we can't rely on
107 * its value.)
108 *
109 * A single call to SSL_read() or SSL_write() can perform both reading
110 * and writing and thus invalidate not one of these values but actually
111 * both. Consider this situation, for example:
112 *
113 * - SSL_write() blocks on a read, so tx_want gets SSL_READING.
114 *
115 * - SSL_read() laters succeeds reading from 'fd' and clears out the
116 * whole receive buffer, so rx_want gets SSL_READING.
117 *
118 * - Client calls stream_wait(STREAM_RECV) and stream_wait(STREAM_SEND)
119 * and blocks.
120 *
121 * - Now we're stuck blocking until the peer sends us data, even though
122 * SSL_write() could now succeed, which could easily be a deadlock
123 * condition.
124 *
125 * On the other hand, we can't reset both tx_want and rx_want on every call
126 * to SSL_read() or SSL_write(), because that would produce livelock,
127 * e.g. in this situation:
128 *
129 * - SSL_write() blocks, so tx_want gets SSL_READING or SSL_WRITING.
130 *
131 * - SSL_read() blocks, so rx_want gets SSL_READING or SSL_WRITING,
132 * but tx_want gets reset to SSL_NOTHING.
133 *
134 * - Client calls stream_wait(STREAM_RECV) and stream_wait(STREAM_SEND)
135 * and blocks.
136 *
137 * - Client wakes up immediately since SSL_NOTHING in tx_want indicates
138 * that no blocking is necessary.
139 *
140 * The solution we adopt here is to set tx_want to SSL_NOTHING after
141 * calling SSL_read() only if the SSL state of the connection changed,
142 * which indicates that an SSL-level renegotiation made some progress, and
143 * similarly for rx_want and SSL_write(). This prevents both the
144 * deadlock and livelock situations above.
145 */
146 int rx_want, tx_want;
1e3c0047 147
ff1760f1 148 /* A few bytes of header data in case SSL negotiation fails. */
1e3c0047
BP		 149 uint8_t head[2];
150 short int n_head;
9467fe62
BP		 151};
152
153/* SSL context created by ssl_init(). */
154static SSL_CTX *ctx;
155
415f6c0b
BP		 156struct ssl_config_file {
157 bool read; /* Whether the file was successfully read. */
158 char *file_name; /* Configured file name, if any. */
9cb07887 159 struct timespec mtime; /* File mtime as of last time we read it. */
415f6c0b
BP		 160};
161
162/* SSL configuration files. */
163static struct ssl_config_file private_key;
164static struct ssl_config_file certificate;
165static struct ssl_config_file ca_cert;
9467fe62 166
ba104a1e
BP		 167/* Ordinarily, the SSL client and server verify each other's certificates using
168 * a CA certificate. Setting this to false disables this behavior. (This is a
169 * security risk.) */
170static bool verify_peer_cert = true;
171
9467fe62 172/* Ordinarily, we require a CA certificate for the peer to be locally
415f6c0b
BP		 173 * available. We can, however, bootstrap the CA certificate from the peer at
174 * the beginning of our first connection then use that certificate on all
175 * subsequent connections, saving it to a file for use in future runs also. In
176 * this case, 'bootstrap_ca_cert' is true. */
9467fe62 177static bool bootstrap_ca_cert;
9467fe62 178
ff1760f1
BP		 179/* Session number. Used in debug logging messages to uniquely identify a
180 * session. */
181static unsigned int next_session_nr;
182
9467fe62
BP		 183/* Who knows what can trigger various SSL errors, so let's throttle them down
184 * quite a bit. */
185static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 25);
186
187static int ssl_init(void);
188static int do_ssl_init(void);
189static bool ssl_wants_io(int ssl_error);
190static void ssl_close(struct stream *);
191static void ssl_clear_txbuf(struct ssl_stream *);
246f5b5e 192static void interpret_queued_ssl_error(const char *function);
9467fe62
BP		 193static int interpret_ssl_error(const char *function, int ret, int error,
194 int *want);
67a4917b 195static DH *tmp_dh_callback(SSL *ssl, int is_export OVS_UNUSED, int keylength);
9467fe62 196static void log_ca_cert(const char *file_name, X509 *cert);
415f6c0b 197static void stream_ssl_set_ca_cert_file__(const char *file_name,
f1484874 198 bool bootstrap, bool force);
ff1760f1
BP		 199static void ssl_protocol_cb(int write_p, int version, int content_type,
200 const void *, size_t, SSL *, void *sslv_);
f1484874 201static bool update_ssl_config(struct ssl_config_file *, const char *file_name);
5ea1366b
GS		 202static int sock_errno(void);
203static void clear_handle(int fd, HANDLE wevent);
9467fe62
BP		 204
205static short int
206want_to_poll_events(int want)
207{
208 switch (want) {
209 case SSL_NOTHING:
428b2edd 210 OVS_NOT_REACHED();
9467fe62
BP		 211
212 case SSL_READING:
213 return POLLIN;
214
215 case SSL_WRITING:
216 return POLLOUT;
217
218 default:
428b2edd 219 OVS_NOT_REACHED();
9467fe62
BP		 220 }
221}
222
223static int
224new_ssl_stream(const char *name, int fd, enum session_type type,
a8d81967 225 enum ssl_state state, struct stream **streamp)
9467fe62 226{
e731d71b 227 struct sockaddr_storage local;
9467fe62
BP		 228 socklen_t local_len = sizeof local;
229 struct ssl_stream *sslv;
230 SSL *ssl = NULL;
231 int on = 1;
232 int retval;
233
234 /* Check for all the needful configuration. */
235 retval = 0;
415f6c0b 236 if (!private_key.read) {
9467fe62
BP		 237 VLOG_ERR("Private key must be configured to use SSL");
238 retval = ENOPROTOOPT;
239 }
415f6c0b 240 if (!certificate.read) {
9467fe62
BP		 241 VLOG_ERR("Certificate must be configured to use SSL");
242 retval = ENOPROTOOPT;
243 }
ba104a1e 244 if (!ca_cert.read && verify_peer_cert && !bootstrap_ca_cert) {
9467fe62
BP		 245 VLOG_ERR("CA certificate must be configured to use SSL");
246 retval = ENOPROTOOPT;
247 }
b6d729ad 248 if (!retval && !SSL_CTX_check_private_key(ctx)) {
9467fe62
BP		 249 VLOG_ERR("Private key does not match certificate public key: %s",
250 ERR_error_string(ERR_get_error(), NULL));
251 retval = ENOPROTOOPT;
252 }
253 if (retval) {
254 goto error;
255 }
256
257 /* Get the local IP and port information */
258 retval = getsockname(fd, (struct sockaddr *) &local, &local_len);
259 if (retval) {
260 memset(&local, 0, sizeof local);
261 }
262
263 /* Disable Nagle. */
264 retval = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof on);
265 if (retval) {
5ea1366b
GS		 266 retval = sock_errno();
267 VLOG_ERR("%s: setsockopt(TCP_NODELAY): %s", name,
268 sock_strerror(retval));
9467fe62
BP		 269 goto error;
270 }
271
272 /* Create and configure OpenSSL stream. */
273 ssl = SSL_new(ctx);
274 if (ssl == NULL) {
275 VLOG_ERR("SSL_new: %s", ERR_error_string(ERR_get_error(), NULL));
276 retval = ENOPROTOOPT;
277 goto error;
278 }
279 if (SSL_set_fd(ssl, fd) == 0) {
280 VLOG_ERR("SSL_set_fd: %s", ERR_error_string(ERR_get_error(), NULL));
281 retval = ENOPROTOOPT;
282 goto error;
283 }
ba104a1e 284 if (!verify_peer_cert || (bootstrap_ca_cert && type == CLIENT)) {
9467fe62
BP		 285 SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
286 }
287
288 /* Create and return the ssl_stream. */
289 sslv = xmalloc(sizeof *sslv);
290 stream_init(&sslv->stream, &ssl_stream_class, EAGAIN, name);
9467fe62
BP		 291 sslv->state = state;
292 sslv->type = type;
293 sslv->fd = fd;
5ea1366b
GS		 294#ifdef _WIN32
295 sslv->wevent = CreateEvent(NULL, FALSE, FALSE, NULL);
296#endif
9467fe62
BP		 297 sslv->ssl = ssl;
298 sslv->txbuf = NULL;
299 sslv->rx_want = sslv->tx_want = SSL_NOTHING;
ff1760f1 300 sslv->session_nr = next_session_nr++;
1e3c0047 301 sslv->n_head = 0;
ff1760f1
BP		 302
303 if (VLOG_IS_DBG_ENABLED()) {
304 SSL_set_msg_callback(ssl, ssl_protocol_cb);
305 SSL_set_msg_callback_arg(ssl, sslv);
306 }
307
9467fe62
BP		 308 *streamp = &sslv->stream;
309 return 0;
310
311error:
312 if (ssl) {
313 SSL_free(ssl);
314 }
5ea1366b 315 closesocket(fd);
9467fe62
BP		 316 return retval;
317}
318
319static struct ssl_stream *
320ssl_stream_cast(struct stream *stream)
321{
322 stream_assert_class(stream, &ssl_stream_class);
323 return CONTAINER_OF(stream, struct ssl_stream, stream);
324}
325
326static int
f125905c 327ssl_open(const char *name, char *suffix, struct stream **streamp, uint8_t dscp)
9467fe62 328{
9467fe62
BP		 329 int error, fd;
330
331 error = ssl_init();
332 if (error) {
333 return error;
334 }
335
a8d81967 336 error = inet_open_active(SOCK_STREAM, suffix, OFP_OLD_PORT, NULL, &fd,
f125905c 337 dscp);
9467fe62
BP		 338 if (fd >= 0) {
339 int state = error ? STATE_TCP_CONNECTING : STATE_SSL_CONNECTING;
a8d81967 340 return new_ssl_stream(name, fd, CLIENT, state, streamp);
9467fe62 341 } else {
10a89ef0 342 VLOG_ERR("%s: connect: %s", name, ovs_strerror(error));
9467fe62
BP		 343 return error;
344 }
345}
346
347static int
348do_ca_cert_bootstrap(struct stream *stream)
349{
350 struct ssl_stream *sslv = ssl_stream_cast(stream);
351 STACK_OF(X509) *chain;
415f6c0b 352 X509 *cert;
9467fe62
BP		 353 FILE *file;
354 int error;
355 int fd;
356
357 chain = SSL_get_peer_cert_chain(sslv->ssl);
358 if (!chain || !sk_X509_num(chain)) {
359 VLOG_ERR("could not bootstrap CA cert: no certificate presented by "
360 "peer");
361 return EPROTO;
362 }
415f6c0b 363 cert = sk_X509_value(chain, sk_X509_num(chain) - 1);
9467fe62 364
415f6c0b 365 /* Check that 'cert' is self-signed. Otherwise it is not a CA
9467fe62 366 * certificate and we should not attempt to use it as one. */
415f6c0b 367 error = X509_check_issued(cert, cert);
9467fe62
BP		 368 if (error) {
369 VLOG_ERR("could not bootstrap CA cert: obtained certificate is "
370 "not self-signed (%s)",
371 X509_verify_cert_error_string(error));
372 if (sk_X509_num(chain) < 2) {
373 VLOG_ERR("only one certificate was received, so probably the peer "
374 "is not configured to send its CA certificate");
375 }
376 return EPROTO;
377 }
378
415f6c0b 379 fd = open(ca_cert.file_name, O_CREAT | O_EXCL | O_WRONLY, 0444);
9467fe62 380 if (fd < 0) {
deb1f433 381 if (errno == EEXIST) {
f1484874
BP		 382 VLOG_INFO_RL(&rl, "reading CA cert %s created by another process",
383 ca_cert.file_name);
384 stream_ssl_set_ca_cert_file__(ca_cert.file_name, true, true);
deb1f433
BP		 385 return EPROTO;
386 } else {
387 VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s",
10a89ef0 388 ca_cert.file_name, ovs_strerror(errno));
deb1f433
BP		 389 return errno;
390 }
9467fe62
BP		 391 }
392
393 file = fdopen(fd, "w");
394 if (!file) {
2a022368 395 error = errno;
9467fe62 396 VLOG_ERR("could not bootstrap CA cert: fdopen failed: %s",
10a89ef0 397 ovs_strerror(error));
415f6c0b 398 unlink(ca_cert.file_name);
9467fe62
BP		 399 return error;
400 }
401
415f6c0b 402 if (!PEM_write_X509(file, cert)) {
9467fe62 403 VLOG_ERR("could not bootstrap CA cert: PEM_write_X509 to %s failed: "
415f6c0b
BP		 404 "%s", ca_cert.file_name,
405 ERR_error_string(ERR_get_error(), NULL));
9467fe62 406 fclose(file);
415f6c0b 407 unlink(ca_cert.file_name);
9467fe62
BP		 408 return EIO;
409 }
410
411 if (fclose(file)) {
2a022368 412 error = errno;
9467fe62 413 VLOG_ERR("could not bootstrap CA cert: writing %s failed: %s",
10a89ef0 414 ca_cert.file_name, ovs_strerror(error));
415f6c0b 415 unlink(ca_cert.file_name);
9467fe62
BP		 416 return error;
417 }
418
415f6c0b
BP		 419 VLOG_INFO("successfully bootstrapped CA cert to %s", ca_cert.file_name);
420 log_ca_cert(ca_cert.file_name, cert);
9467fe62 421 bootstrap_ca_cert = false;
415f6c0b 422 ca_cert.read = true;
9467fe62 423
415f6c0b
BP		 424 /* SSL_CTX_add_client_CA makes a copy of cert's relevant data. */
425 SSL_CTX_add_client_CA(ctx, cert);
9467fe62
BP		 426
427 /* SSL_CTX_use_certificate() takes ownership of the certificate passed in.
415f6c0b
BP		 428 * 'cert' is owned by sslv->ssl, so we need to duplicate it. */
429 cert = X509_dup(cert);
430 if (!cert) {
9467fe62
BP		 431 out_of_memory();
432 }
e6a8ca62 433 SSL_CTX_set_cert_store(ctx, X509_STORE_new());
415f6c0b 434 if (SSL_CTX_load_verify_locations(ctx, ca_cert.file_name, NULL) != 1) {
9467fe62
BP		 435 VLOG_ERR("SSL_CTX_load_verify_locations: %s",
436 ERR_error_string(ERR_get_error(), NULL));
437 return EPROTO;
438 }
439 VLOG_INFO("killing successful connection to retry using CA cert");
440 return EPROTO;
441}
442
443static int
444ssl_connect(struct stream *stream)
445{
446 struct ssl_stream *sslv = ssl_stream_cast(stream);
447 int retval;
448
449 switch (sslv->state) {
450 case STATE_TCP_CONNECTING:
451 retval = check_connection_completion(sslv->fd);
452 if (retval) {
453 return retval;
454 }
455 sslv->state = STATE_SSL_CONNECTING;
456 /* Fall through. */
457
458 case STATE_SSL_CONNECTING:
1e3c0047 459 /* Capture the first few bytes of received data so that we can guess
ec9f40dc 460 * what kind of funny data we've been sent if SSL negotiation fails. */
1e3c0047
BP		 461 if (sslv->n_head <= 0) {
462 sslv->n_head = recv(sslv->fd, sslv->head, sizeof sslv->head,
463 MSG_PEEK);
464 }
465
9467fe62
BP		 466 retval = (sslv->type == CLIENT
467 ? SSL_connect(sslv->ssl) : SSL_accept(sslv->ssl));
468 if (retval != 1) {
469 int error = SSL_get_error(sslv->ssl, retval);
470 if (retval < 0 && ssl_wants_io(error)) {
471 return EAGAIN;
472 } else {
473 int unused;
f2f7be86 474
9467fe62
BP		 475 interpret_ssl_error((sslv->type == CLIENT ? "SSL_connect"
476 : "SSL_accept"), retval, error, &unused);
477 shutdown(sslv->fd, SHUT_RDWR);
1e3c0047
BP		 478 stream_report_content(sslv->head, sslv->n_head, STREAM_SSL,
479 THIS_MODULE, stream_get_name(stream));
9467fe62
BP		 480 return EPROTO;
481 }
482 } else if (bootstrap_ca_cert) {
483 return do_ca_cert_bootstrap(stream);
ba104a1e
BP		 484 } else if (verify_peer_cert
485 && ((SSL_get_verify_mode(sslv->ssl)
486 & (SSL_VERIFY_NONE | SSL_VERIFY_PEER))
487 != SSL_VERIFY_PEER)) {
9467fe62
BP		 488 /* Two or more SSL connections completed at the same time while we
489 * were in bootstrap mode. Only one of these can finish the
490 * bootstrap successfully. The other one(s) must be rejected
491 * because they were not verified against the bootstrapped CA
492 * certificate. (Alternatively we could verify them against the CA
493 * certificate, but that's more trouble than it's worth. These
494 * connections will succeed the next time they retry, assuming that
495 * they have a certificate against the correct CA.) */
1ee62357 496 VLOG_INFO("rejecting SSL connection during bootstrap race window");
9467fe62
BP		 497 return EPROTO;
498 } else {
499 return 0;
500 }
501 }
502
428b2edd 503 OVS_NOT_REACHED();
9467fe62
BP		 504}
505
506static void
507ssl_close(struct stream *stream)
508{
509 struct ssl_stream *sslv = ssl_stream_cast(stream);
510 ssl_clear_txbuf(sslv);
5e4641a1
BP		 511
512 /* Attempt clean shutdown of the SSL connection. This will work most of
513 * the time, as long as the kernel send buffer has some free space and the
514 * SSL connection isn't renegotiating, etc. That has to be good enough,
515 * since we don't have any way to continue the close operation in the
516 * background. */
517 SSL_shutdown(sslv->ssl);
518
3d47699c
BP		 519 /* SSL_shutdown() might have signaled an error, in which case we need to
520 * flush it out of the OpenSSL error queue or the next OpenSSL operation
521 * will falsely signal an error. */
522 ERR_clear_error();
523
9467fe62 524 SSL_free(sslv->ssl);
5ea1366b
GS		 525 clear_handle(sslv->fd, sslv->wevent);
526 closesocket(sslv->fd);
9467fe62
BP		 527 free(sslv);
528}
529
246f5b5e
BP		 530static void
531interpret_queued_ssl_error(const char *function)
532{
533 int queued_error = ERR_get_error();
534 if (queued_error != 0) {
535 VLOG_WARN_RL(&rl, "%s: %s",
536 function, ERR_error_string(queued_error, NULL));
537 } else {
538 VLOG_ERR_RL(&rl, "%s: SSL_ERROR_SSL without queued error", function);
539 }
540}
541
9467fe62
BP		 542static int
543interpret_ssl_error(const char *function, int ret, int error,
544 int *want)
545{
546 *want = SSL_NOTHING;
547
548 switch (error) {
549 case SSL_ERROR_NONE:
550 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_NONE", function);
551 break;
552
553 case SSL_ERROR_ZERO_RETURN:
554 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_ZERO_RETURN", function);
555 break;
556
557 case SSL_ERROR_WANT_READ:
558 *want = SSL_READING;
559 return EAGAIN;
560
561 case SSL_ERROR_WANT_WRITE:
562 *want = SSL_WRITING;
563 return EAGAIN;
564
565 case SSL_ERROR_WANT_CONNECT:
566 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_CONNECT", function);
567 break;
568
569 case SSL_ERROR_WANT_ACCEPT:
570 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_ACCEPT", function);
571 break;
572
573 case SSL_ERROR_WANT_X509_LOOKUP:
574 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_X509_LOOKUP",
575 function);
576 break;
577
578 case SSL_ERROR_SYSCALL: {
579 int queued_error = ERR_get_error();
580 if (queued_error == 0) {
581 if (ret < 0) {
582 int status = errno;
583 VLOG_WARN_RL(&rl, "%s: system error (%s)",
10a89ef0 584 function, ovs_strerror(status));
9467fe62
BP		 585 return status;
586 } else {
587 VLOG_WARN_RL(&rl, "%s: unexpected SSL connection close",
588 function);
589 return EPROTO;
590 }
591 } else {
592 VLOG_WARN_RL(&rl, "%s: %s",
593 function, ERR_error_string(queued_error, NULL));
594 break;
595 }
596 }
597
246f5b5e
BP		 598 case SSL_ERROR_SSL:
599 interpret_queued_ssl_error(function);
9467fe62 600 break;
9467fe62
BP		 601
602 default:
603 VLOG_ERR_RL(&rl, "%s: bad SSL error code %d", function, error);
604 break;
605 }
606 return EIO;
607}
608
609static ssize_t
610ssl_recv(struct stream *stream, void *buffer, size_t n)
611{
612 struct ssl_stream *sslv = ssl_stream_cast(stream);
613 int old_state;
614 ssize_t ret;
615
616 /* Behavior of zero-byte SSL_read is poorly defined. */
cb22974d 617 ovs_assert(n > 0);
9467fe62
BP		 618
619 old_state = SSL_get_state(sslv->ssl);
620 ret = SSL_read(sslv->ssl, buffer, n);
621 if (old_state != SSL_get_state(sslv->ssl)) {
622 sslv->tx_want = SSL_NOTHING;
623 }
624 sslv->rx_want = SSL_NOTHING;
625
626 if (ret > 0) {
627 return ret;
628 } else {
629 int error = SSL_get_error(sslv->ssl, ret);
630 if (error == SSL_ERROR_ZERO_RETURN) {
631 return 0;
632 } else {
2b494771
BP		 633 return -interpret_ssl_error("SSL_read", ret, error,
634 &sslv->rx_want);
9467fe62
BP		 635 }
636 }
637}
638
639static void
640ssl_clear_txbuf(struct ssl_stream *sslv)
641{
642 ofpbuf_delete(sslv->txbuf);
643 sslv->txbuf = NULL;
644}
645
646static int
647ssl_do_tx(struct stream *stream)
648{
649 struct ssl_stream *sslv = ssl_stream_cast(stream);
650
651 for (;;) {
652 int old_state = SSL_get_state(sslv->ssl);
1f317cb5
PS		 653 int ret = SSL_write(sslv->ssl,
654 ofpbuf_data(sslv->txbuf), ofpbuf_size(sslv->txbuf));
9467fe62
BP		 655 if (old_state != SSL_get_state(sslv->ssl)) {
656 sslv->rx_want = SSL_NOTHING;
657 }
658 sslv->tx_want = SSL_NOTHING;
659 if (ret > 0) {
660 ofpbuf_pull(sslv->txbuf, ret);
1f317cb5 661 if (ofpbuf_size(sslv->txbuf) == 0) {
9467fe62
BP		 662 return 0;
663 }
664 } else {
665 int ssl_error = SSL_get_error(sslv->ssl, ret);
666 if (ssl_error == SSL_ERROR_ZERO_RETURN) {
667 VLOG_WARN_RL(&rl, "SSL_write: connection closed");
668 return EPIPE;
669 } else {
670 return interpret_ssl_error("SSL_write", ret, ssl_error,
671 &sslv->tx_want);
672 }
673 }
674 }
675}
676
677static ssize_t
678ssl_send(struct stream *stream, const void *buffer, size_t n)
679{
680 struct ssl_stream *sslv = ssl_stream_cast(stream);
681
682 if (sslv->txbuf) {
2b494771 683 return -EAGAIN;
9467fe62
BP		 684 } else {
685 int error;
686
687 sslv->txbuf = ofpbuf_clone_data(buffer, n);
688 error = ssl_do_tx(stream);
689 switch (error) {
690 case 0:
691 ssl_clear_txbuf(sslv);
2b494771 692 return n;
9467fe62 693 case EAGAIN:
2b494771 694 return n;
9467fe62
BP		 695 default:
696 sslv->txbuf = NULL;
2b494771 697 return -error;
9467fe62
BP		 698 }
699 }
700}
701
702static void
703ssl_run(struct stream *stream)
704{
705 struct ssl_stream *sslv = ssl_stream_cast(stream);
706
707 if (sslv->txbuf && ssl_do_tx(stream) != EAGAIN) {
708 ssl_clear_txbuf(sslv);
709 }
710}
711
712static void
713ssl_run_wait(struct stream *stream)
714{
715 struct ssl_stream *sslv = ssl_stream_cast(stream);
716
717 if (sslv->tx_want != SSL_NOTHING) {
5ea1366b
GS		 718 poll_fd_wait_event(sslv->fd, sslv->wevent,
719 want_to_poll_events(sslv->tx_want));
9467fe62
BP		 720 }
721}
722
723static void
724ssl_wait(struct stream *stream, enum stream_wait_type wait)
725{
726 struct ssl_stream *sslv = ssl_stream_cast(stream);
727
728 switch (wait) {
729 case STREAM_CONNECT:
730 if (stream_connect(stream) != EAGAIN) {
731 poll_immediate_wake();
732 } else {
733 switch (sslv->state) {
734 case STATE_TCP_CONNECTING:
5ea1366b 735 poll_fd_wait_event(sslv->fd, sslv->wevent, POLLOUT);
9467fe62
BP		 736 break;
737
738 case STATE_SSL_CONNECTING:
739 /* ssl_connect() called SSL_accept() or SSL_connect(), which
740 * set up the status that we test here. */
5ea1366b
GS		 741 poll_fd_wait_event(sslv->fd, sslv->wevent,
742 want_to_poll_events(SSL_want(sslv->ssl)));
9467fe62
BP		 743 break;
744
745 default:
428b2edd 746 OVS_NOT_REACHED();
9467fe62
BP		 747 }
748 }
749 break;
750
751 case STREAM_RECV:
752 if (sslv->rx_want != SSL_NOTHING) {
5ea1366b
GS		 753 poll_fd_wait_event(sslv->fd, sslv->wevent,
754 want_to_poll_events(sslv->rx_want));
9467fe62
BP		 755 } else {
756 poll_immediate_wake();
757 }
758 break;
759
760 case STREAM_SEND:
761 if (!sslv->txbuf) {
762 /* We have room in our tx queue. */
763 poll_immediate_wake();
764 } else {
765 /* stream_run_wait() will do the right thing; don't bother with
766 * redundancy. */
767 }
768 break;
769
770 default:
428b2edd 771 OVS_NOT_REACHED();
9467fe62
BP		 772 }
773}
774
da327b18 775const struct stream_class ssl_stream_class = {
9467fe62 776 "ssl", /* name */
f1936eb6 777 true, /* needs_probes */
9467fe62
BP		 778 ssl_open, /* open */
779 ssl_close, /* close */
780 ssl_connect, /* connect */
781 ssl_recv, /* recv */
782 ssl_send, /* send */
783 ssl_run, /* run */
784 ssl_run_wait, /* run_wait */
785 ssl_wait, /* wait */
786};
787\f
788/* Passive SSL. */
789
790struct pssl_pstream
791{
792 struct pstream pstream;
793 int fd;
5ea1366b 794 HANDLE wevent;
9467fe62
BP		 795};
796
da327b18 797const struct pstream_class pssl_pstream_class;
9467fe62
BP		 798
799static struct pssl_pstream *
800pssl_pstream_cast(struct pstream *pstream)
801{
802 pstream_assert_class(pstream, &pssl_pstream_class);
803 return CONTAINER_OF(pstream, struct pssl_pstream, pstream);
804}
805
806static int
f125905c
MM		 807pssl_open(const char *name OVS_UNUSED, char *suffix, struct pstream **pstreamp,
808 uint8_t dscp)
9467fe62 809{
e731d71b
AS		 810 char bound_name[SS_NTOP_BUFSIZE + 16];
811 char addrbuf[SS_NTOP_BUFSIZE];
812 struct sockaddr_storage ss;
9467fe62 813 struct pssl_pstream *pssl;
e731d71b 814 uint16_t port;
9467fe62
BP		 815 int retval;
816 int fd;
817
818 retval = ssl_init();
819 if (retval) {
820 return retval;
821 }
822
e731d71b 823 fd = inet_open_passive(SOCK_STREAM, suffix, OFP_OLD_PORT, &ss, dscp);
9467fe62
BP		 824 if (fd < 0) {
825 return -fd;
826 }
e731d71b
AS		 827
828 port = ss_get_port(&ss);
829 snprintf(bound_name, sizeof bound_name, "ptcp:%"PRIu16":%s",
830 port, ss_format_address(&ss, addrbuf, sizeof addrbuf));
9467fe62
BP		 831
832 pssl = xmalloc(sizeof *pssl);
42967038 833 pstream_init(&pssl->pstream, &pssl_pstream_class, bound_name);
e731d71b 834 pstream_set_bound_port(&pssl->pstream, htons(port));
9467fe62 835 pssl->fd = fd;
5ea1366b
GS		 836#ifdef _WIN32
837 pssl->wevent = CreateEvent(NULL, FALSE, FALSE, NULL);
838#endif
9467fe62
BP		 839 *pstreamp = &pssl->pstream;
840 return 0;
841}
842
843static void
844pssl_close(struct pstream *pstream)
845{
846 struct pssl_pstream *pssl = pssl_pstream_cast(pstream);
5ea1366b
GS		 847 clear_handle(pssl->fd, pssl->wevent);
848 closesocket(pssl->fd);
9467fe62
BP		 849 free(pssl);
850}
851
852static int
853pssl_accept(struct pstream *pstream, struct stream **new_streamp)
854{
855 struct pssl_pstream *pssl = pssl_pstream_cast(pstream);
e731d71b
AS		 856 char name[SS_NTOP_BUFSIZE + 16];
857 char addrbuf[SS_NTOP_BUFSIZE];
858 struct sockaddr_storage ss;
859 socklen_t ss_len = sizeof ss;
9467fe62
BP		 860 int new_fd;
861 int error;
862
e731d71b 863 new_fd = accept(pssl->fd, (struct sockaddr *) &ss, &ss_len);
9467fe62 864 if (new_fd < 0) {
5ea1366b
GS		 865 error = sock_errno();
866#ifdef _WIN32
867 if (error == WSAEWOULDBLOCK) {
868 error = EAGAIN;
869 }
870#endif
9467fe62 871 if (error != EAGAIN) {
5ea1366b 872 VLOG_DBG_RL(&rl, "accept: %s", sock_strerror(error));
9467fe62
BP		 873 }
874 return error;
875 }
876
877 error = set_nonblocking(new_fd);
878 if (error) {
5ea1366b 879 closesocket(new_fd);
9467fe62
BP		 880 return error;
881 }
882
e731d71b
AS		 883 snprintf(name, sizeof name, "tcp:%s:%"PRIu16,
884 ss_format_address(&ss, addrbuf, sizeof addrbuf),
885 ss_get_port(&ss));
a8d81967 886 return new_ssl_stream(name, new_fd, SERVER, STATE_SSL_CONNECTING,
f125905c 887 new_streamp);
9467fe62
BP		 888}
889
890static void
891pssl_wait(struct pstream *pstream)
892{
893 struct pssl_pstream *pssl = pssl_pstream_cast(pstream);
5ea1366b 894 poll_fd_wait_event(pssl->fd, pssl->wevent, POLLIN);
9467fe62
BP		 895}
896
f89b7ce5
IY		 897static int
898pssl_set_dscp(struct pstream *pstream, uint8_t dscp)
899{
900 struct pssl_pstream *pssl = pssl_pstream_cast(pstream);
901 return set_dscp(pssl->fd, dscp);
902}
903
da327b18 904const struct pstream_class pssl_pstream_class = {
9467fe62 905 "pssl",
f1936eb6 906 true,
9467fe62
BP		 907 pssl_open,
908 pssl_close,
909 pssl_accept,
910 pssl_wait,
f89b7ce5 911 pssl_set_dscp,
9467fe62
BP		 912};
913\f
914/*
915 * Returns true if OpenSSL error is WANT_READ or WANT_WRITE, indicating that
916 * OpenSSL is requesting that we call it back when the socket is ready for read
917 * or writing, respectively.
918 */
919static bool
920ssl_wants_io(int ssl_error)
921{
922 return (ssl_error == SSL_ERROR_WANT_WRITE
923 || ssl_error == SSL_ERROR_WANT_READ);
924}
925
926static int
927ssl_init(void)
928{
929 static int init_status = -1;
930 if (init_status < 0) {
931 init_status = do_ssl_init();
cb22974d 932 ovs_assert(init_status >= 0);
9467fe62
BP		 933 }
934 return init_status;
935}
936
937static int
938do_ssl_init(void)
939{
940 SSL_METHOD *method;
941
5ea1366b
GS		 942#ifdef _WIN32
943 /* The following call is needed if we "#include <openssl/applink.c>". */
944 CRYPTO_malloc_init();
945#endif
9467fe62
BP		 946 SSL_library_init();
947 SSL_load_error_strings();
948
47ebcf25
BP		 949 if (!RAND_status()) {
950 /* We occasionally see OpenSSL fail to seed its random number generator
951 * in heavily loaded hypervisors. I suspect the following scenario:
952 *
953 * 1. OpenSSL calls read() to get 32 bytes from /dev/urandom.
954 * 2. The kernel generates 10 bytes of randomness and copies it out.
955 * 3. A signal arrives (perhaps SIGALRM).
956 * 4. The kernel interrupts the system call to service the signal.
957 * 5. Userspace gets 10 bytes of entropy.
958 * 6. OpenSSL doesn't read again to get the final 22 bytes. Therefore
959 * OpenSSL doesn't have enough entropy to consider itself
960 * initialized.
961 *
962 * The only part I'm not entirely sure about is #6, because the OpenSSL
963 * code is so hard to read. */
964 uint8_t seed[32];
965 int retval;
966
967 VLOG_WARN("OpenSSL random seeding failed, reseeding ourselves");
968
969 retval = get_entropy(seed, sizeof seed);
970 if (retval) {
971 VLOG_ERR("failed to obtain entropy (%s)",
972 ovs_retval_to_string(retval));
973 return retval > 0 ? retval : ENOPROTOOPT;
974 }
975
976 RAND_seed(seed, sizeof seed);
977 }
978
444b381e
BP		 979 /* New OpenSSL changed TLSv1_method() to return a "const" pointer, so the
980 * cast is needed to avoid a warning with those newer versions. */
ebc56baa 981 method = CONST_CAST(SSL_METHOD *, TLSv1_method());
9467fe62
BP		 982 if (method == NULL) {
983 VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL));
984 return ENOPROTOOPT;
985 }
986
987 ctx = SSL_CTX_new(method);
988 if (ctx == NULL) {
989 VLOG_ERR("SSL_CTX_new: %s", ERR_error_string(ERR_get_error(), NULL));
990 return ENOPROTOOPT;
991 }
992 SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
993 SSL_CTX_set_tmp_dh_callback(ctx, tmp_dh_callback);
994 SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
995 SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
996 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
997 NULL);
998
999 return 0;
1000}
1001
1002static DH *
67a4917b 1003tmp_dh_callback(SSL *ssl OVS_UNUSED, int is_export OVS_UNUSED, int keylength)
9467fe62
BP		 1004{
1005 struct dh {
1006 int keylength;
1007 DH *dh;
1008 DH *(*constructor)(void);
1009 };
1010
1011 static struct dh dh_table[] = {
1012 {1024, NULL, get_dh1024},
1013 {2048, NULL, get_dh2048},
1014 {4096, NULL, get_dh4096},
1015 };
1016
1017 struct dh *dh;
1018
1019 for (dh = dh_table; dh < &dh_table[ARRAY_SIZE(dh_table)]; dh++) {
1020 if (dh->keylength == keylength) {
1021 if (!dh->dh) {
1022 dh->dh = dh->constructor();
1023 if (!dh->dh) {
1d2c568d 1024 out_of_memory();
9467fe62
BP		 1025 }
1026 }
1027 return dh->dh;
1028 }
1029 }
1030 VLOG_ERR_RL(&rl, "no Diffie-Hellman parameters for key length %d",
1031 keylength);
1032 return NULL;
1033}
1034
1035/* Returns true if SSL is at least partially configured. */
1036bool
d295e8e9 1037stream_ssl_is_configured(void)
9467fe62 1038{
415f6c0b
BP		 1039 return private_key.file_name || certificate.file_name || ca_cert.file_name;
1040}
1041
1042static bool
1043update_ssl_config(struct ssl_config_file *config, const char *file_name)
1044{
9cb07887 1045 struct timespec mtime;
e68f6dea 1046 int error;
9cb07887
BP		 1047
1048 if (ssl_init() || !file_name) {
1049 return false;
1050 }
1051
1052 /* If the file name hasn't changed and neither has the file contents, stop
1053 * here. */
e68f6dea
BP		 1054 error = get_mtime(file_name, &mtime);
1055 if (error && error != ENOENT) {
10a89ef0
BP		 1056 VLOG_ERR_RL(&rl, "%s: stat failed (%s)",
1057 file_name, ovs_strerror(error));
e68f6dea 1058 }
9cb07887
BP		 1059 if (config->file_name
1060 && !strcmp(config->file_name, file_name)
1061 && mtime.tv_sec == config->mtime.tv_sec
1062 && mtime.tv_nsec == config->mtime.tv_nsec) {
415f6c0b
BP		 1063 return false;
1064 }
1065
2b1a27a1 1066 /* Update 'config'. */
9cb07887 1067 config->mtime = mtime;
2b1a27a1
BP		 1068 if (file_name != config->file_name) {
1069 free(config->file_name);
1070 config->file_name = xstrdup(file_name);
1071 }
415f6c0b 1072 return true;
9467fe62
BP		 1073}
1074
6f1e91b1
BP		 1075static void
1076stream_ssl_set_private_key_file__(const char *file_name)
1077{
1078 if (SSL_CTX_use_PrivateKey_file(ctx, file_name, SSL_FILETYPE_PEM) == 1) {
1079 private_key.read = true;
1080 } else {
1081 VLOG_ERR("SSL_use_PrivateKey_file: %s",
1082 ERR_error_string(ERR_get_error(), NULL));
1083 }
1084}
1085
9467fe62
BP		 1086void
1087stream_ssl_set_private_key_file(const char *file_name)
1088{
6f1e91b1
BP		 1089 if (update_ssl_config(&private_key, file_name)) {
1090 stream_ssl_set_private_key_file__(file_name);
9467fe62 1091 }
6f1e91b1
BP		 1092}
1093
1094static void
1095stream_ssl_set_certificate_file__(const char *file_name)
1096{
1097 if (SSL_CTX_use_certificate_chain_file(ctx, file_name) == 1) {
1098 certificate.read = true;
1099 } else {
1100 VLOG_ERR("SSL_use_certificate_file: %s",
9467fe62 1101 ERR_error_string(ERR_get_error(), NULL));
9467fe62 1102 }
9467fe62
BP		 1103}
1104
1105void
1106stream_ssl_set_certificate_file(const char *file_name)
1107{
6f1e91b1
BP		 1108 if (update_ssl_config(&certificate, file_name)) {
1109 stream_ssl_set_certificate_file__(file_name);
9467fe62 1110 }
6f1e91b1
BP		 1111}
1112
1113/* Sets the private key and certificate files in one operation. Use this
1114 * interface, instead of calling stream_ssl_set_private_key_file() and
1115 * stream_ssl_set_certificate_file() individually, in the main loop of a
1116 * long-running program whose key and certificate might change at runtime.
1117 *
1118 * This is important because of OpenSSL's behavior. If an OpenSSL context
1119 * already has a certificate, and stream_ssl_set_private_key_file() is called
1120 * to install a new private key, OpenSSL will report an error because the new
1121 * private key does not match the old certificate. The other order, of setting
1122 * a new certificate, then setting a new private key, does work.
1123 *
1124 * If this were the only problem, calling stream_ssl_set_certificate_file()
1125 * before stream_ssl_set_private_key_file() would fix it. But, if the private
1126 * key is changed before the certificate (e.g. someone "scp"s or "mv"s the new
1127 * private key in place before the certificate), then OpenSSL would reject that
1128 * change, and then the change of certificate would succeed, but there would be
1129 * no associated private key (because it had only changed once and therefore
1130 * there was no point in re-reading it).
1131 *
1132 * This function avoids both problems by, whenever either the certificate or
1133 * the private key file changes, re-reading both of them, in the correct order.
1134 */
1135void
1136stream_ssl_set_key_and_cert(const char *private_key_file,
1137 const char *certificate_file)
1138{
1139 if (update_ssl_config(&private_key, private_key_file)
1140 || update_ssl_config(&certificate, certificate_file)) {
1141 stream_ssl_set_certificate_file__(certificate_file);
1142 stream_ssl_set_private_key_file__(private_key_file);
9467fe62 1143 }
9467fe62
BP		 1144}
1145
1146/* Reads the X509 certificate or certificates in file 'file_name'. On success,
1147 * stores the address of the first element in an array of pointers to
1148 * certificates in '*certs' and the number of certificates in the array in
1149 * '*n_certs', and returns 0. On failure, stores a null pointer in '*certs', 0
1150 * in '*n_certs', and returns a positive errno value.
1151 *
1152 * The caller is responsible for freeing '*certs'. */
1153static int
1154read_cert_file(const char *file_name, X509 ***certs, size_t *n_certs)
1155{
1156 FILE *file;
1157 size_t allocated_certs = 0;
1158
1159 *certs = NULL;
1160 *n_certs = 0;
1161
1162 file = fopen(file_name, "r");
1163 if (!file) {
1164 VLOG_ERR("failed to open %s for reading: %s",
10a89ef0 1165 file_name, ovs_strerror(errno));
9467fe62
BP		 1166 return errno;
1167 }
1168
1169 for (;;) {
1170 X509 *certificate;
1171 int c;
1172
1173 /* Read certificate from file. */
1174 certificate = PEM_read_X509(file, NULL, NULL, NULL);
1175 if (!certificate) {
1176 size_t i;
1177
1178 VLOG_ERR("PEM_read_X509 failed reading %s: %s",
1179 file_name, ERR_error_string(ERR_get_error(), NULL));
1180 for (i = 0; i < *n_certs; i++) {
1181 X509_free((*certs)[i]);
1182 }
1183 free(*certs);
1184 *certs = NULL;
1185 *n_certs = 0;
1186 return EIO;
1187 }
1188
1189 /* Add certificate to array. */
1190 if (*n_certs >= allocated_certs) {
1191 *certs = x2nrealloc(*certs, &allocated_certs, sizeof **certs);
1192 }
1193 (*certs)[(*n_certs)++] = certificate;
1194
1195 /* Are there additional certificates in the file? */
1196 do {
1197 c = getc(file);
1198 } while (isspace(c));
1199 if (c == EOF) {
1200 break;
1201 }
1202 ungetc(c, file);
1203 }
1204 fclose(file);
1205 return 0;
1206}
1207
1208
1209/* Sets 'file_name' as the name of a file containing one or more X509
1210 * certificates to send to the peer. Typical use in OpenFlow is to send the CA
1211 * certificate to the peer, which enables a switch to pick up the controller's
1212 * CA certificate on its first connection. */
1213void
1214stream_ssl_set_peer_ca_cert_file(const char *file_name)
1215{
1216 X509 **certs;
1217 size_t n_certs;
1218 size_t i;
1219
1220 if (ssl_init()) {
1221 return;
1222 }
1223
1224 if (!read_cert_file(file_name, &certs, &n_certs)) {
1225 for (i = 0; i < n_certs; i++) {
1226 if (SSL_CTX_add_extra_chain_cert(ctx, certs[i]) != 1) {
1227 VLOG_ERR("SSL_CTX_add_extra_chain_cert: %s",
1228 ERR_error_string(ERR_get_error(), NULL));
1229 }
1230 }
1231 free(certs);
1232 }
1233}
1234
1235/* Logs fingerprint of CA certificate 'cert' obtained from 'file_name'. */
1236static void
1237log_ca_cert(const char *file_name, X509 *cert)
1238{
1239 unsigned char digest[EVP_MAX_MD_SIZE];
1240 unsigned int n_bytes;
1241 struct ds fp;
1242 char *subject;
1243
1244 ds_init(&fp);
1245 if (!X509_digest(cert, EVP_sha1(), digest, &n_bytes)) {
1246 ds_put_cstr(&fp, "<out of memory>");
1247 } else {
1248 unsigned int i;
1249 for (i = 0; i < n_bytes; i++) {
1250 if (i) {
1251 ds_put_char(&fp, ':');
1252 }
34582733 1253 ds_put_format(&fp, "%02x", digest[i]);
9467fe62
BP		 1254 }
1255 }
1256 subject = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
1257 VLOG_INFO("Trusting CA cert from %s (%s) (fingerprint %s)", file_name,
1258 subject ? subject : "<out of memory>", ds_cstr(&fp));
3c7b5c2d 1259 OPENSSL_free(subject);
9467fe62
BP		 1260 ds_destroy(&fp);
1261}
1262
415f6c0b 1263static void
f1484874
BP		 1264stream_ssl_set_ca_cert_file__(const char *file_name,
1265 bool bootstrap, bool force)
9467fe62
BP		 1266{
1267 X509 **certs;
1268 size_t n_certs;
1269 struct stat s;
1270
f1484874
BP		 1271 if (!update_ssl_config(&ca_cert, file_name) && !force) {
1272 return;
1273 }
1274
ba104a1e
BP		 1275 if (!strcmp(file_name, "none")) {
1276 verify_peer_cert = false;
1277 VLOG_WARN("Peer certificate validation disabled "
1278 "(this is a security risk)");
1279 } else if (bootstrap && stat(file_name, &s) && errno == ENOENT) {
9467fe62 1280 bootstrap_ca_cert = true;
9467fe62
BP		 1281 } else if (!read_cert_file(file_name, &certs, &n_certs)) {
1282 size_t i;
1283
1284 /* Set up list of CAs that the server will accept from the client. */
1285 for (i = 0; i < n_certs; i++) {
1286 /* SSL_CTX_add_client_CA makes a copy of the relevant data. */
1287 if (SSL_CTX_add_client_CA(ctx, certs[i]) != 1) {
34582733 1288 VLOG_ERR("failed to add client certificate %"PRIuSIZE" from %s: %s",
9467fe62
BP		 1289 i, file_name,
1290 ERR_error_string(ERR_get_error(), NULL));
1291 } else {
1292 log_ca_cert(file_name, certs[i]);
1293 }
1294 X509_free(certs[i]);
1295 }
f6b60e02 1296 free(certs);
9467fe62
BP		 1297
1298 /* Set up CAs for OpenSSL to trust in verifying the peer's
1299 * certificate. */
e6a8ca62 1300 SSL_CTX_set_cert_store(ctx, X509_STORE_new());
9467fe62
BP		 1301 if (SSL_CTX_load_verify_locations(ctx, file_name, NULL) != 1) {
1302 VLOG_ERR("SSL_CTX_load_verify_locations: %s",
1303 ERR_error_string(ERR_get_error(), NULL));
1304 return;
1305 }
1306
415f6c0b 1307 bootstrap_ca_cert = false;
9467fe62 1308 }
415f6c0b 1309 ca_cert.read = true;
9467fe62 1310}
415f6c0b
BP		 1311
1312/* Sets 'file_name' as the name of the file from which to read the CA
1313 * certificate used to verify the peer within SSL connections. If 'bootstrap'
1314 * is false, the file must exist. If 'bootstrap' is false, then the file is
1315 * read if it is exists; if it does not, then it will be created from the CA
1316 * certificate received from the peer on the first SSL connection. */
1317void
1318stream_ssl_set_ca_cert_file(const char *file_name, bool bootstrap)
1319{
f1484874 1320 stream_ssl_set_ca_cert_file__(file_name, bootstrap, false);
415f6c0b 1321}
ff1760f1
BP		 1322\f
1323/* SSL protocol logging. */
1324
1325static const char *
1326ssl_alert_level_to_string(uint8_t type)
1327{
1328 switch (type) {
1329 case 1: return "warning";
1330 case 2: return "fatal";
1331 default: return "<unknown>";
1332 }
1333}
415f6c0b 1334
ff1760f1
BP		 1335static const char *
1336ssl_alert_description_to_string(uint8_t type)
1337{
1338 switch (type) {
1339 case 0: return "close_notify";
1340 case 10: return "unexpected_message";
1341 case 20: return "bad_record_mac";
1342 case 21: return "decryption_failed";
1343 case 22: return "record_overflow";
1344 case 30: return "decompression_failure";
1345 case 40: return "handshake_failure";
1346 case 42: return "bad_certificate";
1347 case 43: return "unsupported_certificate";
1348 case 44: return "certificate_revoked";
1349 case 45: return "certificate_expired";
1350 case 46: return "certificate_unknown";
1351 case 47: return "illegal_parameter";
1352 case 48: return "unknown_ca";
1353 case 49: return "access_denied";
1354 case 50: return "decode_error";
1355 case 51: return "decrypt_error";
1356 case 60: return "export_restriction";
1357 case 70: return "protocol_version";
1358 case 71: return "insufficient_security";
1359 case 80: return "internal_error";
1360 case 90: return "user_canceled";
1361 case 100: return "no_renegotiation";
1362 default: return "<unknown>";
1363 }
1364}
415f6c0b 1365
ff1760f1
BP		 1366static const char *
1367ssl_handshake_type_to_string(uint8_t type)
1368{
1369 switch (type) {
1370 case 0: return "hello_request";
1371 case 1: return "client_hello";
1372 case 2: return "server_hello";
1373 case 11: return "certificate";
1374 case 12: return "server_key_exchange";
1375 case 13: return "certificate_request";
1376 case 14: return "server_hello_done";
1377 case 15: return "certificate_verify";
1378 case 16: return "client_key_exchange";
1379 case 20: return "finished";
1380 default: return "<unknown>";
1381 }
1382}
1383
1384static void
1385ssl_protocol_cb(int write_p, int version OVS_UNUSED, int content_type,
1386 const void *buf_, size_t len, SSL *ssl OVS_UNUSED, void *sslv_)
1387{
1388 const struct ssl_stream *sslv = sslv_;
1389 const uint8_t *buf = buf_;
1390 struct ds details;
1391
1392 if (!VLOG_IS_DBG_ENABLED()) {
1393 return;
1394 }
1395
1396 ds_init(&details);
1397 if (content_type == 20) {
1398 ds_put_cstr(&details, "change_cipher_spec");
1399 } else if (content_type == 21) {
1400 ds_put_format(&details, "alert: %s, %s",
1401 ssl_alert_level_to_string(buf[0]),
1402 ssl_alert_description_to_string(buf[1]));
1403 } else if (content_type == 22) {
1404 ds_put_format(&details, "handshake: %s",
1405 ssl_handshake_type_to_string(buf[0]));
1406 } else {
1407 ds_put_format(&details, "type %d", content_type);
1408 }
1409
34582733 1410 VLOG_DBG("%s%u%s%s %s (%"PRIuSIZE" bytes)",
ff1760f1
BP		 1411 sslv->type == CLIENT ? "client" : "server",
1412 sslv->session_nr, write_p ? "-->" : "<--",
1413 stream_get_name(&sslv->stream), ds_cstr(&details), len);
1414
1415 ds_destroy(&details);
1416}
5ea1366b 1417
5ea1366b
GS		 1418static void
1419clear_handle(int fd OVS_UNUSED, HANDLE wevent OVS_UNUSED)
1420{
1421#ifdef _WIN32
1422 if (fd) {
1423 WSAEventSelect(fd, NULL, 0);
1424 }
1425 if (wevent) {
1426 CloseHandle(wevent);
1427 }
1428#endif
1429}
openvswitch packages for PVE