]> git.proxmox.com Git - mirror_ovs.git/blob - lib/stream-ssl.c
projects / mirror_ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add support for specifying SSL connection parameters to ovsdb
[mirror_ovs.git] / lib / stream-ssl.c
1 /*
2 * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <config.h>
18 #include "stream-ssl.h"
19 #include "dhparams.h"
20 #include <ctype.h>
21 #include <errno.h>
22 #include <inttypes.h>
23 #include <string.h>
24 #include <sys/types.h>
25 #include <sys/socket.h>
26 #include <netinet/tcp.h>
27 #include <openssl/err.h>
28 #include <openssl/rand.h>
29 #include <openssl/ssl.h>
30 #include <openssl/x509v3.h>
31 #include <poll.h>
32 #include <fcntl.h>
33 #include <sys/stat.h>
34 #include <unistd.h>
35 #include "coverage.h"
36 #include "openvswitch/dynamic-string.h"
37 #include "entropy.h"
38 #include "openvswitch/ofpbuf.h"
39 #include "openflow/openflow.h"
40 #include "packets.h"
41 #include "poll-loop.h"
42 #include "openvswitch/shash.h"
43 #include "socket-util.h"
44 #include "util.h"
45 #include "stream-provider.h"
46 #include "stream.h"
47 #include "timeval.h"
48 #include "openvswitch/vlog.h"
49
50 #ifdef _WIN32
51 /* Ref: https://www.openssl.org/support/faq.html#PROG2
52 * Your application must link against the same version of the Win32 C-Runtime
53 * against which your openssl libraries were linked. The default version for
54 * OpenSSL is /MD - "Multithreaded DLL". If we compile Open vSwitch with
55 * something other than /MD, instead of re-compiling OpenSSL
56 * toolkit, openssl/applink.c can be #included. Also, it is important
57 * to add CRYPTO_malloc_init prior first call to OpenSSL.
58 *
59 * XXX: The behavior of the following #include when Open vSwitch is
60 * compiled with /MD is not tested. */
61 #include <openssl/applink.c>
62 #define SHUT_RDWR SD_BOTH
63 #endif
64
65 VLOG_DEFINE_THIS_MODULE(stream_ssl);
66
67 /* Active SSL. */
68
69 enum ssl_state {
70 STATE_TCP_CONNECTING,
71 STATE_SSL_CONNECTING
72 };
73
74 enum session_type {
75 CLIENT,
76 SERVER
77 };
78
79 struct ssl_stream
80 {
81 struct stream stream;
82 enum ssl_state state;
83 enum session_type type;
84 int fd;
85 SSL *ssl;
86 struct ofpbuf *txbuf;
87 unsigned int session_nr;
88
89 /* rx_want and tx_want record the result of the last call to SSL_read()
90 * and SSL_write(), respectively:
91 *
92 * - If the call reported that data needed to be read from the file
93 * descriptor, the corresponding member is set to SSL_READING.
94 *
95 * - If the call reported that data needed to be written to the file
96 * descriptor, the corresponding member is set to SSL_WRITING.
97 *
98 * - Otherwise, the member is set to SSL_NOTHING, indicating that the
99 * call completed successfully (or with an error) and that there is no
100 * need to block.
101 *
102 * These are needed because there is no way to ask OpenSSL what a data read
103 * or write would require without giving it a buffer to receive into or
104 * data to send, respectively. (Note that the SSL_want() status is
105 * overwritten by each SSL_read() or SSL_write() call, so we can't rely on
106 * its value.)
107 *
108 * A single call to SSL_read() or SSL_write() can perform both reading
109 * and writing and thus invalidate not one of these values but actually
110 * both. Consider this situation, for example:
111 *
112 * - SSL_write() blocks on a read, so tx_want gets SSL_READING.
113 *
114 * - SSL_read() laters succeeds reading from 'fd' and clears out the
115 * whole receive buffer, so rx_want gets SSL_READING.
116 *
117 * - Client calls stream_wait(STREAM_RECV) and stream_wait(STREAM_SEND)
118 * and blocks.
119 *
120 * - Now we're stuck blocking until the peer sends us data, even though
121 * SSL_write() could now succeed, which could easily be a deadlock
122 * condition.
123 *
124 * On the other hand, we can't reset both tx_want and rx_want on every call
125 * to SSL_read() or SSL_write(), because that would produce livelock,
126 * e.g. in this situation:
127 *
128 * - SSL_write() blocks, so tx_want gets SSL_READING or SSL_WRITING.
129 *
130 * - SSL_read() blocks, so rx_want gets SSL_READING or SSL_WRITING,
131 * but tx_want gets reset to SSL_NOTHING.
132 *
133 * - Client calls stream_wait(STREAM_RECV) and stream_wait(STREAM_SEND)
134 * and blocks.
135 *
136 * - Client wakes up immediately since SSL_NOTHING in tx_want indicates
137 * that no blocking is necessary.
138 *
139 * The solution we adopt here is to set tx_want to SSL_NOTHING after
140 * calling SSL_read() only if the SSL state of the connection changed,
141 * which indicates that an SSL-level renegotiation made some progress, and
142 * similarly for rx_want and SSL_write(). This prevents both the
143 * deadlock and livelock situations above.
144 */
145 int rx_want, tx_want;
146
147 /* A few bytes of header data in case SSL negotiation fails. */
148 uint8_t head[2];
149 short int n_head;
150 };
151
152 /* SSL context created by ssl_init(). */
153 static SSL_CTX *ctx;
154
155 struct ssl_config_file {
156 bool read; /* Whether the file was successfully read. */
157 char *file_name; /* Configured file name, if any. */
158 struct timespec mtime; /* File mtime as of last time we read it. */
159 };
160
161 /* SSL configuration files. */
162 static struct ssl_config_file private_key;
163 static struct ssl_config_file certificate;
164 static struct ssl_config_file ca_cert;
165 static char *ssl_protocols = "TLSv1,TLSv1.1,TLSv1.2";
166 static char *ssl_ciphers = "HIGH:!aNULL:!MD5";
167
168 /* Ordinarily, the SSL client and server verify each other's certificates using
169 * a CA certificate. Setting this to false disables this behavior. (This is a
170 * security risk.) */
171 static bool verify_peer_cert = true;
172
173 /* Ordinarily, we require a CA certificate for the peer to be locally
174 * available. We can, however, bootstrap the CA certificate from the peer at
175 * the beginning of our first connection then use that certificate on all
176 * subsequent connections, saving it to a file for use in future runs also. In
177 * this case, 'bootstrap_ca_cert' is true. */
178 static bool bootstrap_ca_cert;
179
180 /* Session number. Used in debug logging messages to uniquely identify a
181 * session. */
182 static unsigned int next_session_nr;
183
184 /* Who knows what can trigger various SSL errors, so let's throttle them down
185 * quite a bit. */
186 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 25);
187
188 static int ssl_init(void);
189 static int do_ssl_init(void);
190 static bool ssl_wants_io(int ssl_error);
191 static void ssl_close(struct stream *);
192 static void ssl_clear_txbuf(struct ssl_stream *);
193 static void interpret_queued_ssl_error(const char *function);
194 static int interpret_ssl_error(const char *function, int ret, int error,
195 int *want);
196 static DH *tmp_dh_callback(SSL *ssl, int is_export OVS_UNUSED, int keylength);
197 static void log_ca_cert(const char *file_name, X509 *cert);
198 static void stream_ssl_set_ca_cert_file__(const char *file_name,
199 bool bootstrap, bool force);
200 static void ssl_protocol_cb(int write_p, int version, int content_type,
201 const void *, size_t, SSL *, void *sslv_);
202 static bool update_ssl_config(struct ssl_config_file *, const char *file_name);
203 static int sock_errno(void);
204
205 static short int
206 want_to_poll_events(int want)
207 {
208 switch (want) {
209 case SSL_NOTHING:
210 OVS_NOT_REACHED();
211
212 case SSL_READING:
213 return POLLIN;
214
215 case SSL_WRITING:
216 return POLLOUT;
217
218 default:
219 OVS_NOT_REACHED();
220 }
221 }
222
223 static int
224 new_ssl_stream(const char *name, int fd, enum session_type type,
225 enum ssl_state state, struct stream **streamp)
226 {
227 struct ssl_stream *sslv;
228 SSL *ssl = NULL;
229 int retval;
230
231 /* Check for all the needful configuration. */
232 retval = 0;
233 if (!private_key.read) {
234 VLOG_ERR("Private key must be configured to use SSL");
235 retval = ENOPROTOOPT;
236 }
237 if (!certificate.read) {
238 VLOG_ERR("Certificate must be configured to use SSL");
239 retval = ENOPROTOOPT;
240 }
241 if (!ca_cert.read && verify_peer_cert && !bootstrap_ca_cert) {
242 VLOG_ERR("CA certificate must be configured to use SSL");
243 retval = ENOPROTOOPT;
244 }
245 if (!retval && !SSL_CTX_check_private_key(ctx)) {
246 VLOG_ERR("Private key does not match certificate public key: %s",
247 ERR_error_string(ERR_get_error(), NULL));
248 retval = ENOPROTOOPT;
249 }
250 if (retval) {
251 goto error;
252 }
253
254 /* Disable Nagle.
255 * On windows platforms, this can only be called upon TCP connected.
256 */
257 if (state == STATE_SSL_CONNECTING) {
258 setsockopt_tcp_nodelay(fd);
259 }
260
261 /* Create and configure OpenSSL stream. */
262 ssl = SSL_new(ctx);
263 if (ssl == NULL) {
264 VLOG_ERR("SSL_new: %s", ERR_error_string(ERR_get_error(), NULL));
265 retval = ENOPROTOOPT;
266 goto error;
267 }
268 if (SSL_set_fd(ssl, fd) == 0) {
269 VLOG_ERR("SSL_set_fd: %s", ERR_error_string(ERR_get_error(), NULL));
270 retval = ENOPROTOOPT;
271 goto error;
272 }
273 if (!verify_peer_cert || (bootstrap_ca_cert && type == CLIENT)) {
274 SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
275 }
276
277 /* Create and return the ssl_stream. */
278 sslv = xmalloc(sizeof *sslv);
279 stream_init(&sslv->stream, &ssl_stream_class, EAGAIN, name);
280 sslv->state = state;
281 sslv->type = type;
282 sslv->fd = fd;
283 sslv->ssl = ssl;
284 sslv->txbuf = NULL;
285 sslv->rx_want = sslv->tx_want = SSL_NOTHING;
286 sslv->session_nr = next_session_nr++;
287 sslv->n_head = 0;
288
289 if (VLOG_IS_DBG_ENABLED()) {
290 SSL_set_msg_callback(ssl, ssl_protocol_cb);
291 SSL_set_msg_callback_arg(ssl, sslv);
292 }
293
294 *streamp = &sslv->stream;
295 return 0;
296
297 error:
298 if (ssl) {
299 SSL_free(ssl);
300 }
301 closesocket(fd);
302 return retval;
303 }
304
305 static struct ssl_stream *
306 ssl_stream_cast(struct stream *stream)
307 {
308 stream_assert_class(stream, &ssl_stream_class);
309 return CONTAINER_OF(stream, struct ssl_stream, stream);
310 }
311
312 static int
313 ssl_open(const char *name, char *suffix, struct stream **streamp, uint8_t dscp)
314 {
315 int error, fd;
316
317 error = ssl_init();
318 if (error) {
319 return error;
320 }
321
322 error = inet_open_active(SOCK_STREAM, suffix, OFP_PORT, NULL, &fd,
323 dscp);
324 if (fd >= 0) {
325 int state = error ? STATE_TCP_CONNECTING : STATE_SSL_CONNECTING;
326 return new_ssl_stream(name, fd, CLIENT, state, streamp);
327 } else {
328 VLOG_ERR("%s: connect: %s", name, ovs_strerror(error));
329 return error;
330 }
331 }
332
333 static int
334 do_ca_cert_bootstrap(struct stream *stream)
335 {
336 struct ssl_stream *sslv = ssl_stream_cast(stream);
337 STACK_OF(X509) *chain;
338 X509 *cert;
339 FILE *file;
340 int error;
341 int fd;
342
343 chain = SSL_get_peer_cert_chain(sslv->ssl);
344 if (!chain || !sk_X509_num(chain)) {
345 VLOG_ERR("could not bootstrap CA cert: no certificate presented by "
346 "peer");
347 return EPROTO;
348 }
349 cert = sk_X509_value(chain, sk_X509_num(chain) - 1);
350
351 /* Check that 'cert' is self-signed. Otherwise it is not a CA
352 * certificate and we should not attempt to use it as one. */
353 error = X509_check_issued(cert, cert);
354 if (error) {
355 VLOG_ERR("could not bootstrap CA cert: obtained certificate is "
356 "not self-signed (%s)",
357 X509_verify_cert_error_string(error));
358 if (sk_X509_num(chain) < 2) {
359 VLOG_ERR("only one certificate was received, so probably the peer "
360 "is not configured to send its CA certificate");
361 }
362 return EPROTO;
363 }
364
365 fd = open(ca_cert.file_name, O_CREAT | O_EXCL | O_WRONLY, 0444);
366 if (fd < 0) {
367 if (errno == EEXIST) {
368 VLOG_INFO_RL(&rl, "reading CA cert %s created by another process",
369 ca_cert.file_name);
370 stream_ssl_set_ca_cert_file__(ca_cert.file_name, true, true);
371 return EPROTO;
372 } else {
373 VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s",
374 ca_cert.file_name, ovs_strerror(errno));
375 return errno;
376 }
377 }
378
379 file = fdopen(fd, "w");
380 if (!file) {
381 error = errno;
382 VLOG_ERR("could not bootstrap CA cert: fdopen failed: %s",
383 ovs_strerror(error));
384 unlink(ca_cert.file_name);
385 return error;
386 }
387
388 if (!PEM_write_X509(file, cert)) {
389 VLOG_ERR("could not bootstrap CA cert: PEM_write_X509 to %s failed: "
390 "%s", ca_cert.file_name,
391 ERR_error_string(ERR_get_error(), NULL));
392 fclose(file);
393 unlink(ca_cert.file_name);
394 return EIO;
395 }
396
397 if (fclose(file)) {
398 error = errno;
399 VLOG_ERR("could not bootstrap CA cert: writing %s failed: %s",
400 ca_cert.file_name, ovs_strerror(error));
401 unlink(ca_cert.file_name);
402 return error;
403 }
404
405 VLOG_INFO("successfully bootstrapped CA cert to %s", ca_cert.file_name);
406 log_ca_cert(ca_cert.file_name, cert);
407 bootstrap_ca_cert = false;
408 ca_cert.read = true;
409
410 /* SSL_CTX_add_client_CA makes a copy of cert's relevant data. */
411 SSL_CTX_add_client_CA(ctx, cert);
412
413 SSL_CTX_set_cert_store(ctx, X509_STORE_new());
414 if (SSL_CTX_load_verify_locations(ctx, ca_cert.file_name, NULL) != 1) {
415 VLOG_ERR("SSL_CTX_load_verify_locations: %s",
416 ERR_error_string(ERR_get_error(), NULL));
417 return EPROTO;
418 }
419 VLOG_INFO("killing successful connection to retry using CA cert");
420 return EPROTO;
421 }
422
423 static int
424 ssl_connect(struct stream *stream)
425 {
426 struct ssl_stream *sslv = ssl_stream_cast(stream);
427 int retval;
428
429 switch (sslv->state) {
430 case STATE_TCP_CONNECTING:
431 retval = check_connection_completion(sslv->fd);
432 if (retval) {
433 return retval;
434 }
435 sslv->state = STATE_SSL_CONNECTING;
436 setsockopt_tcp_nodelay(sslv->fd);
437 /* Fall through. */
438
439 case STATE_SSL_CONNECTING:
440 /* Capture the first few bytes of received data so that we can guess
441 * what kind of funny data we've been sent if SSL negotiation fails. */
442 if (sslv->n_head <= 0) {
443 sslv->n_head = recv(sslv->fd, sslv->head, sizeof sslv->head,
444 MSG_PEEK);
445 }
446
447 retval = (sslv->type == CLIENT
448 ? SSL_connect(sslv->ssl) : SSL_accept(sslv->ssl));
449 if (retval != 1) {
450 int error = SSL_get_error(sslv->ssl, retval);
451 if (retval < 0 && ssl_wants_io(error)) {
452 return EAGAIN;
453 } else {
454 int unused;
455
456 interpret_ssl_error((sslv->type == CLIENT ? "SSL_connect"
457 : "SSL_accept"), retval, error, &unused);
458 shutdown(sslv->fd, SHUT_RDWR);
459 stream_report_content(sslv->head, sslv->n_head, STREAM_SSL,
460 &this_module, stream_get_name(stream));
461 return EPROTO;
462 }
463 } else if (bootstrap_ca_cert) {
464 return do_ca_cert_bootstrap(stream);
465 } else if (verify_peer_cert
466 && ((SSL_get_verify_mode(sslv->ssl)
467 & (SSL_VERIFY_NONE | SSL_VERIFY_PEER))
468 != SSL_VERIFY_PEER)) {
469 /* Two or more SSL connections completed at the same time while we
470 * were in bootstrap mode. Only one of these can finish the
471 * bootstrap successfully. The other one(s) must be rejected
472 * because they were not verified against the bootstrapped CA
473 * certificate. (Alternatively we could verify them against the CA
474 * certificate, but that's more trouble than it's worth. These
475 * connections will succeed the next time they retry, assuming that
476 * they have a certificate against the correct CA.) */
477 VLOG_INFO("rejecting SSL connection during bootstrap race window");
478 return EPROTO;
479 } else {
480 return 0;
481 }
482 }
483
484 OVS_NOT_REACHED();
485 }
486
487 static void
488 ssl_close(struct stream *stream)
489 {
490 struct ssl_stream *sslv = ssl_stream_cast(stream);
491 ssl_clear_txbuf(sslv);
492
493 /* Attempt clean shutdown of the SSL connection. This will work most of
494 * the time, as long as the kernel send buffer has some free space and the
495 * SSL connection isn't renegotiating, etc. That has to be good enough,
496 * since we don't have any way to continue the close operation in the
497 * background. */
498 SSL_shutdown(sslv->ssl);
499
500 /* SSL_shutdown() might have signaled an error, in which case we need to
501 * flush it out of the OpenSSL error queue or the next OpenSSL operation
502 * will falsely signal an error. */
503 ERR_clear_error();
504
505 SSL_free(sslv->ssl);
506 closesocket(sslv->fd);
507 free(sslv);
508 }
509
510 static void
511 interpret_queued_ssl_error(const char *function)
512 {
513 int queued_error = ERR_get_error();
514 if (queued_error != 0) {
515 VLOG_WARN_RL(&rl, "%s: %s",
516 function, ERR_error_string(queued_error, NULL));
517 } else {
518 VLOG_ERR_RL(&rl, "%s: SSL_ERROR_SSL without queued error", function);
519 }
520 }
521
522 static int
523 interpret_ssl_error(const char *function, int ret, int error,
524 int *want)
525 {
526 *want = SSL_NOTHING;
527
528 switch (error) {
529 case SSL_ERROR_NONE:
530 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_NONE", function);
531 break;
532
533 case SSL_ERROR_ZERO_RETURN:
534 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_ZERO_RETURN", function);
535 break;
536
537 case SSL_ERROR_WANT_READ:
538 *want = SSL_READING;
539 return EAGAIN;
540
541 case SSL_ERROR_WANT_WRITE:
542 *want = SSL_WRITING;
543 return EAGAIN;
544
545 case SSL_ERROR_WANT_CONNECT:
546 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_CONNECT", function);
547 break;
548
549 case SSL_ERROR_WANT_ACCEPT:
550 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_ACCEPT", function);
551 break;
552
553 case SSL_ERROR_WANT_X509_LOOKUP:
554 VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_X509_LOOKUP",
555 function);
556 break;
557
558 case SSL_ERROR_SYSCALL: {
559 int queued_error = ERR_get_error();
560 if (queued_error == 0) {
561 if (ret < 0) {
562 int status = errno;
563 VLOG_WARN_RL(&rl, "%s: system error (%s)",
564 function, ovs_strerror(status));
565 return status;
566 } else {
567 VLOG_WARN_RL(&rl, "%s: unexpected SSL connection close",
568 function);
569 return EPROTO;
570 }
571 } else {
572 VLOG_WARN_RL(&rl, "%s: %s",
573 function, ERR_error_string(queued_error, NULL));
574 break;
575 }
576 }
577
578 case SSL_ERROR_SSL:
579 interpret_queued_ssl_error(function);
580 break;
581
582 default:
583 VLOG_ERR_RL(&rl, "%s: bad SSL error code %d", function, error);
584 break;
585 }
586 return EIO;
587 }
588
589 static ssize_t
590 ssl_recv(struct stream *stream, void *buffer, size_t n)
591 {
592 struct ssl_stream *sslv = ssl_stream_cast(stream);
593 int old_state;
594 ssize_t ret;
595
596 /* Behavior of zero-byte SSL_read is poorly defined. */
597 ovs_assert(n > 0);
598
599 old_state = SSL_get_state(sslv->ssl);
600 ret = SSL_read(sslv->ssl, buffer, n);
601 if (old_state != SSL_get_state(sslv->ssl)) {
602 sslv->tx_want = SSL_NOTHING;
603 }
604 sslv->rx_want = SSL_NOTHING;
605
606 if (ret > 0) {
607 return ret;
608 } else {
609 int error = SSL_get_error(sslv->ssl, ret);
610 if (error == SSL_ERROR_ZERO_RETURN) {
611 return 0;
612 } else {
613 return -interpret_ssl_error("SSL_read", ret, error,
614 &sslv->rx_want);
615 }
616 }
617 }
618
619 static void
620 ssl_clear_txbuf(struct ssl_stream *sslv)
621 {
622 ofpbuf_delete(sslv->txbuf);
623 sslv->txbuf = NULL;
624 }
625
626 static int
627 ssl_do_tx(struct stream *stream)
628 {
629 struct ssl_stream *sslv = ssl_stream_cast(stream);
630
631 for (;;) {
632 int old_state = SSL_get_state(sslv->ssl);
633 int ret = SSL_write(sslv->ssl, sslv->txbuf->data, sslv->txbuf->size);
634 if (old_state != SSL_get_state(sslv->ssl)) {
635 sslv->rx_want = SSL_NOTHING;
636 }
637 sslv->tx_want = SSL_NOTHING;
638 if (ret > 0) {
639 ofpbuf_pull(sslv->txbuf, ret);
640 if (sslv->txbuf->size == 0) {
641 return 0;
642 }
643 } else {
644 int ssl_error = SSL_get_error(sslv->ssl, ret);
645 if (ssl_error == SSL_ERROR_ZERO_RETURN) {
646 VLOG_WARN_RL(&rl, "SSL_write: connection closed");
647 return EPIPE;
648 } else {
649 return interpret_ssl_error("SSL_write", ret, ssl_error,
650 &sslv->tx_want);
651 }
652 }
653 }
654 }
655
656 static ssize_t
657 ssl_send(struct stream *stream, const void *buffer, size_t n)
658 {
659 struct ssl_stream *sslv = ssl_stream_cast(stream);
660
661 if (sslv->txbuf) {
662 return -EAGAIN;
663 } else {
664 int error;
665
666 sslv->txbuf = ofpbuf_clone_data(buffer, n);
667 error = ssl_do_tx(stream);
668 switch (error) {
669 case 0:
670 ssl_clear_txbuf(sslv);
671 return n;
672 case EAGAIN:
673 return n;
674 default:
675 ssl_clear_txbuf(sslv);
676 return -error;
677 }
678 }
679 }
680
681 static void
682 ssl_run(struct stream *stream)
683 {
684 struct ssl_stream *sslv = ssl_stream_cast(stream);
685
686 if (sslv->txbuf && ssl_do_tx(stream) != EAGAIN) {
687 ssl_clear_txbuf(sslv);
688 }
689 }
690
691 static void
692 ssl_run_wait(struct stream *stream)
693 {
694 struct ssl_stream *sslv = ssl_stream_cast(stream);
695
696 if (sslv->tx_want != SSL_NOTHING) {
697 poll_fd_wait(sslv->fd, want_to_poll_events(sslv->tx_want));
698 }
699 }
700
701 static void
702 ssl_wait(struct stream *stream, enum stream_wait_type wait)
703 {
704 struct ssl_stream *sslv = ssl_stream_cast(stream);
705
706 switch (wait) {
707 case STREAM_CONNECT:
708 if (stream_connect(stream) != EAGAIN) {
709 poll_immediate_wake();
710 } else {
711 switch (sslv->state) {
712 case STATE_TCP_CONNECTING:
713 poll_fd_wait(sslv->fd, POLLOUT);
714 break;
715
716 case STATE_SSL_CONNECTING:
717 /* ssl_connect() called SSL_accept() or SSL_connect(), which
718 * set up the status that we test here. */
719 poll_fd_wait(sslv->fd,
720 want_to_poll_events(SSL_want(sslv->ssl)));
721 break;
722
723 default:
724 OVS_NOT_REACHED();
725 }
726 }
727 break;
728
729 case STREAM_RECV:
730 if (sslv->rx_want != SSL_NOTHING) {
731 poll_fd_wait(sslv->fd, want_to_poll_events(sslv->rx_want));
732 } else {
733 poll_immediate_wake();
734 }
735 break;
736
737 case STREAM_SEND:
738 if (!sslv->txbuf) {
739 /* We have room in our tx queue. */
740 poll_immediate_wake();
741 } else {
742 /* stream_run_wait() will do the right thing; don't bother with
743 * redundancy. */
744 }
745 break;
746
747 default:
748 OVS_NOT_REACHED();
749 }
750 }
751
752 const struct stream_class ssl_stream_class = {
753 "ssl", /* name */
754 true, /* needs_probes */
755 ssl_open, /* open */
756 ssl_close, /* close */
757 ssl_connect, /* connect */
758 ssl_recv, /* recv */
759 ssl_send, /* send */
760 ssl_run, /* run */
761 ssl_run_wait, /* run_wait */
762 ssl_wait, /* wait */
763 };
764 \f
765 /* Passive SSL. */
766
767 struct pssl_pstream
768 {
769 struct pstream pstream;
770 int fd;
771 };
772
773 const struct pstream_class pssl_pstream_class;
774
775 static struct pssl_pstream *
776 pssl_pstream_cast(struct pstream *pstream)
777 {
778 pstream_assert_class(pstream, &pssl_pstream_class);
779 return CONTAINER_OF(pstream, struct pssl_pstream, pstream);
780 }
781
782 static int
783 pssl_open(const char *name OVS_UNUSED, char *suffix, struct pstream **pstreamp,
784 uint8_t dscp)
785 {
786 char bound_name[SS_NTOP_BUFSIZE + 16];
787 char addrbuf[SS_NTOP_BUFSIZE];
788 struct sockaddr_storage ss;
789 struct pssl_pstream *pssl;
790 uint16_t port;
791 int retval;
792 int fd;
793
794 retval = ssl_init();
795 if (retval) {
796 return retval;
797 }
798
799 fd = inet_open_passive(SOCK_STREAM, suffix, OFP_PORT, &ss, dscp, true);
800 if (fd < 0) {
801 return -fd;
802 }
803
804 port = ss_get_port(&ss);
805 snprintf(bound_name, sizeof bound_name, "pssl:%"PRIu16":%s",
806 port, ss_format_address(&ss, addrbuf, sizeof addrbuf));
807
808 pssl = xmalloc(sizeof *pssl);
809 pstream_init(&pssl->pstream, &pssl_pstream_class, bound_name);
810 pstream_set_bound_port(&pssl->pstream, htons(port));
811 pssl->fd = fd;
812 *pstreamp = &pssl->pstream;
813 return 0;
814 }
815
816 static void
817 pssl_close(struct pstream *pstream)
818 {
819 struct pssl_pstream *pssl = pssl_pstream_cast(pstream);
820 closesocket(pssl->fd);
821 free(pssl);
822 }
823
824 static int
825 pssl_accept(struct pstream *pstream, struct stream **new_streamp)
826 {
827 struct pssl_pstream *pssl = pssl_pstream_cast(pstream);
828 char name[SS_NTOP_BUFSIZE + 16];
829 char addrbuf[SS_NTOP_BUFSIZE];
830 struct sockaddr_storage ss;
831 socklen_t ss_len = sizeof ss;
832 int new_fd;
833 int error;
834
835 new_fd = accept(pssl->fd, (struct sockaddr *) &ss, &ss_len);
836 if (new_fd < 0) {
837 error = sock_errno();
838 #ifdef _WIN32
839 if (error == WSAEWOULDBLOCK) {
840 error = EAGAIN;
841 }
842 #endif
843 if (error != EAGAIN) {
844 VLOG_DBG_RL(&rl, "accept: %s", sock_strerror(error));
845 }
846 return error;
847 }
848
849 error = set_nonblocking(new_fd);
850 if (error) {
851 closesocket(new_fd);
852 return error;
853 }
854
855 snprintf(name, sizeof name, "ssl:%s:%"PRIu16,
856 ss_format_address(&ss, addrbuf, sizeof addrbuf),
857 ss_get_port(&ss));
858 return new_ssl_stream(name, new_fd, SERVER, STATE_SSL_CONNECTING,
859 new_streamp);
860 }
861
862 static void
863 pssl_wait(struct pstream *pstream)
864 {
865 struct pssl_pstream *pssl = pssl_pstream_cast(pstream);
866 poll_fd_wait(pssl->fd, POLLIN);
867 }
868
869 const struct pstream_class pssl_pstream_class = {
870 "pssl",
871 true,
872 pssl_open,
873 pssl_close,
874 pssl_accept,
875 pssl_wait,
876 };
877 \f
878 /*
879 * Returns true if OpenSSL error is WANT_READ or WANT_WRITE, indicating that
880 * OpenSSL is requesting that we call it back when the socket is ready for read
881 * or writing, respectively.
882 */
883 static bool
884 ssl_wants_io(int ssl_error)
885 {
886 return (ssl_error == SSL_ERROR_WANT_WRITE
887 || ssl_error == SSL_ERROR_WANT_READ);
888 }
889
890 static int
891 ssl_init(void)
892 {
893 static int init_status = -1;
894 if (init_status < 0) {
895 init_status = do_ssl_init();
896 ovs_assert(init_status >= 0);
897 }
898 return init_status;
899 }
900
901 static int
902 do_ssl_init(void)
903 {
904 SSL_METHOD *method;
905
906 #ifdef _WIN32
907 /* The following call is needed if we "#include <openssl/applink.c>". */
908 CRYPTO_malloc_init();
909 #endif
910 SSL_library_init();
911 SSL_load_error_strings();
912
913 if (!RAND_status()) {
914 /* We occasionally see OpenSSL fail to seed its random number generator
915 * in heavily loaded hypervisors. I suspect the following scenario:
916 *
917 * 1. OpenSSL calls read() to get 32 bytes from /dev/urandom.
918 * 2. The kernel generates 10 bytes of randomness and copies it out.
919 * 3. A signal arrives (perhaps SIGALRM).
920 * 4. The kernel interrupts the system call to service the signal.
921 * 5. Userspace gets 10 bytes of entropy.
922 * 6. OpenSSL doesn't read again to get the final 22 bytes. Therefore
923 * OpenSSL doesn't have enough entropy to consider itself
924 * initialized.
925 *
926 * The only part I'm not entirely sure about is #6, because the OpenSSL
927 * code is so hard to read. */
928 uint8_t seed[32];
929 int retval;
930
931 VLOG_WARN("OpenSSL random seeding failed, reseeding ourselves");
932
933 retval = get_entropy(seed, sizeof seed);
934 if (retval) {
935 VLOG_ERR("failed to obtain entropy (%s)",
936 ovs_retval_to_string(retval));
937 return retval > 0 ? retval : ENOPROTOOPT;
938 }
939
940 RAND_seed(seed, sizeof seed);
941 }
942
943 /* OpenSSL has a bunch of "connection methods": SSLv2_method(),
944 * SSLv3_method(), TLSv1_method(), SSLv23_method(), ... Most of these
945 * support exactly one version of SSL, e.g. TLSv1_method() supports TLSv1
946 * only, not any earlier *or later* version. The only exception is
947 * SSLv23_method(), which in fact supports *any* version of SSL and TLS.
948 * We don't want SSLv2 or SSLv3 support, so we turn it off below with
949 * SSL_CTX_set_options().
950 *
951 * The cast is needed to avoid a warning with newer versions of OpenSSL in
952 * which SSLv23_method() returns a "const" pointer. */
953 method = CONST_CAST(SSL_METHOD *, SSLv23_method());
954 if (method == NULL) {
955 VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL));
956 return ENOPROTOOPT;
957 }
958
959 ctx = SSL_CTX_new(method);
960 if (ctx == NULL) {
961 VLOG_ERR("SSL_CTX_new: %s", ERR_error_string(ERR_get_error(), NULL));
962 return ENOPROTOOPT;
963 }
964 SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
965 SSL_CTX_set_tmp_dh_callback(ctx, tmp_dh_callback);
966 SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
967 SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
968 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
969 NULL);
970 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
971 SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!MD5");
972
973 return 0;
974 }
975
976 static DH *
977 tmp_dh_callback(SSL *ssl OVS_UNUSED, int is_export OVS_UNUSED, int keylength)
978 {
979 struct dh {
980 int keylength;
981 DH *dh;
982 DH *(*constructor)(void);
983 };
984
985 static struct dh dh_table[] = {
986 {1024, NULL, get_dh1024},
987 {2048, NULL, get_dh2048},
988 {4096, NULL, get_dh4096},
989 };
990
991 struct dh *dh;
992
993 for (dh = dh_table; dh < &dh_table[ARRAY_SIZE(dh_table)]; dh++) {
994 if (dh->keylength == keylength) {
995 if (!dh->dh) {
996 dh->dh = dh->constructor();
997 if (!dh->dh) {
998 out_of_memory();
999 }
1000 }
1001 return dh->dh;
1002 }
1003 }
1004 VLOG_ERR_RL(&rl, "no Diffie-Hellman parameters for key length %d",
1005 keylength);
1006 return NULL;
1007 }
1008
1009 /* Returns true if SSL is at least partially configured. */
1010 bool
1011 stream_ssl_is_configured(void)
1012 {
1013 return private_key.file_name || certificate.file_name || ca_cert.file_name;
1014 }
1015
1016 static bool
1017 update_ssl_config(struct ssl_config_file *config, const char *file_name)
1018 {
1019 struct timespec mtime;
1020 int error;
1021
1022 if (ssl_init() || !file_name) {
1023 return false;
1024 }
1025
1026 /* If the file name hasn't changed and neither has the file contents, stop
1027 * here. */
1028 error = get_mtime(file_name, &mtime);
1029 if (error && error != ENOENT) {
1030 VLOG_ERR_RL(&rl, "%s: stat failed (%s)",
1031 file_name, ovs_strerror(error));
1032 }
1033 if (config->file_name
1034 && !strcmp(config->file_name, file_name)
1035 && mtime.tv_sec == config->mtime.tv_sec
1036 && mtime.tv_nsec == config->mtime.tv_nsec) {
1037 return false;
1038 }
1039
1040 /* Update 'config'. */
1041 config->mtime = mtime;
1042 if (file_name != config->file_name) {
1043 free(config->file_name);
1044 config->file_name = xstrdup(file_name);
1045 }
1046 return true;
1047 }
1048
1049 static void
1050 stream_ssl_set_private_key_file__(const char *file_name)
1051 {
1052 if (SSL_CTX_use_PrivateKey_file(ctx, file_name, SSL_FILETYPE_PEM) == 1) {
1053 private_key.read = true;
1054 } else {
1055 VLOG_ERR("SSL_use_PrivateKey_file: %s",
1056 ERR_error_string(ERR_get_error(), NULL));
1057 }
1058 }
1059
1060 void
1061 stream_ssl_set_private_key_file(const char *file_name)
1062 {
1063 if (update_ssl_config(&private_key, file_name)) {
1064 stream_ssl_set_private_key_file__(file_name);
1065 }
1066 }
1067
1068 static void
1069 stream_ssl_set_certificate_file__(const char *file_name)
1070 {
1071 if (SSL_CTX_use_certificate_file(ctx, file_name, SSL_FILETYPE_PEM) == 1) {
1072 certificate.read = true;
1073 } else {
1074 VLOG_ERR("SSL_use_certificate_file: %s",
1075 ERR_error_string(ERR_get_error(), NULL));
1076 }
1077 }
1078
1079 void
1080 stream_ssl_set_certificate_file(const char *file_name)
1081 {
1082 if (update_ssl_config(&certificate, file_name)) {
1083 stream_ssl_set_certificate_file__(file_name);
1084 }
1085 }
1086
1087 /* Sets the private key and certificate files in one operation. Use this
1088 * interface, instead of calling stream_ssl_set_private_key_file() and
1089 * stream_ssl_set_certificate_file() individually, in the main loop of a
1090 * long-running program whose key and certificate might change at runtime.
1091 *
1092 * This is important because of OpenSSL's behavior. If an OpenSSL context
1093 * already has a certificate, and stream_ssl_set_private_key_file() is called
1094 * to install a new private key, OpenSSL will report an error because the new
1095 * private key does not match the old certificate. The other order, of setting
1096 * a new certificate, then setting a new private key, does work.
1097 *
1098 * If this were the only problem, calling stream_ssl_set_certificate_file()
1099 * before stream_ssl_set_private_key_file() would fix it. But, if the private
1100 * key is changed before the certificate (e.g. someone "scp"s or "mv"s the new
1101 * private key in place before the certificate), then OpenSSL would reject that
1102 * change, and then the change of certificate would succeed, but there would be
1103 * no associated private key (because it had only changed once and therefore
1104 * there was no point in re-reading it).
1105 *
1106 * This function avoids both problems by, whenever either the certificate or
1107 * the private key file changes, re-reading both of them, in the correct order.
1108 */
1109 void
1110 stream_ssl_set_key_and_cert(const char *private_key_file,
1111 const char *certificate_file)
1112 {
1113 if (update_ssl_config(&private_key, private_key_file)
1114 || update_ssl_config(&certificate, certificate_file)) {
1115 stream_ssl_set_certificate_file__(certificate_file);
1116 stream_ssl_set_private_key_file__(private_key_file);
1117 }
1118 }
1119
1120 /* Sets SSL ciphers based on string input. Aborts with an error message
1121 * if 'arg' is invalid. */
1122 void
1123 stream_ssl_set_ciphers(const char *arg)
1124 {
1125 if (ssl_init() || !arg || !strcmp(ssl_ciphers, arg)) {
1126 return;
1127 }
1128 if (SSL_CTX_set_cipher_list(ctx,arg) == 0) {
1129 VLOG_ERR("SSL_CTX_set_cipher_list: %s",
1130 ERR_error_string(ERR_get_error(), NULL));
1131 }
1132 ssl_ciphers = xstrdup(arg);
1133 }
1134
1135 /* Set SSL protocols based on the string input. Aborts with an error message
1136 * if 'arg' is invalid. */
1137 void
1138 stream_ssl_set_protocols(const char *arg)
1139 {
1140 if (ssl_init() || !arg || !strcmp(arg, ssl_protocols)){
1141 return;
1142 }
1143
1144 /* Start with all the flags off and turn them on as requested. */
1145 long protocol_flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
1146 protocol_flags |= SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
1147
1148 char *s = xstrdup(arg);
1149 char *save_ptr = NULL;
1150 char *word = strtok_r(s, " ,\t", &save_ptr);
1151 if (word == NULL) {
1152 VLOG_ERR("SSL protocol settings invalid");
1153 goto exit;
1154 }
1155 while (word != NULL) {
1156 long on_flag;
1157 if (!strcasecmp(word, "TLSv1.2")){
1158 on_flag = SSL_OP_NO_TLSv1_2;
1159 } else if (!strcasecmp(word, "TLSv1.1")){
1160 on_flag = SSL_OP_NO_TLSv1_1;
1161 } else if (!strcasecmp(word, "TLSv1")){
1162 on_flag = SSL_OP_NO_TLSv1;
1163 } else {
1164 VLOG_ERR("%s: SSL protocol not recognized", word);
1165 goto exit;
1166 }
1167 /* Reverse the no flag and mask it out in the flags
1168 * to turn on that protocol. */
1169 protocol_flags &= ~on_flag;
1170 word = strtok_r(NULL, " ,\t", &save_ptr);
1171 };
1172
1173 /* Set the actual options. */
1174 SSL_CTX_set_options(ctx, protocol_flags);
1175
1176 ssl_protocols = xstrdup(arg);
1177
1178 exit:
1179 free(s);
1180 }
1181
1182 /* Reads the X509 certificate or certificates in file 'file_name'. On success,
1183 * stores the address of the first element in an array of pointers to
1184 * certificates in '*certs' and the number of certificates in the array in
1185 * '*n_certs', and returns 0. On failure, stores a null pointer in '*certs', 0
1186 * in '*n_certs', and returns a positive errno value.
1187 *
1188 * The caller is responsible for freeing '*certs'. */
1189 static int
1190 read_cert_file(const char *file_name, X509 ***certs, size_t *n_certs)
1191 {
1192 FILE *file;
1193 size_t allocated_certs = 0;
1194
1195 *certs = NULL;
1196 *n_certs = 0;
1197
1198 file = fopen(file_name, "r");
1199 if (!file) {
1200 VLOG_ERR("failed to open %s for reading: %s",
1201 file_name, ovs_strerror(errno));
1202 return errno;
1203 }
1204
1205 for (;;) {
1206 X509 *certificate;
1207 int c;
1208
1209 /* Read certificate from file. */
1210 certificate = PEM_read_X509(file, NULL, NULL, NULL);
1211 if (!certificate) {
1212 size_t i;
1213
1214 VLOG_ERR("PEM_read_X509 failed reading %s: %s",
1215 file_name, ERR_error_string(ERR_get_error(), NULL));
1216 for (i = 0; i < *n_certs; i++) {
1217 X509_free((*certs)[i]);
1218 }
1219 free(*certs);
1220 *certs = NULL;
1221 *n_certs = 0;
1222 fclose(file);
1223 return EIO;
1224 }
1225
1226 /* Add certificate to array. */
1227 if (*n_certs >= allocated_certs) {
1228 *certs = x2nrealloc(*certs, &allocated_certs, sizeof **certs);
1229 }
1230 (*certs)[(*n_certs)++] = certificate;
1231
1232 /* Are there additional certificates in the file? */
1233 do {
1234 c = getc(file);
1235 } while (isspace(c));
1236 if (c == EOF) {
1237 break;
1238 }
1239 ungetc(c, file);
1240 }
1241 fclose(file);
1242 return 0;
1243 }
1244
1245
1246 /* Sets 'file_name' as the name of a file containing one or more X509
1247 * certificates to send to the peer. Typical use in OpenFlow is to send the CA
1248 * certificate to the peer, which enables a switch to pick up the controller's
1249 * CA certificate on its first connection. */
1250 void
1251 stream_ssl_set_peer_ca_cert_file(const char *file_name)
1252 {
1253 X509 **certs;
1254 size_t n_certs;
1255 size_t i;
1256
1257 if (ssl_init()) {
1258 return;
1259 }
1260
1261 if (!read_cert_file(file_name, &certs, &n_certs)) {
1262 for (i = 0; i < n_certs; i++) {
1263 if (SSL_CTX_add_extra_chain_cert(ctx, certs[i]) != 1) {
1264 VLOG_ERR("SSL_CTX_add_extra_chain_cert: %s",
1265 ERR_error_string(ERR_get_error(), NULL));
1266 }
1267 }
1268 free(certs);
1269 }
1270 }
1271
1272 /* Logs fingerprint of CA certificate 'cert' obtained from 'file_name'. */
1273 static void
1274 log_ca_cert(const char *file_name, X509 *cert)
1275 {
1276 unsigned char digest[EVP_MAX_MD_SIZE];
1277 unsigned int n_bytes;
1278 struct ds fp;
1279 char *subject;
1280
1281 ds_init(&fp);
1282 if (!X509_digest(cert, EVP_sha1(), digest, &n_bytes)) {
1283 ds_put_cstr(&fp, "<out of memory>");
1284 } else {
1285 unsigned int i;
1286 for (i = 0; i < n_bytes; i++) {
1287 if (i) {
1288 ds_put_char(&fp, ':');
1289 }
1290 ds_put_format(&fp, "%02x", digest[i]);
1291 }
1292 }
1293 subject = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
1294 VLOG_INFO("Trusting CA cert from %s (%s) (fingerprint %s)", file_name,
1295 subject ? subject : "<out of memory>", ds_cstr(&fp));
1296 OPENSSL_free(subject);
1297 ds_destroy(&fp);
1298 }
1299
1300 static void
1301 stream_ssl_set_ca_cert_file__(const char *file_name,
1302 bool bootstrap, bool force)
1303 {
1304 struct stat s;
1305
1306 if (!update_ssl_config(&ca_cert, file_name) && !force) {
1307 return;
1308 }
1309
1310 if (!strcmp(file_name, "none")) {
1311 verify_peer_cert = false;
1312 VLOG_WARN("Peer certificate validation disabled "
1313 "(this is a security risk)");
1314 } else if (bootstrap && stat(file_name, &s) && errno == ENOENT) {
1315 bootstrap_ca_cert = true;
1316 } else {
1317 STACK_OF(X509_NAME) *cert_names = SSL_load_client_CA_file(file_name);
1318 if (cert_names) {
1319 /* Set up list of CAs that the server will accept from the
1320 * client. */
1321 SSL_CTX_set_client_CA_list(ctx, cert_names);
1322
1323 /* Set up CAs for OpenSSL to trust in verifying the peer's
1324 * certificate. */
1325 SSL_CTX_set_cert_store(ctx, X509_STORE_new());
1326 if (SSL_CTX_load_verify_locations(ctx, file_name, NULL) != 1) {
1327 VLOG_ERR("SSL_CTX_load_verify_locations: %s",
1328 ERR_error_string(ERR_get_error(), NULL));
1329 return;
1330 }
1331 bootstrap_ca_cert = false;
1332 } else {
1333 VLOG_ERR("failed to load client certificates from %s: %s",
1334 file_name, ERR_error_string(ERR_get_error(), NULL));
1335 }
1336 }
1337 ca_cert.read = true;
1338 }
1339
1340 /* Sets 'file_name' as the name of the file from which to read the CA
1341 * certificate used to verify the peer within SSL connections. If 'bootstrap'
1342 * is false, the file must exist. If 'bootstrap' is false, then the file is
1343 * read if it is exists; if it does not, then it will be created from the CA
1344 * certificate received from the peer on the first SSL connection. */
1345 void
1346 stream_ssl_set_ca_cert_file(const char *file_name, bool bootstrap)
1347 {
1348 stream_ssl_set_ca_cert_file__(file_name, bootstrap, false);
1349 }
1350 \f
1351 /* SSL protocol logging. */
1352
1353 static const char *
1354 ssl_alert_level_to_string(uint8_t type)
1355 {
1356 switch (type) {
1357 case 1: return "warning";
1358 case 2: return "fatal";
1359 default: return "<unknown>";
1360 }
1361 }
1362
1363 static const char *
1364 ssl_alert_description_to_string(uint8_t type)
1365 {
1366 switch (type) {
1367 case 0: return "close_notify";
1368 case 10: return "unexpected_message";
1369 case 20: return "bad_record_mac";
1370 case 21: return "decryption_failed";
1371 case 22: return "record_overflow";
1372 case 30: return "decompression_failure";
1373 case 40: return "handshake_failure";
1374 case 42: return "bad_certificate";
1375 case 43: return "unsupported_certificate";
1376 case 44: return "certificate_revoked";
1377 case 45: return "certificate_expired";
1378 case 46: return "certificate_unknown";
1379 case 47: return "illegal_parameter";
1380 case 48: return "unknown_ca";
1381 case 49: return "access_denied";
1382 case 50: return "decode_error";
1383 case 51: return "decrypt_error";
1384 case 60: return "export_restriction";
1385 case 70: return "protocol_version";
1386 case 71: return "insufficient_security";
1387 case 80: return "internal_error";
1388 case 90: return "user_canceled";
1389 case 100: return "no_renegotiation";
1390 default: return "<unknown>";
1391 }
1392 }
1393
1394 static const char *
1395 ssl_handshake_type_to_string(uint8_t type)
1396 {
1397 switch (type) {
1398 case 0: return "hello_request";
1399 case 1: return "client_hello";
1400 case 2: return "server_hello";
1401 case 11: return "certificate";
1402 case 12: return "server_key_exchange";
1403 case 13: return "certificate_request";
1404 case 14: return "server_hello_done";
1405 case 15: return "certificate_verify";
1406 case 16: return "client_key_exchange";
1407 case 20: return "finished";
1408 default: return "<unknown>";
1409 }
1410 }
1411
1412 static void
1413 ssl_protocol_cb(int write_p, int version OVS_UNUSED, int content_type,
1414 const void *buf_, size_t len, SSL *ssl OVS_UNUSED, void *sslv_)
1415 {
1416 const struct ssl_stream *sslv = sslv_;
1417 const uint8_t *buf = buf_;
1418 struct ds details;
1419
1420 if (!VLOG_IS_DBG_ENABLED()) {
1421 return;
1422 }
1423
1424 ds_init(&details);
1425 if (content_type == 20) {
1426 ds_put_cstr(&details, "change_cipher_spec");
1427 } else if (content_type == 21) {
1428 ds_put_format(&details, "alert: %s, %s",
1429 ssl_alert_level_to_string(buf[0]),
1430 ssl_alert_description_to_string(buf[1]));
1431 } else if (content_type == 22) {
1432 ds_put_format(&details, "handshake: %s",
1433 ssl_handshake_type_to_string(buf[0]));
1434 } else {
1435 ds_put_format(&details, "type %d", content_type);
1436 }
1437
1438 VLOG_DBG("%s%u%s%s %s (%"PRIuSIZE" bytes)",
1439 sslv->type == CLIENT ? "client" : "server",
1440 sslv->session_nr, write_p ? "-->" : "<--",
1441 stream_get_name(&sslv->stream), ds_cstr(&details), len);
1442
1443 ds_destroy(&details);
1444 }
openvswitch mirror