1 |
michael |
7105 |
/* |
2 |
|
|
* ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd) |
3 |
|
|
* |
4 |
michael |
7148 |
* Copyright (c) 2015 Attila Molnar <attilamolnar@hush.com> |
5 |
|
|
* Copyright (c) 2015 Adam <Adam@anope.org> |
6 |
michael |
9101 |
* Copyright (c) 2005-2020 ircd-hybrid development team |
7 |
michael |
7105 |
* |
8 |
|
|
* This program is free software; you can redistribute it and/or modify |
9 |
|
|
* it under the terms of the GNU General Public License as published by |
10 |
|
|
* the Free Software Foundation; either version 2 of the License, or |
11 |
|
|
* (at your option) any later version. |
12 |
|
|
* |
13 |
|
|
* This program is distributed in the hope that it will be useful, |
14 |
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 |
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 |
|
|
* GNU General Public License for more details. |
17 |
|
|
* |
18 |
|
|
* You should have received a copy of the GNU General Public License |
19 |
|
|
* along with this program; if not, write to the Free Software |
20 |
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 |
21 |
|
|
* USA |
22 |
|
|
*/ |
23 |
|
|
|
24 |
|
|
/*! \file tls_openssl.c |
25 |
|
|
* \brief Includes all OpenSSL-specific TLS functions |
26 |
|
|
* \version $Id$ |
27 |
|
|
*/ |
28 |
|
|
|
29 |
|
|
#include "stdinc.h" |
30 |
|
|
#include "tls.h" |
31 |
|
|
#include "conf.h" |
32 |
|
|
#include "log.h" |
33 |
michael |
7152 |
#include "misc.h" |
34 |
michael |
7105 |
#include "memory.h" |
35 |
|
|
|
36 |
|
|
#ifdef HAVE_TLS_OPENSSL |
37 |
michael |
9137 |
#if OPENSSL_VERSION_NUMBER < 0x1010100fL |
38 |
michael |
9131 |
#error "OpenSSL 1.1.1 and above is required to build this module" |
39 |
|
|
#endif |
40 |
michael |
7105 |
|
41 |
michael |
8664 |
static bool TLS_initialized; |
42 |
michael |
7271 |
|
43 |
michael |
7152 |
/* |
44 |
|
|
* report_crypto_errors - Dump crypto error list to log |
45 |
|
|
*/ |
46 |
|
|
static void |
47 |
|
|
report_crypto_errors(void) |
48 |
|
|
{ |
49 |
michael |
9137 |
unsigned long e; |
50 |
michael |
7152 |
|
51 |
|
|
while ((e = ERR_get_error())) |
52 |
|
|
ilog(LOG_TYPE_IRCD, "SSL error: %s", ERR_error_string(e, 0)); |
53 |
|
|
} |
54 |
|
|
|
55 |
michael |
7105 |
static int |
56 |
|
|
always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) |
57 |
|
|
{ |
58 |
|
|
return 1; |
59 |
|
|
} |
60 |
|
|
|
61 |
michael |
8664 |
bool |
62 |
michael |
7271 |
tls_is_initialized(void) |
63 |
|
|
{ |
64 |
|
|
return TLS_initialized; |
65 |
|
|
} |
66 |
|
|
|
67 |
michael |
7105 |
/* tls_init() |
68 |
|
|
* |
69 |
|
|
* inputs - nothing |
70 |
|
|
* output - nothing |
71 |
|
|
* side effects - setups SSL context. |
72 |
|
|
*/ |
73 |
|
|
void |
74 |
|
|
tls_init(void) |
75 |
|
|
{ |
76 |
michael |
9131 |
if ((ConfigServerInfo.tls_ctx.server_ctx = SSL_CTX_new(TLS_server_method())) == NULL) |
77 |
michael |
7105 |
{ |
78 |
|
|
const char *s = ERR_lib_error_string(ERR_get_error()); |
79 |
|
|
|
80 |
michael |
9131 |
ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the TLS server context -- %s", s); |
81 |
michael |
7105 |
exit(EXIT_FAILURE); |
82 |
|
|
return; /* Not reached */ |
83 |
|
|
} |
84 |
|
|
|
85 |
michael |
9131 |
SSL_CTX_set_min_proto_version(ConfigServerInfo.tls_ctx.server_ctx, TLS1_2_VERSION); |
86 |
|
|
SSL_CTX_set_options(ConfigServerInfo.tls_ctx.server_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE|SSL_OP_NO_TICKET); |
87 |
|
|
SSL_CTX_set_verify(ConfigServerInfo.tls_ctx.server_ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, always_accept_verify_cb); |
88 |
michael |
7105 |
SSL_CTX_set_session_cache_mode(ConfigServerInfo.tls_ctx.server_ctx, SSL_SESS_CACHE_OFF); |
89 |
|
|
SSL_CTX_set_cipher_list(ConfigServerInfo.tls_ctx.server_ctx, "EECDH+HIGH:EDH+HIGH:HIGH:!aNULL"); |
90 |
|
|
|
91 |
michael |
9131 |
if ((ConfigServerInfo.tls_ctx.client_ctx = SSL_CTX_new(TLS_client_method())) == NULL) |
92 |
michael |
7105 |
{ |
93 |
|
|
const char *s = ERR_lib_error_string(ERR_get_error()); |
94 |
|
|
|
95 |
michael |
9131 |
ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the TLS client context -- %s", s); |
96 |
michael |
7105 |
exit(EXIT_FAILURE); |
97 |
|
|
return; /* Not reached */ |
98 |
|
|
} |
99 |
|
|
|
100 |
michael |
9131 |
SSL_CTX_set_min_proto_version(ConfigServerInfo.tls_ctx.client_ctx, TLS1_2_VERSION); |
101 |
|
|
SSL_CTX_set_options(ConfigServerInfo.tls_ctx.client_ctx, SSL_OP_NO_TICKET); |
102 |
|
|
SSL_CTX_set_verify(ConfigServerInfo.tls_ctx.client_ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, always_accept_verify_cb); |
103 |
michael |
7105 |
SSL_CTX_set_session_cache_mode(ConfigServerInfo.tls_ctx.client_ctx, SSL_SESS_CACHE_OFF); |
104 |
|
|
} |
105 |
|
|
|
106 |
michael |
8664 |
bool |
107 |
michael |
7105 |
tls_new_cred(void) |
108 |
|
|
{ |
109 |
michael |
8664 |
TLS_initialized = false; |
110 |
michael |
7271 |
|
111 |
michael |
9145 |
if (!ConfigServerInfo.tls_certificate_file || !ConfigServerInfo.rsa_private_key_file) |
112 |
michael |
8664 |
return true; |
113 |
michael |
7105 |
|
114 |
michael |
9145 |
if (SSL_CTX_use_certificate_chain_file(ConfigServerInfo.tls_ctx.server_ctx, ConfigServerInfo.tls_certificate_file) <= 0 || |
115 |
|
|
SSL_CTX_use_certificate_chain_file(ConfigServerInfo.tls_ctx.client_ctx, ConfigServerInfo.tls_certificate_file) <= 0) |
116 |
michael |
7105 |
{ |
117 |
|
|
report_crypto_errors(); |
118 |
michael |
8664 |
return false; |
119 |
michael |
7105 |
} |
120 |
|
|
|
121 |
|
|
if (SSL_CTX_use_PrivateKey_file(ConfigServerInfo.tls_ctx.server_ctx, ConfigServerInfo.rsa_private_key_file, SSL_FILETYPE_PEM) <= 0 || |
122 |
|
|
SSL_CTX_use_PrivateKey_file(ConfigServerInfo.tls_ctx.client_ctx, ConfigServerInfo.rsa_private_key_file, SSL_FILETYPE_PEM) <= 0) |
123 |
|
|
{ |
124 |
|
|
report_crypto_errors(); |
125 |
michael |
8664 |
return false; |
126 |
michael |
7105 |
} |
127 |
|
|
|
128 |
|
|
if (!SSL_CTX_check_private_key(ConfigServerInfo.tls_ctx.server_ctx) || |
129 |
|
|
!SSL_CTX_check_private_key(ConfigServerInfo.tls_ctx.client_ctx)) |
130 |
|
|
{ |
131 |
|
|
report_crypto_errors(); |
132 |
michael |
8664 |
return false; |
133 |
michael |
7105 |
} |
134 |
|
|
|
135 |
michael |
9145 |
if (ConfigServerInfo.tls_dh_param_file) |
136 |
michael |
7105 |
{ |
137 |
michael |
9145 |
BIO *file = BIO_new_file(ConfigServerInfo.tls_dh_param_file, "r"); |
138 |
michael |
7105 |
|
139 |
|
|
if (file) |
140 |
|
|
{ |
141 |
|
|
DH *dh = PEM_read_bio_DHparams(file, NULL, NULL, NULL); |
142 |
|
|
|
143 |
|
|
BIO_free(file); |
144 |
|
|
|
145 |
|
|
if (dh) |
146 |
|
|
{ |
147 |
michael |
7387 |
SSL_CTX_set_tmp_dh(ConfigServerInfo.tls_ctx.server_ctx, dh); |
148 |
michael |
7105 |
DH_free(dh); |
149 |
|
|
} |
150 |
|
|
} |
151 |
|
|
else |
152 |
michael |
9145 |
ilog(LOG_TYPE_IRCD, "Ignoring serverinfo::tls_dh_param_file -- could not open/read Diffie-Hellman parameter file"); |
153 |
michael |
7105 |
} |
154 |
|
|
|
155 |
michael |
9145 |
if (ConfigServerInfo.tls_supported_groups == NULL) |
156 |
michael |
9143 |
SSL_CTX_set1_groups_list(ConfigServerInfo.tls_ctx.server_ctx, "X25519:P-256"); |
157 |
michael |
9145 |
else if (SSL_CTX_set1_groups_list(ConfigServerInfo.tls_ctx.server_ctx, ConfigServerInfo.tls_supported_groups) == 0) |
158 |
michael |
9143 |
{ |
159 |
michael |
9145 |
ilog(LOG_TYPE_IRCD, "Ignoring serverinfo::tls_supported_groups -- could not set supported group(s)"); |
160 |
michael |
9143 |
SSL_CTX_set1_groups_list(ConfigServerInfo.tls_ctx.server_ctx, "X25519:P-256"); |
161 |
|
|
} |
162 |
michael |
7105 |
|
163 |
michael |
9145 |
if (ConfigServerInfo.tls_message_digest_algorithm == NULL) |
164 |
michael |
7105 |
ConfigServerInfo.message_digest_algorithm = EVP_sha256(); |
165 |
|
|
else |
166 |
|
|
{ |
167 |
michael |
9145 |
ConfigServerInfo.message_digest_algorithm = EVP_get_digestbyname(ConfigServerInfo.tls_message_digest_algorithm); |
168 |
michael |
7124 |
|
169 |
michael |
7105 |
if (ConfigServerInfo.message_digest_algorithm == NULL) |
170 |
|
|
{ |
171 |
|
|
ConfigServerInfo.message_digest_algorithm = EVP_sha256(); |
172 |
michael |
9145 |
ilog(LOG_TYPE_IRCD, "Ignoring serverinfo::tls_message_digest_algorithm -- unknown message digest algorithm"); |
173 |
michael |
7105 |
} |
174 |
|
|
} |
175 |
|
|
|
176 |
michael |
9145 |
if (ConfigServerInfo.tls_cipher_list) |
177 |
|
|
if (SSL_CTX_set_cipher_list(ConfigServerInfo.tls_ctx.server_ctx, ConfigServerInfo.tls_cipher_list) == 0) |
178 |
|
|
ilog(LOG_TYPE_IRCD, "Ignoring serverinfo::tls_cipher_list -- could not set supported cipher(s)"); |
179 |
michael |
7190 |
|
180 |
michael |
9139 |
#ifndef LIBRESSL_VERSION_NUMBER |
181 |
|
|
if (ConfigServerInfo.tls_cipher_suites == NULL) |
182 |
michael |
9151 |
SSL_CTX_set_ciphersuites(ConfigServerInfo.tls_ctx.server_ctx, "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"); |
183 |
michael |
9139 |
else if (SSL_CTX_set_ciphersuites(ConfigServerInfo.tls_ctx.server_ctx, ConfigServerInfo.tls_cipher_suites) == 0) |
184 |
|
|
{ |
185 |
|
|
ilog(LOG_TYPE_IRCD, "Ignoring serverinfo::tls_cipher_suites -- could not set supported cipher suite(s)"); |
186 |
michael |
9151 |
SSL_CTX_set_ciphersuites(ConfigServerInfo.tls_ctx.server_ctx, "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"); |
187 |
michael |
9139 |
} |
188 |
|
|
#endif |
189 |
|
|
|
190 |
michael |
8664 |
TLS_initialized = true; |
191 |
|
|
return true; |
192 |
michael |
7105 |
} |
193 |
|
|
|
194 |
|
|
const char * |
195 |
|
|
tls_get_cipher(const tls_data_t *tls_data) |
196 |
|
|
{ |
197 |
|
|
static char buffer[IRCD_BUFSIZE]; |
198 |
|
|
SSL *ssl = *tls_data; |
199 |
|
|
|
200 |
michael |
9149 |
snprintf(buffer, sizeof(buffer), "%s-%s", SSL_get_version(ssl), SSL_get_cipher(ssl)); |
201 |
michael |
7105 |
return buffer; |
202 |
|
|
} |
203 |
|
|
|
204 |
michael |
7708 |
const char * |
205 |
|
|
tls_get_version(void) |
206 |
|
|
{ |
207 |
|
|
static char buf[IRCD_BUFSIZE]; |
208 |
|
|
|
209 |
|
|
snprintf(buf, sizeof(buf), "OpenSSL version: library: %s, header: %s", |
210 |
michael |
9131 |
OpenSSL_version(OPENSSL_VERSION), OPENSSL_VERSION_TEXT); |
211 |
michael |
7708 |
return buf; |
212 |
|
|
} |
213 |
|
|
|
214 |
michael |
8664 |
bool |
215 |
michael |
7105 |
tls_isusing(tls_data_t *tls_data) |
216 |
|
|
{ |
217 |
|
|
SSL *ssl = *tls_data; |
218 |
michael |
7124 |
return ssl != NULL; |
219 |
michael |
7105 |
} |
220 |
|
|
|
221 |
|
|
void |
222 |
|
|
tls_free(tls_data_t *tls_data) |
223 |
|
|
{ |
224 |
|
|
SSL_free(*tls_data); |
225 |
|
|
*tls_data = NULL; |
226 |
|
|
} |
227 |
|
|
|
228 |
michael |
8956 |
ssize_t |
229 |
michael |
8660 |
tls_read(tls_data_t *tls_data, char *buf, size_t bufsize, bool *want_write) |
230 |
michael |
7105 |
{ |
231 |
|
|
SSL *ssl = *tls_data; |
232 |
michael |
8956 |
ssize_t length = SSL_read(ssl, buf, bufsize); |
233 |
michael |
7105 |
|
234 |
|
|
/* Translate openssl error codes, sigh */ |
235 |
|
|
if (length < 0) |
236 |
|
|
{ |
237 |
|
|
switch (SSL_get_error(ssl, length)) |
238 |
|
|
{ |
239 |
|
|
case SSL_ERROR_WANT_WRITE: |
240 |
|
|
{ |
241 |
|
|
/* OpenSSL wants to write, we signal this to the caller and do nothing about that here */ |
242 |
michael |
8660 |
*want_write = true; |
243 |
michael |
7105 |
break; |
244 |
|
|
} |
245 |
|
|
case SSL_ERROR_WANT_READ: |
246 |
|
|
errno = EWOULDBLOCK; |
247 |
|
|
case SSL_ERROR_SYSCALL: |
248 |
|
|
break; |
249 |
|
|
case SSL_ERROR_SSL: |
250 |
|
|
if (errno == EAGAIN) |
251 |
|
|
break; |
252 |
|
|
/* Fall through */ |
253 |
|
|
default: |
254 |
|
|
length = errno = 0; |
255 |
|
|
} |
256 |
|
|
} |
257 |
|
|
|
258 |
|
|
return length; |
259 |
|
|
} |
260 |
|
|
|
261 |
michael |
8956 |
ssize_t |
262 |
michael |
8660 |
tls_write(tls_data_t *tls_data, const char *buf, size_t bufsize, bool *want_read) |
263 |
michael |
7105 |
{ |
264 |
|
|
SSL *ssl = *tls_data; |
265 |
michael |
8956 |
ssize_t retlen = SSL_write(ssl, buf, bufsize); |
266 |
michael |
7105 |
|
267 |
|
|
/* Translate openssl error codes, sigh */ |
268 |
|
|
if (retlen < 0) |
269 |
|
|
{ |
270 |
|
|
switch (SSL_get_error(ssl, retlen)) |
271 |
|
|
{ |
272 |
|
|
case SSL_ERROR_WANT_READ: |
273 |
michael |
8660 |
*want_read = true; |
274 |
michael |
7105 |
break; /* Retry later, don't register for write events */ |
275 |
|
|
case SSL_ERROR_WANT_WRITE: |
276 |
|
|
errno = EWOULDBLOCK; |
277 |
|
|
break; |
278 |
|
|
case SSL_ERROR_SYSCALL: |
279 |
|
|
break; |
280 |
|
|
case SSL_ERROR_SSL: |
281 |
|
|
if (errno == EAGAIN) |
282 |
|
|
break; |
283 |
|
|
/* Fall through */ |
284 |
|
|
default: |
285 |
|
|
retlen = errno = 0; /* Either an SSL-specific error or EOF */ |
286 |
|
|
} |
287 |
|
|
} |
288 |
|
|
|
289 |
|
|
return retlen; |
290 |
|
|
} |
291 |
|
|
|
292 |
|
|
void |
293 |
|
|
tls_shutdown(tls_data_t *tls_data) |
294 |
|
|
{ |
295 |
|
|
SSL *ssl = *tls_data; |
296 |
|
|
|
297 |
|
|
SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); |
298 |
|
|
|
299 |
michael |
9137 |
if (SSL_shutdown(ssl) == 0) |
300 |
michael |
7105 |
SSL_shutdown(ssl); |
301 |
|
|
} |
302 |
|
|
|
303 |
michael |
8664 |
bool |
304 |
michael |
7105 |
tls_new(tls_data_t *tls_data, int fd, tls_role_t role) |
305 |
|
|
{ |
306 |
|
|
SSL *ssl; |
307 |
|
|
|
308 |
michael |
8664 |
if (TLS_initialized == false) |
309 |
|
|
return false; |
310 |
michael |
7274 |
|
311 |
michael |
7105 |
if (role == TLS_ROLE_SERVER) |
312 |
|
|
ssl = SSL_new(ConfigServerInfo.tls_ctx.server_ctx); |
313 |
|
|
else |
314 |
|
|
ssl = SSL_new(ConfigServerInfo.tls_ctx.client_ctx); |
315 |
|
|
|
316 |
michael |
9137 |
if (ssl == NULL) |
317 |
michael |
7105 |
{ |
318 |
|
|
ilog(LOG_TYPE_IRCD, "SSL_new() ERROR! -- %s", |
319 |
|
|
ERR_error_string(ERR_get_error(), NULL)); |
320 |
michael |
8664 |
return false; |
321 |
michael |
7105 |
} |
322 |
|
|
|
323 |
|
|
*tls_data = ssl; |
324 |
|
|
SSL_set_fd(ssl, fd); |
325 |
michael |
8664 |
return true; |
326 |
michael |
7105 |
} |
327 |
|
|
|
328 |
michael |
8664 |
bool |
329 |
michael |
7105 |
tls_set_ciphers(tls_data_t *tls_data, const char *cipher_list) |
330 |
|
|
{ |
331 |
|
|
SSL_set_cipher_list(*tls_data, cipher_list); |
332 |
michael |
8664 |
return true; |
333 |
michael |
7105 |
} |
334 |
|
|
|
335 |
|
|
tls_handshake_status_t |
336 |
|
|
tls_handshake(tls_data_t *tls_data, tls_role_t role, const char **errstr) |
337 |
|
|
{ |
338 |
|
|
SSL *ssl = *tls_data; |
339 |
|
|
int ret; |
340 |
|
|
|
341 |
|
|
if (role == TLS_ROLE_SERVER) |
342 |
|
|
ret = SSL_accept(ssl); |
343 |
|
|
else |
344 |
|
|
ret = SSL_connect(ssl); |
345 |
|
|
|
346 |
|
|
if (ret > 0) |
347 |
|
|
return TLS_HANDSHAKE_DONE; |
348 |
|
|
|
349 |
|
|
switch (SSL_get_error(ssl, ret)) |
350 |
|
|
{ |
351 |
|
|
case SSL_ERROR_WANT_WRITE: |
352 |
|
|
return TLS_HANDSHAKE_WANT_WRITE; |
353 |
|
|
case SSL_ERROR_WANT_READ: |
354 |
|
|
return TLS_HANDSHAKE_WANT_READ; |
355 |
|
|
default: |
356 |
|
|
{ |
357 |
|
|
const char *error = ERR_error_string(ERR_get_error(), NULL); |
358 |
|
|
|
359 |
|
|
if (errstr) |
360 |
|
|
*errstr = error; |
361 |
|
|
|
362 |
|
|
return TLS_HANDSHAKE_ERROR; |
363 |
|
|
} |
364 |
|
|
} |
365 |
|
|
} |
366 |
|
|
|
367 |
michael |
8664 |
bool |
368 |
michael |
7142 |
tls_verify_cert(tls_data_t *tls_data, tls_md_t digest, char **fingerprint) |
369 |
michael |
7105 |
{ |
370 |
|
|
SSL *ssl = *tls_data; |
371 |
|
|
unsigned int n; |
372 |
|
|
char buf[EVP_MAX_MD_SIZE * 2 + 1]; |
373 |
|
|
unsigned char md[EVP_MAX_MD_SIZE]; |
374 |
michael |
8664 |
bool ret = false; |
375 |
michael |
7105 |
|
376 |
|
|
/* Accept NULL return from SSL_get_peer_certificate */ |
377 |
michael |
8961 |
X509 *cert = SSL_get_peer_certificate(ssl); |
378 |
|
|
if (cert == NULL) |
379 |
michael |
8664 |
return true; |
380 |
michael |
7105 |
|
381 |
michael |
8961 |
switch (SSL_get_verify_result(ssl)) |
382 |
michael |
7105 |
{ |
383 |
michael |
8961 |
case X509_V_OK: |
384 |
|
|
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: |
385 |
|
|
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: |
386 |
|
|
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: |
387 |
|
|
ret = true; |
388 |
michael |
7105 |
|
389 |
michael |
8961 |
if (X509_digest(cert, digest, md, &n)) |
390 |
|
|
{ |
391 |
|
|
binary_to_hex(md, buf, n); |
392 |
|
|
*fingerprint = xstrdup(buf); |
393 |
|
|
} |
394 |
|
|
default: |
395 |
|
|
break; |
396 |
michael |
7105 |
} |
397 |
|
|
|
398 |
|
|
X509_free(cert); |
399 |
|
|
return ret; |
400 |
|
|
} |
401 |
|
|
#endif /* HAVE_TLS_OPENSSL */ |