GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.sbin/smtpd/smtpd/../ssl.c Lines: 0 185 0.0 %
Date: 2017-11-13 Branches: 0 90 0.0 %

Line Branch Exec Source
1
/*	$OpenBSD: ssl.c,v 1.89 2017/05/17 14:00:06 deraadt Exp $	*/
2
3
/*
4
 * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
5
 * Copyright (c) 2008 Reyk Floeter <reyk@openbsd.org>
6
 * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org>
7
 *
8
 * Permission to use, copy, modify, and distribute this software for any
9
 * purpose with or without fee is hereby granted, provided that the above
10
 * copyright notice and this permission notice appear in all copies.
11
 *
12
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
 */
20
21
#include <sys/types.h>
22
#include <sys/queue.h>
23
#include <sys/tree.h>
24
#include <sys/socket.h>
25
#include <sys/stat.h>
26
27
#include <ctype.h>
28
#include <event.h>
29
#include <fcntl.h>
30
#include <imsg.h>
31
#include <limits.h>
32
#include <pwd.h>
33
#include <stdio.h>
34
#include <stdlib.h>
35
#include <string.h>
36
#include <unistd.h>
37
38
#include <openssl/ssl.h>
39
#include <openssl/engine.h>
40
#include <openssl/err.h>
41
#include <openssl/rsa.h>
42
#include <openssl/dh.h>
43
#include <openssl/bn.h>
44
45
#include "log.h"
46
#include "ssl.h"
47
48
void
49
ssl_init(void)
50
{
51
	static int	inited = 0;
52
53
	if (inited)
54
		return;
55
56
	SSL_library_init();
57
	SSL_load_error_strings();
58
59
	OpenSSL_add_all_algorithms();
60
61
	/* Init hardware crypto engines. */
62
	ENGINE_load_builtin_engines();
63
	ENGINE_register_all_complete();
64
	inited = 1;
65
}
66
67
int
68
ssl_setup(SSL_CTX **ctxp, struct pki *pki,
69
    int (*sni_cb)(SSL *,int *,void *), const char *ciphers)
70
{
71
	SSL_CTX	*ctx;
72
	uint8_t sid[SSL_MAX_SID_CTX_LENGTH];
73
74
	ctx = ssl_ctx_create(pki->pki_name, pki->pki_cert, pki->pki_cert_len, ciphers);
75
76
	/*
77
	 * Set session ID context to a random value.  We don't support
78
	 * persistent caching of sessions so it is OK to set a temporary
79
	 * session ID context that is valid during run time.
80
	 */
81
	arc4random_buf(sid, sizeof(sid));
82
	if (!SSL_CTX_set_session_id_context(ctx, sid, sizeof(sid)))
83
		goto err;
84
85
	if (sni_cb)
86
		SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb);
87
88
	SSL_CTX_set_dh_auto(ctx, pki->pki_dhe);
89
90
	SSL_CTX_set_ecdh_auto(ctx, 1);
91
92
	*ctxp = ctx;
93
	return 1;
94
95
err:
96
	SSL_CTX_free(ctx);
97
	ssl_error("ssl_setup");
98
	return 0;
99
}
100
101
char *
102
ssl_load_file(const char *name, off_t *len, mode_t perm)
103
{
104
	struct stat	 st;
105
	off_t		 size;
106
	char		*buf = NULL;
107
	int		 fd, saved_errno;
108
	char		 mode[12];
109
110
	if ((fd = open(name, O_RDONLY)) == -1)
111
		return (NULL);
112
	if (fstat(fd, &st) != 0)
113
		goto fail;
114
	if (st.st_uid != 0) {
115
		log_warnx("warn:  %s: not owned by uid 0", name);
116
		errno = EACCES;
117
		goto fail;
118
	}
119
	if (st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO) & ~perm) {
120
		strmode(perm, mode);
121
		log_warnx("warn:  %s: insecure permissions: must be at most %s",
122
		    name, &mode[1]);
123
		errno = EACCES;
124
		goto fail;
125
	}
126
	size = st.st_size;
127
	if ((buf = calloc(1, size + 1)) == NULL)
128
		goto fail;
129
	if (read(fd, buf, size) != size)
130
		goto fail;
131
	close(fd);
132
133
	*len = size + 1;
134
	return (buf);
135
136
fail:
137
	free(buf);
138
	saved_errno = errno;
139
	close(fd);
140
	errno = saved_errno;
141
	return (NULL);
142
}
143
144
#if 0
145
static int
146
ssl_password_cb(char *buf, int size, int rwflag, void *u)
147
{
148
	size_t	len;
149
	if (u == NULL) {
150
		explicit_bzero(buf, size);
151
		return (0);
152
	}
153
	if ((len = strlcpy(buf, u, size)) >= (size_t)size)
154
		return (0);
155
	return (len);
156
}
157
#endif
158
159
static int
160
ssl_password_cb(char *buf, int size, int rwflag, void *u)
161
{
162
	int	ret = 0;
163
	size_t	len;
164
	char	*pass;
165
166
	pass = getpass((const char *)u);
167
	if (pass == NULL)
168
		return 0;
169
	len = strlen(pass);
170
	if (strlcpy(buf, pass, size) >= (size_t)size)
171
		goto end;
172
	ret = len;
173
end:
174
	if (len)
175
		explicit_bzero(pass, len);
176
	return ret;
177
}
178
179
char *
180
ssl_load_key(const char *name, off_t *len, char *pass, mode_t perm, const char *pkiname)
181
{
182
	FILE		*fp = NULL;
183
	EVP_PKEY	*key = NULL;
184
	BIO		*bio = NULL;
185
	long		 size;
186
	char		*data, *buf = NULL;
187
	struct stat	 st;
188
	char		 mode[12];
189
	char		 prompt[2048];
190
191
	/* Initialize SSL library once */
192
	ssl_init();
193
194
	/*
195
	 * Read (possibly) encrypted key from file
196
	 */
197
	if ((fp = fopen(name, "r")) == NULL)
198
		return (NULL);
199
200
	if (fstat(fileno(fp), &st) != 0)
201
		goto fail;
202
	if (st.st_uid != 0) {
203
		log_warnx("warn:  %s: not owned by uid 0", name);
204
		errno = EACCES;
205
		goto fail;
206
	}
207
	if (st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO) & ~perm) {
208
		strmode(perm, mode);
209
		log_warnx("warn:  %s: insecure permissions: must be at most %s",
210
		    name, &mode[1]);
211
		errno = EACCES;
212
		goto fail;
213
	}
214
215
	(void)snprintf(prompt, sizeof prompt, "passphrase for %s: ", pkiname);
216
	key = PEM_read_PrivateKey(fp, NULL, ssl_password_cb, prompt);
217
	fclose(fp);
218
	fp = NULL;
219
	if (key == NULL)
220
		goto fail;
221
	/*
222
	 * Write unencrypted key to memory buffer
223
	 */
224
	if ((bio = BIO_new(BIO_s_mem())) == NULL)
225
		goto fail;
226
	if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL))
227
		goto fail;
228
	if ((size = BIO_get_mem_data(bio, &data)) <= 0)
229
		goto fail;
230
	if ((buf = calloc(1, size + 1)) == NULL)
231
		goto fail;
232
	memcpy(buf, data, size);
233
234
	BIO_free_all(bio);
235
	EVP_PKEY_free(key);
236
237
	*len = (off_t)size + 1;
238
	return (buf);
239
240
fail:
241
	ssl_error("ssl_load_key");
242
	free(buf);
243
	BIO_free_all(bio);
244
	EVP_PKEY_free(key);
245
	if (fp)
246
		fclose(fp);
247
	return (NULL);
248
}
249
250
SSL_CTX *
251
ssl_ctx_create(const char *pkiname, char *cert, off_t cert_len, const char *ciphers)
252
{
253
	SSL_CTX	*ctx;
254
	size_t	 pkinamelen = 0;
255
256
	ctx = SSL_CTX_new(SSLv23_method());
257
	if (ctx == NULL) {
258
		ssl_error("ssl_ctx_create");
259
		fatal("ssl_ctx_create: could not create SSL context");
260
	}
261
262
	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
263
	SSL_CTX_set_timeout(ctx, SSL_SESSION_TIMEOUT);
264
	SSL_CTX_set_options(ctx,
265
	    SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TICKET);
266
	SSL_CTX_set_options(ctx,
267
	    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
268
	SSL_CTX_set_options(ctx, SSL_OP_NO_CLIENT_RENEGOTIATION);
269
	SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
270
271
	if (ciphers == NULL)
272
		ciphers = SSL_CIPHERS;
273
	if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
274
		ssl_error("ssl_ctx_create");
275
		fatal("ssl_ctx_create: could not set cipher list");
276
	}
277
278
	if (cert != NULL) {
279
		if (pkiname != NULL)
280
			pkinamelen = strlen(pkiname) + 1;
281
		if (!SSL_CTX_use_certificate_chain_mem(ctx, cert, cert_len)) {
282
			ssl_error("ssl_ctx_create");
283
			fatal("ssl_ctx_create: invalid certificate chain");
284
		} else if (!ssl_ctx_fake_private_key(ctx,
285
		    pkiname, pkinamelen, cert, cert_len, NULL, NULL)) {
286
			ssl_error("ssl_ctx_create");
287
			fatal("ssl_ctx_create: could not fake private key");
288
		} else if (!SSL_CTX_check_private_key(ctx)) {
289
			ssl_error("ssl_ctx_create");
290
			fatal("ssl_ctx_create: invalid private key");
291
		}
292
	}
293
294
	return (ctx);
295
}
296
297
int
298
ssl_load_certificate(struct pki *p, const char *pathname)
299
{
300
	p->pki_cert = ssl_load_file(pathname, &p->pki_cert_len, 0755);
301
	if (p->pki_cert == NULL)
302
		return 0;
303
	return 1;
304
}
305
306
int
307
ssl_load_keyfile(struct pki *p, const char *pathname, const char *pkiname)
308
{
309
	char	pass[1024];
310
311
	p->pki_key = ssl_load_key(pathname, &p->pki_key_len, pass, 0740, pkiname);
312
	if (p->pki_key == NULL)
313
		return 0;
314
	return 1;
315
}
316
317
int
318
ssl_load_cafile(struct ca *c, const char *pathname)
319
{
320
	c->ca_cert = ssl_load_file(pathname, &c->ca_cert_len, 0755);
321
	if (c->ca_cert == NULL)
322
		return 0;
323
	return 1;
324
}
325
326
const char *
327
ssl_to_text(const SSL *ssl)
328
{
329
	static char buf[256];
330
331
	(void)snprintf(buf, sizeof buf, "version=%s, cipher=%s, bits=%d",
332
	    SSL_get_version(ssl),
333
	    SSL_get_cipher_name(ssl),
334
	    SSL_get_cipher_bits(ssl, NULL));
335
336
	return (buf);
337
}
338
339
void
340
ssl_error(const char *where)
341
{
342
	unsigned long	code;
343
	char		errbuf[128];
344
345
	for (; (code = ERR_get_error()) != 0 ;) {
346
		ERR_error_string_n(code, errbuf, sizeof(errbuf));
347
		log_debug("debug: SSL library error: %s: %s", where, errbuf);
348
	}
349
}
350
351
int
352
ssl_load_pkey(const void *data, size_t datalen, char *buf, off_t len,
353
    X509 **x509ptr, EVP_PKEY **pkeyptr)
354
{
355
	BIO		*in;
356
	X509		*x509 = NULL;
357
	EVP_PKEY	*pkey = NULL;
358
	RSA		*rsa = NULL;
359
	void		*exdata = NULL;
360
361
	if ((in = BIO_new_mem_buf(buf, len)) == NULL) {
362
		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_BUF_LIB);
363
		return (0);
364
	}
365
366
	if ((x509 = PEM_read_bio_X509(in, NULL,
367
	    ssl_password_cb, NULL)) == NULL) {
368
		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PEM_LIB);
369
		goto fail;
370
	}
371
372
	if ((pkey = X509_get_pubkey(x509)) == NULL) {
373
		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_X509_LIB);
374
		goto fail;
375
	}
376
377
	BIO_free(in);
378
	in = NULL;
379
380
	if (data != NULL && datalen) {
381
		if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL ||
382
		    (exdata = malloc(datalen)) == NULL) {
383
			SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_EVP_LIB);
384
			goto fail;
385
		}
386
387
		memcpy(exdata, data, datalen);
388
		RSA_set_ex_data(rsa, 0, exdata);
389
		RSA_free(rsa); /* dereference, will be cleaned up with pkey */
390
	}
391
392
	*x509ptr = x509;
393
	*pkeyptr = pkey;
394
395
	return (1);
396
397
 fail:
398
	RSA_free(rsa);
399
	BIO_free(in);
400
	EVP_PKEY_free(pkey);
401
	X509_free(x509);
402
	free(exdata);
403
404
	return (0);
405
}
406
407
int
408
ssl_ctx_fake_private_key(SSL_CTX *ctx, const void *data, size_t datalen,
409
    char *buf, off_t len, X509 **x509ptr, EVP_PKEY **pkeyptr)
410
{
411
	int		 ret = 0;
412
	EVP_PKEY	*pkey = NULL;
413
	X509		*x509 = NULL;
414
415
	if (!ssl_load_pkey(data, datalen, buf, len, &x509, &pkey))
416
		return (0);
417
418
	/*
419
	 * Use the public key as the "private" key - the secret key
420
	 * parameters are hidden in an extra process that will be
421
	 * contacted by the RSA engine.  The SSL/TLS library needs at
422
	 * least the public key parameters in the current process.
423
	 */
424
	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
425
	if (!ret)
426
		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SSL_LIB);
427
428
	if (pkeyptr != NULL)
429
		*pkeyptr = pkey;
430
	else
431
		EVP_PKEY_free(pkey);
432
433
	if (x509ptr != NULL)
434
		*x509ptr = x509;
435
	else
436
		X509_free(x509);
437
438
	return (ret);
439
}