int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
int min_proto_version, int max_proto_version,
SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
char *privkeyfile)
{
SSL_CTX *serverctx = NULL;
SSL_CTX *clientctx = NULL;
if (!TEST_ptr(serverctx = SSL_CTX_new(sm))
|| (cctx != NULL && !TEST_ptr(clientctx = SSL_CTX_new(cm))))
goto err;
if ((min_proto_version > 0
&& !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
min_proto_version)))
|| (max_proto_version > 0
&& !TEST_true(SSL_CTX_set_max_proto_version(serverctx,
max_proto_version))))
goto err;
if (clientctx != NULL
&& ((min_proto_version > 0
&& !TEST_true(SSL_CTX_set_min_proto_version(clientctx,
min_proto_version)))
|| (max_proto_version > 0
&& !TEST_true(SSL_CTX_set_max_proto_version(clientctx,
max_proto_version)))))
goto err;
if (certfile != NULL && privkeyfile != NULL) {
if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile,
SSL_FILETYPE_PEM), 1)
|| !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx,
privkeyfile,
SSL_FILETYPE_PEM), 1)
|| !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1))
goto err;
}
#ifndef OPENSSL_NO_DH
SSL_CTX_set_dh_auto(serverctx, 1);
#endif
*sctx = serverctx;
if (cctx != NULL)
*cctx = clientctx;
return 1;
err:
SSL_CTX_free(serverctx);
SSL_CTX_free(clientctx);
return 0;
}
///
/// Sets the minimum SSL protocol version given a version string
///
/// If None, no change will be made to the SSL context. If version string is invalid or unsupported
/// in this build (see SSL_PROTOCOLS), an error is logged to offer guidance on fixing the problem.
///
/// @param[in,out] ssl_ctx SSL context
/// @param[in] min_version Name of minimum required SSL protocol version, or "None"
/// @returns 1 if successful, otherwise 0
///
int
set_ssl_ctx_min_version(SSL_CTX * ssl_ctx, const char *min_version)
{
int min_version_num = ssl_protocol_from_string(min_version);
switch (min_version_num) {
case 0:
// None specified, no changes needed
return 1;
case -1:
log_status("ERROR: Unknown ssl_min_protocol_version '%s'. Specify one of: %s",
min_version, SSL_KNOWN_PROTOCOLS);
fprintf(stderr,
"ERROR: Unknown ssl_min_protocol_version '%s'. Specify one of: %s\n",
min_version, SSL_KNOWN_PROTOCOLS);
return 0;
case SSL_UNSUPPORTED_PROTOCOL:
log_status("ERROR: ssl_min_protocol_version '%s' not supported by the SSL library "
"in this build. Specify one of: %s",
min_version, SSL_KNOWN_PROTOCOLS);
fprintf(stderr,
"ERROR: ssl_min_protocol_version '%s' not supported by the SSL library "
"in this build. Specify one of: %s\n",
min_version, SSL_KNOWN_PROTOCOLS);
return 0;
default:
log_status("Requiring SSL protocol version '%s' or higher for encrypted connections",
min_version);
#if defined(SSL_CTX_set_min_proto_version)
// Added in OpenSSL >= 1.1.0
// See: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_min_proto_version.html
return SSL_CTX_set_min_proto_version(ssl_ctx, min_version_num);
#elif defined(SSL_CTX_set_options)
// Easy way not implemented, manually turn off protocols to match the minimum version.
// FB_*_VERSION macros are guaranteed to be defined regardless of OpenSSL version,
// either as a real version or SSL_UNSUPPORTED_PROTOCOL, which will never be greater
// than min_version_num.
if (min_version_num > FB_SSL3_VERSION)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
if (min_version_num > FB_TLS1_VERSION)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
if (min_version_num > FB_TLS1_1_VERSION)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
if (min_version_num > FB_TLS1_2_VERSION)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
// No need to add newer versions as OpenSSL >= 1.1.0 supports the much-nicer
// SSL_CTX_set_min_proto_version - see above
return 1;
#else
// A minimum version was requested, but the SSL library doesn't support specifying that.
// Error out with some advice.
log_status("ERROR: specifying ssl_min_protocol_version is not supported by the SSL "
"library used in this build. Set to 'None', or maybe use OpenSSL?");
fprintf(stderr,
"specifying ssl_min_protocol_version is not supported by the SSL "
"library used in this build. Set to 'None', or maybe use OpenSSL?\n");
return 0;
#endif
}
}
static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL;
SSL *serverssl2 = NULL, *clientssl2 = NULL;
#ifndef OPENSSL_NO_TLS1_1
SSL *serverssl3 = NULL, *clientssl3 = NULL;
#endif
SSL_SESSION *sess1 = NULL, *sess2 = NULL;
int testresult = 0;
if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
&cctx, cert, privkey)) {
printf("Unable to create SSL_CTX pair\n");
return 0;
}
#ifndef OPENSSL_NO_TLS1_2
/* Only allow TLS1.2 so we can force a connection failure later */
SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION);
#endif
/* Set up session cache */
if (fix.use_ext_cache) {
SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
}
if (fix.use_int_cache) {
/* Also covers instance where both are set */
SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
} else {
SSL_CTX_set_session_cache_mode(cctx,
SSL_SESS_CACHE_CLIENT
| SSL_SESS_CACHE_NO_INTERNAL_STORE);
}
if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL,
NULL)) {
printf("Unable to create SSL objects\n");
goto end;
}
if (!create_ssl_connection(serverssl1, clientssl1)) {
printf("Unable to create SSL connection\n");
goto end;
}
sess1 = SSL_get1_session(clientssl1);
if (sess1 == NULL) {
printf("Unexpected NULL session\n");
goto end;
}
if (fix.use_int_cache && SSL_CTX_add_session(cctx, sess1)) {
/* Should have failed because it should already be in the cache */
printf("Unexpected success adding session to cache\n");
goto end;
}
if (fix.use_ext_cache && (new_called != 1 || remove_called != 0)) {
printf("Session not added to cache\n");
goto end;
}
if (!create_ssl_objects(sctx, cctx, &serverssl2, &clientssl2, NULL, NULL)) {
printf("Unable to create second SSL objects\n");
goto end;
}
if (!create_ssl_connection(serverssl2, clientssl2)) {
printf("Unable to create second SSL connection\n");
goto end;
}
sess2 = SSL_get1_session(clientssl2);
if (sess2 == NULL) {
printf("Unexpected NULL session from clientssl2\n");
goto end;
}
if (fix.use_ext_cache && (new_called != 2 || remove_called != 0)) {
printf("Remove session callback unexpectedly called\n");
goto end;
}
/*
* This should clear sess2 from the cache because it is a "bad" session. See
* SSL_set_session() documentation.
*/
if (!SSL_set_session(clientssl2, sess1)) {
printf("Unexpected failure setting session\n");
goto end;
}
if (fix.use_ext_cache && (new_called != 2 || remove_called != 1)) {
printf("Failed to call callback to remove session\n");
goto end;
}
if (SSL_get_session(clientssl2) != sess1) {
printf("Unexpected session found\n");
goto end;
}
if (fix.use_int_cache) {
if (!SSL_CTX_add_session(cctx, sess2)) {
/*
* Should have succeeded because it should not already be in the cache
*/
printf("Unexpected failure adding session to cache\n");
goto end;
}
if (!SSL_CTX_remove_session(cctx, sess2)) {
printf("Unexpected failure removing session from cache\n");
goto end;
}
/* This is for the purposes of internal cache testing...ignore the
* counter for external cache
*/
if (fix.use_ext_cache)
remove_called--;
}
/* This shouldn't be in the cache so should fail */
if (SSL_CTX_remove_session(cctx, sess2)) {
printf("Unexpected success removing session from cache\n");
goto end;
}
if (fix.use_ext_cache && (new_called != 2 || remove_called != 2)) {
printf("Failed to call callback to remove session #2\n");
goto end;
}
#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
/* Force a connection failure */
SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
if (!create_ssl_objects(sctx, cctx, &serverssl3, &clientssl3, NULL, NULL)) {
printf("Unable to create third SSL objects\n");
goto end;
}
if (!SSL_set_session(clientssl3, sess1)) {
printf("Unable to set session for third connection\n");
goto end;
}
/* This should fail because of the mismatched protocol versions */
if (create_ssl_connection(serverssl3, clientssl3)) {
printf("Unable to create third SSL connection\n");
goto end;
}
/* We should have automatically removed the session from the cache */
if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) {
printf("Failed to call callback to remove session #2\n");
goto end;
}
if (fix.use_int_cache && !SSL_CTX_add_session(cctx, sess2)) {
/*
* Should have succeeded because it should not already be in the cache
*/
printf("Unexpected failure adding session to cache #2\n");
goto end;
}
#endif
testresult = 1;
end:
SSL_free(serverssl1);
SSL_free(clientssl1);
SSL_free(serverssl2);
SSL_free(clientssl2);
#ifndef OPENSSL_NO_TLS1_1
SSL_free(serverssl3);
SSL_free(clientssl3);
#endif
SSL_SESSION_free(sess1);
SSL_SESSION_free(sess2);
/*
* Check if we need to remove any sessions up-refed for the external cache
*/
if (new_called >= 1)
SSL_SESSION_free(sess1);
if (new_called >= 2)
SSL_SESSION_free(sess2);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd)
{
STACK_OF(SSL_CIPHER) *ciphers;
method_const SSL_METHOD *dtls_method;
SSL_SESSION *dtls_session;
SSL *dtls_ssl;
BIO *dtls_bio;
int dtlsver = DTLS1_BAD_VER;
const char *cipher = vpninfo->dtls_cipher;
#ifdef HAVE_DTLS12
if (!strcmp(cipher, "OC-DTLS1_2-AES128-GCM")) {
dtlsver = DTLS1_2_VERSION;
cipher = "AES128-GCM-SHA256";
} else if (!strcmp(cipher, "OC-DTLS1_2-AES256-GCM")) {
dtlsver = DTLS1_2_VERSION;
cipher = "AES256-GCM-SHA384";
#ifndef OPENSSL_NO_PSK
} else if (!strcmp(cipher, "PSK-NEGOTIATE")) {
dtlsver = 0; /* Let it negotiate */
#endif
}
#endif
if (!vpninfo->dtls_ctx) {
#ifdef HAVE_DTLS12
dtls_method = DTLS_client_method();
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
if (dtlsver == DTLS1_BAD_VER)
dtls_method = DTLSv1_client_method();
#ifdef HAVE_DTLS12
else if (dtlsver == DTLS1_2_VERSION)
dtls_method = DTLSv1_2_client_method();
#endif
#endif
vpninfo->dtls_ctx = SSL_CTX_new(dtls_method);
if (!vpninfo->dtls_ctx) {
vpn_progress(vpninfo, PRG_ERR,
_("Initialise DTLSv1 CTX failed\n"));
openconnect_report_ssl_errors(vpninfo);
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
if (dtlsver) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
if (dtlsver == DTLS1_BAD_VER)
SSL_CTX_set_options(vpninfo->dtls_ctx, SSL_OP_CISCO_ANYCONNECT);
#else
if (!SSL_CTX_set_min_proto_version(vpninfo->dtls_ctx, dtlsver) ||
!SSL_CTX_set_max_proto_version(vpninfo->dtls_ctx, dtlsver)) {
vpn_progress(vpninfo, PRG_ERR,
_("Set DTLS CTX version failed\n"));
openconnect_report_ssl_errors(vpninfo);
SSL_CTX_free(vpninfo->dtls_ctx);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
#endif
#if defined (HAVE_DTLS12) && !defined(OPENSSL_NO_PSK)
} else {
SSL_CTX_set_psk_client_callback(vpninfo->dtls_ctx, psk_callback);
/* For PSK we override the DTLS master secret with one derived
* from the HTTPS session. */
if (!SSL_export_keying_material(vpninfo->https_ssl,
vpninfo->dtls_secret, PSK_KEY_SIZE,
PSK_LABEL, PSK_LABEL_SIZE, NULL, 0, 0)) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to generate DTLS key\n"));
openconnect_report_ssl_errors(vpninfo);
SSL_CTX_free(vpninfo->dtls_ctx);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
SSL_CTX_add_client_custom_ext(vpninfo->dtls_ctx, DTLS_APP_ID_EXT,
pskident_add, pskident_free, vpninfo,
pskident_parse, vpninfo);
/* For SSL_CTX_set_cipher_list() */
cipher = "PSK";
#endif
}
/* If we don't readahead, then we do short reads and throw
away the tail of data packets. */
SSL_CTX_set_read_ahead(vpninfo->dtls_ctx, 1);
if (!SSL_CTX_set_cipher_list(vpninfo->dtls_ctx, cipher)) {
vpn_progress(vpninfo, PRG_ERR,
_("Set DTLS cipher list failed\n"));
SSL_CTX_free(vpninfo->dtls_ctx);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
}
dtls_ssl = SSL_new(vpninfo->dtls_ctx);
SSL_set_connect_state(dtls_ssl);
SSL_set_app_data(dtls_ssl, vpninfo);
if (dtlsver) {
ciphers = SSL_get_ciphers(dtls_ssl);
if (dtlsver != 0 && sk_SSL_CIPHER_num(ciphers) != 1) {
vpn_progress(vpninfo, PRG_ERR, _("Not precisely one DTLS cipher\n"));
SSL_CTX_free(vpninfo->dtls_ctx);
SSL_free(dtls_ssl);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
/* We're going to "resume" a session which never existed. Fake it... */
dtls_session = generate_dtls_session(vpninfo, dtlsver,
sk_SSL_CIPHER_value(ciphers, 0));
if (!dtls_session) {
SSL_CTX_free(vpninfo->dtls_ctx);
SSL_free(dtls_ssl);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
/* Add the generated session to the SSL */
if (!SSL_set_session(dtls_ssl, dtls_session)) {
vpn_progress(vpninfo, PRG_ERR,
_("SSL_set_session() failed with old protocol version 0x%x\n"
"Are you using a version of OpenSSL older than 0.9.8m?\n"
"See http://rt.openssl.org/Ticket/Display.html?id=1751\n"
"Use the --no-dtls command line option to avoid this message\n"),
DTLS1_BAD_VER);
SSL_CTX_free(vpninfo->dtls_ctx);
SSL_free(dtls_ssl);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_attempt_period = 0;
SSL_SESSION_free(dtls_session);
return -EINVAL;
}
/* We don't need our own refcount on it any more */
SSL_SESSION_free(dtls_session);
}
dtls_bio = BIO_new_socket(dtls_fd, BIO_NOCLOSE);
/* Set non-blocking */
BIO_set_nbio(dtls_bio, 1);
SSL_set_bio(dtls_ssl, dtls_bio, dtls_bio);
vpninfo->dtls_ssl = dtls_ssl;
return 0;
}
int ciphers_main(int argc, char **argv)
{
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
STACK_OF(SSL_CIPHER) *sk = NULL;
const SSL_METHOD *meth = TLS_server_method();
int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
#ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0;
#endif
#ifndef OPENSSL_NO_PSK
int psk = 0;
#endif
#ifndef OPENSSL_NO_SRP
int srp = 0;
#endif
const char *p;
char *ciphers = NULL, *prog;
char buf[512];
OPTION_CHOICE o;
int min_version = 0, max_version = 0;
prog = opt_init(argc, argv, ciphers_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ciphers_options);
ret = 0;
goto end;
case OPT_V:
verbose = 1;
break;
case OPT_UPPER_V:
verbose = Verbose = 1;
break;
case OPT_S:
use_supported = 1;
break;
case OPT_STDNAME:
#ifndef OPENSSL_NO_SSL_TRACE
stdname = verbose = 1;
#endif
break;
case OPT_SSL3:
min_version = SSL3_VERSION;
max_version = SSL3_VERSION;
break;
case OPT_TLS1:
min_version = TLS1_VERSION;
max_version = TLS1_VERSION;
break;
case OPT_TLS1_1:
min_version = TLS1_1_VERSION;
max_version = TLS1_1_VERSION;
break;
case OPT_TLS1_2:
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
break;
case OPT_TLS1_3:
min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION;
break;
case OPT_PSK:
#ifndef OPENSSL_NO_PSK
psk = 1;
#endif
break;
case OPT_SRP:
#ifndef OPENSSL_NO_SRP
srp = 1;
#endif
break;
}
}
argv = opt_rest();
argc = opt_num_rest();
if (argc == 1)
ciphers = *argv;
else if (argc != 0)
goto opthelp;
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
goto err;
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto err;
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto err;
#ifndef OPENSSL_NO_PSK
if (psk)
SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
#endif
#ifndef OPENSSL_NO_SRP
if (srp)
SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
#endif
if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl = SSL_new(ctx);
if (ssl == NULL)
goto err;
if (use_supported)
sk = SSL_get1_supported_ciphers(ssl);
else
sk = SSL_get_ciphers(ssl);
if (!verbose) {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
p = SSL_CIPHER_get_name(c);
if (p == NULL)
break;
if (i != 0)
BIO_printf(bio_out, ":");
BIO_printf(bio_out, "%s", p);
}
BIO_printf(bio_out, "\n");
} else {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk, i);
if (Verbose) {
unsigned long id = SSL_CIPHER_get_id(c);
int id0 = (int)(id >> 24);
int id1 = (int)((id >> 16) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x03000000L)
BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3
* cipher */
else
BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
#ifndef OPENSSL_NO_SSL_TRACE
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(bio_out, "%s - ", nm);
}
#endif
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
}
}
ret = 0;
goto end;
err:
ERR_print_errors(bio_err);
end:
if (use_supported)
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
SSL_free(ssl);
return (ret);
}
int
be_tls_init(bool isServerStart)
{
STACK_OF(X509_NAME) *root_cert_list = NULL;
SSL_CTX *context;
/* This stuff need be done only once. */
if (!SSL_initialized)
{
#ifdef HAVE_OPENSSL_INIT_SSL
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
#else
OPENSSL_config(NULL);
SSL_library_init();
SSL_load_error_strings();
#endif
SSL_initialized = true;
}
/*
* We use SSLv23_method() because it can negotiate use of the highest
* mutually supported protocol version, while alternatives like
* TLSv1_2_method() permit only one specific version. Note that we don't
* actually allow SSL v2 or v3, only TLS protocols (see below).
*/
context = SSL_CTX_new(SSLv23_method());
if (!context)
{
ereport(isServerStart ? FATAL : LOG,
(errmsg("could not create SSL context: %s",
SSLerrmessage(ERR_get_error()))));
goto error;
}
/*
* Disable OpenSSL's moving-write-buffer sanity check, because it causes
* unnecessary failures in nonblocking send cases.
*/
SSL_CTX_set_mode(context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
/*
* Set password callback
*/
if (isServerStart)
{
if (ssl_passphrase_command[0])
SSL_CTX_set_default_passwd_cb(context, ssl_external_passwd_cb);
}
else
{
if (ssl_passphrase_command[0] && ssl_passphrase_command_supports_reload)
SSL_CTX_set_default_passwd_cb(context, ssl_external_passwd_cb);
else
/*
* If reloading and no external command is configured, override
* OpenSSL's default handling of passphrase-protected files,
* because we don't want to prompt for a passphrase in an
* already-running server.
*/
SSL_CTX_set_default_passwd_cb(context, dummy_ssl_passwd_cb);
}
/* used by the callback */
ssl_is_server_start = isServerStart;
/*
* Load and verify server's certificate and private key
*/
if (SSL_CTX_use_certificate_chain_file(context, ssl_cert_file) != 1)
{
ereport(isServerStart ? FATAL : LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("could not load server certificate file \"%s\": %s",
ssl_cert_file, SSLerrmessage(ERR_get_error()))));
goto error;
}
if (!check_ssl_key_file_permissions(ssl_key_file, isServerStart))
goto error;
/*
* OK, try to load the private key file.
*/
dummy_ssl_passwd_cb_called = false;
if (SSL_CTX_use_PrivateKey_file(context,
ssl_key_file,
SSL_FILETYPE_PEM) != 1)
{
if (dummy_ssl_passwd_cb_called)
ereport(isServerStart ? FATAL : LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("private key file \"%s\" cannot be reloaded because it requires a passphrase",
ssl_key_file)));
else
ereport(isServerStart ? FATAL : LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("could not load private key file \"%s\": %s",
ssl_key_file, SSLerrmessage(ERR_get_error()))));
goto error;
}
if (SSL_CTX_check_private_key(context) != 1)
{
ereport(isServerStart ? FATAL : LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("check of private key failed: %s",
SSLerrmessage(ERR_get_error()))));
goto error;
}
if (ssl_min_protocol_version)
SSL_CTX_set_min_proto_version(context,
ssl_protocol_version_to_openssl(ssl_min_protocol_version,
"ssl_min_protocol_version"));
if (ssl_max_protocol_version)
SSL_CTX_set_max_proto_version(context,
ssl_protocol_version_to_openssl(ssl_max_protocol_version,
"ssl_max_protocol_version"));
/* disallow SSL session tickets */
#ifdef SSL_OP_NO_TICKET /* added in OpenSSL 0.9.8f */
SSL_CTX_set_options(context, SSL_OP_NO_TICKET);
#endif
/* disallow SSL session caching, too */
SSL_CTX_set_session_cache_mode(context, SSL_SESS_CACHE_OFF);
/* set up ephemeral DH and ECDH keys */
if (!initialize_dh(context, isServerStart))
goto error;
if (!initialize_ecdh(context, isServerStart))
goto error;
/* set up the allowed cipher list */
if (SSL_CTX_set_cipher_list(context, SSLCipherSuites) != 1)
{
ereport(isServerStart ? FATAL : LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("could not set the cipher list (no valid ciphers available)")));
goto error;
}
/* Let server choose order */
if (SSLPreferServerCiphers)
SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE);
/*
* Load CA store, so we can verify client certificates if needed.
*/
if (ssl_ca_file[0])
{
if (SSL_CTX_load_verify_locations(context, ssl_ca_file, NULL) != 1 ||
(root_cert_list = SSL_load_client_CA_file(ssl_ca_file)) == NULL)
{
ereport(isServerStart ? FATAL : LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("could not load root certificate file \"%s\": %s",
ssl_ca_file, SSLerrmessage(ERR_get_error()))));
goto error;
}
}
/*----------
* Load the Certificate Revocation List (CRL).
* http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci803160,00.html
*----------
*/
if (ssl_crl_file[0])
{
X509_STORE *cvstore = SSL_CTX_get_cert_store(context);
if (cvstore)
{
/* Set the flags to check against the complete CRL chain */
if (X509_STORE_load_locations(cvstore, ssl_crl_file, NULL) == 1)
{
/* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
#ifdef X509_V_FLAG_CRL_CHECK
X509_STORE_set_flags(cvstore,
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
#else
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("SSL certificate revocation list file \"%s\" ignored",
ssl_crl_file),
errdetail("SSL library does not support certificate revocation lists.")));
#endif
}
else
{
ereport(isServerStart ? FATAL : LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("could not load SSL certificate revocation list file \"%s\": %s",
ssl_crl_file, SSLerrmessage(ERR_get_error()))));
goto error;
}
}
}
if (ssl_ca_file[0])
{
/*
* Always ask for SSL client cert, but don't fail if it's not
* presented. We might fail such connections later, depending on what
* we find in pg_hba.conf.
*/
SSL_CTX_set_verify(context,
(SSL_VERIFY_PEER |
SSL_VERIFY_CLIENT_ONCE),
verify_cb);
/*
* Tell OpenSSL to send the list of root certs we trust to clients in
* CertificateRequests. This lets a client with a keystore select the
* appropriate client certificate to send to us.
*/
SSL_CTX_set_client_CA_list(context, root_cert_list);
}
/*
* Success! Replace any existing SSL_context.
*/
if (SSL_context)
SSL_CTX_free(SSL_context);
SSL_context = context;
/*
* Set flag to remember whether CA store has been loaded into SSL_context.
*/
if (ssl_ca_file[0])
ssl_loaded_verify_locations = true;
else
ssl_loaded_verify_locations = false;
return 0;
error:
if (context)
SSL_CTX_free(context);
return -1;
}
int FuzzerTestOneInput(const uint8_t *buf, size_t len)
{
SSL *server;
BIO *in;
BIO *out;
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA)
BIO *bio_buf;
#endif
SSL_CTX *ctx;
int ret;
RSA *privkey;
const uint8_t *bufp;
EVP_PKEY *pkey;
X509 *cert;
#ifndef OPENSSL_NO_EC
EC_KEY *ecdsakey = NULL;
#endif
#ifndef OPENSSL_NO_DSA
DSA *dsakey = NULL;
#endif
uint8_t opt;
if (len < 2)
return 0;
/*
* TODO: use the ossltest engine (optionally?) to disable crypto checks.
*/
/* This only fuzzes the initial flow from the client so far. */
ctx = SSL_CTX_new(SSLv23_method());
ret = SSL_CTX_set_min_proto_version(ctx, 0);
OPENSSL_assert(ret == 1);
ret = SSL_CTX_set_cipher_list(ctx, "ALL:eNULL:@SECLEVEL=0");
OPENSSL_assert(ret == 1);
/* RSA */
bufp = kRSAPrivateKeyDER;
privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
OPENSSL_assert(privkey != NULL);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, privkey);
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
OPENSSL_assert(ret == 1);
EVP_PKEY_free(pkey);
bufp = kCertificateDER;
cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER));
OPENSSL_assert(cert != NULL);
ret = SSL_CTX_use_certificate(ctx, cert);
OPENSSL_assert(ret == 1);
X509_free(cert);
#ifndef OPENSSL_NO_EC
/* ECDSA */
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM));
ecdsakey = PEM_read_bio_ECPrivateKey(bio_buf, NULL, NULL, NULL);
ERR_print_errors_fp(stderr);
OPENSSL_assert(ecdsakey != NULL);
BIO_free(bio_buf);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_EC_KEY(pkey, ecdsakey);
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
OPENSSL_assert(ret == 1);
EVP_PKEY_free(pkey);
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM));
cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL);
OPENSSL_assert(cert != NULL);
BIO_free(bio_buf);
ret = SSL_CTX_use_certificate(ctx, cert);
OPENSSL_assert(ret == 1);
X509_free(cert);
#endif
#ifndef OPENSSL_NO_DSA
/* DSA */
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM));
dsakey = PEM_read_bio_DSAPrivateKey(bio_buf, NULL, NULL, NULL);
ERR_print_errors_fp(stderr);
OPENSSL_assert(dsakey != NULL);
BIO_free(bio_buf);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsakey);
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
OPENSSL_assert(ret == 1);
EVP_PKEY_free(pkey);
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, DSACertPEM, sizeof(DSACertPEM)) == sizeof(DSACertPEM));
cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL);
OPENSSL_assert(cert != NULL);
BIO_free(bio_buf);
ret = SSL_CTX_use_certificate(ctx, cert);
OPENSSL_assert(ret == 1);
X509_free(cert);
#endif
/* TODO: Set up support for SRP and PSK */
server = SSL_new(ctx);
in = BIO_new(BIO_s_mem());
out = BIO_new(BIO_s_mem());
SSL_set_bio(server, in, out);
SSL_set_accept_state(server);
opt = (uint8_t)buf[len-1];
len--;
OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
if ((opt & 0x01) != 0)
{
do {
char early_buf[16384];
size_t early_len;
ret = SSL_read_early_data(server, early_buf, sizeof(early_buf), &early_len);
if (ret != SSL_READ_EARLY_DATA_SUCCESS)
break;
} while (1);
}
if (SSL_do_handshake(server) == 1) {
/* Keep reading application data until error or EOF. */
uint8_t tmp[1024];
for (;;) {
if (SSL_read(server, tmp, sizeof(tmp)) <= 0) {
break;
}
}
}
SSL_free(server);
ERR_clear_error();
SSL_CTX_free(ctx);
return 0;
}
SSL_CTX* SslHelper::genSslCtx(const std::string& keyPath,
const std::string& certPath,
const std::string& caPath,
const std::string& caFile,
bool verifyPeer,
int depth)
{
/* This method supprots from SSLv3 to newest TLS. SSLv3 will be disabled
* below. */
const SSL_METHOD* m = TLS_method();
SSL_CTX* sslCtx = SSL_CTX_new(m);
if (!sslCtx)
{
/* If here, did you forget to call SslHelper::init()? */
PARROT_ASSERT(0);
}
const char* caFilePtr = nullptr;
const char* caPathPtr = nullptr;
if (caFile.length() > 0)
{
caFilePtr = caFile.c_str();
}
if (caPath.length() > 0)
{
caPathPtr = caPath.c_str();
}
/* Add ca-cert to SSL_CTX. */
if (caFilePtr || caPathPtr)
{
/* Add ca-cert file. */
if (SSL_CTX_load_verify_locations(sslCtx, caFilePtr, caPathPtr) != 1)
{
PARROT_ASSERT(0);
}
}
/* Add cert to SSL_CTX. */
if (caPath.length() > 0 &&
SSL_CTX_use_certificate_file(sslCtx, certPath.c_str(),
SSL_FILETYPE_PEM) <= 0)
{
PARROT_ASSERT(0);
}
// Add private key to SSL_CTX.
if (keyPath.length() > 0 &&
SSL_CTX_use_PrivateKey_file(sslCtx, keyPath.c_str(),
SSL_FILETYPE_PEM) != 1)
{
PARROT_ASSERT(0);
}
// Enable nonblock.
SSL_CTX_set_mode(sslCtx, SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
if (verifyPeer)
{
/* We need to verify peer, but the client doesn't tell us where
* to find the ca-certs, we use default. */
if (caPath.empty())
{
if (SSL_CTX_set_default_verify_paths(sslCtx) != 1)
{
PARROT_ASSERT(0);
}
}
SSL_CTX_set_verify(
sslCtx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
SSL_CTX_set_verify_depth(sslCtx, depth);
}
else
{
SSL_CTX_set_verify(sslCtx, SSL_VERIFY_NONE, nullptr);
}
/* TLSv1.0 is the minimal requirement. SSLv3.0 will not be supported. */
PARROT_ASSERT(SSL_CTX_set_min_proto_version(sslCtx, TLS1_VERSION) == 1);
return sslCtx;
}
