/* * called before tls_read, the this function should attempt tls_accept or * tls_connect depending on the state of the connection, if this function * does not transit a connection into S_CONN_OK then tcp layer would not * call tcp_read */ int tls_fix_read_conn(struct tcp_connection *c) { /* * no lock acquired */ int ret; ret = 0; /* * We have to acquire the lock before testing c->state, otherwise a * writer could modify the structure if it gets preempted and has * something to write */ lock_get(&c->write_lock); if ( c->proto_flags & F_TLS_DO_ACCEPT ) { ret = tls_update_fd(c, c->fd); if (!ret) ret = tls_accept(c, NULL); } else if ( c->proto_flags & F_TLS_DO_CONNECT ) { ret = tls_update_fd(c, c->fd); if (!ret) ret = tls_connect(c, NULL); } lock_release(&c->write_lock); return ret; }
/** callback for tls_ct_q_flush(). * * @param *ssl - ssl context. * @param *err - error reason (set on exit). * @return >0 on success (bytes written), <=0 on ssl error (should be * handled outside). * WARNING: the ssl context must have the wbio and rbio previously set! */ static int ssl_flush(void* tcp_c, void* error, const void* buf, unsigned size) { int n; int ssl_error; struct tls_extra_data* tls_c; SSL* ssl; tls_c = ((struct tcp_connection*)tcp_c)->extra_data; ssl = tls_c->ssl; ssl_error = SSL_ERROR_NONE; if (unlikely(tls_c->state == S_TLS_CONNECTING)) { n = tls_connect(tcp_c, &ssl_error); if (unlikely(n>=1)) { n = SSL_write(ssl, buf, size); if (unlikely(n <= 0)) ssl_error = SSL_get_error(ssl, n); } } else if (unlikely(tls_c->state == S_TLS_ACCEPTING)) { n = tls_accept(tcp_c, &ssl_error); if (unlikely(n>=1)) { n = SSL_write(ssl, buf, size); if (unlikely(n <= 0)) ssl_error = SSL_get_error(ssl, n); } } else { n = SSL_write(ssl, buf, size); if (unlikely(n <= 0)) ssl_error = SSL_get_error(ssl, n); } *(long*)error = ssl_error; return n; }
boolean transport_accept_tls(rdpTransport* transport) { if (transport->tls == NULL) transport->tls = tls_new(); transport->layer = TRANSPORT_LAYER_TLS; transport->tls->sockfd = transport->tcp->sockfd; if (tls_accept(transport->tls, transport->settings->cert_file, transport->settings->privatekey_file) != True) return False; return True; }
BOOL transport_accept_nla(rdpTransport* transport) { freerdp* instance; rdpSettings* settings; settings = transport->settings; instance = (freerdp*) settings->instance; if (!transport->TlsIn) transport->TlsIn = tls_new(transport->settings); if (!transport->TlsOut) transport->TlsOut = transport->TlsIn; transport->layer = TRANSPORT_LAYER_TLS; if (!tls_accept(transport->TlsIn, transport->TcpIn->bufferedBio, settings->CertificateFile, settings->PrivateKeyFile)) return FALSE; transport->frontBio = transport->TlsIn->bio; /* Network Level Authentication */ if (!settings->Authentication) return TRUE; if (!transport->credssp) { transport->credssp = credssp_new(instance, transport, settings); transport_set_nla_mode(transport, TRUE); } if (credssp_authenticate(transport->credssp) < 0) { fprintf(stderr, "client authentication failure\n"); transport_set_nla_mode(transport, FALSE); credssp_free(transport->credssp); transport->credssp = NULL; tls_set_alert_code(transport->TlsIn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DESCRIPTION_ACCESS_DENIED); return FALSE; } /* don't free credssp module yet, we need to copy the credentials from it first */ transport_set_nla_mode(transport, FALSE); return TRUE; }
BOOL transport_accept_tls(rdpTransport* transport) { rdpSettings* settings = transport->settings; if (!transport->tls) transport->tls = tls_new(transport->settings); transport->layer = TRANSPORT_LAYER_TLS; if (!tls_accept(transport->tls, transport->frontBio, settings)) return FALSE; transport->frontBio = transport->tls->bio; return TRUE; }
BOOL transport_accept_tls(rdpTransport* transport) { if (transport->TlsIn == NULL) transport->TlsIn = tls_new(transport->settings); if (transport->TlsOut == NULL) transport->TlsOut = transport->TlsIn; transport->layer = TRANSPORT_LAYER_TLS; transport->TlsIn->sockfd = transport->TcpIn->sockfd; if (tls_accept(transport->TlsIn, transport->settings->CertificateFile, transport->settings->PrivateKeyFile) != TRUE) return FALSE; return TRUE; }
BOOL transport_accept_tls(rdpTransport* transport) { if (!transport->TlsIn) transport->TlsIn = tls_new(transport->settings); if (!transport->TlsOut) transport->TlsOut = transport->TlsIn; transport->layer = TRANSPORT_LAYER_TLS; if (!tls_accept(transport->TlsIn, transport->TcpIn->bufferedBio, transport->settings->CertificateFile, transport->settings->PrivateKeyFile)) return FALSE; transport->frontBio = transport->TlsIn->bio; return TRUE; }
BOOL transport_accept_nla(rdpTransport* transport) { rdpSettings* settings = transport->settings; freerdp* instance = (freerdp*) settings->instance; if (!transport->tls) transport->tls = tls_new(transport->settings); transport->layer = TRANSPORT_LAYER_TLS; if (!tls_accept(transport->tls, transport->frontBio, settings)) return FALSE; transport->frontBio = transport->tls->bio; /* Network Level Authentication */ if (!settings->Authentication) return TRUE; if (!transport->nla) { transport->nla = nla_new(instance, transport, settings); transport_set_nla_mode(transport, TRUE); } if (nla_authenticate(transport->nla) < 0) { WLog_Print(transport->log, WLOG_ERROR, "client authentication failure"); transport_set_nla_mode(transport, FALSE); nla_free(transport->nla); transport->nla = NULL; tls_set_alert_code(transport->tls, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DESCRIPTION_ACCESS_DENIED); tls_send_alert(transport->tls); return FALSE; } /* don't free nla module yet, we need to copy the credentials from it first */ transport_set_nla_mode(transport, FALSE); return TRUE; }
boolean transport_accept_nla(rdpTransport* transport) { if (transport->tls == NULL) transport->tls = tls_new(); transport->layer = TRANSPORT_LAYER_TLS; transport->tls->sockfd = transport->tcp->sockfd; if (tls_accept(transport->tls, transport->settings->cert_file, transport->settings->privatekey_file) != True) return False; /* Network Level Authentication */ if (transport->settings->authentication != True) return True; /* Blocking here until NLA is complete */ return True; }
BOOL transport_accept_nla(rdpTransport* transport) { freerdp* instance; rdpSettings* settings; if (transport->TlsIn == NULL) transport->TlsIn = tls_new(transport->settings); if (transport->TlsOut == NULL) transport->TlsOut = transport->TlsIn; transport->layer = TRANSPORT_LAYER_TLS; transport->TlsIn->sockfd = transport->TcpIn->sockfd; if (tls_accept(transport->TlsIn, transport->settings->CertificateFile, transport->settings->PrivateKeyFile) != TRUE) return FALSE; /* Network Level Authentication */ if (transport->settings->Authentication != TRUE) return TRUE; settings = transport->settings; instance = (freerdp*) settings->instance; if (transport->credssp == NULL) transport->credssp = credssp_new(instance, transport, settings); if (credssp_authenticate(transport->credssp) < 0) { fprintf(stderr, "client authentication failure\n"); credssp_free(transport->credssp); transport->credssp = NULL; return FALSE; } /* don't free credssp module yet, we need to copy the credentials from it first */ return TRUE; }
/* * called before tls_read, the this function should attempt tls_accept or * tls_connect depending on the state of the connection, if this function * does not transit a connection into S_CONN_OK then tcp layer would not * call tcp_read */ int tls_fix_read_conn(struct tcp_connection *c) { /* * no lock acquired */ int ret; ret = 0; /* * We have to acquire the lock before testing c->state, otherwise a * writer could modify the structure if it gets preempted and has * something to write */ lock_get(&c->write_lock); switch (c->state) { case S_CONN_ACCEPT: ret = tls_update_fd(c, c->fd); if (!ret) ret = tls_accept(c, NULL); break; case S_CONN_CONNECT: ret = tls_update_fd(c, c->fd); if (!ret) ret = tls_connect(c, NULL); break; default: /* fall through */ break; } lock_release(&c->write_lock); return ret; }
boolean transport_accept_nla(rdpTransport* transport) { freerdp* instance; rdpSettings* settings; if (transport->tls == NULL) transport->tls = tls_new(transport->settings); transport->layer = TRANSPORT_LAYER_TLS; transport->tls->sockfd = transport->tcp->sockfd; if (tls_accept(transport->tls, transport->settings->cert_file, transport->settings->privatekey_file) != true) return false; /* Network Level Authentication */ if (transport->settings->authentication != true) return true; settings = transport->settings; instance = (freerdp*) settings->instance; if (transport->credssp == NULL) transport->credssp = credssp_new(instance, transport->tls, settings); if (credssp_authenticate(transport->credssp) < 0) { printf("client authentication failure\n"); credssp_free(transport->credssp); return false; } credssp_free(transport->credssp); return true; }
int main(int argc , char *argv[]) { int socket_desc , client_sock , read_size; socklen_t c; struct sockaddr_in server , client; char client_message[0xFFFF]; #ifdef _WIN32 WSADATA wsaData; WSAStartup(MAKEWORD(2, 2), &wsaData); #else signal(SIGPIPE, SIG_IGN); #endif socket_desc = socket(AF_INET , SOCK_STREAM , 0); if (socket_desc == -1) { printf("Could not create socket"); return 0; } int port = 2000; if (argc > 1) { port = atoi(argv[1]); if (port <= 0) port = 2000; } server.sin_family = AF_INET; server.sin_addr.s_addr = INADDR_ANY; server.sin_port = htons(port); if( bind(socket_desc,(struct sockaddr *)&server , sizeof(server)) < 0) { perror("bind failed. Error"); return 1; } int enable = 1; setsockopt(socket_desc, SOL_SOCKET, SO_REUSEADDR, &enable, sizeof(int)); listen(socket_desc , 3); c = sizeof(struct sockaddr_in); unsigned int size; struct TLSContext *server_context = tls_create_context(1, TLS_V12); // load keys load_keys(server_context, "testcert/fullchain.pem", "testcert/privkey.pem"); char source_buf[0xFFFF]; int source_size = read_from_file("tlshelloworld.c", source_buf, 0xFFFF); while (1) { identity_str[0] = 0; client_sock = accept(socket_desc, (struct sockaddr *)&client, &c); if (client_sock < 0) { perror("accept failed"); return 1; } struct TLSContext *context = tls_accept(server_context); // uncomment next line to request client certificate tls_request_client_certificate(context); // make the TLS context serializable (this must be called before negotiation) tls_make_exportable(context, 1); fprintf(stderr, "Client connected\n"); while ((read_size = recv(client_sock, client_message, sizeof(client_message), 0)) > 0) { if (tls_consume_stream(context, client_message, read_size, verify_signature) > 0) break; } send_pending(client_sock, context); if (read_size > 0) { fprintf(stderr, "USED CIPHER: %s\n", tls_cipher_name(context)); int ref_packet_count = 0; int res; while ((read_size = recv(client_sock, client_message, sizeof(client_message) , 0)) > 0) { if (tls_consume_stream(context, client_message, read_size, verify_signature) < 0) { fprintf(stderr, "Error in stream consume\n"); break; } send_pending(client_sock, context); if (tls_established(context) == 1) { unsigned char read_buffer[0xFFFF]; int read_size = tls_read(context, read_buffer, sizeof(read_buffer) - 1); if (read_size > 0) { read_buffer[read_size] = 0; unsigned char export_buffer[0xFFF]; // simulate serialization / deserialization to another process char sni[0xFF]; sni[0] = 0; if (context->sni) snprintf(sni, 0xFF, "%s", context->sni); /* COOL STUFF => */ int size = tls_export_context(context, export_buffer, sizeof(export_buffer), 1); if (size > 0) { /* COOLER STUFF => */ struct TLSContext *imported_context = tls_import_context(export_buffer, size); // This is cool because a context can be sent to an existing process. // It will work both with fork and with already existing worker process. fprintf(stderr, "Imported context (size: %i): %x\n", size, imported_context); if (imported_context) { // destroy old context tls_destroy_context(context); // simulate serialization/deserialization of context context = imported_context; } } // ugly inefficient code ... don't write like me char send_buffer[0xF000]; char send_buffer_with_header[0xF000]; char out_buffer[0xFFF]; int tls_version = 2; switch (context->version) { case TLS_V10: tls_version = 0; break; case TLS_V11: tls_version = 1; break; } snprintf(send_buffer, sizeof(send_buffer), "Hello world from TLS 1.%i (used chipher is: %s), SNI: %s\r\nYour identity is: %s\r\n\r\nCertificate: %s\r\n\r\nBelow is the received header:\r\n%s\r\nAnd the source code for this example: \r\n\r\n%s", tls_version, tls_cipher_name(context), sni, identity_str, tls_certificate_to_string(server_context->certificates[0], out_buffer, sizeof(out_buffer)), read_buffer, source_buf); int content_length = strlen(send_buffer); snprintf(send_buffer_with_header, sizeof(send_buffer), "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-type: text/plain\r\nContent-length: %i\r\n\r\n%s", content_length, send_buffer); tls_write(context, send_buffer_with_header, strlen(send_buffer_with_header)); tls_close_notify(context); send_pending(client_sock, context); break; } } } } #ifdef __WIN32 shutdown(client_sock, SD_BOTH); closesocket(client_sock); #else shutdown(client_sock, SHUT_RDWR); close(client_sock); #endif tls_destroy_context(context); } tls_destroy_context(server_context); return 0; }
static bool recv_handler(int *err, struct mbuf *mb, bool *estab, void *arg) { struct tls_conn *tc = arg; int r; /* feed SSL data to the BIO */ r = BIO_write(tc->sbio_in, mbuf_buf(mb), (int)mbuf_get_left(mb)); if (r <= 0) { DEBUG_WARNING("recv: BIO_write %d\n", r); *err = ENOMEM; return true; } if (SSL_state(tc->ssl) != SSL_ST_OK) { if (tc->up) { *err = EPROTO; return true; } if (tc->active) { *err = tls_connect(tc); } else { *err = tls_accept(tc); } DEBUG_INFO("state=0x%04x\n", SSL_state(tc->ssl)); /* TLS connection is established */ if (SSL_state(tc->ssl) != SSL_ST_OK) return true; *estab = true; tc->up = true; } mbuf_set_pos(mb, 0); for (;;) { int n; if (mbuf_get_space(mb) < 4096) { *err = mbuf_resize(mb, mb->size + 8192); if (*err) return true; } n = SSL_read(tc->ssl, mbuf_buf(mb), (int)mbuf_get_space(mb)); if (n < 0) { const int ssl_err = SSL_get_error(tc->ssl, n); switch (ssl_err) { case SSL_ERROR_WANT_READ: break; default: *err = EPROTO; return true; } break; } else if (n == 0) break; mb->pos += n; } mbuf_set_end(mb, mb->pos); mbuf_set_pos(mb, 0); return false; }
/* * fixme: probably does not work correctly */ size_t tls_blocking_write(struct tcp_connection *c, int fd, const char *buf, size_t len) { #define MAX_SSL_RETRIES 32 int written, n; int timeout, retries; struct pollfd pf; pf.fd = fd; written = 0; retries = 0; if (c->state!=S_CONN_OK) { LM_ERR("TLS broken connection\n"); goto error; } lock_get(&c->write_lock); if (tls_update_fd(c, fd) < 0) goto error; timeout = tls_send_timeout; again: n = 0; pf.events = 0; if ( c->proto_flags & F_TLS_DO_ACCEPT ) { if (tls_accept(c, &(pf.events)) < 0) goto error; timeout = tls_handshake_timeout; } else if ( c->proto_flags & F_TLS_DO_CONNECT ) { if (tls_connect(c, &(pf.events)) < 0) goto error; timeout = tls_handshake_timeout; } else { n = tls_write(c, fd, buf, len, &(pf.events)); timeout = tls_send_timeout; } if (n < 0) { LM_ERR("TLS failed to send data\n"); goto error; } /* nothing happens */ if (n==0) { retries++; /* avoid looping */ if (retries==MAX_SSL_RETRIES) { LM_ERR("too many retries with no operation\n"); goto error; } } else { /* reset the retries if we succeded in doing something*/ retries = 0; } written += n; if (n < len) { /* * partial write */ buf += n; len -= n; } else { /* * successful full write */ lock_release(&c->write_lock); return written; } if (pf.events == 0) pf.events = POLLOUT; poll_loop: while (1) { n = poll(&pf, 1, timeout); if (n < 0) { if (errno == EINTR) continue; /* signal, ignore */ else if (errno != EAGAIN && errno != EWOULDBLOCK) { LM_ERR("TLS poll failed: %s [%d]\n",strerror(errno), errno); goto error; } else goto poll_loop; } else if (n == 0) { /* * timeout */ LM_ERR("TLS send timeout (%d)\n", timeout); goto error; } if (pf.revents & POLLOUT || pf.revents & POLLIN) { /* * we can read or write again */ goto again; } else if (pf.revents & (POLLERR | POLLHUP | POLLNVAL)) { LM_ERR("TLS bad poll flags %x\n",pf.revents); goto error; } /* * if POLLPRI or other non-harmful events happened, continue ( * although poll should never signal them since we're not * interested in them => we should never reach this point) */ } error: lock_release(&c->write_lock); return -1; }
/** tls read. * Each modification of ssl data structures has to be protected, another process * might ask for the same connection and attempt write to it which would * result in updating the ssl structures. * WARNING: must be called whic c->write_lock _unlocked_. * @param c - tcp connection pointer. The following flags might be set: * @param flags - value/result: * input: RD_CONN_FORCE_EOF - force EOF after the first * successful read (bytes_read >=0 ) * output: RD_CONN_SHORT_READ if the read exhausted * all the bytes in the socket read buffer. * RD_CONN_EOF if EOF detected (0 bytes read) * or forced via RD_CONN_FORCE_EOF. * RD_CONN_REPEAT_READ if this function should * be called again (e.g. has some data * buffered internally that didn't fit in * tcp_req). * Note: RD_CONN_SHORT_READ & RD_CONN_EOF should be cleared * before calling this function when there is new * data (e.g. POLLIN), but not if the called is * retried because of RD_CONN_REPEAT_READ and there * is no information about the socket having more * read data available. * @return bytes decrypted on success, -1 on error (it also sets some * tcp connection flags and might set c->state and r->error on * EOF or error). */ int tls_read_f(struct tcp_connection* c, int* flags) { struct tcp_req* r; int bytes_free, bytes_read, read_size, ssl_error, ssl_read; SSL* ssl; unsigned char rd_buf[TLS_RD_MBUF_SZ]; unsigned char wr_buf[TLS_WR_MBUF_SZ]; struct tls_mbuf rd, wr; struct tls_extra_data* tls_c; struct tls_rd_buf* enc_rd_buf; int n, flush_flags; char* err_src; int x; int tls_dbg; TLS_RD_TRACE("(%p, %p (%d)) start (%s -> %s:%d*)\n", c, flags, *flags, su2a(&c->rcv.src_su, sizeof(c->rcv.src_su)), ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port); ssl_read = 0; r = &c->req; enc_rd_buf = 0; *flags &= ~RD_CONN_REPEAT_READ; if (unlikely(tls_fix_connection(c) < 0)) { TLS_RD_TRACE("(%p, %p) end: tls_fix_connection failed =>" " immediate error exit\n", c, flags); return -1; } /* here it's safe to use c->extra_data in read-only mode. If it's != 0 is changed only on destroy. It's not possible to have parallel reads.*/ tls_c = c->extra_data; bytes_free = c->req.b_size - (int)(r->pos - r->buf); if (unlikely(bytes_free == 0)) { ERR("Buffer overrun, dropping\n"); r->error = TCP_REQ_OVERRUN; return -1; } redo_read: /* if data queued from a previous read(), use it (don't perform * a real read()). */ if (unlikely(tls_c->enc_rd_buf)) { /* use queued data */ /* safe to use without locks, because only read changes it and there can't be parallel reads on the same connection */ enc_rd_buf = tls_c->enc_rd_buf; tls_c->enc_rd_buf = 0; TLS_RD_TRACE("(%p, %p) using queued data (%p: %p %d bytes)\n", c, flags, enc_rd_buf, enc_rd_buf->buf + enc_rd_buf->pos, enc_rd_buf->size - enc_rd_buf->pos); tls_mbuf_init(&rd, enc_rd_buf->buf + enc_rd_buf->pos, enc_rd_buf->size - enc_rd_buf->pos); rd.used = enc_rd_buf->size - enc_rd_buf->pos; } else { /* if we were using using queued data before, free & reset the the queued read data before performing the real read() */ if (unlikely(enc_rd_buf)) { TLS_RD_TRACE("(%p, %p) reset prev. used enc_rd_buf (%p)\n", c, flags, enc_rd_buf); shm_free(enc_rd_buf); enc_rd_buf = 0; } /* real read() */ tls_mbuf_init(&rd, rd_buf, sizeof(rd_buf)); /* read() only if no previously detected EOF, or previous short read (which means the socket buffer was emptied) */ if (likely(!(*flags & (RD_CONN_EOF|RD_CONN_SHORT_READ)))) { /* don't read more then the free bytes in the tcp req buffer */ read_size = MIN_unsigned(rd.size, bytes_free); bytes_read = tcp_read_data(c->fd, c, (char*)rd.buf, read_size, flags); TLS_RD_TRACE("(%p, %p) tcp_read_data(..., %d, *%d) => %d bytes\n", c, flags, read_size, *flags, bytes_read); /* try SSL_read even on 0 bytes read, it might have internally buffered data */ if (unlikely(bytes_read < 0)) { goto error; } rd.used = bytes_read; } } continue_ssl_read: tls_mbuf_init(&wr, wr_buf, sizeof(wr_buf)); ssl_error = SSL_ERROR_NONE; err_src = "TLS read:"; /* we have to avoid to run in the same time * with a tls_write because of the * update bio stuff (we don't want a write * stealing the wbio or rbio under us or vice versa) * => lock on con->write_lock (ugly hack) */ lock_get(&c->write_lock); tls_set_mbufs(c, &rd, &wr); ssl = tls_c->ssl; n = 0; if (unlikely(tls_write_wants_read(tls_c) && !(*flags & RD_CONN_EOF))) { n = tls_ct_wq_flush(c, &tls_c->ct_wq, &flush_flags, &ssl_error); TLS_RD_TRACE("(%p, %p) tls write on read (WRITE_WANTS_READ):" " ct_wq_flush()=> %d (ff=%d ssl_error=%d))\n", c, flags, n, flush_flags, ssl_error); if (unlikely(n < 0 )) { tls_set_mbufs(c, 0, 0); lock_release(&c->write_lock); ERR("write flush error (%d)\n", n); goto error; } if (likely(flush_flags & F_BUFQ_EMPTY)) tls_c->flags &= ~F_TLS_CON_WR_WANTS_RD; if (unlikely(flush_flags & F_BUFQ_ERROR_FLUSH)) err_src = "TLS write:"; } if (likely(ssl_error == SSL_ERROR_NONE)) { if (unlikely(tls_c->state == S_TLS_CONNECTING)) { n = tls_connect(c, &ssl_error); TLS_RD_TRACE("(%p, %p) tls_connect() => %d (err=%d)\n", c, flags, n, ssl_error); if (unlikely(n>=1)) { n = SSL_read(ssl, r->pos, bytes_free); } else { /* tls_connect failed/needs more IO */ if (unlikely(n < 0 && ssl_error == SSL_ERROR_NONE)) { lock_release(&c->write_lock); goto error; } err_src = "TLS connect:"; goto ssl_read_skipped; } } else if (unlikely(tls_c->state == S_TLS_ACCEPTING)) { n = tls_accept(c, &ssl_error); TLS_RD_TRACE("(%p, %p) tls_accept() => %d (err=%d)\n", c, flags, n, ssl_error); if (unlikely(n>=1)) { n = SSL_read(ssl, r->pos, bytes_free); } else { /* tls_accept failed/needs more IO */ if (unlikely(n < 0 && ssl_error == SSL_ERROR_NONE)) { lock_release(&c->write_lock); goto error; } err_src = "TLS accept:"; goto ssl_read_skipped; } } else { /* if bytes in then decrypt read buffer into tcpconn req. buffer */ n = SSL_read(ssl, r->pos, bytes_free); } /** handle SSL_read() return. * There are 3 main cases, each with several sub-cases, depending * on whether or not the output buffer was filled, if there * is still unconsumed input data in the input buffer (rd) * and if there is "cached" data in the internal openssl * buffers. * 0. error (n<=0): * SSL_ERROR_WANT_READ - input data fully * consumed, no more returnable cached data inside openssl * => exit. * SSL_ERROR_WANT_WRITE - should never happen (the write * buffer is big enough to handle any re-negociation). * SSL_ERROR_ZERO_RETURN - ssl level shutdown => exit. * other errors are unexpected. * 1. output buffer filled (n == bytes_free): * 1i. - still unconsumed input, nothing buffered by openssl * 1ip. - unconsumed input + buffered data by openssl (pending on the next SSL_read). * 1p. - completely consumed input, buffered data internally * by openssl (pending). * Likely to happen, about the only case when * SSL_pending() could be used (but only if readahead=0). * 1f. - consumed input, no buffered data. * 2. output buffer not fully filled (n < bytes_free): * 2i. - still unconsumed input, nothing buffered by openssl. * This can appear if SSL readahead is 0 (SSL_read() * tries to get only 1 record from the input). * 2ip. - unconsumed input and buffered data by openssl. * Unlikely to happen (e.g. readahead is 1, more * records are buffered internally by openssl, but * there was not enough space for buffering the whole * input). * 2p - consumed input, but buffered data by openssl. * It happens especially when readahead is 1. * 2f. - consumed input, no buffered data. * * One should repeat SSL_read() until and error is detected * (0*) or the input and internal ssl buffers are fully consumed * (1f or 2f). However in general is not possible to see if * SSL_read() could return more data. SSL_pending() has very * limited usability (basically it would return !=0 only if there * was no enough space in the output buffer and only if this did * not happen at a record boundary). * The solution is to repeat SSL_read() until error or until * the output buffer is filled (0* or 1*). * In the later case, this whole function should be called again * once there is more output space (set RD_CONN_REPEAT_READ). */ if (unlikely(tls_c->flags & F_TLS_CON_RENEGOTIATION)) { /* Fix CVE-2009-3555 - disable renegotiation if started by client * - simulate SSL EOF to force close connection*/ tls_dbg = cfg_get(tls, tls_cfg, debug); LOG(tls_dbg, "Reading on a renegotiation of connection (n:%d) (%d)\n", n, SSL_get_error(ssl, n)); err_src = "TLS R-N read:"; ssl_error = SSL_ERROR_ZERO_RETURN; } else { if (unlikely(n <= 0)) { ssl_error = SSL_get_error(ssl, n); err_src = "TLS read:"; /* errors handled below, outside the lock */ } else { ssl_error = SSL_ERROR_NONE; r->pos += n; ssl_read += n; bytes_free -=n; } } TLS_RD_TRACE("(%p, %p) SSL_read() => %d (err=%d) ssl_read=%d" " *flags=%d tls_c->flags=%d\n", c, flags, n, ssl_error, ssl_read, *flags, tls_c->flags); ssl_read_skipped: ; } if (unlikely(wr.used != 0 && ssl_error != SSL_ERROR_ZERO_RETURN)) { TLS_RD_TRACE("(%p, %p) tcpconn_send_unsafe %d bytes\n", c, flags, wr.used); /* something was written and it's not ssl EOF*/ if (unlikely(tcpconn_send_unsafe(c->fd, c, (char*)wr.buf, wr.used, c->send_flags) < 0)) { tls_set_mbufs(c, 0, 0); lock_release(&c->write_lock); TLS_RD_TRACE("(%p, %p) tcpconn_send_unsafe error\n", c, flags); goto error_send; } } /* quickly catch bugs: segfault if accessed and not set */ tls_set_mbufs(c, 0, 0); lock_release(&c->write_lock); switch(ssl_error) { case SSL_ERROR_NONE: if (unlikely(n < 0)) { BUG("unexpected SSL_ERROR_NONE for n=%d\n", n); goto error; } break; case SSL_ERROR_ZERO_RETURN: /* SSL EOF */ TLS_RD_TRACE("(%p, %p) SSL EOF (fd=%d)\n", c, flags, c->fd); goto ssl_eof; case SSL_ERROR_WANT_READ: TLS_RD_TRACE("(%p, %p) SSL_ERROR_WANT_READ *flags=%d\n", c, flags, *flags); /* needs to read more data */ if (unlikely(rd.pos != rd.used)) { /* data still in the read buffer */ BUG("SSL_ERROR_WANT_READ but data still in" " the rbio (%p, %d bytes at %d)\n", rd.buf, rd.used - rd.pos, rd.pos); goto bug; } if (unlikely((*flags & (RD_CONN_EOF | RD_CONN_SHORT_READ)) == 0) && bytes_free){ /* there might still be data to read and there is space to decrypt it in tcp_req (no byte has been written into tcp_req in this case) */ TLS_RD_TRACE("(%p, %p) redo read *flags=%d bytes_free=%d\n", c, flags, *flags, bytes_free); goto redo_read; } goto end; /* no more data to read */ case SSL_ERROR_WANT_WRITE: if (wr.used) { /* something was written => buffer not big enough to hold everything => reset buffer & retry (the tcp_write already happened if we are here) */ TLS_RD_TRACE("(%p) SSL_ERROR_WANT_WRITE partial write" " (written %d), retrying\n", c, wr.used); goto continue_ssl_read; } /* else write buffer too small, nothing written */ BUG("write buffer too small (%d/%d bytes)\n", wr.used, wr.size); goto bug; case SSL_ERROR_SSL: /* protocol level error */ TLS_ERR(err_src); goto error; #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/ case SSL_ERROR_WANT_CONNECT: /* only if the underlying BIO is not yet connected and the call would block in connect(). (not possible in our case) */ BUG("unexpected SSL_ERROR_WANT_CONNECT\n"); goto bug; case SSL_ERROR_WANT_ACCEPT: /* only if the underlying BIO is not yet connected and call would block in accept() (not possible in our case) */ BUG("unexpected SSL_ERROR_WANT_ACCEPT\n"); goto bug; #endif case SSL_ERROR_WANT_X509_LOOKUP: /* can only appear on client application and it indicates that an installed client cert. callback should be called again (it returned < 0 indicated that it wants to be called later). Not possible in our case */ BUG("unsupported SSL_ERROR_WANT_X509_LOOKUP"); goto bug; case SSL_ERROR_SYSCALL: TLS_ERR_RET(x, err_src); if (!x) { if (n == 0) { WARN("Unexpected EOF\n"); } else /* should never happen */ BUG("IO error (%d) %s\n", errno, strerror(errno)); } goto error; default: TLS_ERR(err_src); BUG("unexpected SSL error %d\n", ssl_error); goto bug; } if (unlikely(n < 0)) { /* here n should always be >= 0 */ BUG("unexpected value (n = %d)\n", n); goto bug; } if (unlikely(rd.pos != rd.used)) { /* encrypted data still in the read buffer (SSL_read() did not consume all of it) */ if (unlikely(n < 0)) /* here n should always be >= 0 */ BUG("unexpected value (n = %d)\n", n); else { if (unlikely(bytes_free != 0)) { /* 2i or 2ip: unconsumed input and output buffer not filled => retry ssl read (SSL_read() will read will stop at record boundaries, unless readahead==1). No tcp_read() is attempted, since that would reset the current no-yet-consumed input data. */ TLS_RD_TRACE("(%p, %p) input not fully consumed =>" " retry SSL_read" " (pos: %d, remaining %d, output free %d)\n", c, flags, rd.pos, rd.used-rd.pos, bytes_free); goto continue_ssl_read; } /* 1i or 1ip: bytes_free == 0 (unconsumed input, but filled output buffer) => queue read data, and exit asking for repeating the call once there is some space in the output buffer. */ if (likely(!enc_rd_buf)) { TLS_RD_TRACE("(%p, %p) creating enc_rd_buf (for %d bytes)\n", c, flags, rd.used - rd.pos); enc_rd_buf = shm_malloc(sizeof(*enc_rd_buf) - sizeof(enc_rd_buf->buf) + rd.used - rd.pos); if (unlikely(enc_rd_buf == 0)) { ERR("memory allocation error (%d bytes requested)\n", (int)(sizeof(*enc_rd_buf) + sizeof(enc_rd_buf->buf) + rd.used - rd.pos)); goto error; } enc_rd_buf->pos = 0; enc_rd_buf->size = rd.used - rd.pos; memcpy(enc_rd_buf->buf, rd.buf + rd.pos, enc_rd_buf->size); } else if ((enc_rd_buf->buf + enc_rd_buf->pos) == rd.buf) { TLS_RD_TRACE("(%p, %p) enc_rd_buf already in use," " updating pos %d\n", c, flags, enc_rd_buf->pos); enc_rd_buf->pos += rd.pos; } else { BUG("enc_rd_buf->buf = %p, pos = %d, rd_buf.buf = %p\n", enc_rd_buf->buf, enc_rd_buf->pos, rd.buf); goto bug; } if (unlikely(tls_c->enc_rd_buf)) BUG("tls_c->enc_rd_buf!=0 (%p)\n", tls_c->enc_rd_buf); /* there can't be 2 reads in parallel, so no locking is needed here */ tls_c->enc_rd_buf = enc_rd_buf; enc_rd_buf = 0; *flags |= RD_CONN_REPEAT_READ; } } else if (bytes_free != 0) { /* 2f or 2p: input fully consumed (rd.pos == rd.used), output buffer not filled, still possible to have pending data buffered by openssl */ if (unlikely((*flags & (RD_CONN_EOF|RD_CONN_SHORT_READ)) == 0)) { /* still space in the tcp unenc. req. buffer, no SSL_read error, not a short read and not an EOF (possible more data in the socket buffer) => try a new tcp read too */ TLS_RD_TRACE("(%p, %p) retry read (still space and no short" " tcp read: %d)\n", c, flags, *flags); goto redo_read; } else { /* don't tcp_read() anymore, but there might still be data buffered internally by openssl (e.g. if readahead==1) => retry SSL_read() with the current full input buffer (if no more internally SSL buffered data => WANT_READ => exit). */ TLS_RD_TRACE("(%p, %p) retry SSL_read only (*flags =%d)\n", c, flags, *flags); goto continue_ssl_read; } } else { /* 1p or 1f: rd.pos == rd.used && bytes_free == 0 (input fully consumed && output buffer filled) */ /* ask for a repeat when there is more buffer space (there is no definitive way to know if ssl doesn't still have some internal buffered data until we get WANT_READ, see SSL_read() comment above) */ *flags |= RD_CONN_REPEAT_READ; TLS_RD_TRACE("(%p, %p) output filled, exit asking to be called again" " (*flags =%d)\n", c, flags, *flags); } end: if (enc_rd_buf) shm_free(enc_rd_buf); TLS_RD_TRACE("(%p, %p) end => %d (*flags=%d)\n", c, flags, ssl_read, *flags); return ssl_read; ssl_eof: /* behave as an EOF would have been received at the tcp level */ if (enc_rd_buf) shm_free(enc_rd_buf); c->state = S_CONN_EOF; *flags |= RD_CONN_EOF; TLS_RD_TRACE("(%p, %p) end EOF => %d (*flags=%d)\n", c, flags, ssl_read, *flags); return ssl_read; error_send: error: bug: if (enc_rd_buf) shm_free(enc_rd_buf); r->error=TCP_READ_ERROR; TLS_RD_TRACE("(%p, %p) end error => %d (*flags=%d)\n", c, flags, ssl_read, *flags); return -1; }
/** tls encrypt before sending function. * It is a callback that will be called by the tcp code, before a send * on TLS would be attempted. It should replace the input buffer with a * new static buffer containing the TLS processed data. * If the input buffer could not be fully encoded (e.g. run out of space * in the internal static buffer), it should set rest_buf and rest_len to * the remaining part, so that it could be called again once the output has * been used (sent). The send_flags used are also passed and they can be * changed (e.g. to disallow a close() after a partial encode). * WARNING: it must always be called with c->write_lock held! * @param c - tcp connection * @param pbuf - pointer to buffer (value/result, on success it will be * replaced with a static buffer). * @param plen - pointer to buffer size (value/result, on success it will be * replaced with the size of the replacement buffer. * @param rest_buf - (result) should be filled with a pointer to the * remaining unencoded part of the original buffer if any, * 0 otherwise. * @param rest_len - (result) should be filled with the length of the * remaining unencoded part of the original buffer (0 if * the original buffer was fully encoded). * @param send_flags - pointer to the send_flags that will be used for sending * the message. * @return *plen on success (>=0), < 0 on error. */ int tls_encode_f(struct tcp_connection *c, const char** pbuf, unsigned int* plen, const char** rest_buf, unsigned int* rest_len, snd_flags_t* send_flags) { int n, offs; SSL* ssl; struct tls_extra_data* tls_c; static unsigned char wr_buf[TLS_WR_MBUF_SZ]; struct tls_mbuf rd, wr; int ssl_error; char* err_src; const char* buf; unsigned int len; int x; buf = *pbuf; len = *plen; *rest_buf = 0; *rest_len = 0; TLS_WR_TRACE("(%p, %p, %d, ... 0x%0x) start (%s:%d* -> %s)\n", c, buf, len, send_flags->f, ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port, su2a(&c->rcv.src_su, sizeof(c->rcv.src_su))); n = 0; offs = 0; ssl_error = SSL_ERROR_NONE; err_src = "TLS write:"; if (unlikely(tls_fix_connection_unsafe(c) < 0)) { /* c->extra_data might be null => exit immediately */ TLS_WR_TRACE("(%p) end: tls_fix_connection_unsafe failed =>" " immediate error exit\n", c); return -1; } tls_c = (struct tls_extra_data*)c->extra_data; ssl = tls_c->ssl; tls_mbuf_init(&rd, 0, 0); /* no read */ tls_mbuf_init(&wr, wr_buf, sizeof(wr_buf)); /* clear text already queued (WANTS_READ) queue directly*/ if (unlikely(tls_write_wants_read(tls_c))) { TLS_WR_TRACE("(%p) WANTS_READ queue present => queueing" " (%d bytes, %p + %d)\n", c, len - offs, buf, offs); if (unlikely(tls_ct_wq_add(&tls_c->ct_wq, buf+offs, len -offs) < 0)) { ERR("ct write buffer full for %p (%d bytes)\n", c, tls_c->ct_wq?tls_c->ct_wq->queued:0); goto error_wq_full; } /* buffer queued for a future send attempt, after first reading some data (key exchange) => don't allow immediate closing of the connection */ send_flags->f &= ~SND_F_CON_CLOSE; goto end; } if (unlikely(tls_set_mbufs(c, &rd, &wr) < 0)) { ERR("tls_set_mbufs failed\n"); goto error; } redo_wr: if (unlikely(tls_c->state == S_TLS_CONNECTING)) { n = tls_connect(c, &ssl_error); TLS_WR_TRACE("(%p) tls_connect() => %d (err=%d)\n", c, n, ssl_error); if (unlikely(n>=1)) { n = SSL_write(ssl, buf + offs, len - offs); if (unlikely(n <= 0)) ssl_error = SSL_get_error(ssl, n); } else { /* tls_connect failed/needs more IO */ if (unlikely(n < 0 && ssl_error == SSL_ERROR_NONE)) goto error; err_src = "TLS connect:"; } } else if (unlikely(tls_c->state == S_TLS_ACCEPTING)) { n = tls_accept(c, &ssl_error); TLS_WR_TRACE("(%p) tls_accept() => %d (err=%d)\n", c, n, ssl_error); if (unlikely(n>=1)) { n = SSL_write(ssl, buf + offs, len - offs); if (unlikely(n <= 0)) ssl_error = SSL_get_error(ssl, n); } else { /* tls_accept failed/needs more IO */ if (unlikely(n < 0 && ssl_error == SSL_ERROR_NONE)) goto error; err_src = "TLS accept:"; } } else { n = SSL_write(ssl, buf + offs, len - offs); if (unlikely(n <= 0)) ssl_error = SSL_get_error(ssl, n); } TLS_WR_TRACE("(%p) SSL_write(%p + %d, %d) => %d (err=%d)\n", c, buf, offs, len - offs, n, ssl_error); /* check for possible ssl errors */ if (unlikely(n <= 0)){ switch(ssl_error) { case SSL_ERROR_NONE: BUG("unexpected SSL_ERROR_NONE for n=%d\n", n); goto error; break; case SSL_ERROR_ZERO_RETURN: /* SSL EOF */ ERR("ssl level EOF\n"); goto ssl_eof; case SSL_ERROR_WANT_READ: /* queue write buffer */ TLS_WR_TRACE("(%p) SSL_ERROR_WANT_READ => queueing for read" " (%p + %d, %d)\n", c, buf, offs, len -offs); if (unlikely(tls_ct_wq_add(&tls_c->ct_wq, buf+offs, len -offs) < 0)) { ERR("ct write buffer full (%d bytes)\n", tls_c->ct_wq?tls_c->ct_wq->queued:0); goto error_wq_full; } tls_c->flags |= F_TLS_CON_WR_WANTS_RD; /* buffer queued for a future send attempt, after first reading some data (key exchange) => don't allow immediate closing of the connection */ send_flags->f &= ~SND_F_CON_CLOSE; break; /* or goto end */ case SSL_ERROR_WANT_WRITE: if (unlikely(offs == 0)) { /* error, no record fits in the buffer or no partial write enabled and buffer to small to fit all the records */ BUG("write buffer too small (%d/%d bytes)\n", wr.used, wr.size); goto bug; } else { /* offs != 0 => something was "written" */ *rest_buf = buf + offs; *rest_len = len - offs; /* this function should be called again => disallow immediate closing of the connection */ send_flags->f &= ~SND_F_CON_CLOSE; TLS_WR_TRACE("(%p) SSL_ERROR_WANT_WRITE partial write" " (written %p , %d, rest_buf=%p" " rest_len=%d))\n", c, buf, offs, *rest_buf, *rest_len); } break; /* or goto end */ case SSL_ERROR_SSL: /* protocol level error */ TLS_ERR(err_src); goto error; #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/ case SSL_ERROR_WANT_CONNECT: /* only if the underlying BIO is not yet connected and the call would block in connect(). (not possible in our case) */ BUG("unexpected SSL_ERROR_WANT_CONNECT\n"); break; case SSL_ERROR_WANT_ACCEPT: /* only if the underlying BIO is not yet connected and call would block in accept() (not possible in our case) */ BUG("unexpected SSL_ERROR_WANT_ACCEPT\n"); break; #endif case SSL_ERROR_WANT_X509_LOOKUP: /* can only appear on client application and it indicates that an installed client cert. callback should be called again (it returned < 0 indicated that it wants to be called later). Not possible in our case */ BUG("unsupported SSL_ERROR_WANT_X509_LOOKUP"); goto bug; case SSL_ERROR_SYSCALL: TLS_ERR_RET(x, err_src); if (!x) { if (n == 0) { WARN("Unexpected EOF\n"); } else /* should never happen */ BUG("IO error (%d) %s\n", errno, strerror(errno)); } goto error; default: TLS_ERR(err_src); BUG("unexpected SSL error %d\n", ssl_error); goto bug; } } else if (unlikely(n < (len - offs))) { /* partial ssl write (possible if SSL_MODE_ENABLE_PARTIAL_WRITE) => retry with the rest */ TLS_WR_TRACE("(%p) partial write (%d < %d, offset %d), retry\n", c, n, len - offs, offs); offs += n; goto redo_wr; } tls_set_mbufs(c, 0, 0); end: *pbuf = (const char*)wr.buf; *plen = wr.used; TLS_WR_TRACE("(%p) end (offs %d, rest_buf=%p rest_len=%d 0x%0x) => %d \n", c, offs, *rest_buf, *rest_len, send_flags->f, *plen); return *plen; error: /*error_send:*/ error_wq_full: bug: tls_set_mbufs(c, 0, 0); TLS_WR_TRACE("(%p) end error (offs %d, %d encoded) => -1\n", c, offs, wr.used); return -1; ssl_eof: c->state = S_CONN_EOF; c->flags |= F_CONN_FORCE_EOF; *pbuf = (const char*)wr.buf; *plen = wr.used; DBG("TLS connection has been closed\n"); TLS_WR_TRACE("(%p) end EOF (offs %d) => (%d\n", c, offs, *plen); return *plen; }
/* Handle the connection of a client. */ static void connection_handler(t_session *session) { int result; #ifdef ENABLE_TLS int timeout; #endif #ifdef ENABLE_DEBUG session->current_task = "thread started"; #endif #ifdef ENABLE_TLS if (session->binding->use_tls) { #ifdef ENABLE_DEBUG session->current_task = "ssl accept"; #endif timeout = session->kept_alive == 0 ? session->binding->time_for_1st_request : session->binding->time_for_request; switch (tls_accept(&(session->client_socket), &(session->tls_context), session->binding->tls_config, timeout)) { case -1: break; case TLS_HANDSHAKE_NO_MATCH: log_system(session, "No cypher overlap during TLS handshake."); break; case TLS_HANDSHAKE_TIMEOUT: handle_timeout(session); break; case TLS_HANDSHAKE_OKE: session->socket_open = true; break; } } else #endif session->socket_open = true; if (session->socket_open) { #ifdef ENABLE_MONITOR if (session->config->monitor_enabled) { monitor_count_connection(session); } #endif do { result = serve_client(session); handle_request_result(session, result); #ifdef ENABLE_TOMAHAWK if (session->parsing_oke) { show_request_to_admins(session->method, session->request_uri, session->http_version, &(session->ip_address), session->http_headers, session->return_code, session->bytes_sent); } #endif #ifdef ENABLE_DEBUG session->current_task = "request done"; #endif if (session->socket_open) { /* Flush the output-buffer */ if (send_buffer(session, NULL, 0) == -1) { session->keep_alive = false; } } #ifdef ENABLE_MONITOR if (session->config->monitor_enabled) { monitor_count_host(session); } #endif reset_session(session); #ifdef ENABLE_DEBUG session->current_task = "session reset"; #endif if ((session->kept_alive > 0) && (session->config->ban_on_flooding > 0)) { if (client_is_flooding(session)) { if (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny) { ban_ip(&(session->ip_address), session->config->ban_on_flooding, session->config->kick_on_ban); log_system(session, "Client banned because of flooding"); session->keep_alive = false; #ifdef ENABLE_MONITOR if (session->config->monitor_enabled) { monitor_count_ban(session); } #endif } } } } while (session->keep_alive && session->socket_open); #ifdef ENABLE_DEBUG session->current_task = "session done"; #endif destroy_session(session); close_socket(session); } else { close(session->client_socket); } if (session->config->reconnect_delay > 0) { mark_client_for_removal(session, session->config->reconnect_delay); } else { remove_client(session, true); } #ifdef ENABLE_DEBUG /* Show memory usage by thread */ memdbg_print_log(false); #endif /* Client session ends here */ #ifndef ENABLE_THREAD_POOL pthread_exit(NULL); #endif }