Backport more TLS backend and ssld fixes & improvements from 3.6

openssl:
 * Don't manually initialise libssl 1.1.0 -- it does this automatically
 * SSL_library_init() should be called first otherwise
 * Move SSL_CTX construction to rb_setup_ssl_server()
 * Test for all required files (certificate & key) before doing anything
 * Free the old CTX before constructing a new one (Fixes #186)
 * Properly abort rb_setup_ssl_server() on CTX construction failures
 * Support ECDHE on more than one curve on OpenSSL 1.0.2 and above
 * Clean up ifdef indentation
 * Fix DH parameters memory leak

mbedtls:
 * Fix certificate fingerprint generation
 * Fix library linking order
 * Fix incorrect printf()-esque argument count
 * Return digest length for fingerprints instead of 1, consistent
   with the other backends

sslproc / ssld:
 * Fingerprint methods have no assocated file descriptors
 * Send TLS information (cipher, fingerprint) before data
 * Use correct header length for fingerprint method

Authored-by: Aaron Jones <aaronmdjones@gmail.com>
Authored-by: William Pitcock <nenolod@dereferenced.org>
Authored-by: Simon Arlott <sa.me.uk>
This commit is contained in:
Aaron Jones 2016-04-30 21:34:42 +00:00
parent 1d2ba176ea
commit 5c8da48264
No known key found for this signature in database
GPG key ID: 6E854C0FAAD4CEA4
6 changed files with 175 additions and 151 deletions

4
libratbox/configure vendored
View file

@ -14986,7 +14986,7 @@ if ${ac_cv_lib_mbedtls_mbedtls_ssl_init+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lmbedtls -lmbedcrypto -lmbedx509 $LIBS"
LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@ -15018,7 +15018,7 @@ fi
$as_echo "$ac_cv_lib_mbedtls_mbedtls_ssl_init" >&6; }
if test "x$ac_cv_lib_mbedtls_mbedtls_ssl_init" = xyes; then :
MBEDTLS_LIBS="$MBEDTLS_LIBS -lmbedtls -lmbedcrypto -lmbedx509"
MBEDTLS_LIBS="$MBEDTLS_LIBS -lmbedtls -lmbedx509 -lmbedcrypto"
cf_enable_mbedtls=yes
else

View file

@ -351,9 +351,9 @@ if test "$cf_enable_mbedtls" != no; then
save_LIBS="$LIBS"
LIBS="$LIBS $MBEDTLS_LIBS"
AC_CHECK_LIB(mbedtls, mbedtls_ssl_init, [
MBEDTLS_LIBS="$MBEDTLS_LIBS -lmbedtls -lmbedcrypto -lmbedx509"
MBEDTLS_LIBS="$MBEDTLS_LIBS -lmbedtls -lmbedx509 -lmbedcrypto"
cf_enable_mbedtls=yes
], [cf_enable_mbedtls=no], [-lmbedcrypto -lmbedx509])
], [cf_enable_mbedtls=no], [-lmbedx509 -lmbedcrypto])
fi
dnl GnuTLS support

View file

@ -552,12 +552,15 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
case RB_SSL_CERTFP_METH_SHA1:
md_type = MBEDTLS_MD_SHA1;
hashlen = RB_SSL_CERTFP_LEN_SHA1;
break;
case RB_SSL_CERTFP_METH_SHA256:
md_type = MBEDTLS_MD_SHA256;
hashlen = RB_SSL_CERTFP_LEN_SHA256;
break;
case RB_SSL_CERTFP_METH_SHA512:
md_type = MBEDTLS_MD_SHA512;
hashlen = RB_SSL_CERTFP_LEN_SHA512;
break;
default:
return 0;
}
@ -572,13 +575,13 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
if ((ret = mbedtls_md(md_info, peer_cert->raw.p, peer_cert->raw.len, hash)) != 0)
{
rb_lib_log("rb_get_ssl_certfp: unable to get certfp for F: %p, -0x%x", -ret);
rb_lib_log("rb_get_ssl_certfp: unable to get certfp for F: %p, -0x%x", F, -ret);
return 0;
}
memcpy(certfp, hash, hashlen);
return 1;
return (int) hashlen;
}
int

View file

@ -49,8 +49,20 @@
# endif
#endif
static SSL_CTX *ssl_server_ctx;
static SSL_CTX *ssl_client_ctx;
/*
* Use SSL_CTX_set_ecdh_auto() in OpenSSL 1.0.2 only
* Use SSL_CTX_set1_curves_list() in OpenSSL 1.0.2 and above
* TODO: Merge this into the block above if LibreSSL implements them
*/
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10002000L)
# define LRB_HAVE_TLS_SET_CURVES 1
# if (OPENSSL_VERSION_NUMBER < 0x10100000L)
# define LRB_HAVE_TLS_ECDH_AUTO 1
# endif
#endif
static SSL_CTX *ssl_server_ctx = NULL;
static SSL_CTX *ssl_client_ctx = NULL;
static int libratbox_index = -1;
static unsigned long
@ -313,106 +325,35 @@ get_ssl_error(unsigned long err)
int
rb_init_ssl(void)
{
int ret = 1;
char libratbox_data[] = "libratbox data";
const char libratbox_ciphers[] = "kEECDH+HIGH:kEDH+HIGH:HIGH:!RC4:!aNULL";
SSL_load_error_strings();
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
/*
* OpenSSL 1.1.0 and above automatically initialises itself with sane defaults
*/
SSL_library_init();
SSL_load_error_strings();
#endif
libratbox_index = SSL_get_ex_new_index(0, libratbox_data, NULL, NULL, NULL);
#ifndef LRB_HAVE_TLS_METHOD_API
ssl_server_ctx = SSL_CTX_new(SSLv23_server_method());
#else
ssl_server_ctx = SSL_CTX_new(TLS_server_method());
#endif
if(ssl_server_ctx == NULL)
{
rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL server context: %s",
get_ssl_error(ERR_get_error()));
ret = 0;
}
long server_options = SSL_CTX_get_options(ssl_server_ctx);
#ifndef LRB_HAVE_TLS_METHOD_API
server_options |= SSL_OP_NO_SSLv2;
server_options |= SSL_OP_NO_SSLv3;
#endif
#ifdef SSL_OP_SINGLE_DH_USE
server_options |= SSL_OP_SINGLE_DH_USE;
#endif
#ifdef SSL_OP_SINGLE_ECDH_USE
server_options |= SSL_OP_SINGLE_ECDH_USE;
#endif
#ifdef SSL_OP_NO_TICKET
server_options |= SSL_OP_NO_TICKET;
#endif
server_options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
SSL_CTX_set_options(ssl_server_ctx, server_options);
SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_accept_all_cb);
SSL_CTX_set_session_cache_mode(ssl_server_ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_cipher_list(ssl_server_ctx, libratbox_ciphers);
/* Set ECDHE on OpenSSL 1.00+, but make sure it's actually available because redhat are dicks
and bastardise their OpenSSL for stupid reasons... */
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) && defined(NID_secp384r1)
EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1);
if (key) {
SSL_CTX_set_tmp_ecdh(ssl_server_ctx, key);
EC_KEY_free(key);
}
#endif
#ifndef LRB_HAVE_TLS_METHOD_API
ssl_client_ctx = SSL_CTX_new(SSLv23_client_method());
#else
ssl_client_ctx = SSL_CTX_new(TLS_client_method());
#endif
if(ssl_client_ctx == NULL)
{
rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL client context: %s",
get_ssl_error(ERR_get_error()));
ret = 0;
}
#ifndef LRB_HAVE_TLS_METHOD_API
SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
#endif
#ifdef SSL_OP_NO_TICKET
SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_TICKET);
#endif
SSL_CTX_set_cipher_list(ssl_client_ctx, libratbox_ciphers);
return ret;
return 1;
}
int
rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list)
{
DH *dh;
unsigned long err;
const char libratbox_ciphers[] = "kEECDH+HIGH:kEDH+HIGH:HIGH:!aNULL";
#ifdef LRB_HAVE_TLS_SET_CURVES
const char libratbox_curves[] = "P-521:P-384:P-256";
#endif
if(cert == NULL)
{
rb_lib_log("rb_setup_ssl_server: No certificate file");
return 0;
}
if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, cert) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx, cert))
{
err = ERR_get_error();
rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", cert,
get_ssl_error(err));
return 0;
}
if(keyfile == NULL)
{
@ -420,12 +361,96 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, c
return 0;
}
if(cipher_list == NULL)
cipher_list = libratbox_ciphers;
if(ssl_server_ctx)
SSL_CTX_free(ssl_server_ctx);
if(ssl_client_ctx)
SSL_CTX_free(ssl_client_ctx);
#ifdef LRB_HAVE_TLS_METHOD_API
ssl_server_ctx = SSL_CTX_new(TLS_server_method());
ssl_client_ctx = SSL_CTX_new(TLS_client_method());
#else
ssl_server_ctx = SSL_CTX_new(SSLv23_server_method());
ssl_client_ctx = SSL_CTX_new(SSLv23_client_method());
#endif
if(ssl_server_ctx == NULL)
{
rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL server context: %s",
get_ssl_error(ERR_get_error()));
return 0;
}
if(ssl_client_ctx == NULL)
{
rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL client context: %s",
get_ssl_error(ERR_get_error()));
return 0;
}
#ifndef LRB_HAVE_TLS_METHOD_API
SSL_CTX_set_options(ssl_server_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
#endif
#ifdef SSL_OP_SINGLE_DH_USE
SSL_CTX_set_options(ssl_server_ctx, SSL_OP_SINGLE_DH_USE);
#endif
#ifdef SSL_OP_SINGLE_ECDH_USE
SSL_CTX_set_options(ssl_server_ctx, SSL_OP_SINGLE_ECDH_USE);
#endif
#ifdef SSL_OP_NO_TICKET
SSL_CTX_set_options(ssl_server_ctx, SSL_OP_NO_TICKET);
SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_TICKET);
#endif
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
SSL_CTX_set_options(ssl_server_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
#endif
#ifdef LRB_HAVE_TLS_ECDH_AUTO
SSL_CTX_set_ecdh_auto(ssl_server_ctx, 1);
#endif
#ifdef LRB_HAVE_TLS_SET_CURVES
SSL_CTX_set1_curves_list(ssl_server_ctx, libratbox_curves);
SSL_CTX_set1_curves_list(ssl_client_ctx, libratbox_curves);
#endif
SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_accept_all_cb);
SSL_CTX_set_session_cache_mode(ssl_server_ctx, SSL_SESS_CACHE_OFF);
/*
* Set manual ECDHE curve on OpenSSL 1.0.0 & 1.0.1, but make sure it's actually available
*/
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) && (OPENSSL_VERSION_NUMBER < 0x10002000L) && !defined(OPENSSL_NO_ECDH)
EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1);
if(key) {
SSL_CTX_set_tmp_ecdh(ssl_server_ctx, key);
EC_KEY_free(key);
}
#endif
SSL_CTX_set_cipher_list(ssl_server_ctx, cipher_list);
SSL_CTX_set_cipher_list(ssl_client_ctx, cipher_list);
if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, cert) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx, cert))
{
rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", cert,
get_ssl_error(ERR_get_error()));
return 0;
}
if(!SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile, SSL_FILETYPE_PEM) || !SSL_CTX_use_PrivateKey_file(ssl_client_ctx, keyfile, SSL_FILETYPE_PEM))
{
err = ERR_get_error();
rb_lib_log("rb_setup_ssl_server: Error loading keyfile [%s]: %s", keyfile,
get_ssl_error(err));
get_ssl_error(ERR_get_error()));
return 0;
}
@ -435,32 +460,26 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, c
BIO *bio = BIO_new_file(dhfile, "r");
if(bio != NULL)
{
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
if(dh == NULL)
{
err = ERR_get_error();
rb_lib_log
("rb_setup_ssl_server: Error loading DH params file [%s]: %s",
dhfile, get_ssl_error(err));
dhfile, get_ssl_error(ERR_get_error()));
BIO_free(bio);
return 0;
}
BIO_free(bio);
SSL_CTX_set_tmp_dh(ssl_server_ctx, dh);
DH_free(dh);
}
else
{
err = ERR_get_error();
rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s",
dhfile, get_ssl_error(err));
dhfile, get_ssl_error(ERR_get_error()));
}
}
if (cipher_list != NULL)
{
SSL_CTX_set_cipher_list(ssl_server_ctx, cipher_list);
}
return 1;
}
@ -689,52 +708,55 @@ rb_get_ssl_strerror(rb_fde_t *F)
int
rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
{
const EVP_MD *evp;
unsigned int len;
X509 *cert;
int res;
if (F->ssl == NULL)
if(F->ssl == NULL)
return 0;
cert = SSL_get_peer_certificate((SSL *) F->ssl);
if(cert != NULL)
switch(method)
{
res = SSL_get_verify_result((SSL *) F->ssl);
if(
res == X509_V_OK ||
res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
res == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
{
const EVP_MD *evp;
unsigned int len;
switch(method)
{
case RB_SSL_CERTFP_METH_SHA1:
evp = EVP_sha1();
len = RB_SSL_CERTFP_LEN_SHA1;
break;
case RB_SSL_CERTFP_METH_SHA256:
evp = EVP_sha256();
len = RB_SSL_CERTFP_LEN_SHA256;
break;
case RB_SSL_CERTFP_METH_SHA512:
evp = EVP_sha512();
len = RB_SSL_CERTFP_LEN_SHA512;
break;
default:
return 0;
}
X509_digest(cert, evp, certfp, &len);
X509_free(cert);
return len;
}
X509_free(cert);
case RB_SSL_CERTFP_METH_SHA1:
evp = EVP_sha1();
len = RB_SSL_CERTFP_LEN_SHA1;
break;
case RB_SSL_CERTFP_METH_SHA256:
evp = EVP_sha256();
len = RB_SSL_CERTFP_LEN_SHA256;
break;
case RB_SSL_CERTFP_METH_SHA512:
evp = EVP_sha512();
len = RB_SSL_CERTFP_LEN_SHA512;
break;
default:
return 0;
}
return 0;
cert = SSL_get_peer_certificate((SSL *) F->ssl);
if(cert == NULL)
return 0;
res = SSL_get_verify_result((SSL *) F->ssl);
switch(res)
{
case X509_V_OK:
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
case X509_V_ERR_CERT_UNTRUSTED:
break;
default:
X509_free(cert);
return 0;
}
X509_digest(cert, evp, certfp, &len);
X509_free(cert);
return (int) len;
}
int

View file

@ -422,7 +422,7 @@ ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
char *certfp_string;
int i;
if(ctl_buf->buflen > 5 + RB_SSL_CERTFP_LEN)
if(ctl_buf->buflen > 9 + RB_SSL_CERTFP_LEN)
return; /* bogus message..drop it.. XXX should warn here */
fd = buf_to_uint32(&ctl_buf->buf[1]);
@ -759,7 +759,6 @@ start_zlib_session(void *data)
rb_fde_t *F[2];
rb_fde_t *xF1, *xF2;
char *buf;
char buf2[9];
void *recvq_start;
size_t hdr = (sizeof(uint8_t) * 2) + sizeof(uint32_t);

View file

@ -708,10 +708,10 @@ ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen
if(status == RB_OK)
{
conn_mod_read_cb(conn->mod_fd, conn);
conn_plain_read_cb(conn->plain_fd, conn);
ssl_send_cipher(conn);
ssl_send_certfp(conn);
conn_mod_read_cb(conn->mod_fd, conn);
conn_plain_read_cb(conn->plain_fd, conn);
return;
}
/* ircd doesn't care about the reason for this */
@ -726,10 +726,10 @@ ssl_process_connect_cb(rb_fde_t *F, int status, void *data)
if(status == RB_OK)
{
conn_mod_read_cb(conn->mod_fd, conn);
conn_plain_read_cb(conn->plain_fd, conn);
ssl_send_cipher(conn);
ssl_send_certfp(conn);
conn_mod_read_cb(conn->mod_fd, conn);
conn_plain_read_cb(conn->plain_fd, conn);
}
else if(status == RB_ERR_TIMEOUT)
close_conn(conn, WAIT_PLAIN, "SSL handshake timed out");
@ -1032,7 +1032,7 @@ mod_process_cmd_recv(mod_ctl_t * ctl)
}
case 'F':
{
if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
if (ctl_buf->buflen != 5)
{
cleanup_bad_message(ctl, ctl_buf);
break;