lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

3626 lines
134 KiB

/*
* mod_wolfssl - wolfSSL support for lighttpd
*
* Copyright(c) 2020 Glenn Strauss gstrauss()gluelogic.com All rights reserved
* License: BSD 3-clause (same as lighttpd)
*/
/*
* Note: If session tickets are -not- disabled with
* ssl.openssl.ssl-conf-cmd = ("Options" => "-SessionTicket")
* mod_wolfssl rotates server ticket encryption key (STEK) every 8 hours
* and keeps the prior two STEKs around, so ticket lifetime is 24 hours.
* This is fine for use with a single lighttpd instance, but with multiple
* lighttpd workers, no coordinated STEK (server ticket encryption key)
* rotation occurs unless ssl.stek-file is defined and maintained (preferred),
* or if some external job restarts lighttpd. Restarting lighttpd generates a
* new key that is shared by lighttpd workers for the lifetime of the new key.
* If the rotation period expires and lighttpd has not been restarted, and if
* ssl.stek-file is not in use, then lighttpd workers will generate new
* independent keys, making session tickets less effective for session
* resumption, since clients have a lower chance for future connections to
* reach the same lighttpd worker. However, things will still work, and a new
* session will be created if session resumption fails. Admins should plan to
* restart lighttpd at least every 8 hours if session tickets are enabled and
* multiple lighttpd workers are configured. Since that is likely disruptive,
* if multiple lighttpd workers are configured, ssl.stek-file should be
* defined and the file maintained externally.
*/
#include "first.h"
#include <sys/types.h>
#include <sys/stat.h>
#include <errno.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
/*
* Note: mod_wolfssl.c is forked from mod_openssl.c
* Many internal symbol names in mod_wolfssl.c retain the mod_openssl_* prefix
* (wolfSSL provides an OpenSSL compatibility layer)
*/
/* wolfSSL needs to be built with ./configure --enable-lighty for lighttpd.
* Doing so defines OPENSSL_EXTRA and HAVE_LIGHTY in <wolfssl/options.h>, and
* these defines are necessary for wolfSSL headers to expose sufficient openssl
* compatibility layer for wolfSSL to be able to provide an openssl substitute
* for use by lighttpd */
/* workaround fragile code in wolfssl/wolfcrypto/types.h */
#if !defined(SIZEOF_LONG) || !defined(SIZEOF_LONG_LONG)
#undef SIZEOF_LONG
#undef SIZEOF_LONG_LONG
#endif
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
static char global_err_buf[WOLFSSL_MAX_ERROR_SZ];
#undef ERR_error_string
#define ERR_error_string(e,b) \
(wolfSSL_ERR_error_string_n((e),global_err_buf,WOLFSSL_MAX_ERROR_SZ), \
global_err_buf)
#if 0 /* symbols and definitions requires WolfSSL built with -DOPENSSL_EXTRA */
#define SSL_TLSEXT_ERR_OK 0
#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal
#define SSL_TLSEXT_ERR_NOACK alert_warning
WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, const WOLFSSL_X509_NAME* y);
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*);
WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int);
WOLFSSL_API const char* wolfSSL_OBJ_nid2sn(int n);
WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
#endif
#if !defined(OPENSSL_ALL) || LIBWOLFSSL_VERSION_HEX < 0x04002000
/*(invalid; but centralize making these calls no-ops)*/
#define wolfSSL_sk_X509_NAME_num(a) 0
#define wolfSSL_sk_X509_NAME_push(a, b) 0
#define wolfSSL_sk_X509_NAME_pop_free(a, b) do { } while (0)
#define wolfSSL_sk_X509_NAME_free(a) do { } while (0)
#define wolfSSL_X509_get_subject_name(ca) \
((WOLFSSL_X509_NAME *)1) /* ! NULL */
#define wolfSSL_sk_X509_NAME_new(a) \
((WOLF_STACK_OF(WOLFSSL_X509_NAME) *)1) /* ! NULL */
#endif
#if LIBWOLFSSL_VERSION_HEX < 0x04006000 || defined(WOLFSSL_NO_FORCE_ZERO)
#define wolfSSL_OPENSSL_cleanse(x,sz) ck_memzero((x),(sz))
#endif
#if LIBWOLFSSL_VERSION_HEX < 0x04002000 /*(exact version needed not checked)*/
#ifndef STACK_OF
#define STACK_OF(x) WOLFSSL_STACK
#endif
#endif
#include "base.h"
#include "ck.h"
#include "fdevent.h"
#include "http_header.h"
#include "http_kv.h"
#include "log.h"
#include "plugin.h"
typedef struct {
/* SNI per host: with COMP_SERVER_SOCKET, COMP_HTTP_SCHEME, COMP_HTTP_HOST */
buffer *ssl_pemfile_pkey;
buffer *ssl_pemfile_x509;
buffer **ssl_pemfile_chain;
buffer *ssl_stapling;
const buffer *ssl_pemfile;
const buffer *ssl_privkey;
const buffer *ssl_stapling_file;
time_t ssl_stapling_loadts;
time_t ssl_stapling_nextts;
char must_staple;
} plugin_cert;
typedef struct {
WOLFSSL_CTX *ssl_ctx;
} plugin_ssl_ctx;
typedef struct {
STACK_OF(X509_NAME) *names;
X509_STORE *certs;
} plugin_cacerts;
typedef struct {
WOLFSSL_CTX *ssl_ctx; /* output from network_init_ssl() */
/*(used only during startup; not patched)*/
unsigned char ssl_enabled; /* only interesting for setting up listening sockets. don't use at runtime */
unsigned char ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
unsigned char ssl_empty_fragments; /* whether to not set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
unsigned char ssl_use_sslv2;
unsigned char ssl_use_sslv3;
const buffer *ssl_cipher_list;
const buffer *ssl_dh_file;
const buffer *ssl_ec_curve;
array *ssl_conf_cmd;
/*(copied from plugin_data for socket ssl_ctx config)*/
const plugin_cert *pc;
const plugin_cacerts *ssl_ca_file;
STACK_OF(X509_NAME) *ssl_ca_dn_file;
const buffer *ssl_ca_crl_file;
unsigned char ssl_verifyclient;
unsigned char ssl_verifyclient_enforce;
unsigned char ssl_verifyclient_depth;
unsigned char ssl_read_ahead;
unsigned char ssl_disable_client_renegotiation;
} plugin_config_socket; /*(used at startup during configuration)*/
typedef struct {
/* SNI per host: w/ COMP_SERVER_SOCKET, COMP_HTTP_SCHEME, COMP_HTTP_HOST */
plugin_cert *pc;
const plugin_cacerts *ssl_ca_file;
STACK_OF(X509_NAME) *ssl_ca_dn_file;
const buffer *ssl_ca_crl_file;
unsigned char ssl_verifyclient;
unsigned char ssl_verifyclient_enforce;
unsigned char ssl_verifyclient_depth;
unsigned char ssl_verifyclient_export_cert;
unsigned char ssl_read_ahead;
unsigned char ssl_log_noise;
unsigned char ssl_disable_client_renegotiation;
const buffer *ssl_verifyclient_username;
const buffer *ssl_acme_tls_1;
} plugin_config;
typedef struct {
PLUGIN_DATA;
plugin_ssl_ctx *ssl_ctxs;
plugin_config defaults;
server *srv;
array *cafiles;
const char *ssl_stek_file;
} plugin_data;
static int ssl_is_init;
/* need assigned p->id for deep access of module handler_ctx for connection
* i.e. handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; */
static plugin_data *plugin_data_singleton;
#define LOCAL_SEND_BUFSIZE (16 * 1024)
static char *local_send_buffer;
typedef struct {
WOLFSSL *ssl;
request_st *r;
connection *con;
short renegotiations; /* count of SSL_CB_HANDSHAKE_START */
short close_notify;
unsigned short alpn;
plugin_config conf;
buffer *tmp_buf;
log_error_st *errh;
} handler_ctx;
static handler_ctx *
handler_ctx_init (void)
{
handler_ctx *hctx = calloc(1, sizeof(*hctx));
force_assert(hctx);
return hctx;
}
static void
handler_ctx_free (handler_ctx *hctx)
{
if (hctx->ssl) SSL_free(hctx->ssl);
free(hctx);
}
#ifdef HAVE_SESSION_TICKET
/* ssl/ssl_local.h */
#define TLSEXT_KEYNAME_LENGTH 16
#define TLSEXT_TICK_KEY_LENGTH 32
/* openssl has a huge number of interfaces, but not the most useful;
* construct our own session ticket encryption key structure */
typedef struct tlsext_ticket_key_st {
time_t active_ts; /* tickets not issued w/ key until activation timestamp */
time_t expire_ts; /* key not valid after expiration timestamp */
unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH];
unsigned char tick_hmac_key[TLSEXT_TICK_KEY_LENGTH];
unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
} tlsext_ticket_key_t;
static tlsext_ticket_key_t session_ticket_keys[4];
static time_t stek_rotate_ts;
static int
mod_openssl_session_ticket_key_generate (time_t active_ts, time_t expire_ts)
{
/* openssl RAND_*bytes() functions are called multiple times since the
* funcs might have a 32-byte limit on number of bytes returned each call
*
* (Note: session ticket encryption key generation is not expected to fail)
*
* 3 keys are stored in session_ticket_keys[]
* The 4th element of session_ticket_keys[] is used for STEK construction
*/
/*(RAND_priv_bytes() not in openssl 1.1.0; introduced in openssl 1.1.1)*/
#define RAND_priv_bytes(x,sz) RAND_bytes((x),(sz))
if (RAND_bytes(session_ticket_keys[3].tick_key_name,
TLSEXT_KEYNAME_LENGTH) <= 0
|| RAND_priv_bytes(session_ticket_keys[3].tick_hmac_key,
TLSEXT_TICK_KEY_LENGTH) <= 0
|| RAND_priv_bytes(session_ticket_keys[3].tick_aes_key,
TLSEXT_TICK_KEY_LENGTH) <= 0)
return 0;
session_ticket_keys[3].active_ts = active_ts;
session_ticket_keys[3].expire_ts = expire_ts;
return 1;
}
static void
mod_openssl_session_ticket_key_rotate (void)
{
/* discard oldest key (session_ticket_keys[2]) and put newest key first
* 3 keys are stored in session_ticket_keys[0], [1], [2]
* session_ticket_keys[3] is used to construct and pass new STEK */
session_ticket_keys[2] = session_ticket_keys[1];
session_ticket_keys[1] = session_ticket_keys[0];
/*memmove(session_ticket_keys+1,
session_ticket_keys+0, sizeof(tlsext_ticket_key_t)*2);*/
session_ticket_keys[0] = session_ticket_keys[3];
wolfSSL_OPENSSL_cleanse(session_ticket_keys+3, sizeof(tlsext_ticket_key_t));
}
static tlsext_ticket_key_t *
tlsext_ticket_key_get (void)
{
const time_t cur_ts = log_epoch_secs;
const int e = sizeof(session_ticket_keys)/sizeof(*session_ticket_keys) - 1;
for (int i = 0; i < e; ++i) {
if (session_ticket_keys[i].active_ts > cur_ts) continue;
if (session_ticket_keys[i].expire_ts < cur_ts) continue;
return &session_ticket_keys[i];
}
return NULL;
}
static tlsext_ticket_key_t *
tlsext_ticket_key_find (unsigned char key_name[16], int *refresh)
{
*refresh = 0;
const time_t cur_ts = log_epoch_secs;
const int e = sizeof(session_ticket_keys)/sizeof(*session_ticket_keys) - 1;
for (int i = 0; i < e; ++i) {
if (session_ticket_keys[i].expire_ts < cur_ts) continue;
if (0 == memcmp(session_ticket_keys[i].tick_key_name, key_name, 16))
return &session_ticket_keys[i];
if (session_ticket_keys[i].active_ts <= cur_ts)
*refresh = 1; /* newer active key is available */
}
return NULL;
}
static void
tlsext_ticket_wipe_expired (const time_t cur_ts)
{
const int e = sizeof(session_ticket_keys)/sizeof(*session_ticket_keys) - 1;
for (int i = 0; i < e; ++i) {
if (session_ticket_keys[i].expire_ts != 0
&& session_ticket_keys[i].expire_ts < cur_ts)
wolfSSL_OPENSSL_cleanse(session_ticket_keys+i,
sizeof(tlsext_ticket_key_t));
}
}
/* based on reference implementation from openssl 1.1.1g man page
* man SSL_CTX_set_tlsext_ticket_key_cb
* but openssl code uses EVP_aes_256_cbc() instead of EVP_aes_128_cbc()
*/
#ifndef EVP_MAX_IV_LENGTH
#define EVP_MAX_IV_LENGTH 16
#endif
static int
ssl_tlsext_ticket_key_cb (SSL *s, unsigned char key_name[16],
unsigned char iv[EVP_MAX_IV_LENGTH],
EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
{
UNUSED(s);
if (enc) { /* create new session */
tlsext_ticket_key_t *k = tlsext_ticket_key_get();
if (NULL == k)
return 0; /* current key does not exist or is not valid */
memcpy(key_name, k->tick_key_name, 16);
if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
return -1; /* insufficient random */
EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, k->tick_aes_key, iv);
HMAC_Init_ex(hctx, k->tick_hmac_key, sizeof(k->tick_hmac_key),
EVP_sha256(), NULL);
return 1;
}
else { /* retrieve session */
int refresh;
tlsext_ticket_key_t *k = tlsext_ticket_key_find(key_name, &refresh);
if (NULL == k)
return 0;
HMAC_Init_ex(hctx, k->tick_hmac_key, sizeof(k->tick_hmac_key),
EVP_sha256(), NULL);
EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, k->tick_aes_key, iv);
return refresh ? 2 : 1;
/* 'refresh' will trigger issuing new ticket for session
* even though the current ticket is still valid */
}
}
static int
mod_openssl_session_ticket_key_file (const char *fn)
{
/* session ticket encryption key (STEK)
*
* STEK file should be stored in non-persistent storage,
* e.g. /dev/shm/lighttpd/stek-file (in memory)
* with appropriate permissions set to keep stek-file from being
* read by other users. Where possible, systems should also be
* configured without swap.
*
* admin should schedule an independent job to periodically
* generate new STEK up to 3 times during key lifetime
* (lighttpd stores up to 3 keys)
*
* format of binary file is:
* 4-byte - format version (always 0; for use if format changes)
* 4-byte - activation timestamp
* 4-byte - expiration timestamp
* 16-byte - session ticket key name
* 32-byte - session ticket HMAC encrpytion key
* 32-byte - session ticket AES encrpytion key
*
* STEK file can be created with a command such as:
* dd if=/dev/random bs=1 count=80 status=none | \
* perl -e 'print pack("iii",0,time()+300,time()+86400),<>' \
* > STEK-file.$$ && mv STEK-file.$$ STEK-file
*
* The above delays activation time by 5 mins (+300 sec) to allow file to
* be propagated to other machines. (admin must handle this independently)
* If STEK generation is performed immediately prior to starting lighttpd,
* admin should activate keys immediately (without +300).
*/
int buf[23]; /* 92 bytes */
int rc = 0; /*(will retry on next check interval upon any error)*/
if (0 != fdevent_load_file_bytes((char *)buf,(off_t)sizeof(buf),0,fn,NULL))
return rc;
if (buf[0] == 0) { /*(format version 0)*/
session_ticket_keys[3].active_ts = buf[1];
session_ticket_keys[3].expire_ts = buf[2];
#ifndef __COVERITY__ /* intentional; hide from Coverity Scan */
/* intentionally copy 80 bytes into consecutive arrays
* tick_key_name[], tick_hmac_key[], tick_aes_key[] */
memcpy(&session_ticket_keys[3].tick_key_name, buf+3, 80);
#endif
rc = 1;
}
wolfSSL_OPENSSL_cleanse(buf, sizeof(buf));
return rc;
}
static void
mod_openssl_session_ticket_key_check (const plugin_data *p, const time_t cur_ts)
{
int rotate = 0;
if (p->ssl_stek_file) {
struct stat st;
if (0 == stat(p->ssl_stek_file, &st) && st.st_mtime > stek_rotate_ts)
rotate = mod_openssl_session_ticket_key_file(p->ssl_stek_file);
tlsext_ticket_wipe_expired(cur_ts);
}
else if (cur_ts - 28800 >= stek_rotate_ts || 0 == stek_rotate_ts)/*(8 hrs)*/
rotate = mod_openssl_session_ticket_key_generate(cur_ts, cur_ts+86400);
if (rotate) {
mod_openssl_session_ticket_key_rotate();
stek_rotate_ts = cur_ts;
}
}
#endif /* HAVE_SESSION_TICKET */
#ifdef HAVE_OCSP
static int
ssl_tlsext_status_cb(SSL *ssl, void *arg)
{
#ifdef SSL_get_tlsext_status_type
if (TLSEXT_STATUSTYPE_ocsp != SSL_get_tlsext_status_type(ssl))
return SSL_TLSEXT_ERR_NOACK; /* ignore if not client OCSP request */
#endif
handler_ctx *hctx = (handler_ctx *) SSL_get_app_data(ssl);
if (NULL == hctx->conf.pc) return SSL_TLSEXT_ERR_NOACK;/*should not happen*/
buffer *ssl_stapling = hctx->conf.pc->ssl_stapling;
if (NULL == ssl_stapling) return SSL_TLSEXT_ERR_NOACK;
UNUSED(arg);
int len = (int)buffer_string_length(ssl_stapling);
/* wolfSSL caller is going to XFREE() */
uint8_t *ocsp_resp = XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
if (NULL == ocsp_resp)
return SSL_TLSEXT_ERR_NOACK; /* ignore OCSP request if error occurs */
memcpy(ocsp_resp, ssl_stapling->ptr, (uint32_t)len);
if (!SSL_set_tlsext_status_ocsp_resp(ssl, ocsp_resp, len)) {
log_error(hctx->r->conf.errh, __FILE__, __LINE__,
"SSL: failed to set OCSP response for TLS server name %s: %s",
hctx->r->uri.authority.ptr, ERR_error_string(ERR_get_error(), NULL));
return SSL_TLSEXT_ERR_NOACK; /* ignore OCSP request if error occurs */
/*return SSL_TLSEXT_ERR_ALERT_FATAL;*/
}
return SSL_TLSEXT_ERR_OK;
}
#endif
INIT_FUNC(mod_openssl_init)
{
plugin_data_singleton = (plugin_data *)calloc(1, sizeof(plugin_data));
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
return plugin_data_singleton;
}
static int mod_openssl_init_once_openssl (server *srv)
{
if (ssl_is_init) return 1;
if (wolfSSL_Init() != WOLFSSL_SUCCESS) {
log_error(srv->errh, __FILE__, __LINE__,
"SSL: wolfSSL_Init() failed");
return 0;
}
ssl_is_init = 1;
if (0 == RAND_status()) {
log_error(srv->errh, __FILE__, __LINE__,
"SSL: not enough entropy in the pool");
return 0;
}
local_send_buffer = malloc(LOCAL_SEND_BUFSIZE);
force_assert(NULL != local_send_buffer);
return 1;
}
static void mod_openssl_free_openssl (void)
{
if (!ssl_is_init) return;
#ifdef HAVE_SESSION_TICKET
wolfSSL_OPENSSL_cleanse(session_ticket_keys, sizeof(session_ticket_keys));
stek_rotate_ts = 0;
#endif
if (wolfSSL_Cleanup() != WOLFSSL_SUCCESS) {
log_error(plugin_data_singleton->srv->errh, __FILE__, __LINE__,
"SSL: wolfSSL_Cleanup() failed");
}
free(local_send_buffer);
ssl_is_init = 0;
}
static void
mod_wolfssl_free_der_certs (buffer **certs)
{
if (NULL == certs) return;
for (int i = 0; NULL != certs[i]; ++i)
buffer_free(certs[i]);
free(certs);
}
static void
mod_openssl_free_config (server *srv, plugin_data * const p)
{
array_free(p->cafiles);
if (NULL != p->ssl_ctxs) {
SSL_CTX * const ssl_ctx_global_scope = p->ssl_ctxs->ssl_ctx;
/* free ssl_ctx from $SERVER["socket"] (if not copy of global scope) */
for (uint32_t i = 1; i < srv->config_context->used; ++i) {
plugin_ssl_ctx * const s = p->ssl_ctxs + i;
if (s->ssl_ctx && s->ssl_ctx != ssl_ctx_global_scope)
SSL_CTX_free(s->ssl_ctx);
}
/* free ssl_ctx from global scope */
if (ssl_ctx_global_scope)
SSL_CTX_free(ssl_ctx_global_scope);
free(p->ssl_ctxs);
}
if (NULL == p->cvlist) return;
/* (init i to 0 if global context; to 1 to skip empty global context) */
for (int i = !p->cvlist[0].v.u2[1], used = p->nconfig; i < used; ++i) {
config_plugin_value_t *cpv = p->cvlist + p->cvlist[i].v.u2[0];
for (; -1 != cpv->k_id; ++cpv) {
switch (cpv->k_id) {
case 0: /* ssl.pemfile */
if (cpv->vtype == T_CONFIG_LOCAL) {
plugin_cert *pc = cpv->v.v;
wolfSSL_OPENSSL_cleanse(pc->ssl_pemfile_pkey->ptr,
pc->ssl_pemfile_pkey->size);
buffer_free(pc->ssl_pemfile_pkey);
/*buffer_free(pc->ssl_pemfile_x509);*//*(part of chain)*/
mod_wolfssl_free_der_certs(pc->ssl_pemfile_chain);
buffer_free(pc->ssl_stapling);
free(pc);
}
break;
case 2: /* ssl.ca-file */
if (cpv->vtype == T_CONFIG_LOCAL) {
plugin_cacerts *cacerts = cpv->v.v;
wolfSSL_sk_X509_NAME_pop_free(cacerts->names,
X509_NAME_free);
wolfSSL_X509_STORE_free(cacerts->certs);
free(cacerts);
}
break;
case 3: /* ssl.ca-dn-file */
if (cpv->vtype == T_CONFIG_LOCAL)
wolfSSL_sk_X509_NAME_pop_free(cpv->v.v, X509_NAME_free);
break;
default:
break;
}
}
}
}
/* WolfSSL OpenSSL compat API does not wipe temp mem used; write our own */
/* (pemfile might contain private key)*/
/* code here is based on similar code in mod_nss */
#include "base64.h"
#define PEM_BEGIN "-----BEGIN "
#define PEM_END "-----END "
#define PEM_BEGIN_CERT "-----BEGIN CERTIFICATE-----"
#define PEM_END_CERT "-----END CERTIFICATE-----"
#define PEM_BEGIN_TRUSTED_CERT "-----BEGIN TRUSTED CERTIFICATE-----"
#define PEM_END_TRUSTED_CERT "-----END TRUSTED CERTIFICATE-----"
#define PEM_BEGIN_PKEY "-----BEGIN PRIVATE KEY-----"
#define PEM_END_PKEY "-----END PRIVATE KEY-----"
#define PEM_BEGIN_EC_PKEY "-----BEGIN EC PRIVATE KEY-----"
#define PEM_END_EC_PKEY "-----END EC PRIVATE KEY-----"
#define PEM_BEGIN_RSA_PKEY "-----BEGIN RSA PRIVATE KEY-----"
#define PEM_END_RSA_PKEY "-----END RSA PRIVATE KEY-----"
#define PEM_BEGIN_DSA_PKEY "-----BEGIN DSA PRIVATE KEY-----"
#define PEM_END_DSA_PKEY "-----END DSA PRIVATE KEY-----"
#define PEM_BEGIN_ANY_PKEY "-----BEGIN ANY PRIVATE KEY-----"
#define PEM_END_ANY_PKEY "-----END ANY PRIVATE KEY-----"
/* (not implemented: support to get password from user for encrypted key) */
#define PEM_BEGIN_ENCRYPTED_PKEY "-----BEGIN ENCRYPTED PRIVATE KEY-----"
#define PEM_END_ENCRYPTED_PKEY "-----END ENCRYPTED PRIVATE KEY-----"
#define PEM_BEGIN_X509_CRL "-----BEGIN X509 CRL-----"
#define PEM_END_X509_CRL "-----END X509 CRL-----"
static buffer *
mod_wolfssl_load_pem_file (const char *fn, log_error_st *errh, buffer ***chain)
{
off_t dlen = 512*1024*1024;/*(arbitrary limit: 512 MB file; expect < 1 MB)*/
char *data = fdevent_load_file(fn, &dlen, errh, malloc, free);
if (NULL == data) return NULL;
buffer **certs = NULL;
int rc = -1;
do {
int count = 0;
char *b = data;
for (; (b = strstr(b, PEM_BEGIN_CERT)); b += sizeof(PEM_BEGIN_CERT)-1)
++count;
b = data;
for (; (b = strstr(b, PEM_BEGIN_TRUSTED_CERT));
b += sizeof(PEM_BEGIN_TRUSTED_CERT)-1)
++count;
if (0 == count) {
rc = 0;
break;
}
certs = malloc((count+1) * sizeof(buffer *));
force_assert(NULL != certs);
certs[count] = NULL;
for (int i = 0; i < count; ++i)
certs[i] = buffer_init();
buffer *der;
int i = 0;
for (char *e = data; (b = strstr(e, PEM_BEGIN_CERT)); ++i) {
b += sizeof(PEM_BEGIN_CERT)-1;
if (*b == '\r') ++b;
if (*b == '\n') ++b;
e = strstr(b, PEM_END_CERT);
if (NULL == e) break;
uint32_t len = (uint32_t)(e - b);
e += sizeof(PEM_END_CERT)-1;
if (i >= count) break; /*(should not happen)*/
der = certs[i];
if (NULL == buffer_append_base64_decode(der,b,len,BASE64_STANDARD))
break;
}
for (char *e = data; (b = strstr(e, PEM_BEGIN_TRUSTED_CERT)); ++i) {
b += sizeof(PEM_BEGIN_TRUSTED_CERT)-1;
if (*b == '\r') ++b;
if (*b == '\n') ++b;
e = strstr(b, PEM_END_TRUSTED_CERT);
if (NULL == e) break;
uint32_t len = (uint32_t)(e - b);
e += sizeof(PEM_END_TRUSTED_CERT)-1;
if (i >= count) break; /*(should not happen)*/
der = certs[i];
if (NULL == buffer_append_base64_decode(der,b,len,BASE64_STANDARD))
break;
}
if (i == count)
rc = 0;
else
errno = EIO;
} while (0);
if (dlen) ck_memzero(data, dlen);
free(data);
if (rc < 0) {
log_perror(errh, __FILE__, __LINE__, "error loading %s", fn);
mod_wolfssl_free_der_certs(certs);
certs = NULL;
}
*chain = certs;
return certs ? certs[0] : NULL;
}
static buffer *
mod_wolfssl_evp_pkey_load_pem_file (const char *fn, log_error_st *errh)
{
off_t dlen = 512*1024*1024;/*(arbitrary limit: 512 MB file; expect < 1 MB)*/
char *data = fdevent_load_file(fn, &dlen, errh, malloc, free);
if (NULL == data) return NULL;
buffer *pkey = NULL;
int rc = -1;
do {
/*(expecting single private key in file, so first match)*/
char *b, *e;
if ((b = strstr(data, PEM_BEGIN_PKEY))
&& (e = strstr(b, PEM_END_PKEY)))
b += sizeof(PEM_BEGIN_PKEY)-1;
else if ((b = strstr(data, PEM_BEGIN_EC_PKEY))
&& (e = strstr(b, PEM_END_EC_PKEY)))
b += sizeof(PEM_BEGIN_EC_PKEY)-1;
else if ((b = strstr(data, PEM_BEGIN_RSA_PKEY))
&& (e = strstr(b, PEM_END_RSA_PKEY)))
b += sizeof(PEM_BEGIN_RSA_PKEY)-1;
else if ((b = strstr(data, PEM_BEGIN_DSA_PKEY))
&& (e = strstr(b, PEM_END_DSA_PKEY)))
b += sizeof(PEM_BEGIN_DSA_PKEY)-1;
else if ((b = strstr(data, PEM_BEGIN_ANY_PKEY))
&& (e = strstr(b, PEM_END_ANY_PKEY)))
b += sizeof(PEM_BEGIN_ANY_PKEY)-1;
else
break;
if (*b == '\r') ++b;
if (*b == '\n') ++b;
pkey = buffer_init();
size_t len = (size_t)(e - b);
if (NULL == buffer_append_base64_decode(pkey, b, len, BASE64_STANDARD))
break;
rc = 0;
} while (0);
if (dlen) ck_memzero(data, dlen);
free(data);
if (rc < 0) {
log_error(errh, __FILE__, __LINE__, "%s() %s", __func__, fn);
if (pkey) {
wolfSSL_OPENSSL_cleanse(pkey->ptr, pkey->size);
buffer_free(pkey);
}
return NULL;
}
return pkey;
}
static int
mod_wolfssl_CTX_use_certificate_chain_file (WOLFSSL_CTX *ssl_ctx, const char *fn, log_error_st *errh)
{
/* (While it should be possible to parse DERs from (buffer **)
* s->pc->ssl_pemfile_chain, it is simpler to re-read file and use the
* built-in wolfSSL_CTX_use_certificate_chain_buffer() interface) */
off_t dlen = 4*1024*1024;/*(arbitrary limit: 4 MB file; expect < 1 KB)*/
char *data = fdevent_load_file(fn, &dlen, errh, malloc, free);
if (NULL == data) return -1;
int rc = wolfSSL_CTX_use_certificate_chain_buffer(ssl_ctx,
(unsigned char *)data,
(long)dlen);
if (dlen) ck_memzero(data, dlen);
free(data);
if (rc == WOLFSSL_SUCCESS)
return 1;
log_error(errh, __FILE__, __LINE__,
"SSL: %s %s", ERR_error_string(rc, NULL), fn);
return 0;
}
static STACK_OF(X509_NAME) *
mod_wolfssl_load_client_CA_file (const buffer *ssl_ca_file, log_error_st *errh)
{
/* similar to wolfSSL_load_client_CA_file(), plus some processing */
buffer **certs = NULL;
if (NULL == mod_wolfssl_load_pem_file(ssl_ca_file->ptr, errh, &certs)) {
#if defined(__clang_analyzer__) || defined(__COVERITY__)
mod_wolfssl_free_der_certs(certs); /*unnecessary; quiet clang analyzer*/
#endif
return NULL;
}
WOLF_STACK_OF(WOLFSSL_X509_NAME) *canames = wolfSSL_sk_X509_NAME_new(NULL);
if (NULL == canames) {
mod_wolfssl_free_der_certs(certs);
return NULL;
}
for (int i = 0; NULL != certs[i]; ++i) {
WOLFSSL_X509 *ca =
wolfSSL_X509_load_certificate_buffer((unsigned char *)certs[i]->ptr,
(int)
buffer_string_length(certs[i]),
WOLFSSL_FILETYPE_ASN1);
WOLFSSL_X509_NAME *subj = NULL;
if (NULL == ca
|| NULL == (subj = wolfSSL_X509_get_subject_name(ca))
|| 0 != wolfSSL_sk_X509_NAME_push(canames,
wolfSSL_X509_NAME_dup(subj))) {
log_error(errh, __FILE__, __LINE__,
"SSL: couldn't read X509 certificates from '%s'",
ssl_ca_file->ptr);
if (subj) wolfSSL_X509_NAME_free(subj);
if (ca) wolfSSL_X509_free(ca);
wolfSSL_sk_X509_NAME_free(canames);
mod_wolfssl_free_der_certs(certs);
return NULL;
}
wolfSSL_X509_free(ca);
}
mod_wolfssl_free_der_certs(certs);
return canames;
}
static plugin_cacerts *
mod_wolfssl_load_cacerts (const buffer *ssl_ca_file, log_error_st *errh)
{
/* similar to mod_wolfSSL_load_client_CA_file(), plus some processing */
/* similar to wolfSSL_load_client_CA_file(), plus some processing */
buffer **certs = NULL;
if (NULL == mod_wolfssl_load_pem_file(ssl_ca_file->ptr, errh, &certs)) {
#if defined(__clang_analyzer__) || defined(__COVERITY__)
mod_wolfssl_free_der_certs(certs); /*unnecessary; quiet clang analyzer*/
#endif
return NULL;
}
WOLFSSL_X509_STORE *castore = wolfSSL_X509_STORE_new();
if (NULL == castore) {
mod_wolfssl_free_der_certs(certs);
return NULL;
}
WOLF_STACK_OF(WOLFSSL_X509_NAME) *canames = wolfSSL_sk_X509_NAME_new(NULL);
if (NULL == canames) {
wolfSSL_X509_STORE_free(castore);
mod_wolfssl_free_der_certs(certs);
return NULL;
}
for (int i = 0; NULL != certs[i]; ++i) {
WOLFSSL_X509 *ca =
wolfSSL_X509_load_certificate_buffer((unsigned char *)certs[i]->ptr,
(int)
buffer_string_length(certs[i]),
WOLFSSL_FILETYPE_ASN1);
WOLFSSL_X509_NAME *subj = NULL;
if (NULL == ca || !wolfSSL_X509_STORE_add_cert(castore, ca)
|| NULL == (subj = wolfSSL_X509_get_subject_name(ca))
|| 0 != wolfSSL_sk_X509_NAME_push(canames,
wolfSSL_X509_NAME_dup(subj))) {
log_error(errh, __FILE__, __LINE__,
"SSL: couldn't read X509 certificates from '%s'",
ssl_ca_file->ptr);
if (subj) wolfSSL_X509_NAME_free(subj);
if (ca) wolfSSL_X509_free(ca);
wolfSSL_sk_X509_NAME_free(canames);
wolfSSL_X509_STORE_free(castore);
mod_wolfssl_free_der_certs(certs);
return NULL;
}
wolfSSL_X509_free(ca);
}
mod_wolfssl_free_der_certs(certs);
plugin_cacerts *cacerts = malloc(sizeof(plugin_cacerts));
force_assert(cacerts);
cacerts->names = canames;
cacerts->certs = castore;
return cacerts;
}
static int
mod_wolfssl_load_cacrls (WOLFSSL_CTX *ssl_ctx, const buffer *ssl_ca_crl_file, server *srv)
{
#ifdef HAVE_CRL /* <wolfssl/options.h> */
int rc = wolfSSL_CTX_EnableCRL(ssl_ctx,
WOLFSSL_CRL_CHECK | WOLFSSL_CRL_CHECKALL);
if (rc != WOLFSSL_SUCCESS) return 0;
const char *fn = ssl_ca_crl_file->ptr;
off_t dlen = 512*1024*1024;/*(arbitrary limit: 512 MB file; expect < 1 MB)*/
char *data = fdevent_load_file(fn, &dlen, srv->errh, malloc, free);
if (NULL == data) return 0;
rc = wolfSSL_CTX_LoadCRLBuffer(ssl_ctx, (byte *)data, (long)dlen,
WOLFSSL_FILETYPE_PEM);
if (dlen) ck_memzero(data, dlen);
free(data);
if (rc == WOLFSSL_SUCCESS)
return 1;
log_error(srv->errh, __FILE__, __LINE__,
"SSL: %s %s", ERR_error_string(rc, NULL), fn);
return 0;
#else
UNUSED(ssl_ctx);
log_error(srv->errh, __FILE__, __LINE__,
"WolfSSL not built with CRL support; ignoring %s", ssl_ca_crl_file->ptr);
return WOLFSSL_FAILURE;
#endif
}
static int
mod_wolfssl_load_verify_locn (SSL_CTX *ssl_ctx, const buffer *b, server *srv)
{
const char *fn = b->ptr;
off_t dlen = 512*1024*1024;/*(arbitrary limit: 512 MB file; expect < 1 MB)*/
char *data = fdevent_load_file(fn, &dlen, srv->errh, malloc, free);
if (NULL == data) return 0;
int rc = wolfSSL_CTX_load_verify_buffer(ssl_ctx, (unsigned char *)data,
(long)dlen, WOLFSSL_FILETYPE_PEM);
if (dlen) ck_memzero(data, dlen);
free(data);
if (rc == WOLFSSL_SUCCESS)
return 1;
log_error(srv->errh, __FILE__, __LINE__,
"SSL: %s %s", ERR_error_string(rc, NULL), fn);
return 0;
}
static int
mod_wolfssl_load_ca_files (SSL_CTX *ssl_ctx, plugin_data *p, server *srv)
{
/* load all ssl.ca-files specified in the config into each SSL_CTX */
for (uint32_t i = 0, used = p->cafiles->used; i < used; ++i) {
const buffer *b = &((data_string *)p->cafiles->data[i])->value;
if (!mod_wolfssl_load_verify_locn(ssl_ctx, b, srv))
return 0;
}
return 1;
}
FREE_FUNC(mod_openssl_free)
{
plugin_data *p = p_d;
if (NULL == p->srv) return;
mod_openssl_free_config(p->srv, p);
mod_openssl_free_openssl();
}
static void
mod_openssl_merge_config_cpv (plugin_config * const pconf, const config_plugin_value_t * const cpv)
{
switch (cpv->k_id) { /* index into static config_plugin_keys_t cpk[] */
case 0: /* ssl.pemfile */
if (cpv->vtype == T_CONFIG_LOCAL)
pconf->pc = cpv->v.v;
break;
case 1: /* ssl.privkey */
break;
case 2: /* ssl.ca-file */
if (cpv->vtype == T_CONFIG_LOCAL)
pconf->ssl_ca_file = cpv->v.v;
break;
case 3: /* ssl.ca-dn-file */
if (cpv->vtype == T_CONFIG_LOCAL)
pconf->ssl_ca_dn_file = cpv->v.v;
break;
case 4: /* ssl.ca-crl-file */
pconf->ssl_ca_crl_file = cpv->v.b;
break;
case 5: /* ssl.read-ahead */
pconf->ssl_read_ahead = (0 != cpv->v.u);
break;
case 6: /* ssl.disable-client-renegotiation */
pconf->ssl_disable_client_renegotiation = (0 != cpv->v.u);
break;
case 7: /* ssl.verifyclient.activate */
pconf->ssl_verifyclient = (0 != cpv->v.u);
break;
case 8: /* ssl.verifyclient.enforce */
pconf->ssl_verifyclient_enforce = (0 != cpv->v.u);
break;
case 9: /* ssl.verifyclient.depth */