2 Bacula® - The Network Backup Solution
4 Copyright (C) 2005-2008 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version two of the GNU General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * tls.c TLS support functions
31 * Author: Landon Fuller <landonf@threerings.net>
35 * This file was contributed to the Bacula project by Landon Fuller
36 * and Three Rings Design, Inc.
38 * Three Rings Design, Inc. has been granted a perpetual, worldwide,
39 * non-exclusive, no-charge, royalty-free, irrevocable copyright
40 * license to reproduce, prepare derivative works of, publicly
41 * display, publicly perform, sublicense, and distribute the original
42 * work contributed by Three Rings Design, Inc. and its employees to
43 * the Bacula project in source or object form.
45 * If you wish to license contributions from Three Rings Design, Inc,
46 * under an alternate open source license please contact
47 * Landon Fuller <landonf@threerings.net>.
55 #ifdef HAVE_TLS /* Is TLS enabled? */
57 #ifdef HAVE_OPENSSL /* How about OpenSSL? */
59 /* No anonymous ciphers, no <128 bit ciphers, no export ciphers, no MD5 ciphers */
60 #define TLS_DEFAULT_CIPHERS "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
62 /* TLS Context Structure */
65 CRYPTO_PEM_PASSWD_CB *pem_callback;
66 const void *pem_userdata;
71 struct TLS_Connection {
76 * OpenSSL certificate verification callback.
77 * OpenSSL has already performed internal certificate verification.
78 * We just report any errors that occured.
80 static int openssl_verify_peer(int ok, X509_STORE_CTX *store)
83 X509 *cert = X509_STORE_CTX_get_current_cert(store);
84 int depth = X509_STORE_CTX_get_error_depth(store);
85 int err = X509_STORE_CTX_get_error(store);
89 X509_NAME_oneline(X509_get_issuer_name(cert), issuer, 256);
90 X509_NAME_oneline(X509_get_subject_name(cert), subject, 256);
92 Jmsg5(NULL, M_ERROR, 0, _("Error with certificate at depth: %d, issuer = %s,"
93 " subject = %s, ERR=%d:%s\n"), depth, issuer,
94 subject, err, X509_verify_cert_error_string(err));
101 /* Dispatch user PEM encryption callbacks */
102 static int tls_pem_callback_dispatch (char *buf, int size, int rwflag, void *userdata)
104 TLS_CONTEXT *ctx = (TLS_CONTEXT *)userdata;
105 return (ctx->pem_callback(buf, size, ctx->pem_userdata));
109 * Create a new TLS_CONTEXT instance.
110 * Returns: Pointer to TLS_CONTEXT instance on success
113 TLS_CONTEXT *new_tls_context(const char *ca_certfile, const char *ca_certdir,
114 const char *certfile, const char *keyfile,
115 CRYPTO_PEM_PASSWD_CB *pem_callback,
116 const void *pem_userdata, const char *dhfile,
123 ctx = (TLS_CONTEXT *)malloc(sizeof(TLS_CONTEXT));
125 /* Allocate our OpenSSL TLSv1 Context */
126 ctx->openssl = SSL_CTX_new(TLSv1_method());
129 openssl_post_errors(M_ERROR, _("Error initializing SSL context"));
133 /* Set up pem encryption callback */
135 ctx->pem_callback = pem_callback;
136 ctx->pem_userdata = pem_userdata;
138 ctx->pem_callback = crypto_default_pem_callback;
139 ctx->pem_userdata = NULL;
141 SSL_CTX_set_default_passwd_cb(ctx->openssl, tls_pem_callback_dispatch);
142 SSL_CTX_set_default_passwd_cb_userdata(ctx->openssl, (void *) ctx);
145 * Set certificate verification paths. This requires that at least one
148 if (ca_certfile || ca_certdir) {
149 if (!SSL_CTX_load_verify_locations(ctx->openssl, ca_certfile, ca_certdir)) {
150 openssl_post_errors(M_ERROR, _("Error loading certificate verification stores"));
153 } else if (verify_peer) {
154 /* At least one CA is required for peer verification */
155 Jmsg0(NULL, M_ERROR, 0, _("Either a certificate file or a directory must be"
156 " specified as a verification store\n"));
161 * Load our certificate file, if available. This file may also contain a
162 * private key, though this usage is somewhat unusual.
165 if (!SSL_CTX_use_certificate_chain_file(ctx->openssl, certfile)) {
166 openssl_post_errors(M_ERROR, _("Error loading certificate file"));
171 /* Load our private key. */
173 if (!SSL_CTX_use_PrivateKey_file(ctx->openssl, keyfile, SSL_FILETYPE_PEM)) {
174 openssl_post_errors(M_ERROR, _("Error loading private key"));
179 /* Load Diffie-Hellman Parameters. */
181 if (!(bio = BIO_new_file(dhfile, "r"))) {
182 openssl_post_errors(M_ERROR, _("Unable to open DH parameters file"));
185 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
188 openssl_post_errors(M_ERROR, _("Unable to load DH parameters from specified file"));
191 if (!SSL_CTX_set_tmp_dh(ctx->openssl, dh)) {
192 openssl_post_errors(M_ERROR, _("Failed to set TLS Diffie-Hellman parameters"));
196 /* Enable Single-Use DH for Ephemeral Keying */
197 SSL_CTX_set_options(ctx->openssl, SSL_OP_SINGLE_DH_USE);
200 if (SSL_CTX_set_cipher_list(ctx->openssl, TLS_DEFAULT_CIPHERS) != 1) {
201 Jmsg0(NULL, M_ERROR, 0,
202 _("Error setting cipher list, no valid ciphers available\n"));
206 /* Verify Peer Certificate */
208 /* SSL_VERIFY_FAIL_IF_NO_PEER_CERT has no effect in client mode */
209 SSL_CTX_set_verify(ctx->openssl,
210 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
211 openssl_verify_peer);
217 /* Clean up after ourselves */
219 SSL_CTX_free(ctx->openssl);
226 * Free TLS_CONTEXT instance
228 void free_tls_context(TLS_CONTEXT *ctx)
230 SSL_CTX_free(ctx->openssl);
234 bool get_tls_require(TLS_CONTEXT *ctx)
236 return ctx->tls_require;
239 bool get_tls_enable(TLS_CONTEXT *ctx)
241 return ctx->tls_enable;
246 * Verifies a list of common names against the certificate
247 * commonName attribute.
248 * Returns: true on success
251 bool tls_postconnect_verify_cn(JCR *jcr, TLS_CONNECTION *tls, alist *verify_list)
253 SSL *ssl = tls->openssl;
256 bool auth_success = false;
259 /* Check if peer provided a certificate */
260 if (!(cert = SSL_get_peer_certificate(ssl))) {
261 Qmsg0(jcr, M_ERROR, 0, _("Peer failed to present a TLS certificate\n"));
265 if ((subject = X509_get_subject_name(cert)) != NULL) {
266 if (X509_NAME_get_text_by_NID(subject, NID_commonName, data, sizeof(data)) > 0) {
268 /* NULL terminate data */
271 /* Try all the CNs in the list */
272 foreach_alist(cn, verify_list) {
273 if (strcasecmp(data, cn) == 0) {
285 * Verifies a peer's hostname against the subjectAltName and commonName
287 * Returns: true on success
290 bool tls_postconnect_verify_host(JCR *jcr, TLS_CONNECTION *tls, const char *host)
292 SSL *ssl = tls->openssl;
295 bool auth_success = false;
301 /* Check if peer provided a certificate */
302 if (!(cert = SSL_get_peer_certificate(ssl))) {
303 Qmsg1(jcr, M_ERROR, 0,
304 _("Peer %s failed to present a TLS certificate\n"), host);
308 /* Check subjectAltName extensions first */
309 if ((extensions = X509_get_ext_count(cert)) > 0) {
310 for (i = 0; i < extensions; i++) {
314 ext = X509_get_ext(cert, i);
315 extname = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext)));
317 if (strcmp(extname, "subjectAltName") == 0) {
318 X509V3_EXT_METHOD *method;
319 STACK_OF(CONF_VALUE) *val;
322 #if (OPENSSL_VERSION_NUMBER >= 0x0090800FL)
323 const unsigned char *ext_value_data;
325 unsigned char *ext_value_data;
328 /* Get x509 extension method structure */
329 if (!(method = X509V3_EXT_get(ext))) {
333 ext_value_data = ext->value->data;
335 #if (OPENSSL_VERSION_NUMBER > 0x00907000L)
339 /* Decode ASN1 item in data */
340 extstr = ASN1_item_d2i(NULL, &ext_value_data, ext->value->length,
341 ASN1_ITEM_ptr(method->it));
345 /* Decode ASN1 item in data */
346 extstr = method->d2i(NULL, &ext_value_data, ext->value->length);
350 extstr = method->d2i(NULL, &ext_value_data, ext->value->length);
353 /* Iterate through to find the dNSName field(s) */
354 val = method->i2v(method, extstr, NULL);
356 /* dNSName shortname is "DNS" */
357 for (j = 0; j < sk_CONF_VALUE_num(val); j++) {
358 nval = sk_CONF_VALUE_value(val, j);
359 if (strcmp(nval->name, "DNS") == 0) {
360 if (strcasecmp(nval->value, host) == 0) {
370 /* Try verifying against the subject name */
372 if ((subject = X509_get_subject_name(cert)) != NULL) {
373 if (X509_NAME_get_text_by_NID(subject, NID_commonName, data, sizeof(data)) > 0) {
374 /* NULL terminate data */
376 if (strcasecmp(data, host) == 0) {
390 * Create a new TLS_CONNECTION instance.
392 * Returns: Pointer to TLS_CONNECTION instance on success
395 TLS_CONNECTION *new_tls_connection(TLS_CONTEXT *ctx, int fd)
400 * Create a new BIO and assign the fd.
401 * The caller will remain responsible for closing the associated fd
403 bio = BIO_new(BIO_s_socket());
405 /* Not likely, but never say never */
406 openssl_post_errors(M_ERROR, _("Error creating file descriptor-based BIO"));
407 return NULL; /* Nothing allocated, nothing to clean up */
409 BIO_set_fd(bio, fd, BIO_NOCLOSE);
411 /* Allocate our new tls connection */
412 TLS_CONNECTION *tls = (TLS_CONNECTION *)malloc(sizeof(TLS_CONNECTION));
414 /* Create the SSL object and attach the socket BIO */
415 if ((tls->openssl = SSL_new(ctx->openssl)) == NULL) {
416 /* Not likely, but never say never */
417 openssl_post_errors(M_ERROR, _("Error creating new SSL object"));
421 SSL_set_bio(tls->openssl, bio, bio);
423 /* Non-blocking partial writes */
424 SSL_set_mode(tls->openssl, SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
431 SSL_free(tls->openssl);
437 * Free TLS_CONNECTION instance
439 void free_tls_connection(TLS_CONNECTION *tls)
441 SSL_free(tls->openssl);
445 /* Does all the manual labor for tls_bsock_accept() and tls_bsock_connect() */
446 static inline bool openssl_bsock_session_start(BSOCK *bsock, bool server)
448 TLS_CONNECTION *tls = bsock->tls;
455 /* Zero the fdset, we'll set our fd prior to each invocation of select() */
457 fdmax = bsock->m_fd + 1;
459 /* Ensure that socket is non-blocking */
460 flags = bsock->set_nonblocking();
463 bsock->timer_start = watchdog_time;
464 bsock->clear_timed_out();
468 err = SSL_accept(tls->openssl);
470 err = SSL_connect(tls->openssl);
474 switch (SSL_get_error(tls->openssl, err)) {
478 case SSL_ERROR_ZERO_RETURN:
479 /* TLS connection was cleanly shut down */
480 openssl_post_errors(M_ERROR, _("Connect failure"));
483 case SSL_ERROR_WANT_READ:
484 /* If we timeout of a select, this will be unset */
485 FD_SET((unsigned) bsock->m_fd, &fdset);
486 /* Set our timeout */
489 /* Block until we can read */
490 select(fdmax, &fdset, NULL, NULL, &tv);
492 case SSL_ERROR_WANT_WRITE:
493 /* If we timeout of a select, this will be unset */
494 FD_SET((unsigned) bsock->m_fd, &fdset);
495 /* Set our timeout */
498 /* Block until we can write */
499 select(fdmax, NULL, &fdset, NULL, &tv);
502 /* Socket Error Occurred */
503 openssl_post_errors(M_ERROR, _("Connect failure"));
508 if (bsock->is_timed_out()) {
514 /* Restore saved flags */
515 bsock->restore_blocking(flags);
517 bsock->timer_start = 0;
523 * Initiates a TLS connection with the server.
524 * Returns: true on success
527 bool tls_bsock_connect(BSOCK *bsock)
529 /* SSL_connect(bsock->tls) */
530 return openssl_bsock_session_start(bsock, false);
534 * Listens for a TLS connection from a client.
535 * Returns: true on success
538 bool tls_bsock_accept(BSOCK *bsock)
540 /* SSL_accept(bsock->tls) */
541 return openssl_bsock_session_start(bsock, true);
545 * Shutdown TLS_CONNECTION instance
547 void tls_bsock_shutdown(BSOCK *bsock)
550 * SSL_shutdown must be called twice to fully complete the process -
551 * The first time to initiate the shutdown handshake, and the second to
552 * receive the peer's reply.
554 * In addition, if the underlying socket is blocking, SSL_shutdown()
555 * will not return until the current stage of the shutdown process has
556 * completed or an error has occured. By setting the socket blocking
557 * we can avoid the ugly for()/switch()/select() loop.
561 /* Set socket blocking for shutdown */
562 bsock->set_blocking();
564 err = SSL_shutdown(bsock->tls->openssl);
566 /* Complete shutdown */
567 err = SSL_shutdown(bsock->tls->openssl);
570 switch (SSL_get_error(bsock->tls->openssl, err)) {
573 case SSL_ERROR_ZERO_RETURN:
574 /* TLS connection was shut down on us via a TLS protocol-level closure */
575 openssl_post_errors(M_ERROR, _("TLS shutdown failure."));
578 /* Socket Error Occurred */
579 openssl_post_errors(M_ERROR, _("TLS shutdown failure."));
584 /* Does all the manual labor for tls_bsock_readn() and tls_bsock_writen() */
585 static inline int openssl_bsock_readwrite(BSOCK *bsock, char *ptr, int nbytes, bool write)
587 TLS_CONNECTION *tls = bsock->tls;
594 /* Zero the fdset, we'll set our fd prior to each invocation of select() */
596 fdmax = bsock->m_fd + 1;
598 /* Ensure that socket is non-blocking */
599 flags = bsock->set_nonblocking();
602 bsock->timer_start = watchdog_time;
603 bsock->clear_timed_out();
609 nwritten = SSL_write(tls->openssl, ptr, nleft);
611 nwritten = SSL_read(tls->openssl, ptr, nleft);
615 switch (SSL_get_error(tls->openssl, nwritten)) {
623 case SSL_ERROR_WANT_READ:
624 /* If we timeout on a select, this will be unset */
625 FD_SET((unsigned)bsock->m_fd, &fdset);
628 /* Block until we can read */
629 select(fdmax, &fdset, NULL, NULL, &tv);
632 case SSL_ERROR_WANT_WRITE:
633 /* If we timeout on a select, this will be unset */
634 FD_SET((unsigned)bsock->m_fd, &fdset);
637 /* Block until we can write */
638 select(fdmax, NULL, &fdset, NULL, &tv);
641 case SSL_ERROR_ZERO_RETURN:
642 /* TLS connection was cleanly shut down */
643 /* Fall through wanted */
645 /* Socket Error Occured */
646 openssl_post_errors(M_ERROR, _("TLS read/write failure."));
650 /* Everything done? */
655 /* Timeout/Termination, let's take what we can get */
656 if (bsock->is_timed_out() || bsock->is_terminated()) {
662 /* Restore saved flags */
663 bsock->restore_blocking(flags);
666 bsock->timer_start = 0;
667 return nbytes - nleft;
671 int tls_bsock_writen(BSOCK *bsock, char *ptr, int32_t nbytes)
673 /* SSL_write(bsock->tls->openssl, ptr, nbytes) */
674 return openssl_bsock_readwrite(bsock, ptr, nbytes, true);
677 int tls_bsock_readn(BSOCK *bsock, char *ptr, int32_t nbytes)
679 /* SSL_read(bsock->tls->openssl, ptr, nbytes) */
680 return openssl_bsock_readwrite(bsock, ptr, nbytes, false);
683 #else /* HAVE_OPENSSL */
684 # error No TLS implementation available.
685 #endif /* !HAVE_OPENSSL */
688 #else /* TLS NOT enabled, dummy routines substituted */
692 TLS_CONTEXT *new_tls_context(const char *ca_certfile, const char *ca_certdir,
693 const char *certfile, const char *keyfile,
694 CRYPTO_PEM_PASSWD_CB *pem_callback,
695 const void *pem_userdata, const char *dhfile,
700 void free_tls_context(TLS_CONTEXT *ctx) { }
702 void tls_bsock_shutdown(BSOCK *bsock) { }
704 void free_tls_connection(TLS_CONNECTION *tls) { }
706 bool get_tls_require(TLS_CONTEXT *ctx)
711 bool get_tls_enable(TLS_CONTEXT *ctx)
716 #endif /* HAVE_TLS */