[BACK]Return to ssl-bozo.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / libexec / httpd

File: [cvs.NetBSD.org] / src / libexec / httpd / ssl-bozo.c (download)

Revision 1.29, Thu Oct 15 04:21:53 2020 UTC (3 months, 1 week ago) by mrg
Branch: MAIN
CVS Tags: bozohttpd-20201014, HEAD
Changes since 1.28: +11 -6 lines

various updates from <henrik@gulbra.net> / freebsd.  the list from Henrik:

bozohttpd.8:
    o Added -d flag to the man page
    o Moved -E flag in man page to keep alphabetic order
    o Grammar fix for description of -E flag in man page
    o Moved a word in the man description for the -f flag
    o Made -f imply -b as a backwards-compatible shortcut
    o Updated man description of -n to mention Lua scripts
    o Moved -z below -Z to keep the uppercase options first

bozohttpd.c:
    o Removed obsolete comment about ~user missing cgi-bin support
    o Removed "/* ARGSUSED */" lines; was that a macro or a reminder?
    o Added USE_ARG macro call for sig, which was otherwise not used
    o Added USE_ARG macro call for msg (only used if debug is enabled)

bozohttpd.h:
    o Fixed typo in the include guard (BOZOHTTOPD_H_ -> BOZOHTTPD_H_)
    o Renamed have_all to have_core; it didn't mean "all" options

content-bozo.c:
    o Added USE_ARG macro call for signo, which was otherwise not used
    o Made -f imply -b as a backwards-compatible shortcut

main.c:
    o Simplified -b text to be symmetric with that for the -f option
    o Updated -C text to make "suffix" explicit; it's better than "arg"
    o Changed to only show the -E description if have_user is true
    o Always show the -e option, which incorrectly used the -E logic
    o Renamed have_all to have_core; it didn't mean "all" options
    o Added three missing tabs for the description of the -G option
    o Updated -L text to make "prefix" explicit; it's better than "arg"
    o Updated -M text to make "suffix" explicit; it's slightly better
    o Added a previously missing description for the -n option
    o Documented the otherwise obscure valid types for the -T option
    o Shortened "username" to "user" to match the actual help text
    o Moved handling of -c below that for -C to standardize the order
    o Broke the enabling test for -C into two lines for consistency
    o Inverted the enabling test for -E; this is what was meant, right?
    o Removed the enabling test for -e, which should always be enabled

ssl-bozo.c:
    o Added USE_ARG for httpd, which is not used if SSL has been excluded

/*	$NetBSD: ssl-bozo.c,v 1.29 2020/10/15 04:21:53 mrg Exp $	*/

/*	$eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $	*/

/*
 * Copyright (c) 1997-2020 Matthew R. Green
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer and
 *    dedication in the documentation and/or other materials provided
 *    with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 */

/* this code implements SSL and backend IO for bozohttpd */

#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>

#include "bozohttpd.h"

#ifndef USE_ARG
#define USE_ARG(x)	/*LINTED*/(void)&(x)
#endif

#ifndef NO_SSL_SUPPORT

#include <openssl/ssl.h>
#include <openssl/err.h>

#ifndef BOZO_SSL_CIPHERS
#define BOZO_SSL_CIPHERS 					\
	"AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:"		\
	"AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:"		\
	"AES:"							\
	"-SHA:"							\
	"!aNULL:!eNULL:"					\
	"!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:"			\
	"!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:"		\
	"!KRB5-DES-CBC3-SHA"
#endif

#ifndef BOZO_SSL_OPTIONS
#define BOZO_SSL_OPTIONS					\
	((long)(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1))
#endif

  /* this structure encapsulates the ssl info */

/* this structure encapsulates the ssl info */
typedef struct sslinfo_t {
	SSL_CTX			*ssl_context;
	const SSL_METHOD	*ssl_method;
	SSL			*bozossl;
	char			*certificate_file;
	char			*privatekey_file;
	char			*ciphers;
} sslinfo_t;

/*
 * bozo_clear_ssl_queue:  print the contents of the SSL error queue
 */
static void
bozo_clear_ssl_queue(bozohttpd_t *httpd)
{
	unsigned long sslcode = ERR_get_error();

	do {
		static const char sslfmt[] = "SSL Error: %s:%s:%s";

		if (httpd->logstderr || isatty(STDERR_FILENO)) {
			fprintf(stderr, sslfmt,
			    ERR_lib_error_string(sslcode),
			    ERR_func_error_string(sslcode),
			    ERR_reason_error_string(sslcode));
		} else {
			syslog(LOG_ERR, sslfmt,
			    ERR_lib_error_string(sslcode),
			    ERR_func_error_string(sslcode),
			    ERR_reason_error_string(sslcode));
		}
	} while (0 != (sslcode = ERR_get_error()));
}

/*
 * bozo_ssl_warn works just like bozowarn, plus the SSL error queue
 */
BOZO_PRINTFLIKE(2, 3) static void
bozo_ssl_warn(bozohttpd_t *httpd, const char *fmt, ...)
{
	va_list ap;

	va_start(ap, fmt);
	if (httpd->logstderr || isatty(STDERR_FILENO)) {
		vfprintf(stderr, fmt, ap);
		fputs("\n", stderr);
	} else
		vsyslog(LOG_ERR, fmt, ap);
	va_end(ap);

	bozo_clear_ssl_queue(httpd);
}


/*
 * bozo_ssl_err works just like bozoerr, plus the SSL error queue
 */
BOZO_PRINTFLIKE(3, 4) BOZO_DEAD static void
bozo_ssl_err(bozohttpd_t *httpd, int code, const char *fmt, ...)
{
	va_list ap;

	va_start(ap, fmt);
	if (httpd->logstderr || isatty(STDERR_FILENO)) {
		vfprintf(stderr, fmt, ap);
		fputs("\n", stderr);
	} else
		vsyslog(LOG_ERR, fmt, ap);
	va_end(ap);

	bozo_clear_ssl_queue(httpd);
	exit(code);
}

/*
 * bozo_check_error_queue:  print warnings if the error isn't expected
 */
static void
bozo_check_error_queue(bozohttpd_t *httpd, const char *tag, int ret)
{
	if (ret > 0)
		return;

	const sslinfo_t *sslinfo = httpd->sslinfo;
	const int sslerr = SSL_get_error(sslinfo->bozossl, ret);

	if (sslerr != SSL_ERROR_ZERO_RETURN &&
	    sslerr != SSL_ERROR_SYSCALL &&
	    sslerr != SSL_ERROR_NONE)
		bozo_ssl_warn(httpd, "%s: SSL_ERROR %d", tag, sslerr);
}

static BOZO_PRINTFLIKE(2, 0) int
bozo_ssl_printf(bozohttpd_t *httpd, const char * fmt, va_list ap)
{
	char	*buf;
	int	 nbytes;

	if ((nbytes = vasprintf(&buf, fmt, ap)) != -1)  {
		const sslinfo_t *sslinfo = httpd->sslinfo;
		int ret = SSL_write(sslinfo->bozossl, buf, nbytes);
		bozo_check_error_queue(httpd, "write", ret);
	}

	free(buf);

	return nbytes;
}

static ssize_t
bozo_ssl_read(bozohttpd_t *httpd, int fd, void *buf, size_t nbytes)
{
	const sslinfo_t *sslinfo = httpd->sslinfo;
	int	ret;

	USE_ARG(fd);
	ret = SSL_read(sslinfo->bozossl, buf, (int)nbytes);
	bozo_check_error_queue(httpd, "read", ret);

	return (ssize_t)ret;
}

static ssize_t
bozo_ssl_write(bozohttpd_t *httpd, int fd, const void *buf, size_t nbytes)
{
	const sslinfo_t *sslinfo = httpd->sslinfo;
	int	ret;

	USE_ARG(fd);
	ret = SSL_write(sslinfo->bozossl, buf, (int)nbytes);
	bozo_check_error_queue(httpd, "write", ret);

	return (ssize_t)ret;
}

void
bozo_ssl_init(bozohttpd_t *httpd)
{
	sslinfo_t *sslinfo = httpd->sslinfo;
	long options;

	if (sslinfo == NULL || !sslinfo->certificate_file)
		return;
	SSL_library_init();
	SSL_load_error_strings();

	sslinfo->ssl_method = SSLv23_server_method();
	sslinfo->ssl_context = SSL_CTX_new(sslinfo->ssl_method);

	if (NULL == sslinfo->ssl_context)
		bozo_ssl_err(httpd, EXIT_FAILURE,
		    "SSL context creation failed");

	options = SSL_CTX_set_options(sslinfo->ssl_context,
	    BOZO_SSL_OPTIONS);
	if ((options & BOZO_SSL_OPTIONS) != BOZO_SSL_OPTIONS)
		bozo_ssl_err(httpd, EXIT_FAILURE,
		    "Error setting ssl options requested %#lx, got %#lx",
		    BOZO_SSL_OPTIONS, options);

	if (!SSL_CTX_set_cipher_list(sslinfo->ssl_context,
	    sslinfo->ciphers ? sslinfo->ciphers : BOZO_SSL_CIPHERS))
		bozo_ssl_err(httpd, EXIT_FAILURE,
		    "Error setting cipher list '%s'", sslinfo->ciphers);

	if (1 != SSL_CTX_use_certificate_chain_file(sslinfo->ssl_context,
	    sslinfo->certificate_file))
		bozo_ssl_err(httpd, EXIT_FAILURE,
		    "Unable to use certificate file '%s'",
		    sslinfo->certificate_file);

	if (1 != SSL_CTX_use_PrivateKey_file(sslinfo->ssl_context,
	    sslinfo->privatekey_file, SSL_FILETYPE_PEM))
		bozo_ssl_err(httpd, EXIT_FAILURE,
		    "Unable to use private key file '%s'",
		    sslinfo->privatekey_file);

	/* check consistency of key vs certificate */
	if (!SSL_CTX_check_private_key(sslinfo->ssl_context))
		bozo_ssl_err(httpd, EXIT_FAILURE,
		    "Check private key failed");
}

/*
 * returns non-zero for failure
 */
int
bozo_ssl_accept(bozohttpd_t *httpd)
{
	sslinfo_t *sslinfo = httpd->sslinfo;

	if (sslinfo == NULL || !sslinfo->ssl_context)
		return 0;

	alarm(httpd->ssl_timeout);

	sslinfo->bozossl = SSL_new(sslinfo->ssl_context);
	if (sslinfo->bozossl == NULL)
		bozoerr(httpd, 1, "SSL_new failed");

	SSL_set_rfd(sslinfo->bozossl, 0);
	SSL_set_wfd(sslinfo->bozossl, 1);

	const int ret = SSL_accept(sslinfo->bozossl);
	bozo_check_error_queue(httpd, "accept", ret);

	alarm(0);

	if (bozo_timeout_hit) {
		SSL_free(sslinfo->bozossl);
		sslinfo->bozossl = NULL;
		return 1;
	}

	return ret != 1;
}

void
bozo_ssl_shutdown(bozohttpd_t *httpd)
{
	const sslinfo_t *sslinfo = httpd->sslinfo;

	if (sslinfo && sslinfo->bozossl)
		SSL_shutdown(sslinfo->bozossl);
}

void
bozo_ssl_destroy(bozohttpd_t *httpd)
{
	const sslinfo_t *sslinfo = httpd->sslinfo;

	if (sslinfo && sslinfo->bozossl)
		SSL_free(sslinfo->bozossl);
}

static sslinfo_t *
bozo_get_sslinfo(bozohttpd_t *httpd)
{
	sslinfo_t *sslinfo;
	if (httpd->sslinfo)
		return httpd->sslinfo;
	sslinfo = bozomalloc(httpd, sizeof(*sslinfo));
	if (sslinfo == NULL)
		bozoerr(httpd, 1, "sslinfo allocation failed");
	memset(sslinfo, 0, sizeof(*sslinfo));
	return httpd->sslinfo = sslinfo;
}

void
bozo_ssl_set_opts(bozohttpd_t *httpd, const char *cert, const char *priv)
{
	sslinfo_t *sslinfo = bozo_get_sslinfo(httpd);

	sslinfo->certificate_file = bozostrdup(httpd, NULL, cert);
	sslinfo->privatekey_file = bozostrdup(httpd, NULL, priv);
	debug((httpd, DEBUG_NORMAL, "using cert/priv files: %s & %s",
	    sslinfo->certificate_file,
	    sslinfo->privatekey_file));
	if (!httpd->bindport)
		httpd->bindport = bozostrdup(httpd, NULL, BOZO_HTTPS_PORT);
}

void
bozo_ssl_set_ciphers(bozohttpd_t *httpd, const char *ciphers)
{
	sslinfo_t *sslinfo = bozo_get_sslinfo(httpd);

	sslinfo->ciphers = bozostrdup(httpd, NULL, ciphers);
	debug((httpd, DEBUG_NORMAL, "using ciphers: %s", sslinfo->ciphers));
}

#endif /* NO_SSL_SUPPORT */

/*
 * These functions are always present, so that caller code can simply
 * use bozo_*() for IO, regardless of SSL.
 */
int
bozo_printf(bozohttpd_t *httpd, const char *fmt, ...)
{
	va_list	args;
	int	cc;

	USE_ARG(httpd);

	va_start(args, fmt);
#ifndef NO_SSL_SUPPORT
	if (httpd->sslinfo)
		cc = bozo_ssl_printf(httpd, fmt, args);
	else
#endif
		cc = vprintf(fmt, args);
	va_end(args);
	return cc;
}

ssize_t
bozo_read(bozohttpd_t *httpd, int fd, void *buf, size_t len)
{
#ifndef NO_SSL_SUPPORT
	if (httpd->sslinfo)
		return bozo_ssl_read(httpd, fd, buf, len);
#endif
	USE_ARG(httpd);
	return read(fd, buf, len);
}

ssize_t
bozo_write(bozohttpd_t *httpd, int fd, const void *buf, size_t len)
{
#ifndef NO_SSL_SUPPORT
	if (httpd->sslinfo)
		return bozo_ssl_write(httpd, fd, buf, len);
#endif
	USE_ARG(httpd);
	return write(fd, buf, len);
}

int
bozo_flush(bozohttpd_t *httpd, FILE *fp)
{
#ifndef NO_SSL_SUPPORT
	if (httpd->sslinfo)
		return 0;
#endif
	USE_ARG(httpd);
	return fflush(fp);
}