XRootD
XrdTlsContext.cc
Go to the documentation of this file.
1 //------------------------------------------------------------------------------
2 // Copyright (c) 2011-2018 by European Organization for Nuclear Research (CERN)
3 // Author: Michal Simon <simonm@cern.ch>
4 //------------------------------------------------------------------------------
5 // XRootD is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU Lesser General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // XRootD is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU Lesser General Public License
16 // along with XRootD. If not, see <http://www.gnu.org/licenses/>.
17 //------------------------------------------------------------------------------
18 
19 #include <cstdio>
20 #include <openssl/bio.h>
21 #include <openssl/crypto.h>
22 #include <openssl/err.h>
23 #include <openssl/ssl.h>
24 #include <openssl/opensslv.h>
25 #include <sys/stat.h>
26 
27 #include "XrdOuc/XrdOucUtils.hh"
28 #include "XrdSys/XrdSysRAtomic.hh"
29 #include "XrdSys/XrdSysError.hh"
30 #include "XrdSys/XrdSysPthread.hh"
31 #include "XrdSys/XrdSysTimer.hh"
32 
33 #include "XrdTls/XrdTls.hh"
34 #include "XrdTls/XrdTlsContext.hh"
35 #include "XrdTls/XrdTlsTrace.hh"
36 
37 #if OPENSSL_VERSION_NUMBER >= 0x30400010
38 #define SSL_CTX_flush_sessions SSL_CTX_flush_sessions_ex
39 #endif
40 
41 /******************************************************************************/
42 /* G l o b a l s */
43 /******************************************************************************/
44 
45 namespace XrdTlsGlobal
46 {
48 };
49 
50 /******************************************************************************/
51 /* X r d T l s C o n t e x t I m p l */
52 /******************************************************************************/
53 
55 {
57  : ctx(0), ctxnew(0), owner(p), flsCVar(0),
58  flushT(0),
59  crlRunning(false), flsRunning(false) {}
60  ~XrdTlsContextImpl() {if (ctx) SSL_CTX_free(ctx);
61  if (ctxnew) delete ctxnew;
62  if (flsCVar) delete flsCVar;
63  }
64 
65  SSL_CTX *ctx;
71  short flushT;
72  bool crlRunning;
73  bool flsRunning;
74  time_t lastCertModTime = 0;
75  int sessionCacheOpts = -1;
76  std::string sessionCacheId;
77 };
78 
79 /******************************************************************************/
80 /* C r l R e f r e s h S u p p o r t */
81 /******************************************************************************/
82 
83 namespace XrdTlsCrl
84 {
85 // Inital entry for refreshing crls
86 //
87 void *Refresh(void *parg)
88 {
89  EPNAME("Refresh");
90  int sleepTime;
91  bool doreplace;
92 
93 // Get the implementation details
94 //
95  XrdTlsContextImpl *ctxImpl = static_cast<XrdTlsContextImpl*>(parg);
96 
97 // Indicate we have started in the trace record
98 //
99  DBG_CTX("CRL refresh started.")
100 
101 // Do this forever but first get the sleep time
102 //
103 do{ctxImpl->crlMutex.ReadLock();
104  sleepTime = ctxImpl->Parm.crlRT;
105  ctxImpl->crlMutex.UnLock();
106 
107 // We may have been cancelled, in which case we just exit
108 //
109  if (!sleepTime)
110  {ctxImpl->crlMutex.WriteLock();
111  ctxImpl->crlRunning = false;
112  ctxImpl->crlMutex.UnLock();
113  DBG_CTX("CRL refresh ending by request!");
114  return (void *)0;
115  }
116 
117 // Indicate we how long before a refresh
118 //
119  DBG_CTX("CRL refresh will happen in " <<sleepTime <<" seconds.");
120 
121 // Now sleep the request amount of time
122 //
123  XrdSysTimer::Snooze(sleepTime);
124 
125  if (ctxImpl->owner->x509Verify() || ctxImpl->owner->newHostCertificateDetected()) {
126  // Check if this context is still alive. Generally, it never gets deleted.
127  //
128  ctxImpl->crlMutex.WriteLock();
129  if (!ctxImpl->owner) break;
130 
131  // We clone the original, this will give us the latest crls (i.e. refreshed).
132  // We drop the lock while doing so as this may take a long time. This is
133  // completely safe to do because we implicitly own the implementation.
134  //
135  ctxImpl->crlMutex.UnLock();
136  XrdTlsContext *newctx = ctxImpl->owner->Clone();
137 
138  // Verify that the context was properly built
139  //
140  if (!newctx || !newctx->isOK())
141  {XrdTls::Emsg("CrlRefresh:","Refresh of context failed!!!",false);
142  continue;
143  }
144 
145  // OK, set the new context to be used next time Session() is called.
146  //
147  ctxImpl->crlMutex.WriteLock();
148  doreplace = (ctxImpl->ctxnew != 0);
149  if (doreplace) delete ctxImpl->ctxnew;
150  ctxImpl->ctxnew = newctx;
151  ctxImpl->crlMutex.UnLock();
152 
153  // Do some debugging
154  //
155  if (doreplace) {DBG_CTX("CRL refresh created replacement x509 store.");}
156  else {DBG_CTX("CRL refresh created new x509 store.");}
157  }
158  } while(true);
159 
160 // If we are here the context that started us has gone away and we are done
161 //
162  bool keepctx = ctxImpl->flsRunning;
163  ctxImpl->crlRunning = false;
164  ctxImpl->crlMutex.UnLock();
165  if (!keepctx) delete ctxImpl;
166  return (void *)0;
167 }
168 }
169 
170 /******************************************************************************/
171 /* C a c h e F l u s h S u p p o r t */
172 /******************************************************************************/
173 
174 namespace XrdTlsFlush
175 {
176 /******************************************************************************/
177 /* F l u s h e r */
178 /******************************************************************************/
179 // Inital entry for refreshing crls
180 //
181 void *Flusher(void *parg)
182 {
183  EPNAME("Flusher");
184  time_t tStart, tWaited;
185  int flushT, waitT, hits, miss, sesn, tmos;
186  long tNow;
187 
188 // Get the implementation details
189 //
190  XrdTlsContextImpl *ctxImpl = static_cast<XrdTlsContextImpl*>(parg);
191 
192 // Get the interval as it may change as we are running
193 //
194  ctxImpl->crlMutex.ReadLock();
195  waitT = flushT = ctxImpl->flushT;
196  ctxImpl->crlMutex.UnLock();
197 
198 // Indicate we have started in the trace record
199 //
200  DBG_CTX("Cache flusher started; interval="<<flushT<<" seconds.");
201 
202 // Do this forever
203 //
204 do{tStart = time(0);
205  ctxImpl->flsCVar->Wait(waitT);
206  tWaited= time(0) - tStart;
207 
208 // Check if this context is still alive. Generally, it never gets deleted.
209 //
210  ctxImpl->crlMutex.ReadLock();
211  if (!ctxImpl->owner) break;
212 
213 // If the interval changed, see if we should wait a bit longer
214 //
215  if (flushT != ctxImpl->flushT && tWaited < ctxImpl->flushT-1)
216  {waitT = ctxImpl->flushT - tWaited;
217  ctxImpl->crlMutex.UnLock();
218  continue;
219  }
220 
221 // Get the new values and drop the lock
222 //
223  waitT = flushT = ctxImpl->flushT;
224  ctxImpl->crlMutex.UnLock();
225 
226 // Get some relevant statistics
227 //
228  sesn = SSL_CTX_sess_number(ctxImpl->ctx);
229  hits = SSL_CTX_sess_hits(ctxImpl->ctx);
230  miss = SSL_CTX_sess_misses(ctxImpl->ctx);
231  tmos = SSL_CTX_sess_timeouts(ctxImpl->ctx);
232 
233 // Flush the cache
234 //
235  tNow = time(0);
236  SSL_CTX_flush_sessions(ctxImpl->ctx, tNow);
237 
238 // Print some stuff should debugging be on
239 //
240  if (TRACING(XrdTls::dbgCTX))
241  {char mBuff[512];
242  snprintf(mBuff, sizeof(mBuff), "sess=%d hits=%d miss=%d timeouts=%d",
243  sesn, hits, miss, tmos);
244  DBG_CTX("Cache flushed; " <<mBuff);
245  }
246  } while(true);
247 
248 // If we are here the context that started us has gone away and we are done
249 //
250  bool keepctx = ctxImpl->crlRunning;
251  ctxImpl->flsRunning = false;
252  ctxImpl->crlMutex.UnLock();
253  if (!keepctx) delete ctxImpl;
254  return (void *)0;
255 }
256 
257 /******************************************************************************/
258 /* S e t u p _ F l u s h e r */
259 /******************************************************************************/
260 
261 bool Setup_Flusher(XrdTlsContextImpl *pImpl, int flushT)
262 {
263  pthread_t tid;
264  int rc;
265 
266 // Set the new flush interval
267 //
268  pImpl->crlMutex.WriteLock();
269  pImpl->flushT = flushT;
270  pImpl->crlMutex.UnLock();
271 
272 // If the flush thread is already running, then wake it up to get the new value
273 //
274  if (pImpl->flsRunning)
275  {pImpl->flsCVar->Signal();
276  return true;
277  }
278 
279 // Start the flusher thread
280 //
281  pImpl->flsCVar = new XrdSysCondVar();
282  if ((rc = XrdSysThread::Run(&tid, XrdTlsFlush::Flusher, (void *)pImpl,
283  0, "Cache Flusher")))
284  {char eBuff[512];
285  snprintf(eBuff, sizeof(eBuff),
286  "Unable to start cache flusher thread; rc=%d", rc);
287  XrdTls::Emsg("SessCache:", eBuff, false);
288  return false;
289  }
290 
291 // Finish up
292 //
293  pImpl->flsRunning = true;
294  SSL_CTX_set_session_cache_mode(pImpl->ctx, SSL_SESS_CACHE_NO_AUTO_CLEAR);
295  return true;
296 }
297 }
298 
299 /******************************************************************************/
300 /* S S L T h r e a d i n g S u p p o r t */
301 /******************************************************************************/
302 
303 // The following may confusing because SSL MT support is somewhat bizarre.
304 // Versions < 1.0 require a numeric thread_id and lock callbasks.
305 // Versions < 1.1 require a lock_callbacks but the thread_is callback is
306 // optional. While the numeric thread_id callback can be used
307 // it's deprecated and fancier pointer/numeric call should be
308 // used. In our case, we use the deprecated version.
309 // Versions >- 1.1 Do not need any callbacks as all threading functions are
310 // internally defined to use native MT functions.
311 
312 #if OPENSSL_VERSION_NUMBER < 0x10100000L && defined(OPENSSL_THREADS)
313 namespace
314 {
315 #define XRDTLS_SET_CALLBACKS 1
316 #ifdef __solaris__
317 extern "C" {
318 #endif
319 
320 template<bool is32>
321 struct tlsmix;
322 
323 template<>
324 struct tlsmix<false> {
325  static unsigned long mixer(unsigned long x) {
326  // mixer based on splitmix64
327  x ^= x >> 30;
328  x *= 0xbf58476d1ce4e5b9UL;
329  x ^= x >> 27;
330  x *= 0x94d049bb133111ebUL;
331  x ^= x >> 31;
332  return x;
333  }
334 };
335 
336 template<>
337 struct tlsmix<true> {
338  static unsigned long mixer(unsigned long x) {
339  // mixer based on murmurhash3
340  x ^= x >> 16;
341  x *= 0x85ebca6bU;
342  x ^= x >> 13;
343  x *= 0xc2b2ae35U;
344  x ^= x >> 16;
345  return x;
346  }
347 };
348 
349 unsigned long sslTLS_id_callback(void)
350 {
351  // base thread-id on the id given by XrdSysThread;
352  // but openssl 1.0 uses thread-id as a key for looking
353  // up per thread crypto ERR structures in a hash-table.
354  // So mix bits so that the table's hash function gives
355  // better distribution.
356 
357  unsigned long x = (unsigned long)XrdSysThread::ID();
358  return tlsmix<sizeof(unsigned long)==4>::mixer(x);
359 }
360 
361 XrdSysMutex *MutexVector = 0;
362 
363 void sslTLS_lock(int mode, int n, const char *file, int line)
364 {
365 // Use exclusive locks. At some point, SSL categorizes these as read and
366 // write locks but it's not clear when this actually occurs, sigh.
367 //
368  if (mode & CRYPTO_LOCK) MutexVector[n].Lock();
369  else MutexVector[n].UnLock();
370 }
371 #ifdef __solaris__
372 }
373 #endif
374 } // namespace
375 #else
376 #undef XRDTLS_SET_CALLBACKS
377 #endif
378 
379 /******************************************************************************/
380 /* F i l e L o c a l D e f i n i t i o n s */
381 /******************************************************************************/
382 
383 namespace
384 {
385 // The following is the default cipher list. Note that for OpenSSL v1.0.2+ we
386 // use the recommended cipher list from Mozilla. Otherwise, we use the dumber
387 // less secure ciphers as older versions of openssl have issues with them. See
388 // ssl-config.mozilla.org/#config=intermediate&openssl=1.0.2k&guideline=5.4
389 //
390 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
391 const char *sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:"
392  "ECDHE-RSA-AES128-GCM-SHA256:"
393  "ECDHE-ECDSA-AES256-GCM-SHA384:"
394  "ECDHE-RSA-AES256-GCM-SHA384:"
395  "ECDHE-ECDSA-CHACHA20-POLY1305:"
396  "ECDHE-RSA-CHACHA20-POLY1305:"
397  "DHE-RSA-AES128-GCM-SHA256:"
398  "DHE-RSA-AES256-GCM-SHA384";
399 #else
400 const char *sslCiphers = "ALL:!LOW:!EXP:!MD5:!MD2";
401 #endif
402 
403 XrdSysMutex dbgMutex, tlsMutex;
404 XrdSys::RAtomic<bool> initDbgDone{ false };
405 bool initTlsDone{ false };
406 
407 /******************************************************************************/
408 /* I n i t T L S */
409 /******************************************************************************/
410 
411 void InitTLS() // This is strictly a one-time call!
412 {
413  XrdSysMutexHelper tlsHelper(tlsMutex);
414 
415 // Make sure we are not trying to load the ssl library more than once. This can
416 // happen when a server and a client instance happen to be both defined.
417 //
418  if (initTlsDone) return;
419  initTlsDone = true;
420 
421 // SSL library initialisation
422 //
423  SSL_library_init();
424  OpenSSL_add_all_algorithms();
425  SSL_load_error_strings();
426  OpenSSL_add_all_ciphers();
427 #if OPENSSL_VERSION_NUMBER < 0x30000000L
428  ERR_load_BIO_strings();
429 #endif
430  ERR_load_crypto_strings();
431 
432 // Set callbacks if we need to do this
433 //
434 #ifdef XRDTLS_SET_CALLBACKS
435 
436  int n = CRYPTO_num_locks();
437  if (n > 0)
438  {MutexVector = new XrdSysMutex[n];
439  CRYPTO_set_locking_callback(sslTLS_lock);
440  }
441  CRYPTO_set_id_callback(sslTLS_id_callback);
442 
443 #endif
444 }
445 
446 /******************************************************************************/
447 /* F a t a l */
448 /******************************************************************************/
449 
450 void Fatal(std::string *eMsg, const char *msg, bool sslmsg=false)
451 {
452 // If there is an outboard error string object, return the message there.
453 //
454  if (eMsg) *eMsg = msg;
455 
456 // Now route the message to the message callback function. If this is an ssl
457 // related error we also flush the ssl error queue to prevent suprises.
458 //
459  XrdTls::Emsg("TLS_Context:", msg, sslmsg);
460 }
461 
462 /******************************************************************************/
463 /* G e t T l s M e t h o d */
464 /******************************************************************************/
465 
466 const char *GetTlsMethod(const SSL_METHOD *&meth)
467 {
468 #if OPENSSL_VERSION_NUMBER > 0x1010000fL /* v1.1.0 */
469  meth = TLS_method();
470 #else
471  meth = SSLv23_method();
472 #endif
473  if (meth == 0) return "No negotiable TLS method available.";
474  return 0;
475 }
476 
477 /******************************************************************************/
478 /* V e r P a t h s */
479 /******************************************************************************/
480 
481 bool VerPaths(const char *cert, const char *pkey,
482  const char *cadr, const char *cafl, std::string &eMsg)
483 {
484  static const mode_t cert_mode = S_IRUSR | S_IWUSR | S_IRWXG | S_IROTH;
485  static const mode_t pkey_mode = S_IRUSR | S_IWUSR;
486  static const mode_t cadr_mode = S_IRWXU | S_IRGRP | S_IXGRP
487  | S_IROTH | S_IXOTH;
488  static const mode_t cafl_mode = S_IRUSR | S_IWUSR | S_IRWXG | S_IROTH;
489  const char *emsg;
490 
491 // If the ca cert directory is present make sure it's a directory and
492 // only the ower can write to that directory (anyone can read from it).
493 //
494  if (cadr && (emsg = XrdOucUtils::ValPath(cadr, cadr_mode, true)))
495  {eMsg = "Unable to use CA cert directory ";
496  eMsg += cadr; eMsg += "; "; eMsg += emsg;
497  return false;
498  }
499 
500 // If a ca cert file is present make sure it's a file and only the owner can
501 // write it (anyone can read it).
502 //
503  if (cafl && (emsg = XrdOucUtils::ValPath(cafl, cafl_mode, false)))
504  {eMsg = "Unable to use CA cert file ";
505  eMsg += cafl; eMsg += "; "; eMsg += emsg;
506  return false;
507  }
508 
509 // If a private key is present than make sure it's a file and only the
510 // owner has access to it.
511 //
512  if (pkey && (emsg = XrdOucUtils::ValPath(pkey, pkey_mode, false)))
513  {eMsg = "Unable to use key file ";
514  eMsg += pkey; eMsg += "; "; eMsg += emsg;
515  return false;
516  }
517 
518 // If a cert file is present then make sure it's a file. If a keyfile is
519 // present then anyone can read it but only the owner can write it.
520 // Otherwise, only the owner can gave access to it (it contains the key).
521 //
522  if (cert)
523  {mode_t cmode = (pkey ? cert_mode : pkey_mode);
524  if ((emsg = XrdOucUtils::ValPath(cert, cmode, false)))
525  {if (pkey) eMsg = "Unable to use cert file ";
526  else eMsg = "Unable to use cert+key file ";
527  eMsg += cert; eMsg += "; "; eMsg += emsg;
528  return false;
529  }
530  }
531 
532 // All tests succeeded.
533 //
534  return true;
535 }
536 
537 /******************************************************************************/
538 /* V e r C B */
539 /******************************************************************************/
540 
541 extern "C"
542 {
543 int VerCB(int aOK, X509_STORE_CTX *x509P)
544 {
545  if (!aOK)
546  {X509 *cert = X509_STORE_CTX_get_current_cert(x509P);
547  int depth = X509_STORE_CTX_get_error_depth(x509P);
548  int err = X509_STORE_CTX_get_error(x509P);
549  char name[512], info[1024];
550 
551  X509_NAME_oneline(X509_get_subject_name(cert), name, sizeof(name));
552  snprintf(info,sizeof(info),"Cert verification failed for DN=%s",name);
553  XrdTls::Emsg("CertVerify:", info, false);
554 
555  X509_NAME_oneline(X509_get_issuer_name(cert), name, sizeof(name));
556  snprintf(info,sizeof(info),"Failing cert issuer=%s", name);
557  XrdTls::Emsg("CertVerify:", info, false);
558 
559  snprintf(info, sizeof(info), "Error %d at depth %d [%s]", err, depth,
560  X509_verify_cert_error_string(err));
561  XrdTls::Emsg("CertVerify:", info, true);
562  }
563 
564  return aOK;
565 }
566 }
567 
568 } // Anonymous namespace end
569 
570 /******************************************************************************/
571 /* C o n s t r u c t o r */
572 /******************************************************************************/
573 
574 #define KILL_CTX(x) if (x) {SSL_CTX_free(x); x = 0;}
575 
576 #define FATAL(msg) {Fatal(eMsg, msg); KILL_CTX(pImpl->ctx); return;}
577 
578 #define FATAL_SSL(msg) {Fatal(eMsg, msg, true); KILL_CTX(pImpl->ctx); return;}
579 
580 XrdTlsContext::XrdTlsContext(const char *cert, const char *key,
581  const char *caDir, const char *caFile,
582  uint64_t opts, std::string *eMsg)
583  : pImpl( new XrdTlsContextImpl(this) )
584 {
585  class ctx_helper
586  {public:
587 
588  void Keep() {ctxLoc = 0;}
589 
590  ctx_helper(SSL_CTX **ctxP) : ctxLoc(ctxP) {}
591  ~ctx_helper() {if (ctxLoc && *ctxLoc)
592  {SSL_CTX_free(*ctxLoc); *ctxLoc = 0;}
593  }
594  private:
595  SSL_CTX **ctxLoc;
596  } ctx_tracker(&pImpl->ctx);
597 
598  static const uint64_t sslOpts = SSL_OP_ALL
599  | SSL_OP_NO_SSLv2
600  | SSL_OP_NO_SSLv3
601  | SSL_OP_NO_COMPRESSION
602 #ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
603  | SSL_OP_IGNORE_UNEXPECTED_EOF
604 #endif
605 #if OPENSSL_VERSION_NUMBER >= 0x10101000L
606  | SSL_OP_NO_RENEGOTIATION
607 #endif
608  ;
609 
610  std::string certFN, eText;
611  const char *emsg;
612 
613 // Assume we will fail
614 //
615  pImpl->ctx = 0;
616 
617 // Verify that initialzation has occurred. This is not heavy weight as
618 // there will usually be no more than two instances of this object.
619 //
620  if (!initDbgDone)
621  {XrdSysMutexHelper dbgHelper(dbgMutex);
622  if (!initDbgDone)
623  {const char *dbg;
624  if (!(opts & servr) && (dbg = getenv("XRDTLS_DEBUG")))
625  {int dbgOpts = 0;
626  if (strstr(dbg, "ctx")) dbgOpts |= XrdTls::dbgCTX;
627  if (strstr(dbg, "sok")) dbgOpts |= XrdTls::dbgSOK;
628  if (strstr(dbg, "sio")) dbgOpts |= XrdTls::dbgSIO;
629  if (!dbgOpts) dbgOpts = XrdTls::dbgALL;
631  }
632  if ((emsg = Init())) FATAL(emsg);
633  initDbgDone = true;
634  }
635  }
636 
637 // If no CA cert information is specified and this is not a server context,
638 // then get the paths from the environment. They must exist as we need to
639 // verify peer certs in order to verify target host names client-side. We
640 // also use this setupt to see if we should use a specific cert and key.
641 //
642  if (!(opts & servr))
643  {if (!caDir && !caFile)
644  {caDir = getenv("X509_CERT_DIR");
645  caFile = getenv("X509_CERT_FILE");
646  if (!caDir && !caFile)
647  FATAL("No CA cert specified; host identity cannot be verified.");
648  }
649  if (!key) key = getenv("X509_USER_KEY");
650  if (!cert) cert = getenv("X509_USER_PROXY");
651  if (!cert)
652  {struct stat Stat;
653  long long int uid = static_cast<long long int>(getuid());
654  certFN = std::string("/tmp/x509up_u") + std::to_string(uid);
655  if (!stat(certFN.c_str(), &Stat)) cert = certFN.c_str();
656  }
657  }
658 
659 // Before we try to use any specified files, make sure they exist, are of
660 // the right type and do not have excessive access privileges.
661 // .a
662  if (!VerPaths(cert, key, caDir, caFile, eText)) FATAL( eText.c_str());
663 
664 // Copy parameters to out parm structure.
665 //
666  if (cert) {
667  pImpl->Parm.cert = cert;
668  //This call should not fail as a stat is already performed in the call of VerPaths() above
670  }
671  if (key) pImpl->Parm.pkey = key;
672  if (caDir) pImpl->Parm.cadir = caDir;
673  if (caFile) pImpl->Parm.cafile = caFile;
674  pImpl->Parm.opts = opts;
675  if (opts & crlRF) {
676  // What we store in crlRF is the time in minutes, convert it back to seconds
677  pImpl->Parm.crlRT = static_cast<int>((opts & crlRF) >> crlRS) * 60;
678  }
679 
680 // Get the correct method to use for TLS and check if successful create a
681 // server context that uses the method.
682 //
683  const SSL_METHOD *meth;
684  emsg = GetTlsMethod(meth);
685  if (emsg) FATAL(emsg);
686 
687  pImpl->ctx = SSL_CTX_new(meth);
688 
689 // Make sure we have a context here
690 //
691  if (pImpl->ctx == 0) FATAL_SSL("Unable to allocate TLS context!");
692 
693 // Always prohibit SSLv2 & SSLv3 as these are not secure.
694 //
695  SSL_CTX_set_options(pImpl->ctx, sslOpts);
696 
697 // Handle session re-negotiation automatically
698 //
699 // SSL_CTX_set_mode(pImpl->ctx, sslMode);
700 
701 // Turn off the session cache as it's useless with peer cert chains
702 //
703  SSL_CTX_set_session_cache_mode(pImpl->ctx, SSL_SESS_CACHE_OFF);
704 
705 // Establish the CA cert locations, if specified. Then set the verification
706 // depth and turn on peer cert validation. For now, we don't set a callback.
707 // In the future we may to grab debugging information.
708 //
709  if (caDir || caFile)
710  {if (!SSL_CTX_load_verify_locations(pImpl->ctx, caFile, caDir))
711  FATAL_SSL("Unable to load the CA cert file or directory.");
712 
713  int vDepth = (opts & vdept) >> vdepS;
714  SSL_CTX_set_verify_depth(pImpl->ctx, (vDepth ? vDepth : 9));
715 
716  bool LogVF = (opts & logVF) != 0;
717  SSL_CTX_set_verify(pImpl->ctx, SSL_VERIFY_PEER, (LogVF ? VerCB : 0));
718 
719  unsigned long xFlags = (opts & nopxy ? 0 : X509_V_FLAG_ALLOW_PROXY_CERTS);
720  if (opts & crlON)
721  {xFlags |= X509_V_FLAG_CRL_CHECK;
722  if (opts & crlFC) xFlags |= X509_V_FLAG_CRL_CHECK_ALL;
723  }
724  if (opts) X509_STORE_set_flags(SSL_CTX_get_cert_store(pImpl->ctx),xFlags);
725  } else {
726  SSL_CTX_set_verify(pImpl->ctx, SSL_VERIFY_NONE, 0);
727  }
728 
729 // Set cipher list
730 //
731  if (!SSL_CTX_set_cipher_list(pImpl->ctx, sslCiphers))
732  FATAL_SSL("Unable to set SSL cipher list; no supported ciphers.");
733 
734 // If we need to enable eliptic-curve support, do so now. Note that for
735 // OpenSSL 1.1.0+ this is automatically done for us.
736 //
737 #if SSL_CTRL_SET_ECDH_AUTO
738  SSL_CTX_set_ecdh_auto(pImpl->ctx, 1);
739 #endif
740 
741 // We normally handle renegotiation during reads and writes or selective
742 // prohibit on a SSL socket basis. The calle may request this be applied
743 // to all SSL's generated from this context. If so, do it here.
744 //
745  if (opts & artON) SSL_CTX_set_mode(pImpl->ctx, SSL_MODE_AUTO_RETRY);
746 
747 // If there is no cert then assume this is a generic context for a client
748 //
749  if (cert == 0)
750  {ctx_tracker.Keep();
751  return;
752  }
753 
754 // We have a cert. If the key is missing then we assume the key is in the
755 // cert file (ssl will complain if it isn't).
756 //
757  if (!key) key = cert;
758 
759 // Load certificate
760 //
761  if (SSL_CTX_use_certificate_chain_file(pImpl->ctx, cert) != 1)
762  FATAL_SSL("Unable to create TLS context; invalid certificate.");
763 
764 // Load the private key
765 //
766  if (SSL_CTX_use_PrivateKey_file(pImpl->ctx, key, SSL_FILETYPE_PEM) != 1 )
767  FATAL_SSL("Unable to create TLS context; invalid private key.");
768 
769 // Make sure the key and certificate file match.
770 //
771  if (SSL_CTX_check_private_key(pImpl->ctx) != 1 )
772  FATAL_SSL("Unable to create TLS context; cert-key mismatch.");
773 
774 // All went well, start the CRL refresh thread and keep the context.
775 //
776  if(opts & rfCRL) {
777  SetCrlRefresh();
778  }
779  ctx_tracker.Keep();
780 }
781 
782 /******************************************************************************/
783 /* D e s t r u c t o r */
784 /******************************************************************************/
785 
787 {
788 // We can delet eour implementation of there is no refresh thread running. If
789 // there is then the refresh thread has to delete the implementation.
790 //
791  if (pImpl->crlRunning | pImpl->flsRunning)
792  {pImpl->crlMutex.WriteLock();
793  pImpl->owner = 0;
794  pImpl->crlMutex.UnLock();
795  } else delete pImpl;
796 }
797 
798 /******************************************************************************/
799 /* C l o n e */
800 /******************************************************************************/
801 
802 XrdTlsContext *XrdTlsContext::Clone(bool full,bool startCRLRefresh)
803 {
804  XrdTlsContext::CTX_Params &my = pImpl->Parm;
805  const char *cert = (my.cert.size() ? my.cert.c_str() : 0);
806  const char *pkey = (my.pkey.size() ? my.pkey.c_str() : 0);
807  const char *caD = (my.cadir.size() ? my.cadir.c_str() : 0);
808  const char *caF = (my.cafile.size() ? my.cafile.c_str() : 0);
809 
810 // If this is a non-full context, get rid of any verification
811 //
812  if (!full) caD = caF = 0;
813 
814 // Cloning simply means getting a object with the old parameters.
815 //
816  uint64_t myOpts = my.opts;
817  if(startCRLRefresh){
819  } else {
821  }
822  XrdTlsContext *xtc = new XrdTlsContext(cert, pkey, caD, caF, myOpts);
823 
824 // Verify that the context was built
825 //
826  if (xtc->isOK()) {
827  if(pImpl->sessionCacheOpts != -1){
828  //A SessionCache() call was done for the current context, so apply it for this new cloned context
829  xtc->SessionCache(pImpl->sessionCacheOpts,pImpl->sessionCacheId.c_str(),pImpl->sessionCacheId.size());
830  }
831  return xtc;
832  }
833 
834 // We failed, cleanup.
835 //
836  delete xtc;
837  return 0;
838 }
839 
840 /******************************************************************************/
841 /* C o n t e x t */
842 /******************************************************************************/
843 
845 {
846  return pImpl->ctx;
847 }
848 
849 /******************************************************************************/
850 /* G e t P a r a m s */
851 /******************************************************************************/
852 
854 {
855  return &pImpl->Parm;
856 }
857 
858 /******************************************************************************/
859 /* I n i t */
860 /******************************************************************************/
861 
862 const char *XrdTlsContext::Init()
863 {
864 
865 // Disallow use if this object unless SSL provides thread-safety!
866 //
867 #ifndef OPENSSL_THREADS
868  return "Installed OpenSSL lacks the required thread support!";
869 #endif
870 
871 // Initialize the library (one time call)
872 //
873  InitTLS();
874  return 0;
875 }
876 
877 /******************************************************************************/
878 /* i s O K */
879 /******************************************************************************/
880 
882 {
883  return pImpl->ctx != 0;
884 }
885 
886 /******************************************************************************/
887 /* S e s s i o n */
888 /******************************************************************************/
889 
890 // Note: The reason we handle the x509 store update here is because allow the
891 // SSL context to be exported and then have no lock control over it. This may
892 // happen for transient purposes other than creating sessions. Once we
893 // disallow direct access to the context, the exchange can happen in the
894 // refresh thread which simplifies this whole process.
895 
897 {
898 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
899 
900  EPNAME("Session");
901  SSL *ssl;
902 
903 // Check if we have a refreshed context. If so, we need to replace the X509
904 // store in the current context with the new one before we create the session.
905 //
906  pImpl->crlMutex.ReadLock();
907  if (!(pImpl->ctxnew))
908  {ssl = SSL_new(pImpl->ctx);
909  pImpl->crlMutex.UnLock();
910  return ssl;
911  }
912 
913 // Things have changed, so we need to take the long route here. We need to
914 // replace the x509 cache with the current cache. Get a R/W lock now.
915 //
916  pImpl->crlMutex.UnLock();
917  pImpl->crlMutex.WriteLock();
918 
919 // If some other thread beat us to the punch, just return what we have.
920 //
921  if (!(pImpl->ctxnew))
922  {ssl = SSL_new(pImpl->ctx);
923  pImpl->crlMutex.UnLock();
924  return ssl;
925  }
926 
927 // Do some tracing
928 //
929  DBG_CTX("Replacing x509 store with new contents.");
930 
931 // Get the new store and set it in our context. Setting the store is black
932 // magic. For OpenSSL < 1.1, Two stores need to be set with the "set1" variant.
933 // Newer version only require SSL_CTX_set1_cert_store() to be used.
934 //
935  //We have a new context generated by Refresh, so we must use it.
936  XrdTlsContext * ctxnew = pImpl->ctxnew;
937 
938  /*X509_STORE *newX509 = SSL_CTX_get_cert_store(ctxnew->pImpl->ctx);
939  SSL_CTX_set1_verify_cert_store(pImpl->ctx, newX509);
940  SSL_CTX_set1_chain_cert_store(pImpl->ctx, newX509);*/
941  //The above two macros actually do not replace the certificate that has
942  //to be used for that SSL session, so we will create the session with the SSL_CTX * of
943  //the TlsContext created by Refresh()
944  //First, free the current SSL_CTX, if it is used by any transfer, it will just decrease
945  //the reference counter of it. There is therefore no risk of double free...
946  SSL_CTX_free(pImpl->ctx);
947  pImpl->ctx = ctxnew->pImpl->ctx;
948  //In the destructor of XrdTlsContextImpl, SSL_CTX_Free() is
949  //called if ctx is != 0. As this new ctx is used by the session
950  //we just created, we don't want that to happen. We therefore set it to 0.
951  //The SSL_free called on the session will cleanup the context for us.
952  ctxnew->pImpl->ctx = 0;
953 
954 // Save the generated context and clear it's presence
955 //
956  XrdTlsContext *ctxold = pImpl->ctxnew;
957  pImpl->ctxnew = 0;
958 
959 // Generate a new session (might as well to keep the lock we have)
960 //
961  ssl = SSL_new(pImpl->ctx);
962 
963 // OK, now we can drop all the locks and get rid of the old context
964 //
965  pImpl->crlMutex.UnLock();
966  delete ctxold;
967  return ssl;
968 
969 #else
970 // If we did not compile crl refresh code, we can simply return the OpenSSL
971 // session using our context. Otherwise, we need to see if we have a refreshed
972 // context and if so, carry forward the X509_store to our original context.
973 //
974  return SSL_new(pImpl->ctx);
975 #endif
976 }
977 
978 /******************************************************************************/
979 /* S e s s i o n C a c h e */
980 /******************************************************************************/
981 
982 int XrdTlsContext::SessionCache(int opts, const char *id, int idlen)
983 {
984  static const int doSet = scSrvr | scClnt | scOff;
985  long sslopt = 0;
986  int flushT = opts & scFMax;
987 
988  pImpl->sessionCacheOpts = opts;
989  pImpl->sessionCacheId = id;
990 
991 // If initialization failed there is nothing to do
992 //
993  if (pImpl->ctx == 0) return 0;
994 
995 // Set options as appropriate
996 //
997  if (opts & doSet)
998  {if (opts & scOff) sslopt = SSL_SESS_CACHE_OFF;
999  else {if (opts & scSrvr) sslopt = SSL_SESS_CACHE_SERVER;
1000  if (opts & scClnt) sslopt |= SSL_SESS_CACHE_CLIENT;
1001  }
1002  }
1003 
1004 // Check if we should set any cache options or simply get them
1005 //
1006  if (!(opts & doSet)) sslopt = SSL_CTX_get_session_cache_mode(pImpl->ctx);
1007  else {sslopt = SSL_CTX_set_session_cache_mode(pImpl->ctx, sslopt);
1008  if (opts & scOff) SSL_CTX_set_options(pImpl->ctx, SSL_OP_NO_TICKET);
1009  }
1010 
1011 // Compute what he previous cache options were
1012 //
1013  opts = scNone;
1014  if (sslopt & SSL_SESS_CACHE_SERVER) opts |= scSrvr;
1015  if (sslopt & SSL_SESS_CACHE_CLIENT) opts |= scClnt;
1016  if (!opts) opts = scOff;
1017  if (sslopt & SSL_SESS_CACHE_NO_AUTO_CLEAR) opts |= scKeep;
1018  opts |= (static_cast<int>(pImpl->flushT) & scFMax);
1019 
1020 // Set the id is so wanted
1021 //
1022  if (id && idlen > 0)
1023  {if (!SSL_CTX_set_session_id_context(pImpl->ctx,
1024  (unsigned const char *)id,
1025  (unsigned int)idlen)) opts |= scIdErr;
1026  }
1027 
1028 // If a flush interval was specified and it is different from what we have
1029 // then reset the flush interval.
1030 //
1031  if (flushT && flushT != pImpl->flushT)
1032  XrdTlsFlush::Setup_Flusher(pImpl, flushT);
1033 
1034 // All done
1035 //
1036  return opts;
1037 }
1038 
1039 /******************************************************************************/
1040 /* S e t C o n t e x t C i p h e r s */
1041 /******************************************************************************/
1042 
1043 bool XrdTlsContext::SetContextCiphers(const char *ciphers)
1044 {
1045  if (pImpl->ctx && SSL_CTX_set_cipher_list(pImpl->ctx, ciphers)) return true;
1046 
1047  char eBuff[2048];
1048  snprintf(eBuff,sizeof(eBuff),"Unable to set context ciphers '%s'",ciphers);
1049  Fatal(0, eBuff, true);
1050  return false;
1051 }
1052 
1053 /******************************************************************************/
1054 /* S e t D e f a u l t C i p h e r s */
1055 /******************************************************************************/
1056 
1057 void XrdTlsContext::SetDefaultCiphers(const char *ciphers)
1058 {
1059  sslCiphers = ciphers;
1060 }
1061 
1062 /******************************************************************************/
1063 /* S e t C r l R e f r e s h */
1064 /******************************************************************************/
1065 
1067 {
1068 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
1069 
1070  pthread_t tid;
1071  int rc;
1072 
1073 // If it's negative or equal to 0, use the current setting
1074 //
1075  if (refsec <= 0)
1076  {pImpl->crlMutex.WriteLock();
1077  refsec = pImpl->Parm.crlRT;
1078  pImpl->crlMutex.UnLock();
1079  if (!refsec) refsec = XrdTlsContext::DEFAULT_CRL_REF_INT_SEC;
1080  }
1081 
1082 // Make sure this is at least 60 seconds between refreshes
1083 //
1084 // if (refsec < 60) refsec = 60;
1085 
1086 // We will set the new interval and start a refresh thread if not running.
1087 //
1088  pImpl->crlMutex.WriteLock();
1089  pImpl->Parm.crlRT = refsec;
1090  if (!pImpl->crlRunning)
1091  {if ((rc = XrdSysThread::Run(&tid, XrdTlsCrl::Refresh, (void *)pImpl,
1092  0, "CRL Refresh")))
1093  {char eBuff[512];
1094  snprintf(eBuff, sizeof(eBuff),
1095  "Unable to start CRL refresh thread; rc=%d", rc);
1096  XrdTls::Emsg("CrlRefresh:", eBuff, false);
1097  pImpl->crlMutex.UnLock();
1098  return false;
1099  } else pImpl->crlRunning = true;
1100  pImpl->crlMutex.UnLock();
1101  }
1102 
1103 // All done
1104 //
1105  return true;
1106 
1107 #else
1108 // We use features present on OpenSSL 1.02 and above to implement crl refresh.
1109 // Older version are too difficult to deal with. Issue a message if this
1110 // feature is being enabled on an old version.
1111 //
1112  XrdTls::Emsg("CrlRefresh:", "Refreshing CRLs only supported in "
1113  "OpenSSL version >= 1.02; CRL refresh disabled!", false);
1114  return false;
1115 #endif
1116 }
1117 
1118 /******************************************************************************/
1119 /* x 5 0 9 V e r i f y */
1120 /******************************************************************************/
1121 
1123 {
1124  return !(pImpl->Parm.cadir.empty()) || !(pImpl->Parm.cafile.empty());
1125 }
1126 
1128  const std::string certPath = pImpl->Parm.cert;
1129  if(certPath.empty()) {
1130  //No certificate provided, should not happen though
1131  return false;
1132  }
1133  time_t modificationTime;
1134  if(!XrdOucUtils::getModificationTime(certPath.c_str(),modificationTime)){
1135  if (pImpl->lastCertModTime != modificationTime) {
1136  //The certificate file has changed
1137  pImpl->lastCertModTime = modificationTime;
1138  return true;
1139  }
1140  }
1141  return false;
1142 }
#define EPNAME(x)
Definition: XrdBwmTrace.hh:56
struct stat Stat
Definition: XrdCks.cc:49
void Fatal(const char *op, const char *target)
Definition: XrdCrc32c.cc:58
int stat(const char *path, struct stat *buf)
#define eMsg(x)
struct myOpts opts
int emsg(int rc, char *msg)
#define FATAL_SSL(msg)
#define FATAL(msg)
#define DBG_CTX(y)
Definition: XrdTlsTrace.hh:39
#define TRACING(x)
Definition: XrdTrace.hh:70
static int getModificationTime(const char *path, time_t &modificationTime)
static const char * ValPath(const char *path, mode_t allow, bool isdir)
static int Run(pthread_t *, void *(*proc)(void *), void *arg, int opts=0, const char *desc=0)
static pthread_t ID(void)
static void Snooze(int seconds)
Definition: XrdSysTimer.cc:168
static const int scIdErr
Info: Id not set, is too long.
XrdTlsContext * Clone(bool full=true, bool startCRLRefresh=false)
~XrdTlsContext()
Destructor.
static const uint64_t vdept
Mask to isolate vdept.
static const int crlRS
Bits to shift vdept.
int SessionCache(int opts=scNone, const char *id=0, int idlen=0)
static void SetDefaultCiphers(const char *ciphers)
XrdTlsContext(const char *cert=0, const char *key=0, const char *cadir=0, const char *cafile=0, uint64_t opts=0, std::string *eMsg=0)
static const int scClnt
Turn on cache client mode.
static const int DEFAULT_CRL_REF_INT_SEC
Default CRL refresh interval in seconds.
static const uint64_t servr
This is a server context.
static const uint64_t rfCRL
Turn on the CRL refresh thread.
static const int scKeep
Info: TLS-controlled flush disabled.
static const uint64_t nopxy
Do not allow proxy certs.
static const int scNone
Do not change any option settings.
static const uint64_t logVF
Log verify failures.
static const uint64_t crlFC
Full crl chain checking.
static const uint64_t crlON
Enables crl checking.
static const uint64_t artON
Auto retry Handshake.
void * Session()
void * Context()
static const int vdepS
Bits to shift vdept.
const CTX_Params * GetParams()
static const int scOff
Turn off cache.
static const char * Init()
bool newHostCertificateDetected()
bool SetContextCiphers(const char *ciphers)
static const int scFMax
bool SetCrlRefresh(int refsec=-1)
static const int scSrvr
Turn on cache server mode (default)
static const uint64_t crlRF
Mask to isolate crl refresh in min.
static const int dbgSIO
Turn debugging in for socket I/O.
Definition: XrdTls.hh:102
static const int dbgSOK
Turn debugging in for socket operations.
Definition: XrdTls.hh:101
static const int dbgOUT
Force msgs to stderr for easier client debug.
Definition: XrdTls.hh:104
static void Emsg(const char *tid, const char *msg=0, bool flush=true)
Definition: XrdTls.cc:104
static const int dbgALL
Turn debugging for everything.
Definition: XrdTls.hh:103
static const int dbgCTX
Turn debugging in for context operations.
Definition: XrdTls.hh:100
static void SetDebug(int opts, XrdSysLogger *logP=0)
Definition: XrdTls.cc:177
bool InitTLS()
Definition: XrdClTls.cc:96
void * Refresh(void *parg)
void * Flusher(void *parg)
bool Setup_Flusher(XrdTlsContextImpl *pImpl, int flushT)
XrdSysTrace SysTrace("TLS", 0)
XrdTlsContextImpl(XrdTlsContext *p)
std::string sessionCacheId
XrdTlsContext * owner
XrdTlsContext::CTX_Params Parm
XrdTlsContext * ctxnew
XrdSysCondVar * flsCVar
XrdSysRWLock crlMutex
std::string cafile
-> ca cert file.
uint64_t opts
Options as passed to the constructor.
std::string cadir
-> ca cert directory.
int crlRT
crl refresh interval time in seconds
std::string pkey
-> private key path.
std::string cert
-> certificate path.