tls: renamed tls hooks callbacks to highlight their purpose
[sip-router] / src / modules / tls / tls_server.c
1 /*
2  * TLS module - main server part
3  *
4  * Copyright (C) 2005-2010 iptelorg GmbH
5  * Copyright (C) 2013 Motorola Solutions, Inc.
6  *
7  * This file is part of Kamailio, a free SIP server.
8  *
9  * Permission to use, copy, modify, and distribute this software for any
10  * purpose with or without fee is hereby granted, provided that the above
11  * copyright notice and this permission notice appear in all copies.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20  */
21
22 /** main tls part (implements the tls hooks that are called from the tcp code).
23  * @file tls_server.c
24  * @ingroup tls
25  * Module: @ref tls
26  */
27
28
29 #include <poll.h>
30 #include <openssl/err.h>
31 #include <openssl/ssl.h>
32 #include "../../core/dprint.h"
33 #include "../../core/ip_addr.h"
34 #include "../../core/mem/shm_mem.h"
35 #include "../../core/pt.h"
36 #include "../../core/timer.h"
37 #include "../../core/globals.h"
38 #include "../../core/pt.h"
39 #include "../../core/tcp_int_send.h"
40 #include "../../core/tcp_read.h"
41 #include "../../core/cfg/cfg.h"
42 #include "../../core/route.h"
43 #include "../../core/forward.h"
44 #include "../../core/onsend.h"
45 #include "../../core/xavp.h"
46 #include "../../core/fmsg.h"
47 #include "../../core/kemi.h"
48
49 #include "tls_init.h"
50 #include "tls_domain.h"
51 #include "tls_util.h"
52 #include "tls_mod.h"
53 #include "tls_server.h"
54 #include "tls_select.h"
55 #include "tls_bio.h"
56 #include "tls_dump_vf.h"
57 #include "tls_cfg.h"
58
59 int tls_run_event_routes(struct tcp_connection *c);
60
61 /* low memory treshold for openssl bug #1491 workaround */
62 #define LOW_MEM_NEW_CONNECTION_TEST() \
63         (cfg_get(tls, tls_cfg, low_mem_threshold1) && \
64                 (shm_available_safe() < cfg_get(tls, tls_cfg, low_mem_threshold1)))
65 #define LOW_MEM_CONNECTED_TEST() \
66         (cfg_get(tls, tls_cfg, low_mem_threshold2) && \
67                 (shm_available_safe() <  cfg_get(tls, tls_cfg, low_mem_threshold2)))
68
69 #define TLS_RD_MBUF_SZ  65536
70 #define TLS_WR_MBUF_SZ  65536
71
72
73 /* debugging */
74 #ifdef NO_TLS_RD_DEBUG
75 #undef TLS_RD_DEBUG
76 #endif
77
78 #ifdef NO_TLS_WR_DEBUG
79 #undef TLS_WR_DEBUG
80 #endif
81 #if defined TLS_RD_DEBUG || defined TLS_WR_DEBUG
82 #define TLS_F_DEBUG
83 #endif
84
85 /* if NO_TLS_F_DEBUG or NO_TLS_DEBUG => no debug code */
86 #if defined NO_TLS_F_DEBUG || defined NO_TLS_DEBUG
87 #undef TLS_F_DEBUG
88 #endif
89
90 #ifdef TLS_F_DEBUG
91         #ifdef __SUNPRO_C
92                 #define TLS_F_TRACE(fmt, ...) \
93                         LOG_FP(DEFAULT_FACILITY, cfg_get(tls, tls_cfg, debug),\
94                                         "TLS_TRACE: " LOC_INFO, " %s" fmt,\
95                                         _FUNC_NAME_,  __VA_ARGS__)
96         #else
97                 #define TLS_F_TRACE(fmt, args...) \
98                         LOG_FP(DEFAULT_FACILITY, cfg_get(tls, tls_cfg, debug),\
99                                         "TLS_TRACE: " LOC_INFO, " %s" fmt,\
100                                         _FUNC_NAME_, ## args)
101         #endif /* __SUNPRO_c */
102 #else /* TLS_F_DEBUG */
103         #ifdef __SUNPRO_C
104                 #define TLS_F_TRACE(...)
105         #else
106                 #define TLS_F_TRACE(fmt, args...)
107         #endif /* __SUNPRO_c */
108 #endif /* TLS_F_DEBUG */
109
110 /* tls_read debugging */
111 #ifdef TLS_RD_DEBUG
112         #define TLS_RD_TRACE TLS_F_TRACE
113 #else /* TLS_RD_DEBUG */
114         #ifdef __SUNPRO_C
115                 #define TLS_RD_TRACE(...)
116         #else
117                 #define TLS_RD_TRACE(fmt, args...)
118         #endif /* __SUNPRO_c */
119 #endif /* TLS_RD_DEBUG */
120
121 /* tls_write debugging */
122 #ifdef TLS_WR_DEBUG
123         #define TLS_WR_TRACE TLS_F_TRACE
124 #else /* TLS_RD_DEBUG */
125         #ifdef __SUNPRO_C
126                 #define TLS_WR_TRACE(...)
127         #else
128                 #define TLS_WR_TRACE(fmt, args...)
129         #endif /* __SUNPRO_c */
130 #endif /* TLS_RD_DEBUG */
131
132
133 extern str sr_tls_xavp_cfg;
134
135 static str *tls_get_connect_server_id(void)
136 {
137         sr_xavp_t *vavp = NULL;
138         str sid = {"server_id", 9};
139         if(sr_tls_xavp_cfg.s!=NULL)
140                 vavp = xavp_get_child_with_sval(&sr_tls_xavp_cfg, &sid);
141         if(vavp==NULL || vavp->val.v.s.len<=0) {
142                 LM_DBG("xavp with outbound server id not found\n");
143                 return NULL;
144         }
145         LM_DBG("found xavp with outbound server id: %s\n", vavp->val.v.s.s);
146         return &vavp->val.v.s;
147
148 }
149
150 /**
151  * get the server name (sni) for outbound connections from xavp
152  */
153 static str *tls_get_connect_server_name(void)
154 {
155 #ifndef OPENSSL_NO_TLSEXT
156         sr_xavp_t *vavp = NULL;
157         str sname = {"server_name", 11};
158
159         if(sr_tls_xavp_cfg.s!=NULL)
160                 vavp = xavp_get_child_with_sval(&sr_tls_xavp_cfg, &sname);
161         if(vavp==NULL || vavp->val.v.s.len<=0) {
162                 LM_DBG("xavp with outbound server name not found\n");
163                 return NULL;
164         }
165         LM_DBG("found xavp with outbound server name: %s\n", vavp->val.v.s.s);
166         return &vavp->val.v.s;
167 #else
168         return NULL;
169 #endif
170 }
171
172 /** finish the ssl init.
173  * Creates the SSL context + internal tls_extra_data and sets
174  * extra_data to it.
175  * Separated from tls_tcpconn_init to allow delayed ssl context
176  * init (from the "child" process and not from the main one).
177  * WARNING: the connection should be already locked.
178  * @return 0 on success, -1 on errror.
179  */
180 static int tls_complete_init(struct tcp_connection* c)
181 {
182         tls_domain_t* dom;
183         struct tls_extra_data* data = 0;
184         tls_domains_cfg_t* cfg;
185         enum tls_conn_states state;
186         str *sname = NULL;
187         str *srvid = NULL;
188
189         if (LOW_MEM_NEW_CONNECTION_TEST()){
190                 ERR("tls: ssl bug #1491 workaround: not enough memory for safe"
191                                 " operation: shm=%lu threshold1=%d\n", shm_available_safe(),
192                                 cfg_get(tls, tls_cfg, low_mem_threshold1));
193                 goto error2;
194         }
195         /* Get current TLS configuration and increase reference
196          * count immediately.
197          */
198
199         LM_DBG("completing tls connection initialization\n");
200
201         lock_get(tls_domains_cfg_lock);
202         cfg = *tls_domains_cfg;
203
204         /* Increment the reference count in the configuration structure, this
205          * is to ensure that, while on the garbage queue, the configuration does
206          * not get deleted if there are still connection referencing its SSL_CTX
207          */
208         atomic_inc(&cfg->ref_count);
209         lock_release(tls_domains_cfg_lock);
210
211         if (c->flags & F_CONN_PASSIVE) {
212                 state=S_TLS_ACCEPTING;
213                 dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,
214                                                                 &c->rcv.dst_ip, c->rcv.dst_port, 0, 0);
215         } else {
216                 state=S_TLS_CONNECTING;
217                 sname = tls_get_connect_server_name();
218                 srvid = tls_get_connect_server_id();
219                 dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
220                                                 &c->rcv.dst_ip, c->rcv.dst_port, sname, srvid);
221         }
222         if (unlikely(c->state<0)) {
223                 BUG("Invalid connection (state %d)\n", c->state);
224                 goto error;
225         }
226         DBG("Using initial TLS domain %s (dom %p ctx %p sn [%s])\n",
227                         tls_domain_str(dom), dom, dom->ctx[process_no],
228                         ZSW(dom->server_name.s));
229
230         data = (struct tls_extra_data*)shm_malloc(sizeof(struct tls_extra_data));
231         if (!data) {
232                 ERR("Not enough shared memory left\n");
233                 goto error;
234         }
235         memset(data, '\0', sizeof(struct tls_extra_data));
236         data->ssl = SSL_new(dom->ctx[process_no]);
237         data->rwbio = tls_BIO_new_mbuf(0, 0);
238         data->cfg = cfg;
239         data->state = state;
240
241         if (unlikely(data->ssl == 0 || data->rwbio == 0)) {
242                 TLS_ERR("Failed to create SSL or BIO structure:");
243                 if (data->ssl)
244                         SSL_free(data->ssl);
245                 if (data->rwbio)
246                         BIO_free(data->rwbio);
247                 goto error;
248         }
249
250 #ifndef OPENSSL_NO_TLSEXT
251         if (sname!=NULL) {
252                 if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) {
253                         if (data->ssl)
254                                 SSL_free(data->ssl);
255                         if (data->rwbio)
256                                 BIO_free(data->rwbio);
257                         goto error;
258                 }
259                 LM_DBG("outbound TLS server name set to: %s\n", sname->s);
260         }
261 #endif
262
263 #if OPENSSL_VERSION_NUMBER < 0x010100000L
264 #ifdef TLS_KSSL_WORKARROUND
265         /* if needed apply workaround for openssl bug #1467 */
266         if (data->ssl->kssl_ctx && openssl_kssl_malloc_bug){
267                 kssl_ctx_free(data->ssl->kssl_ctx);
268                 data->ssl->kssl_ctx=0;
269         }
270 #endif
271 #endif
272         SSL_set_bio(data->ssl, data->rwbio, data->rwbio);
273         c->extra_data = data;
274
275         /* link the extra data struct inside ssl connection*/
276         SSL_set_app_data(data->ssl, data);
277         return 0;
278
279 error:
280         atomic_dec(&cfg->ref_count);
281         if (data) shm_free(data);
282 error2:
283         return -1;
284 }
285
286
287
288 /** completes tls init if needed and checks if tls can be used (unsafe).
289  *  It will check for low memory.
290  *  If it returns success, c->extra_data is guaranteed to be !=0.
291  *  WARNING: must be called with c->write_lock held.
292  *  @return 0 on success, < 0 on error (complete init failed or out of memory).
293  */
294 static int tls_fix_connection_unsafe(struct tcp_connection* c)
295 {
296         if (unlikely(!c->extra_data)) {
297                 if (unlikely(tls_complete_init(c) < 0)) {
298                         return -1;
299                 }
300         }else if (unlikely(LOW_MEM_CONNECTED_TEST())){
301                 ERR("tls: ssl bug #1491 workaround: not enough memory for safe"
302                                 " operation: shm=%lu threshold2=%d\n", shm_available_safe(),
303                                 cfg_get(tls, tls_cfg, low_mem_threshold2));
304                 return -1;
305         }
306         return 0;
307 }
308
309
310
311 /** completes tls init if needed and checks if tls can be used, (safe).
312  *  It will check for low memory.
313  *  If it returns success, c->extra_data is guaranteed to be !=0.
314  *  WARNING: must _not_ be called with c->write_lock held (it will
315  *   lock/unlock internally), see also tls_fix_connection_unsafe().
316  *  @return 0 on success, < 0 on error (complete init failed or out of memory).
317  */
318 static int tls_fix_connection(struct tcp_connection* c)
319 {
320         int ret;
321
322         if (unlikely(c->extra_data == 0)) {
323                 lock_get(&c->write_lock);
324                         if (unlikely(c->extra_data == 0)) {
325                                 ret = tls_complete_init(c);
326                                 lock_release(&c->write_lock);
327                                 return ret;
328                         }
329                 lock_release(&c->write_lock);
330         }
331         if (unlikely(LOW_MEM_CONNECTED_TEST())){
332                 ERR("tls: ssl bug #1491 workaround: not enough memory for safe"
333                                 " operation: shm=%lu threshold2=%d\n", shm_available_safe(),
334                                 cfg_get(tls, tls_cfg, low_mem_threshold2));
335                 return -1;
336         }
337         return 0;
338 }
339
340
341
342 /** sets an mbuf pair for the bio used by the tls connection.
343  * WARNING: must be called with c->write_lock held.
344  * @return 0 on success, -1 on error.
345  */
346 static int tls_set_mbufs(struct tcp_connection *c,
347                                                         struct tls_mbuf* rd,
348                                                         struct tls_mbuf* wr)
349 {
350         BIO *rwbio;
351
352         rwbio = ((struct tls_extra_data*)c->extra_data)->rwbio;
353         if (unlikely(tls_BIO_mbuf_set(rwbio, rd, wr)<=0)) {
354                 /* it should be always 1 */
355                 ERR("failed to set mbufs");
356                 return -1;
357         }
358         return 0;
359 }
360
361
362 static void tls_dump_cert_info(char* s, X509* cert)
363 {
364         char* subj;
365         char* issuer;
366
367         subj=issuer=0;
368         subj = X509_NAME_oneline(X509_get_subject_name(cert), 0 , 0);
369         issuer = X509_NAME_oneline(X509_get_issuer_name(cert), 0 , 0);
370
371         if (subj){
372                 LOG(cfg_get(tls, tls_cfg, log), "%s subject:%s\n", s ? s : "", subj);
373                 OPENSSL_free(subj);
374         }
375         if (issuer){
376                 LOG(cfg_get(tls, tls_cfg, log), "%s issuer:%s\n", s ? s : "", issuer);
377                 OPENSSL_free(issuer);
378         }
379 }
380
381
382 #ifndef OPENSSL_NO_ENGINE
383 // lookup HSM keys in process-local memory
384 EVP_PKEY * tls_lookup_private_key(SSL_CTX*);
385 #endif
386 /** wrapper around SSL_accept, usin SSL return convention.
387  * It will also log critical errors and certificate debugging info.
388  * @param c - tcp connection with tls (extra_data must be a filled
389  *            tcp_extra_data structure). The state must be S_TLS_ACCEPTING.
390  * @param error  set to the error reason (SSL_ERROR_*).
391  *            Note that it can be SSL_ERROR_NONE while the return is < 0
392  *            ("internal" error, not at the SSL level, see below).
393  * @return >=1 on success, 0 and <0 on error. 0 means the underlying SSL
394  *           connection was closed/shutdown.  < 0 is returned for any
395  *           SSL_ERROR (including  WANT_READ or WANT_WRITE), but also
396  *           for internal non SSL related errors (in this case -2 is
397  *           returned and error==SSL_ERROR_NONE).
398  *
399  */
400 int tls_accept(struct tcp_connection *c, int* error)
401 {
402         int ret;
403         SSL *ssl;
404         X509* cert;
405         struct tls_extra_data* tls_c;
406         int tls_log;
407
408         *error = SSL_ERROR_NONE;
409         tls_c=(struct tls_extra_data*)c->extra_data;
410         ssl=tls_c->ssl;
411
412         if (unlikely(tls_c->state != S_TLS_ACCEPTING)) {
413                 BUG("Invalid connection state %d (bug in TLS code)\n", tls_c->state);
414                 goto err;
415         }
416 #ifndef OPENSSL_NO_ENGINE
417         /* check if we have a HSM key */
418         EVP_PKEY *pkey = tls_lookup_private_key(SSL_get_SSL_CTX(ssl));
419         if (pkey)
420                 SSL_use_PrivateKey(ssl, pkey);
421 #endif
422         ret = SSL_accept(ssl);
423         if (unlikely(ret == 1)) {
424                 DBG("TLS accept successful\n");
425                 tls_c->state = S_TLS_ESTABLISHED;
426                 tls_log = cfg_get(tls, tls_cfg, log);
427                 LOG(tls_log, "tls_accept: new connection from %s:%d using %s %s %d\n",
428                                 ip_addr2a(&c->rcv.src_ip), c->rcv.src_port,
429                                 SSL_get_cipher_version(ssl), SSL_get_cipher_name(ssl),
430                                 SSL_get_cipher_bits(ssl, 0)
431                         );
432                 LOG(tls_log, "tls_accept: local socket: %s:%d\n",
433                                 ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port
434                         );
435                 cert = SSL_get_peer_certificate(ssl);
436                 if (cert != 0) {
437                         tls_dump_cert_info("tls_accept: client certificate", cert);
438                         if (SSL_get_verify_result(ssl) != X509_V_OK) {
439                                 LOG(tls_log, "WARNING: tls_accept: client certificate "
440                                                 "verification failed!!!\n");
441                                 tls_dump_verification_failure(SSL_get_verify_result(ssl));
442                         }
443                         X509_free(cert);
444                 } else {
445                         LOG(tls_log, "tls_accept: client did not present a certificate\n");
446                 }
447         } else { /* ret == 0 or < 0 */
448                 *error = SSL_get_error(ssl, ret);
449         }
450         return ret;
451 err:
452         /* internal non openssl related errors */
453         return -2;
454 }
455
456
457 /** wrapper around SSL_connect, using SSL return convention.
458  * It will also log critical errors and certificate debugging info.
459  * @param c - tcp connection with tls (extra_data must be a filled
460  *            tcp_extra_data structure). The state must be S_TLS_CONNECTING.
461  * @param error  set to the error reason (SSL_ERROR_*).
462  *            Note that it can be SSL_ERROR_NONE while the return is < 0
463  *            ("internal" error, not at the SSL level, see below).
464  * @return >=1 on success, 0 and <0 on error. 0 means the underlying SSL
465  *           connection was closed/shutdown. < 0 is returned for any
466  *           SSL_ERROR (including  WANT_READ or WANT_WRITE), but also
467  *           for internal non SSL related errors (in this case -2 is
468  *           returned and error==SSL_ERROR_NONE).
469  *
470  */
471 int tls_connect(struct tcp_connection *c, int* error)
472 {
473         SSL *ssl;
474         int ret;
475         X509* cert;
476         struct tls_extra_data* tls_c;
477         int tls_log;
478
479         *error = SSL_ERROR_NONE;
480         tls_c=(struct tls_extra_data*)c->extra_data;
481         ssl=tls_c->ssl;
482
483         if (unlikely(tls_c->state != S_TLS_CONNECTING)) {
484                 BUG("Invalid connection state %d (bug in TLS code)\n", tls_c->state);
485                 goto err;
486         }
487 #ifndef OPENSSL_NO_ENGINE
488         // lookup HSM private key in process-local memory
489         EVP_PKEY *pkey = tls_lookup_private_key(SSL_get_SSL_CTX(ssl));
490         if (pkey) {
491                 SSL_use_PrivateKey(ssl, pkey);
492         }
493 #endif
494         ret = SSL_connect(ssl);
495         if (unlikely(ret == 1)) {
496                 DBG("TLS connect successful\n");
497                 tls_c->state = S_TLS_ESTABLISHED;
498                 tls_log = cfg_get(tls, tls_cfg, log);
499                 LOG(tls_log, "tls_connect: new connection to %s:%d using %s %s %d\n",
500                                 ip_addr2a(&c->rcv.src_ip), c->rcv.src_port,
501                                 SSL_get_cipher_version(ssl), SSL_get_cipher_name(ssl),
502                                 SSL_get_cipher_bits(ssl, 0)
503                         );
504                 LOG(tls_log, "tls_connect: sending socket: %s:%d \n",
505                                 ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port
506                         );
507                 cert = SSL_get_peer_certificate(ssl);
508                 if (cert != 0) {
509                         tls_dump_cert_info("tls_connect: server certificate", cert);
510                         if (SSL_get_verify_result(ssl) != X509_V_OK) {
511                                 LOG(tls_log, "WARNING: tls_connect: server certificate "
512                                                 "verification failed!!!\n");
513                                 tls_dump_verification_failure(SSL_get_verify_result(ssl));
514                         }
515                         X509_free(cert);
516                 } else {
517                         /* this should not happen, servers always present a cert */
518                         LOG(tls_log, "tls_connect: server did not "
519                                                         "present a certificate\n");
520                 }
521                 tls_run_event_routes(c);
522         } else { /* 0 or < 0 */
523                 *error = SSL_get_error(ssl, ret);
524         }
525         return ret;
526 err:
527         /* internal non openssl related errors */
528         return -2;
529 }
530
531
532 /*
533  * wrapper around SSL_shutdown, returns -1 on error, 0 on success.
534  */
535 static int tls_shutdown(struct tcp_connection *c)
536 {
537         int ret, err, ssl_err;
538         struct tls_extra_data* tls_c;
539         SSL *ssl;
540
541         tls_c=(struct tls_extra_data*)c->extra_data;
542         if (unlikely(tls_c == 0 || tls_c->ssl == 0)) {
543                 ERR("No SSL data to perform tls_shutdown\n");
544                 return -1;
545         }
546         ssl = tls_c->ssl;
547         /* it doesn't make sense to try a TLS level shutdown
548          * if the connection is not fully initialized */
549         if (unlikely(tls_c->state != S_TLS_ESTABLISHED))
550                 return 0;
551         if (unlikely(LOW_MEM_CONNECTED_TEST())){
552                 ERR("tls: ssl bug #1491 workaround: not enough memory for safe"
553                                 " operation: shm=%lu threshold2=%d\n", shm_available_safe(),
554                                 cfg_get(tls, tls_cfg, low_mem_threshold2));
555                 goto err;
556         }
557
558         ret = SSL_shutdown(ssl);
559         if (ret == 1) {
560                 DBG("TLS shutdown successful\n");
561                 return 0;
562         } else if (ret == 0) {
563                 DBG("First phase of 2-way handshake completed succesfuly\n");
564                 return 0;
565         } else {
566                 err = SSL_get_error(ssl, ret);
567                 switch (err) {
568                 case SSL_ERROR_ZERO_RETURN:
569                         DBG("TLS shutdown failed cleanly\n");
570                         goto err;
571
572                 case SSL_ERROR_WANT_READ:
573                         DBG("Need to get more data to finish TLS shutdown\n");
574                         break;
575
576                 case SSL_ERROR_WANT_WRITE:
577                         DBG("Need to send more data to finish TLS shutdown\n");
578                         break;
579
580 #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/
581                 case SSL_ERROR_WANT_CONNECT:
582                         DBG("Need to retry connect\n");
583                         break;
584
585                 case SSL_ERROR_WANT_ACCEPT:
586                         DBG("Need to retry accept\n");
587                         break;
588 #endif
589                 case SSL_ERROR_WANT_X509_LOOKUP:
590                         DBG("Application callback asked to be called again\n");
591                         break;
592
593                 case SSL_ERROR_SYSCALL:
594                         TLS_ERR_RET(ssl_err, "TLS shutdown");
595                         if (!ssl_err) {
596                                 if (ret == 0) {
597                                         WARN("Unexpected EOF occurred while performing TLS shutdown\n");
598                                 } else {
599                                         ERR("IO error: (%d) %s\n", errno, strerror(errno));
600                                 }
601                         }
602                         goto err;
603
604                 case SSL_ERROR_SSL:
605                 default:
606                         TLS_ERR("SSL error:");
607                         goto err;
608                 }
609         }
610
611         return 0;
612 err:
613         return -1;
614 }
615
616
617
618 /** init tls specific data in a tcp connection.
619  * Called when a new tcp connection is accepted or connected.
620  * It completes the tcp connection initialisation by setting the tls
621  * specific parts.
622  * Note that ssl context creation and other expensive operation are left
623  * out (they are delayed until the first read/write).
624  * No locking is needed (when the connection is created no other process
625  * can access it).
626  * @param c - tcp connection.
627  * @param sock - socket (unused for now).
628  * @return  0 on success, < 0 on error.
629  */
630 int tls_h_tcpconn_init_f(struct tcp_connection *c, int sock)
631 {
632         c->type = PROTO_TLS;
633         c->rcv.proto = PROTO_TLS;
634         c->timeout = get_ticks_raw() + cfg_get(tls, tls_cfg, con_lifetime);
635         c->lifetime = cfg_get(tls, tls_cfg, con_lifetime);
636         c->extra_data = 0;
637         return 0;
638 }
639
640
641 /** clean the extra data upon connection shut down.
642  */
643 void tls_h_tcpconn_clean_f(struct tcp_connection *c)
644 {
645         struct tls_extra_data* extra;
646         /*
647         * runs within global tcp lock
648         */
649         if ((c->type != PROTO_TLS) && (c->type != PROTO_WSS)) {
650                 BUG("Bad connection structure\n");
651                 abort();
652         }
653         if (c->extra_data) {
654                 extra = (struct tls_extra_data*)c->extra_data;
655                 SSL_free(extra->ssl);
656                 atomic_dec(&extra->cfg->ref_count);
657                 if (extra->ct_wq)
658                         tls_ct_wq_free(&extra->ct_wq);
659                 if (extra->enc_rd_buf) {
660                         shm_free(extra->enc_rd_buf);
661                         extra->enc_rd_buf = 0;
662                 }
663                 shm_free(c->extra_data);
664                 c->extra_data = 0;
665         }
666 }
667
668
669 /** perform one-way shutdown, do not wait for notify from the remote peer.
670  */
671 void tls_h_tcpconn_close_f(struct tcp_connection *c, int fd)
672 {
673         unsigned char wr_buf[TLS_WR_MBUF_SZ];
674         struct tls_mbuf rd, wr;
675
676         /*
677          * runs either within global tcp lock or after the connection has
678          * been "detached" and is unreachable from any other process.
679          * Unfortunately when called via
680          * tcpconn_put_destroy()+tcpconn_close_main_fd() the connection might
681          * still be in a writer, so in this case locking is needed.
682          */
683         DBG("Closing SSL connection %p\n", c->extra_data);
684         if (unlikely(cfg_get(tls, tls_cfg, send_close_notify) && c->extra_data)) {
685                 lock_get(&c->write_lock);
686                         if (unlikely(c->extra_data == 0)) {
687                                 /* changed in the meanwhile */
688                                 lock_release(&c->write_lock);
689                                 return;
690                         }
691                         tls_mbuf_init(&rd, 0, 0); /* no read */
692                         tls_mbuf_init(&wr, wr_buf, sizeof(wr_buf));
693                         if (tls_set_mbufs(c, &rd, &wr)==0) {
694                                 tls_shutdown(c); /* shudown only on succesfull set fd */
695                                 /* write as much as possible and update wr.
696                                  * Since this is a close, we don't want to queue the write
697                                  * (if it can't write immediately, just fail silently)
698                                  */
699                                 if (wr.used)
700                                         _tcpconn_write_nb(fd, c, (char*)wr.buf, wr.used);
701                                 /* we don't bother reading anything (we don't want to wait
702                                 on close) */
703                         }
704                 lock_release(&c->write_lock);
705         }
706 }
707
708
709
710 /* generic tcpconn_{do,1st}_send() function pointer type */
711 typedef int (*tcp_low_level_send_t)(int fd, struct tcp_connection *c,
712                                                                         char* buf, unsigned len,
713                                                                         snd_flags_t send_flags,
714                                                                         long* resp, int locked);
715
716
717
718 /** tls encrypt before sending function.
719  * It is a callback that will be called by the tcp code, before a send
720  * on TLS would be attempted. It should replace the input buffer with a
721  * new static buffer containing the TLS processed data.
722  * If the input buffer could not be fully encoded (e.g. run out of space
723  * in the internal static buffer), it should set rest_buf and rest_len to
724  * the remaining part, so that it could be called again once the output has
725  * been used (sent). The send_flags used are also passed and they can be
726  * changed (e.g. to disallow a close() after a partial encode).
727  * WARNING: it must always be called with c->write_lock held!
728  * @param c - tcp connection
729  * @param pbuf - pointer to buffer (value/result, on success it will be
730  *               replaced with a static buffer).
731  * @param plen - pointer to buffer size (value/result, on success it will be
732  *               replaced with the size of the replacement buffer.
733  * @param rest_buf - (result) should be filled with a pointer to the
734  *                remaining unencoded part of the original buffer if any,
735  *                0 otherwise.
736  * @param rest_len - (result) should be filled with the length of the
737  *                 remaining unencoded part of the original buffer (0 if
738  *                 the original buffer was fully encoded).
739  * @param send_flags - pointer to the send_flags that will be used for sending
740  *                     the message.
741  * @return *plen on success (>=0), < 0 on error.
742  */
743 int tls_h_encode_f(struct tcp_connection *c,
744                                                 const char** pbuf, unsigned int* plen,
745                                                 const char** rest_buf, unsigned int* rest_len,
746                                                 snd_flags_t* send_flags)
747 {
748         int n, offs;
749         SSL* ssl;
750         struct tls_extra_data* tls_c;
751         static unsigned char wr_buf[TLS_WR_MBUF_SZ];
752         struct tls_mbuf rd, wr;
753         int ssl_error;
754         char* err_src;
755         char ip_buf[64];
756         const char* buf;
757         unsigned int len;
758         int x;
759
760         buf = *pbuf;
761         len = *plen;
762         *rest_buf = 0;
763         *rest_len = 0;
764         TLS_WR_TRACE("(%p, %p, %d, ... 0x%0x) start (%s:%d* -> %s)\n",
765                                         c, buf, len, send_flags->f,
766                                         ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port,
767                                         su2a(&c->rcv.src_su, sizeof(c->rcv.src_su)));
768         n = 0;
769         offs = 0;
770         ssl_error = SSL_ERROR_NONE;
771         err_src = "TLS write:";
772         if (unlikely(tls_fix_connection_unsafe(c) < 0)) {
773                 /* c->extra_data might be null => exit immediately */
774                 TLS_WR_TRACE("(%p) end: tls_fix_connection_unsafe failed =>"
775                                                 " immediate error exit\n", c);
776                 return -1;
777         }
778         tls_c = (struct tls_extra_data*)c->extra_data;
779         ssl = tls_c->ssl;
780         tls_mbuf_init(&rd, 0, 0); /* no read */
781         tls_mbuf_init(&wr, wr_buf, sizeof(wr_buf));
782         /* clear text already queued (WANTS_READ) queue directly*/
783         if (unlikely(tls_write_wants_read(tls_c))) {
784                 TLS_WR_TRACE("(%p) WANTS_READ queue present => queueing"
785                                                 " (%d bytes,  %p + %d)\n", c, len - offs, buf, offs);
786                 if (unlikely(tls_ct_wq_add(&tls_c->ct_wq, buf+offs, len -offs) < 0)) {
787                                 ERR("ct write buffer full for %p (%d bytes)\n",
788                                                 c, tls_c->ct_wq?tls_c->ct_wq->queued:0);
789                                 goto error_wq_full;
790                 }
791                 /* buffer queued for a future send attempt, after first reading
792                  * some data (key exchange) => don't allow immediate closing of
793                  * the connection */
794                 send_flags->f &= ~SND_F_CON_CLOSE;
795                 goto end;
796         }
797         if (unlikely(tls_set_mbufs(c, &rd, &wr) < 0)) {
798                 ERR("tls_set_mbufs failed\n");
799                 goto error;
800         }
801 redo_wr:
802         if (unlikely(tls_c->state == S_TLS_CONNECTING)) {
803                 n = tls_connect(c, &ssl_error);
804                 TLS_WR_TRACE("(%p) tls_connect() => %d (err=%d)\n", c, n, ssl_error);
805                 if (unlikely(n>=1)) {
806                         n = SSL_write(ssl, buf + offs, len - offs);
807                         if (unlikely(n <= 0))
808                                 ssl_error = SSL_get_error(ssl, n);
809                 } else {
810                         /* tls_connect failed/needs more IO */
811                         if (unlikely(n < 0 && ssl_error == SSL_ERROR_NONE))
812                                 goto error;
813                         err_src = "TLS connect:";
814                 }
815         } else if (unlikely(tls_c->state == S_TLS_ACCEPTING)) {
816                 n = tls_accept(c, &ssl_error);
817                 TLS_WR_TRACE("(%p) tls_accept() => %d (err=%d)\n", c, n, ssl_error);
818                 if (unlikely(n>=1)) {
819                         n = SSL_write(ssl, buf + offs, len - offs);
820                         if (unlikely(n <= 0))
821                                 ssl_error = SSL_get_error(ssl, n);
822                 } else {
823                         /* tls_accept failed/needs more IO */
824                         if (unlikely(n < 0 && ssl_error == SSL_ERROR_NONE))
825                                 goto error;
826                         err_src = "TLS accept:";
827                 }
828         } else {
829                 n = SSL_write(ssl, buf + offs, len - offs);
830                 if (unlikely(n <= 0))
831                         ssl_error = SSL_get_error(ssl, n);
832         }
833         TLS_WR_TRACE("(%p) SSL_write(%p + %d, %d) => %d (err=%d)\n",
834                                         c, buf, offs, len - offs, n, ssl_error);
835         /* check for possible ssl errors */
836         if (unlikely(n <= 0)){
837                 switch(ssl_error) {
838                         case SSL_ERROR_NONE:
839                                 BUG("unexpected SSL_ERROR_NONE for n=%d\n", n);
840                                 goto error;
841                                 break;
842                         case SSL_ERROR_ZERO_RETURN:
843                                 /* SSL EOF */
844                                 ERR("ssl level EOF\n");
845                                 goto ssl_eof;
846                         case SSL_ERROR_WANT_READ:
847                                 /* queue write buffer */
848                                 TLS_WR_TRACE("(%p) SSL_ERROR_WANT_READ => queueing for read"
849                                                                 " (%p + %d, %d)\n", c, buf, offs, len -offs);
850                                 if (unlikely(tls_ct_wq_add(&tls_c->ct_wq, buf+offs, len -offs)
851                                                                 < 0)) {
852                                         ERR("ct write buffer full (%d bytes)\n",
853                                                         tls_c->ct_wq?tls_c->ct_wq->queued:0);
854                                         goto error_wq_full;
855                                 }
856                                 tls_c->flags |= F_TLS_CON_WR_WANTS_RD;
857                                 /* buffer queued for a future send attempt, after first
858                                  * reading some data (key exchange) => don't allow immediate
859                                  * closing of the connection */
860                                 send_flags->f &= ~SND_F_CON_CLOSE;
861                                 break; /* or goto end */
862                         case SSL_ERROR_WANT_WRITE:
863                                 if (unlikely(offs == 0)) {
864                                         /*  error, no record fits in the buffer or
865                                          * no partial write enabled and buffer to small to fit
866                                          * all the records */
867                                         BUG("write buffer too small (%d/%d bytes)\n",
868                                                         wr.used, wr.size);
869                                         goto bug;
870                                 } else {
871                                         /* offs != 0 => something was "written"  */
872                                         *rest_buf = buf + offs;
873                                         *rest_len = len - offs;
874                                         /* this function should be called again => disallow
875                                          * immediate closing of the connection */
876                                         send_flags->f &= ~SND_F_CON_CLOSE;
877                                         TLS_WR_TRACE("(%p) SSL_ERROR_WANT_WRITE partial write"
878                                                                 " (written %p , %d, rest_buf=%p"
879                                                                 " rest_len=%d))\n", c, buf, offs,
880                                                                 *rest_buf, *rest_len);
881                                 }
882                                 break; /* or goto end */
883                         case SSL_ERROR_SSL:
884                                 /* protocol level error */
885                                 ERR("protocol level error\n");
886                                 TLS_ERR(err_src);
887                                 memset(ip_buf, 0, sizeof(buf));
888                                 ip_addr2sbuf(&(c->rcv.src_ip), ip_buf, sizeof(ip_buf));
889                                 ERR("source IP: %s\n", ip_buf);
890                                 memset(ip_buf, 0, sizeof(buf));
891                                 ip_addr2sbuf(&(c->rcv.dst_ip), ip_buf, sizeof(ip_buf));
892                                 ERR("destination IP: %s\n", ip_buf);
893
894                                 goto error;
895 #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/
896                         case SSL_ERROR_WANT_CONNECT:
897                                 /* only if the underlying BIO is not yet connected
898                                  * and the call would block in connect().
899                                  * (not possible in our case) */
900                                 BUG("unexpected SSL_ERROR_WANT_CONNECT\n");
901                                 break;
902                         case SSL_ERROR_WANT_ACCEPT:
903                                 /* only if the underlying BIO is not yet connected
904                                  * and call would block in accept()
905                                  * (not possible in our case) */
906                                 BUG("unexpected SSL_ERROR_WANT_ACCEPT\n");
907                                 break;
908 #endif
909                         case SSL_ERROR_WANT_X509_LOOKUP:
910                                 /* can only appear on client application and it indicates that
911                                  * an installed client cert. callback should be called again
912                                  * (it returned < 0 indicated that it wants to be called
913                                  * later). Not possible in our case */
914                                 BUG("unsupported SSL_ERROR_WANT_X509_LOOKUP");
915                                 goto bug;
916                         case SSL_ERROR_SYSCALL:
917                                 TLS_ERR_RET(x, err_src);
918                                 if (!x) {
919                                         if (n == 0) {
920                                                 WARN("Unexpected EOF\n");
921                                         } else
922                                                 /* should never happen */
923                                                 BUG("IO error (%d) %s\n", errno, strerror(errno));
924                                 }
925                                 goto error;
926                         default:
927                                 TLS_ERR(err_src);
928                                 BUG("unexpected SSL error %d\n", ssl_error);
929                                 goto bug;
930                 }
931         } else if (unlikely(n < (len - offs))) {
932                 /* partial ssl write (possible if SSL_MODE_ENABLE_PARTIAL_WRITE) =>
933                  * retry with the rest */
934                 TLS_WR_TRACE("(%p) partial write (%d < %d, offset %d), retry\n",
935                                                 c, n, len - offs, offs);
936                 offs += n;
937                 goto redo_wr;
938         }
939         tls_set_mbufs(c, 0, 0);
940 end:
941         *pbuf = (const char*)wr.buf;
942         *plen = wr.used;
943         TLS_WR_TRACE("(%p) end (offs %d, rest_buf=%p rest_len=%d 0x%0x) => %d \n",
944                                         c, offs, *rest_buf, *rest_len, send_flags->f, *plen);
945         return *plen;
946 error:
947 /*error_send:*/
948 error_wq_full:
949 bug:
950         tls_set_mbufs(c, 0, 0);
951         TLS_WR_TRACE("(%p) end error (offs %d, %d encoded) => -1\n",
952                                         c, offs, wr.used);
953         return -1;
954 ssl_eof:
955         c->state = S_CONN_EOF;
956         c->flags |= F_CONN_FORCE_EOF;
957         *pbuf = (const char*)wr.buf;
958         *plen = wr.used;
959         DBG("TLS connection has been closed\n");
960         TLS_WR_TRACE("(%p) end EOF (offs %d) => (%d\n",
961                                         c, offs, *plen);
962         return *plen;
963 }
964
965
966
967 /** tls read.
968  * Each modification of ssl data structures has to be protected, another process
969  * might ask for the same connection and attempt write to it which would
970  * result in updating the ssl structures.
971  * WARNING: must be called whic c->write_lock _unlocked_.
972  * @param c - tcp connection pointer. The following flags might be set:
973  * @param flags - value/result:
974  *                     input: RD_CONN_FORCE_EOF  - force EOF after the first
975  *                            successful read (bytes_read >=0 )
976  *                     output: RD_CONN_SHORT_READ if the read exhausted
977  *                              all the bytes in the socket read buffer.
978  *                             RD_CONN_EOF if EOF detected (0 bytes read)
979  *                              or forced via RD_CONN_FORCE_EOF.
980  *                             RD_CONN_REPEAT_READ  if this function should
981  *                              be called again (e.g. has some data
982  *                              buffered internally that didn't fit in
983  *                              tcp_req).
984  *                     Note: RD_CONN_SHORT_READ & RD_CONN_EOF should be cleared
985  *                           before calling this function when there is new
986  *                           data (e.g. POLLIN), but not if the called is
987  *                           retried because of RD_CONN_REPEAT_READ and there
988  *                           is no information about the socket having more
989  *                           read data available.
990  * @return bytes decrypted on success, -1 on error (it also sets some
991  *         tcp connection flags and might set c->state and r->error on
992  *         EOF or error).
993  */
994 int tls_h_read_f(struct tcp_connection* c, int* flags)
995 {
996         struct tcp_req* r;
997         int bytes_free, bytes_read, read_size, ssl_error, ssl_read;
998         SSL* ssl;
999         unsigned char rd_buf[TLS_RD_MBUF_SZ];
1000         unsigned char wr_buf[TLS_WR_MBUF_SZ];
1001         struct tls_mbuf rd, wr;
1002         struct tls_extra_data* tls_c;
1003         struct tls_rd_buf* enc_rd_buf;
1004         int n, flush_flags;
1005         char* err_src;
1006         char ip_buf[64];
1007         int x;
1008         int tls_dbg;
1009
1010         TLS_RD_TRACE("(%p, %p (%d)) start (%s -> %s:%d*)\n",
1011                                         c, flags, *flags,
1012                                         su2a(&c->rcv.src_su, sizeof(c->rcv.src_su)),
1013                                         ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port);
1014         ssl_read = 0;
1015         r = &c->req;
1016         enc_rd_buf = 0;
1017         *flags &= ~RD_CONN_REPEAT_READ;
1018         if (unlikely(tls_fix_connection(c) < 0)) {
1019                 TLS_RD_TRACE("(%p, %p) end: tls_fix_connection failed =>"
1020                                                 " immediate error exit\n", c, flags);
1021                 return -1;
1022         }
1023         /* here it's safe to use c->extra_data in read-only mode.
1024          * If it's != 0 is changed only on destroy. It's not possible to have
1025          * parallel reads.*/
1026         tls_c = c->extra_data;
1027         bytes_free = c->req.b_size - (unsigned int)(r->pos - r->buf);
1028         if (unlikely(bytes_free <= 0)) {
1029                 ERR("Buffer overrun, dropping\n");
1030                 r->error = TCP_REQ_OVERRUN;
1031                 return -1;
1032         }
1033 redo_read:
1034         /* if data queued from a previous read(), use it (don't perform
1035          * a real read()).
1036         */
1037         if (unlikely(tls_c->enc_rd_buf)) {
1038                 /* use queued data */
1039                 /* safe to use without locks, because only read changes it and
1040                  * there can't be parallel reads on the same connection */
1041                 enc_rd_buf = tls_c->enc_rd_buf;
1042                 tls_c->enc_rd_buf = 0;
1043                 TLS_RD_TRACE("(%p, %p) using queued data (%p: %p %d bytes)\n", c,
1044                                         flags, enc_rd_buf, enc_rd_buf->buf + enc_rd_buf->pos,
1045                                         enc_rd_buf->size - enc_rd_buf->pos);
1046                 tls_mbuf_init(&rd, enc_rd_buf->buf + enc_rd_buf->pos,
1047                                                 enc_rd_buf->size - enc_rd_buf->pos);
1048                 rd.used = enc_rd_buf->size - enc_rd_buf->pos;
1049         } else {
1050                 /* if we were using using queued data before, free & reset the
1051                         the queued read data before performing the real read() */
1052                 if (unlikely(enc_rd_buf)) {
1053                         TLS_RD_TRACE("(%p, %p) reset prev. used enc_rd_buf (%p)\n", c,
1054                                                         flags, enc_rd_buf);
1055                         shm_free(enc_rd_buf);
1056                         enc_rd_buf = 0;
1057                 }
1058                 /* real read() */
1059                 tls_mbuf_init(&rd, rd_buf, sizeof(rd_buf));
1060                 /* read() only if no previously detected EOF, or previous
1061                  * short read (which means the socket buffer was emptied) */
1062                 if (likely(!(*flags & (RD_CONN_EOF|RD_CONN_SHORT_READ)))) {
1063                         /* don't read more then the free bytes in the tcp req buffer */
1064                         read_size = MIN_unsigned(rd.size, bytes_free);
1065                         bytes_read = tcp_read_data(c->fd, c, (char*)rd.buf, read_size,
1066                                                                                 flags);
1067                         TLS_RD_TRACE("(%p, %p) tcp_read_data(..., %d, *%d) => %d bytes\n",
1068                                                 c, flags, read_size, *flags, bytes_read);
1069                         /* try SSL_read even on 0 bytes read, it might have
1070                          * internally buffered data */
1071                         if (unlikely(bytes_read < 0)) {
1072                                         goto error;
1073                         }
1074                         rd.used = bytes_read;
1075                 }
1076         }
1077
1078 continue_ssl_read:
1079         tls_mbuf_init(&wr, wr_buf, sizeof(wr_buf));
1080         ssl_error = SSL_ERROR_NONE;
1081         err_src = "TLS read:";
1082         /* we have to avoid to run in the same time
1083          * with a tls_write because of the
1084          * update bio stuff  (we don't want a write
1085          * stealing the wbio or rbio under us or vice versa)
1086          * => lock on con->write_lock (ugly hack) */
1087         lock_get(&c->write_lock);
1088                 tls_set_mbufs(c, &rd, &wr);
1089                 ssl = tls_c->ssl;
1090                 n = 0;
1091                 if (unlikely(tls_write_wants_read(tls_c) &&
1092                                                 !(*flags & RD_CONN_EOF))) {
1093                         n = tls_ct_wq_flush(c, &tls_c->ct_wq, &flush_flags,
1094                                                                 &ssl_error);
1095                         TLS_RD_TRACE("(%p, %p) tls write on read (WRITE_WANTS_READ):"
1096                                                         " ct_wq_flush()=> %d (ff=%d ssl_error=%d))\n",
1097                                                         c, flags, n, flush_flags, ssl_error);
1098                         if (unlikely(n < 0 )) {
1099                                 tls_set_mbufs(c, 0, 0);
1100                                 lock_release(&c->write_lock);
1101                                 ERR("write flush error (%d)\n", n);
1102                                 goto error;
1103                         }
1104                         if (likely(flush_flags & F_BUFQ_EMPTY))
1105                                 tls_c->flags &= ~F_TLS_CON_WR_WANTS_RD;
1106                         if (unlikely(flush_flags & F_BUFQ_ERROR_FLUSH))
1107                                 err_src = "TLS write:";
1108                 }
1109                 if (likely(ssl_error == SSL_ERROR_NONE)) {
1110                         if (unlikely(tls_c->state == S_TLS_CONNECTING)) {
1111                                 n = tls_connect(c, &ssl_error);
1112                                 TLS_RD_TRACE("(%p, %p) tls_connect() => %d (err=%d)\n",
1113                                                                 c, flags, n, ssl_error);
1114                                 if (unlikely(n>=1)) {
1115                                         n = SSL_read(ssl, r->pos, bytes_free);
1116                                 } else {
1117                                         /* tls_connect failed/needs more IO */
1118                                         if (unlikely(n < 0 && ssl_error == SSL_ERROR_NONE)) {
1119                                                 lock_release(&c->write_lock);
1120                                                 goto error;
1121                                         }
1122                                         err_src = "TLS connect:";
1123                                         goto ssl_read_skipped;
1124                                 }
1125                         } else if (unlikely(tls_c->state == S_TLS_ACCEPTING)) {
1126                                 n = tls_accept(c, &ssl_error);
1127                                 TLS_RD_TRACE("(%p, %p) tls_accept() => %d (err=%d)\n",
1128                                                                 c, flags, n, ssl_error);
1129                                 if (unlikely(n>=1)) {
1130                                         n = SSL_read(ssl, r->pos, bytes_free);
1131                                 } else {
1132                                         /* tls_accept failed/needs more IO */
1133                                         if (unlikely(n < 0 && ssl_error == SSL_ERROR_NONE)) {
1134                                                 lock_release(&c->write_lock);
1135                                                 goto error;
1136                                         }
1137                                         err_src = "TLS accept:";
1138                                         goto ssl_read_skipped;
1139                                 }
1140                         } else {
1141                                 /* if bytes in then decrypt read buffer into tcpconn req.
1142                                  * buffer */
1143                                 n = SSL_read(ssl, r->pos, bytes_free);
1144                         }
1145                         /** handle SSL_read() return.
1146                          *  There are 3 main cases, each with several sub-cases, depending
1147                          *  on whether or not the output buffer was filled, if there
1148                          *  is still unconsumed input data in the input buffer (rd)
1149                          *  and if there is "cached" data in the internal openssl
1150                          *  buffers.
1151                          *  0. error (n<=0):
1152                          *     SSL_ERROR_WANT_READ - input data fully
1153                          *       consumed, no more returnable cached data inside openssl
1154                          *       => exit.
1155                          *     SSL_ERROR_WANT_WRITE - should never happen (the write
1156                          *       buffer is big enough to handle any re-negociation).
1157                          *     SSL_ERROR_ZERO_RETURN - ssl level shutdown => exit.
1158                          *    other errors are unexpected.
1159                          * 1. output buffer filled (n == bytes_free):
1160                          *    1i.  - still unconsumed input, nothing buffered by openssl
1161                          *    1ip. - unconsumed input + buffered data by openssl (pending
1162                          *                       on the next SSL_read).
1163                          *    1p.  - completely consumed input, buffered data internally
1164                          *            by openssl (pending).
1165                          *           Likely to happen, about the only case when
1166                          *           SSL_pending() could be used (but only if readahead=0).
1167                          *    1f.  - consumed input, no buffered data.
1168                          * 2. output buffer not fully filled (n < bytes_free):
1169                          *     2i. - still unconsumed input, nothing buffered by openssl.
1170                          *           This can appear if SSL readahead is 0 (SSL_read()
1171                          *           tries to get only 1 record from the input).
1172                          *     2ip. - unconsumed input and buffered data by openssl.
1173                          *            Unlikely to happen (e.g. readahead is 1, more
1174                          *            records are buffered internally by openssl, but
1175                          *            there was not enough space for buffering the whole
1176                          *            input).
1177                          *     2p  - consumed input, but buffered data by openssl.
1178                          *            It happens especially when readahead is 1.
1179                          *     2f.  - consumed input, no buffered data.
1180                          *
1181                          * One should repeat SSL_read() until and error is detected
1182                          *  (0*) or the input and internal ssl buffers are fully consumed
1183                          *  (1f or 2f). However in general is not possible to see if
1184                          *  SSL_read() could return more data. SSL_pending() has very
1185                          *  limited usability (basically it would return !=0 only if there
1186                          *  was no enough space in the output buffer and only if this did
1187                          *  not happen at a record boundary).
1188                          * The solution is to repeat SSL_read() until error or until
1189                          *  the output buffer is filled (0* or 1*).
1190                          *  In the later case, this whole function should be called again
1191                          *  once there is more output space (set RD_CONN_REPEAT_READ).
1192                          */
1193
1194                         if (unlikely(tls_c->flags & F_TLS_CON_RENEGOTIATION)) {
1195                                 /* Fix CVE-2009-3555 - disable renegotiation if started by client
1196                                  * - simulate SSL EOF to force close connection*/
1197                                 tls_dbg = cfg_get(tls, tls_cfg, debug);
1198                                 LOG(tls_dbg, "Reading on a renegotiation of connection (n:%d) (%d)\n",
1199                                                 n, SSL_get_error(ssl, n));
1200                                 err_src = "TLS R-N read:";
1201                                 ssl_error = SSL_ERROR_ZERO_RETURN;
1202                         } else {
1203                                 if (unlikely(n <= 0)) {
1204                                         ssl_error = SSL_get_error(ssl, n);
1205                                         err_src = "TLS read:";
1206                                         /*  errors handled below, outside the lock */
1207                                 } else {
1208                                         ssl_error = SSL_ERROR_NONE;
1209                                         r->pos += n;
1210                                         ssl_read += n;
1211                                         bytes_free -=n;
1212                                 }
1213                         }
1214                         TLS_RD_TRACE("(%p, %p) SSL_read() => %d (err=%d) ssl_read=%d"
1215                                                         " *flags=%d tls_c->flags=%d\n",
1216                                                         c, flags, n, ssl_error, ssl_read, *flags,
1217                                                         tls_c->flags);
1218 ssl_read_skipped:
1219                         ;
1220                 }
1221                 if (unlikely(wr.used != 0 && ssl_error != SSL_ERROR_ZERO_RETURN)) {
1222                         TLS_RD_TRACE("(%p, %p) tcpconn_send_unsafe %d bytes\n",
1223                                                         c, flags, wr.used);
1224                         /* something was written and it's not ssl EOF*/
1225                         if (unlikely(tcpconn_send_unsafe(c->fd, c, (char*)wr.buf,
1226                                                                                         wr.used, c->send_flags) < 0)) {
1227                                 tls_set_mbufs(c, 0, 0);
1228                                 lock_release(&c->write_lock);
1229                                 TLS_RD_TRACE("(%p, %p) tcpconn_send_unsafe error\n", c, flags);
1230                                 goto error_send;
1231                         }
1232                 }
1233         /* quickly catch bugs: segfault if accessed and not set */
1234         tls_set_mbufs(c, 0, 0);
1235         lock_release(&c->write_lock);
1236         switch(ssl_error) {
1237                 case SSL_ERROR_NONE:
1238                         if (unlikely(n < 0)) {
1239                                 BUG("unexpected SSL_ERROR_NONE for n=%d\n", n);
1240                                 goto error;
1241                         }
1242                         break;
1243                 case SSL_ERROR_ZERO_RETURN:
1244                         /* SSL EOF */
1245                         TLS_RD_TRACE("(%p, %p) SSL EOF (fd=%d)\n", c, flags, c->fd);
1246                         goto ssl_eof;
1247                 case SSL_ERROR_WANT_READ:
1248                         TLS_RD_TRACE("(%p, %p) SSL_ERROR_WANT_READ *flags=%d\n",
1249                                                         c, flags, *flags);
1250                         /* needs to read more data */
1251                         if (unlikely(rd.pos != rd.used)) {
1252                                 /* data still in the read buffer */
1253                                 BUG("SSL_ERROR_WANT_READ but data still in"
1254                                                 " the rbio (%p, %d bytes at %d)\n", rd.buf,
1255                                                 rd.used - rd.pos, rd.pos);
1256                                 goto bug;
1257                         }
1258                         if (unlikely((*flags & (RD_CONN_EOF | RD_CONN_SHORT_READ)) == 0) &&
1259                                                         bytes_free){
1260                                 /* there might still be data to read and there is space
1261                                  * to decrypt it in tcp_req (no byte has been written into
1262                                  * tcp_req in this case) */
1263                                 TLS_RD_TRACE("(%p, %p) redo read *flags=%d bytes_free=%d\n",
1264                                                                 c, flags, *flags, bytes_free);
1265                                 goto redo_read;
1266                         }
1267                         goto end; /* no more data to read */
1268                 case SSL_ERROR_WANT_WRITE:
1269                         if (wr.used) {
1270                                 /* something was written => buffer not big enough to hold
1271                                  * everything => reset buffer & retry (the tcp_write already
1272                                  * happened if we are here) */
1273                                 TLS_RD_TRACE("(%p) SSL_ERROR_WANT_WRITE partial write"
1274                                                         " (written  %d), retrying\n", c, wr.used);
1275                                 goto continue_ssl_read;
1276                         }
1277                         /* else write buffer too small, nothing written */
1278                         BUG("write buffer too small (%d/%d bytes)\n",
1279                                                 wr.used, wr.size);
1280                         goto bug;
1281                 case SSL_ERROR_SSL:
1282                         /* protocol level error */
1283                         ERR("protocol level error\n");
1284                         TLS_ERR(err_src);
1285                         memset(ip_buf, 0, sizeof(ip_buf));
1286                         ip_addr2sbuf(&(c->rcv.src_ip), ip_buf, sizeof(ip_buf));
1287                         ERR("source IP: %s\n", ip_buf);
1288                         memset(ip_buf, 0, sizeof(ip_buf));
1289                         ip_addr2sbuf(&(c->rcv.dst_ip), ip_buf, sizeof(ip_buf));
1290                         ERR("destination IP: %s\n", ip_buf);
1291
1292                         goto error;
1293 #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/
1294                 case SSL_ERROR_WANT_CONNECT:
1295                         /* only if the underlying BIO is not yet connected
1296                          * and the call would block in connect().
1297                          * (not possible in our case) */
1298                         BUG("unexpected SSL_ERROR_WANT_CONNECT\n");
1299                         goto bug;
1300                 case SSL_ERROR_WANT_ACCEPT:
1301                         /* only if the underlying BIO is not yet connected
1302                          * and call would block in accept()
1303                          * (not possible in our case) */
1304                         BUG("unexpected SSL_ERROR_WANT_ACCEPT\n");
1305                         goto bug;
1306 #endif
1307                 case SSL_ERROR_WANT_X509_LOOKUP:
1308                         /* can only appear on client application and it indicates that
1309                          * an installed client cert. callback should be called again
1310                          * (it returned < 0 indicated that it wants to be called
1311                          * later). Not possible in our case */
1312                         BUG("unsupported SSL_ERROR_WANT_X509_LOOKUP");
1313                         goto bug;
1314                 case SSL_ERROR_SYSCALL:
1315                         TLS_ERR_RET(x, err_src);
1316                         if (!x) {
1317                                 if (n == 0) {
1318                                         WARN("Unexpected EOF\n");
1319                                 } else
1320                                         /* should never happen */
1321                                         BUG("IO error (%d) %s\n", errno, strerror(errno));
1322                         }
1323                         goto error;
1324                 default:
1325                         TLS_ERR(err_src);
1326                         BUG("unexpected SSL error %d\n", ssl_error);
1327                         goto bug;
1328         }
1329         if (unlikely(n < 0)) {
1330                 /* here n should always be >= 0 */
1331                 BUG("unexpected value (n = %d)\n", n);
1332                 goto bug;
1333         }
1334         if (unlikely(rd.pos != rd.used)) {
1335                 /* encrypted data still in the read buffer (SSL_read() did not
1336                  * consume all of it) */
1337                 if (unlikely(n < 0))
1338                         /* here n should always be >= 0 */
1339                         BUG("unexpected value (n = %d)\n", n);
1340                 else {
1341                         if (unlikely(bytes_free != 0)) {
1342                                 /* 2i or 2ip: unconsumed input and output buffer not filled =>
1343                                  * retry ssl read (SSL_read() will read will stop at
1344                                  * record boundaries, unless readahead==1).
1345                                  * No tcp_read() is attempted, since that would reset the
1346                                  * current no-yet-consumed input data.
1347                                  */
1348                                 TLS_RD_TRACE("(%p, %p) input not fully consumed =>"
1349                                                                 " retry SSL_read"
1350                                                                 " (pos: %d, remaining %d, output free %d)\n",
1351                                                                 c, flags, rd.pos, rd.used-rd.pos, bytes_free);
1352                                 goto continue_ssl_read;
1353                         }
1354                         /* 1i or 1ip: bytes_free == 0
1355                          * (unconsumed input, but filled output  buffer) =>
1356                          * queue read data, and exit asking for repeating the call
1357                          * once there is some space in the output buffer.
1358                          */
1359                         if (likely(!enc_rd_buf)) {
1360                                 TLS_RD_TRACE("(%p, %p) creating enc_rd_buf (for %d bytes)\n",
1361                                                                 c, flags, rd.used - rd.pos);
1362                                 enc_rd_buf = shm_malloc(sizeof(*enc_rd_buf) -
1363                                                                                 sizeof(enc_rd_buf->buf) +
1364                                                                                 rd.used - rd.pos);
1365                                 if (unlikely(enc_rd_buf == 0)) {
1366                                         ERR("memory allocation error (%d bytes requested)\n",
1367                                                 (int)(sizeof(*enc_rd_buf) + sizeof(enc_rd_buf->buf) +
1368                                                                                 rd.used - rd.pos));
1369                                         goto error;
1370                                 }
1371                                 enc_rd_buf->pos = 0;
1372                                 enc_rd_buf->size = rd.used - rd.pos;
1373                                 memcpy(enc_rd_buf->buf, rd.buf + rd.pos,
1374                                                                                 enc_rd_buf->size);
1375                         } else if ((enc_rd_buf->buf + enc_rd_buf->pos) == rd.buf) {
1376                                 TLS_RD_TRACE("(%p, %p) enc_rd_buf already in use,"
1377                                                                 " updating pos %d\n",
1378                                                                 c, flags, enc_rd_buf->pos);
1379                                 enc_rd_buf->pos += rd.pos;
1380                         } else {
1381                                 BUG("enc_rd_buf->buf = %p, pos = %d, rd_buf.buf = %p\n",
1382                                                 enc_rd_buf->buf, enc_rd_buf->pos, rd.buf);
1383                                 goto bug;
1384                         }
1385                         if (unlikely(tls_c->enc_rd_buf))
1386                                 BUG("tls_c->enc_rd_buf!=0 (%p)\n", tls_c->enc_rd_buf);
1387                         /* there can't be 2 reads in parallel, so no locking is needed
1388                          * here */
1389                         tls_c->enc_rd_buf = enc_rd_buf;
1390                         enc_rd_buf = 0;
1391                         *flags |= RD_CONN_REPEAT_READ;
1392                 }
1393         } else if (bytes_free != 0) {
1394                 /*  2f or 2p: input fully consumed (rd.pos == rd.used),
1395                  *  output buffer not filled, still possible to have pending
1396                  *  data buffered by openssl */
1397                 if (unlikely((*flags & (RD_CONN_EOF|RD_CONN_SHORT_READ)) == 0)) {
1398                         /* still space in the tcp unenc. req. buffer, no SSL_read error,
1399                          * not a short read and not an EOF (possible more data in
1400                          * the socket buffer) => try a new tcp read too */
1401                         TLS_RD_TRACE("(%p, %p) retry read (still space and no short"
1402                                                         " tcp read: %d)\n", c, flags, *flags);
1403                         goto redo_read;
1404                 } else {
1405                         /* don't tcp_read() anymore, but there might still be data
1406                          * buffered internally by openssl (e.g. if readahead==1) =>
1407                          * retry SSL_read() with the current full input buffer
1408                          * (if no more internally SSL buffered data => WANT_READ => exit).
1409                          */
1410                         TLS_RD_TRACE("(%p, %p) retry SSL_read only (*flags =%d)\n",
1411                                                         c, flags, *flags);
1412                         goto continue_ssl_read;
1413                 }
1414         } else {
1415                 /*   1p or 1f: rd.pos == rd.used && bytes_free == 0
1416                  *   (input fully consumed && output buffer filled) */
1417                 /* ask for a repeat when there is more buffer space
1418                  * (there is no definitive way to know if ssl doesn't still have
1419                  * some internal buffered data until we get WANT_READ, see
1420                  * SSL_read() comment above) */
1421                 *flags |= RD_CONN_REPEAT_READ;
1422                 TLS_RD_TRACE("(%p, %p) output filled, exit asking to be called again"
1423                                                 " (*flags =%d)\n", c, flags, *flags);
1424         }
1425
1426 end:
1427         if (enc_rd_buf)
1428                 shm_free(enc_rd_buf);
1429         TLS_RD_TRACE("(%p, %p) end => %d (*flags=%d)\n",
1430                                         c, flags, ssl_read, *flags);
1431         return ssl_read;
1432 ssl_eof:
1433         /* behave as an EOF would have been received at the tcp level */
1434         if (enc_rd_buf)
1435                 shm_free(enc_rd_buf);
1436         c->state = S_CONN_EOF;
1437         *flags |= RD_CONN_EOF;
1438         TLS_RD_TRACE("(%p, %p) end EOF => %d (*flags=%d)\n",
1439                                         c, flags, ssl_read, *flags);
1440         return ssl_read;
1441 error_send:
1442 error:
1443 bug:
1444         if (enc_rd_buf)
1445                 shm_free(enc_rd_buf);
1446         r->error=TCP_READ_ERROR;
1447         TLS_RD_TRACE("(%p, %p) end error => %d (*flags=%d)\n",
1448                                         c, flags, ssl_read, *flags);
1449         return -1;
1450 }
1451
1452
1453 static int _tls_evrt_connection_out = -1; /* default disabled */
1454 str sr_tls_event_callback = STR_NULL;
1455
1456 /*!
1457  * lookup tls event routes
1458  */
1459 void tls_lookup_event_routes(void)
1460 {
1461         _tls_evrt_connection_out=route_lookup(&event_rt, "tls:connection-out");
1462         if (_tls_evrt_connection_out>=0 && event_rt.rlist[_tls_evrt_connection_out]==0)
1463                 _tls_evrt_connection_out=-1; /* disable */
1464         if(_tls_evrt_connection_out!=-1)
1465                 forward_set_send_info(1);
1466 }
1467
1468 /**
1469  *
1470  */
1471 int tls_run_event_routes(struct tcp_connection *c)
1472 {
1473         int backup_rt;
1474         struct run_act_ctx ctx;
1475         sip_msg_t *fmsg = NULL;
1476         str evname = str_init("tls:connection-out");
1477         sr_kemi_eng_t *keng = NULL;
1478
1479         if(_tls_evrt_connection_out<0 && sr_tls_event_callback.len<=0)
1480                 return 0;
1481
1482         if(p_onsend==0 || p_onsend->msg==0)
1483                 return 0;
1484
1485         if(faked_msg_init()<0)
1486                 return -1;
1487         fmsg = faked_msg_next();
1488
1489         backup_rt = get_route_type();
1490         set_route_type(LOCAL_ROUTE);
1491         init_run_actions_ctx(&ctx);
1492         tls_set_pv_con(c);
1493         if(_tls_evrt_connection_out>=0) {
1494                 run_top_route(event_rt.rlist[_tls_evrt_connection_out], fmsg, 0);
1495         } else {
1496                 keng = sr_kemi_eng_get();
1497                 if(keng!=NULL) {
1498                         if(sr_kemi_ctx_route(keng, &ctx, fmsg, EVENT_ROUTE,
1499                                                 &sr_tls_event_callback, &evname)<0) {
1500                                 LM_ERR("error running event route kemi callback\n");
1501                                 return -1;
1502                         }
1503                 }
1504         }
1505         /* drop() executed in the event route - set nosend flag */
1506         if (unlikely(ctx.run_flags&DROP_R_F)) {
1507                 c->flags|=F_CONN_NOSEND;
1508         }
1509         tls_set_pv_con(0);
1510         set_route_type(backup_rt);
1511         return 0;
1512 }