1 /* $OpenBSD: tls.c,v 1.90 2021/10/02 09:46:48 jsing Exp $ */
2 /*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include <sys/socket.h>
19
20 #include <errno.h>
21 #include <limits.h>
22 #include <pthread.h>
23 #include <stdlib.h>
24 #include <unistd.h>
25
26 #include <openssl/bio.h>
27 #include <openssl/err.h>
28 #include <openssl/evp.h>
29 #include <openssl/pem.h>
30 #include <openssl/safestack.h>
31 #include <openssl/ssl.h>
32 #include <openssl/x509.h>
33
34 #include <tls.h>
35 #include "tls_internal.h"
36
37 static struct tls_config *tls_config_default;
38
39 static int tls_init_rv = -1;
40
41 static void
tls_do_init(void)42 tls_do_init(void)
43 {
44 OPENSSL_init_ssl(OPENSSL_INIT_NO_LOAD_CONFIG, NULL);
45
46 if (BIO_sock_init() != 1)
47 return;
48
49 if ((tls_config_default = tls_config_new_internal()) == NULL)
50 return;
51
52 tls_config_default->refcount++;
53
54 tls_init_rv = 0;
55 }
56
57 int
tls_init(void)58 tls_init(void)
59 {
60 static pthread_once_t once = PTHREAD_ONCE_INIT;
61
62 if (pthread_once(&once, tls_do_init) != 0)
63 return -1;
64
65 return tls_init_rv;
66 }
67
68 const char *
tls_error(struct tls * ctx)69 tls_error(struct tls *ctx)
70 {
71 return ctx->error.msg;
72 }
73
74 void
tls_error_clear(struct tls_error * error)75 tls_error_clear(struct tls_error *error)
76 {
77 free(error->msg);
78 error->msg = NULL;
79 error->num = 0;
80 error->tls = 0;
81 }
82
83 static int
tls_error_vset(struct tls_error * error,int errnum,const char * fmt,va_list ap)84 tls_error_vset(struct tls_error *error, int errnum, const char *fmt, va_list ap)
85 {
86 char *errmsg = NULL;
87 int rv = -1;
88
89 tls_error_clear(error);
90
91 error->num = errnum;
92 error->tls = 1;
93
94 if (vasprintf(&errmsg, fmt, ap) == -1) {
95 errmsg = NULL;
96 goto err;
97 }
98
99 if (errnum == -1) {
100 error->msg = errmsg;
101 return (0);
102 }
103
104 if (asprintf(&error->msg, "%s: %s", errmsg, strerror(errnum)) == -1) {
105 error->msg = NULL;
106 goto err;
107 }
108 rv = 0;
109
110 err:
111 free(errmsg);
112
113 return (rv);
114 }
115
116 int
tls_error_set(struct tls_error * error,const char * fmt,...)117 tls_error_set(struct tls_error *error, const char *fmt, ...)
118 {
119 va_list ap;
120 int errnum, rv;
121
122 errnum = errno;
123
124 va_start(ap, fmt);
125 rv = tls_error_vset(error, errnum, fmt, ap);
126 va_end(ap);
127
128 return (rv);
129 }
130
131 int
tls_error_setx(struct tls_error * error,const char * fmt,...)132 tls_error_setx(struct tls_error *error, const char *fmt, ...)
133 {
134 va_list ap;
135 int rv;
136
137 va_start(ap, fmt);
138 rv = tls_error_vset(error, -1, fmt, ap);
139 va_end(ap);
140
141 return (rv);
142 }
143
144 int
tls_config_set_error(struct tls_config * config,const char * fmt,...)145 tls_config_set_error(struct tls_config *config, const char *fmt, ...)
146 {
147 va_list ap;
148 int errnum, rv;
149
150 errnum = errno;
151
152 va_start(ap, fmt);
153 rv = tls_error_vset(&config->error, errnum, fmt, ap);
154 va_end(ap);
155
156 return (rv);
157 }
158
159 int
tls_config_set_errorx(struct tls_config * config,const char * fmt,...)160 tls_config_set_errorx(struct tls_config *config, const char *fmt, ...)
161 {
162 va_list ap;
163 int rv;
164
165 va_start(ap, fmt);
166 rv = tls_error_vset(&config->error, -1, fmt, ap);
167 va_end(ap);
168
169 return (rv);
170 }
171
172 int
tls_set_error(struct tls * ctx,const char * fmt,...)173 tls_set_error(struct tls *ctx, const char *fmt, ...)
174 {
175 va_list ap;
176 int errnum, rv;
177
178 errnum = errno;
179
180 va_start(ap, fmt);
181 rv = tls_error_vset(&ctx->error, errnum, fmt, ap);
182 va_end(ap);
183
184 return (rv);
185 }
186
187 int
tls_set_errorx(struct tls * ctx,const char * fmt,...)188 tls_set_errorx(struct tls *ctx, const char *fmt, ...)
189 {
190 va_list ap;
191 int rv;
192
193 va_start(ap, fmt);
194 rv = tls_error_vset(&ctx->error, -1, fmt, ap);
195 va_end(ap);
196
197 return (rv);
198 }
199
200 int
tls_set_ssl_errorx(struct tls * ctx,const char * fmt,...)201 tls_set_ssl_errorx(struct tls *ctx, const char *fmt, ...)
202 {
203 va_list ap;
204 int rv;
205
206 /* Only set an error if a more specific one does not already exist. */
207 if (ctx->error.tls != 0)
208 return (0);
209
210 va_start(ap, fmt);
211 rv = tls_error_vset(&ctx->error, -1, fmt, ap);
212 va_end(ap);
213
214 return (rv);
215 }
216
217 struct tls_sni_ctx *
tls_sni_ctx_new(void)218 tls_sni_ctx_new(void)
219 {
220 return (calloc(1, sizeof(struct tls_sni_ctx)));
221 }
222
223 void
tls_sni_ctx_free(struct tls_sni_ctx * sni_ctx)224 tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx)
225 {
226 if (sni_ctx == NULL)
227 return;
228
229 SSL_CTX_free(sni_ctx->ssl_ctx);
230 X509_free(sni_ctx->ssl_cert);
231
232 free(sni_ctx);
233 }
234
235 struct tls *
tls_new(void)236 tls_new(void)
237 {
238 struct tls *ctx;
239
240 if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
241 return (NULL);
242
243 tls_reset(ctx);
244
245 if (tls_configure(ctx, tls_config_default) == -1) {
246 free(ctx);
247 return NULL;
248 }
249
250 return (ctx);
251 }
252
253 int
tls_configure(struct tls * ctx,struct tls_config * config)254 tls_configure(struct tls *ctx, struct tls_config *config)
255 {
256 if (config == NULL)
257 config = tls_config_default;
258
259 pthread_mutex_lock(&config->mutex);
260 config->refcount++;
261 pthread_mutex_unlock(&config->mutex);
262
263 tls_config_free(ctx->config);
264
265 ctx->config = config;
266 ctx->keypair = config->keypair;
267
268 if ((ctx->flags & TLS_SERVER) != 0)
269 return (tls_configure_server(ctx));
270
271 return (0);
272 }
273
274 int
tls_cert_hash(X509 * cert,char ** hash)275 tls_cert_hash(X509 *cert, char **hash)
276 {
277 char d[EVP_MAX_MD_SIZE], *dhex = NULL;
278 int dlen, rv = -1;
279
280 free(*hash);
281 *hash = NULL;
282
283 if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1)
284 goto err;
285
286 if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
287 goto err;
288
289 if (asprintf(hash, "SHA256:%s", dhex) == -1) {
290 *hash = NULL;
291 goto err;
292 }
293
294 rv = 0;
295 err:
296 free(dhex);
297
298 return (rv);
299 }
300
301 int
tls_cert_pubkey_hash(X509 * cert,char ** hash)302 tls_cert_pubkey_hash(X509 *cert, char **hash)
303 {
304 char d[EVP_MAX_MD_SIZE], *dhex = NULL;
305 int dlen, rv = -1;
306
307 free(*hash);
308 *hash = NULL;
309
310 if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
311 goto err;
312
313 if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
314 goto err;
315
316 if (asprintf(hash, "SHA256:%s", dhex) == -1) {
317 *hash = NULL;
318 goto err;
319 }
320
321 rv = 0;
322
323 err:
324 free(dhex);
325
326 return (rv);
327 }
328
329 static int
tls_keypair_to_pkey(struct tls * ctx,struct tls_keypair * keypair,EVP_PKEY ** pkey)330 tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pkey)
331 {
332 BIO *bio = NULL;
333 X509 *x509 = NULL;
334 char *mem;
335 size_t len;
336 int ret = -1;
337
338 *pkey = NULL;
339
340 if (ctx->config->use_fake_private_key) {
341 mem = keypair->cert_mem;
342 len = keypair->cert_len;
343 } else {
344 mem = keypair->key_mem;
345 len = keypair->key_len;
346 }
347
348 if (mem == NULL)
349 return (0);
350
351 if (len > INT_MAX) {
352 tls_set_errorx(ctx, ctx->config->use_fake_private_key ?
353 "cert too long" : "key too long");
354 goto err;
355 }
356
357 if ((bio = BIO_new_mem_buf(mem, len)) == NULL) {
358 tls_set_errorx(ctx, "failed to create buffer");
359 goto err;
360 }
361
362 if (ctx->config->use_fake_private_key) {
363 if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb,
364 NULL)) == NULL) {
365 tls_set_errorx(ctx, "failed to read X509 certificate");
366 goto err;
367 }
368 if ((*pkey = X509_get_pubkey(x509)) == NULL) {
369 tls_set_errorx(ctx, "failed to retrieve pubkey");
370 goto err;
371 }
372 } else {
373 if ((*pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
374 NULL)) == NULL) {
375 tls_set_errorx(ctx, "failed to read private key");
376 goto err;
377 }
378 }
379
380 ret = 0;
381 err:
382 BIO_free(bio);
383 X509_free(x509);
384 return (ret);
385 }
386
387 static int
tls_keypair_setup_pkey(struct tls * ctx,struct tls_keypair * keypair,EVP_PKEY * pkey)388 tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey)
389 {
390 RSA *rsa = NULL;
391 EC_KEY *eckey = NULL;
392 int ret = -1;
393
394 /* Only install the pubkey hash if fake private keys are used. */
395 if (!ctx->config->skip_private_key_check)
396 return (0);
397
398 if (keypair->pubkey_hash == NULL) {
399 tls_set_errorx(ctx, "public key hash not set");
400 goto err;
401 }
402
403 switch (EVP_PKEY_id(pkey)) {
404 case EVP_PKEY_RSA:
405 if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL ||
406 RSA_set_ex_data(rsa, 0, keypair->pubkey_hash) == 0) {
407 tls_set_errorx(ctx, "RSA key setup failure");
408 goto err;
409 }
410 break;
411 case EVP_PKEY_EC:
412 if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL ||
413 ECDSA_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
414 tls_set_errorx(ctx, "EC key setup failure");
415 goto err;
416 }
417 break;
418 default:
419 tls_set_errorx(ctx, "incorrect key type");
420 goto err;
421 }
422
423 ret = 0;
424
425 err:
426 RSA_free(rsa);
427 EC_KEY_free(eckey);
428 return (ret);
429 }
430
431 int
tls_configure_ssl_keypair(struct tls * ctx,SSL_CTX * ssl_ctx,struct tls_keypair * keypair,int required)432 tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
433 struct tls_keypair *keypair, int required)
434 {
435 EVP_PKEY *pkey = NULL;
436
437 if (!required &&
438 keypair->cert_mem == NULL &&
439 keypair->key_mem == NULL)
440 return(0);
441
442 if (keypair->cert_mem != NULL) {
443 if (keypair->cert_len > INT_MAX) {
444 tls_set_errorx(ctx, "certificate too long");
445 goto err;
446 }
447
448 if (SSL_CTX_use_certificate_chain_mem(ssl_ctx,
449 keypair->cert_mem, keypair->cert_len) != 1) {
450 tls_set_errorx(ctx, "failed to load certificate");
451 goto err;
452 }
453 }
454
455 if (tls_keypair_to_pkey(ctx, keypair, &pkey) == -1)
456 goto err;
457 if (pkey != NULL) {
458 if (tls_keypair_setup_pkey(ctx, keypair, pkey) == -1)
459 goto err;
460 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) {
461 tls_set_errorx(ctx, "failed to load private key");
462 goto err;
463 }
464 EVP_PKEY_free(pkey);
465 pkey = NULL;
466 }
467
468 if (!ctx->config->skip_private_key_check &&
469 SSL_CTX_check_private_key(ssl_ctx) != 1) {
470 tls_set_errorx(ctx, "private/public key mismatch");
471 goto err;
472 }
473
474 return (0);
475
476 err:
477 EVP_PKEY_free(pkey);
478
479 return (-1);
480 }
481
482 int
tls_configure_ssl(struct tls * ctx,SSL_CTX * ssl_ctx)483 tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx)
484 {
485 SSL_CTX_clear_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
486
487 SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
488 SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
489
490 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
491 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
492
493 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1);
494 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
495 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
496 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
497
498 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0)
499 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
500 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0)
501 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
502 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
503 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
504 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_3) == 0)
505 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
506
507 if (ctx->config->alpn != NULL) {
508 if (SSL_CTX_set_alpn_protos(ssl_ctx, ctx->config->alpn,
509 ctx->config->alpn_len) != 0) {
510 tls_set_errorx(ctx, "failed to set alpn");
511 goto err;
512 }
513 }
514
515 if (ctx->config->ciphers != NULL) {
516 if (SSL_CTX_set_cipher_list(ssl_ctx,
517 ctx->config->ciphers) != 1) {
518 tls_set_errorx(ctx, "failed to set ciphers");
519 goto err;
520 }
521 }
522
523 if (ctx->config->verify_time == 0) {
524 X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(ssl_ctx),
525 X509_V_FLAG_NO_CHECK_TIME);
526 }
527
528 /* Disable any form of session caching by default */
529 SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF);
530 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
531
532 return (0);
533
534 err:
535 return (-1);
536 }
537
538 static int
tls_ssl_cert_verify_cb(X509_STORE_CTX * x509_ctx,void * arg)539 tls_ssl_cert_verify_cb(X509_STORE_CTX *x509_ctx, void *arg)
540 {
541 struct tls *ctx = arg;
542 int x509_err;
543
544 if (ctx->config->verify_cert == 0)
545 return (1);
546
547 if ((X509_verify_cert(x509_ctx)) < 0) {
548 tls_set_errorx(ctx, "X509 verify cert failed");
549 return (0);
550 }
551
552 x509_err = X509_STORE_CTX_get_error(x509_ctx);
553 if (x509_err == X509_V_OK)
554 return (1);
555
556 tls_set_errorx(ctx, "certificate verification failed: %s",
557 X509_verify_cert_error_string(x509_err));
558
559 return (0);
560 }
561
562 int
tls_configure_ssl_verify(struct tls * ctx,SSL_CTX * ssl_ctx,int verify)563 tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
564 {
565 size_t ca_len = ctx->config->ca_len;
566 char *ca_mem = ctx->config->ca_mem;
567 char *crl_mem = ctx->config->crl_mem;
568 size_t crl_len = ctx->config->crl_len;
569 char *ca_free = NULL;
570 STACK_OF(X509_INFO) *xis = NULL;
571 X509_STORE *store;
572 X509_INFO *xi;
573 BIO *bio = NULL;
574 int rv = -1;
575 int i;
576
577 SSL_CTX_set_verify(ssl_ctx, verify, NULL);
578 SSL_CTX_set_cert_verify_callback(ssl_ctx, tls_ssl_cert_verify_cb, ctx);
579
580 if (ctx->config->verify_depth >= 0)
581 SSL_CTX_set_verify_depth(ssl_ctx, ctx->config->verify_depth);
582
583 if (ctx->config->verify_cert == 0)
584 goto done;
585
586 /* If no CA has been specified, attempt to load the default. */
587 if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
588 if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(),
589 &ca_mem, &ca_len) != 0)
590 goto err;
591 ca_free = ca_mem;
592 }
593
594 if (ca_mem != NULL) {
595 if (ca_len > INT_MAX) {
596 tls_set_errorx(ctx, "ca too long");
597 goto err;
598 }
599 if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) {
600 tls_set_errorx(ctx, "ssl verify memory setup failure");
601 goto err;
602 }
603 } else if (SSL_CTX_load_verify_locations(ssl_ctx, NULL,
604 ctx->config->ca_path) != 1) {
605 tls_set_errorx(ctx, "ssl verify locations failure");
606 goto err;
607 }
608
609 if (crl_mem != NULL) {
610 if (crl_len > INT_MAX) {
611 tls_set_errorx(ctx, "crl too long");
612 goto err;
613 }
614 if ((bio = BIO_new_mem_buf(crl_mem, crl_len)) == NULL) {
615 tls_set_errorx(ctx, "failed to create buffer");
616 goto err;
617 }
618 if ((xis = PEM_X509_INFO_read_bio(bio, NULL, tls_password_cb,
619 NULL)) == NULL) {
620 tls_set_errorx(ctx, "failed to parse crl");
621 goto err;
622 }
623 store = SSL_CTX_get_cert_store(ssl_ctx);
624 for (i = 0; i < sk_X509_INFO_num(xis); i++) {
625 xi = sk_X509_INFO_value(xis, i);
626 if (xi->crl == NULL)
627 continue;
628 if (!X509_STORE_add_crl(store, xi->crl)) {
629 tls_set_error(ctx, "failed to add crl");
630 goto err;
631 }
632 xi->crl = NULL;
633 }
634 X509_VERIFY_PARAM_set_flags(store->param,
635 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
636 }
637
638 done:
639 rv = 0;
640
641 err:
642 sk_X509_INFO_pop_free(xis, X509_INFO_free);
643 BIO_free(bio);
644 free(ca_free);
645
646 return (rv);
647 }
648
649 void
tls_free(struct tls * ctx)650 tls_free(struct tls *ctx)
651 {
652 if (ctx == NULL)
653 return;
654
655 tls_reset(ctx);
656
657 free(ctx);
658 }
659
660 void
tls_reset(struct tls * ctx)661 tls_reset(struct tls *ctx)
662 {
663 struct tls_sni_ctx *sni, *nsni;
664
665 tls_config_free(ctx->config);
666 ctx->config = NULL;
667
668 SSL_CTX_free(ctx->ssl_ctx);
669 SSL_free(ctx->ssl_conn);
670 X509_free(ctx->ssl_peer_cert);
671
672 ctx->ssl_conn = NULL;
673 ctx->ssl_ctx = NULL;
674 ctx->ssl_peer_cert = NULL;
675 /* X509 objects in chain are freed with the SSL */
676 ctx->ssl_peer_chain = NULL;
677
678 ctx->socket = -1;
679 ctx->state = 0;
680
681 free(ctx->servername);
682 ctx->servername = NULL;
683
684 free(ctx->error.msg);
685 ctx->error.msg = NULL;
686 ctx->error.num = -1;
687
688 tls_conninfo_free(ctx->conninfo);
689 ctx->conninfo = NULL;
690
691 tls_ocsp_free(ctx->ocsp);
692 ctx->ocsp = NULL;
693
694 for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) {
695 nsni = sni->next;
696 tls_sni_ctx_free(sni);
697 }
698 ctx->sni_ctx = NULL;
699
700 ctx->read_cb = NULL;
701 ctx->write_cb = NULL;
702 ctx->cb_arg = NULL;
703 }
704
705 int
tls_ssl_error(struct tls * ctx,SSL * ssl_conn,int ssl_ret,const char * prefix)706 tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
707 {
708 const char *errstr = "unknown error";
709 unsigned long err;
710 int ssl_err;
711
712 ssl_err = SSL_get_error(ssl_conn, ssl_ret);
713 switch (ssl_err) {
714 case SSL_ERROR_NONE:
715 case SSL_ERROR_ZERO_RETURN:
716 return (0);
717
718 case SSL_ERROR_WANT_READ:
719 return (TLS_WANT_POLLIN);
720
721 case SSL_ERROR_WANT_WRITE:
722 return (TLS_WANT_POLLOUT);
723
724 case SSL_ERROR_SYSCALL:
725 if ((err = ERR_peek_error()) != 0) {
726 errstr = ERR_error_string(err, NULL);
727 } else if (ssl_ret == 0) {
728 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
729 ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
730 return (0);
731 }
732 errstr = "unexpected EOF";
733 } else if (ssl_ret == -1) {
734 errstr = strerror(errno);
735 }
736 tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr);
737 return (-1);
738
739 case SSL_ERROR_SSL:
740 if ((err = ERR_peek_error()) != 0) {
741 errstr = ERR_error_string(err, NULL);
742 }
743 tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr);
744 return (-1);
745
746 case SSL_ERROR_WANT_CONNECT:
747 case SSL_ERROR_WANT_ACCEPT:
748 case SSL_ERROR_WANT_X509_LOOKUP:
749 default:
750 tls_set_ssl_errorx(ctx, "%s failed (%i)", prefix, ssl_err);
751 return (-1);
752 }
753 }
754
755 int
tls_handshake(struct tls * ctx)756 tls_handshake(struct tls *ctx)
757 {
758 int rv = -1;
759
760 tls_error_clear(&ctx->error);
761
762 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
763 tls_set_errorx(ctx, "invalid operation for context");
764 goto out;
765 }
766
767 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
768 tls_set_errorx(ctx, "handshake already completed");
769 goto out;
770 }
771
772 if ((ctx->flags & TLS_CLIENT) != 0)
773 rv = tls_handshake_client(ctx);
774 else if ((ctx->flags & TLS_SERVER_CONN) != 0)
775 rv = tls_handshake_server(ctx);
776
777 if (rv == 0) {
778 ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn);
779 ctx->ssl_peer_chain = SSL_get_peer_cert_chain(ctx->ssl_conn);
780 if (tls_conninfo_populate(ctx) == -1)
781 rv = -1;
782 if (ctx->ocsp == NULL)
783 ctx->ocsp = tls_ocsp_setup_from_peer(ctx);
784 }
785 out:
786 /* Prevent callers from performing incorrect error handling */
787 errno = 0;
788 return (rv);
789 }
790
791 ssize_t
tls_read(struct tls * ctx,void * buf,size_t buflen)792 tls_read(struct tls *ctx, void *buf, size_t buflen)
793 {
794 ssize_t rv = -1;
795 int ssl_ret;
796
797 tls_error_clear(&ctx->error);
798
799 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
800 if ((rv = tls_handshake(ctx)) != 0)
801 goto out;
802 }
803
804 if (buflen > INT_MAX) {
805 tls_set_errorx(ctx, "buflen too long");
806 goto out;
807 }
808
809 ERR_clear_error();
810 if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) {
811 rv = (ssize_t)ssl_ret;
812 goto out;
813 }
814 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read");
815
816 out:
817 /* Prevent callers from performing incorrect error handling */
818 errno = 0;
819 return (rv);
820 }
821
822 ssize_t
tls_write(struct tls * ctx,const void * buf,size_t buflen)823 tls_write(struct tls *ctx, const void *buf, size_t buflen)
824 {
825 ssize_t rv = -1;
826 int ssl_ret;
827
828 tls_error_clear(&ctx->error);
829
830 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
831 if ((rv = tls_handshake(ctx)) != 0)
832 goto out;
833 }
834
835 if (buflen > INT_MAX) {
836 tls_set_errorx(ctx, "buflen too long");
837 goto out;
838 }
839
840 ERR_clear_error();
841 if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) {
842 rv = (ssize_t)ssl_ret;
843 goto out;
844 }
845 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");
846
847 out:
848 /* Prevent callers from performing incorrect error handling */
849 errno = 0;
850 return (rv);
851 }
852
853 int
tls_close(struct tls * ctx)854 tls_close(struct tls *ctx)
855 {
856 int ssl_ret;
857 int rv = 0;
858
859 tls_error_clear(&ctx->error);
860
861 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
862 tls_set_errorx(ctx, "invalid operation for context");
863 rv = -1;
864 goto out;
865 }
866
867 if (ctx->state & TLS_SSL_NEEDS_SHUTDOWN) {
868 ERR_clear_error();
869 ssl_ret = SSL_shutdown(ctx->ssl_conn);
870 if (ssl_ret < 0) {
871 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret,
872 "shutdown");
873 if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT)
874 goto out;
875 }
876 ctx->state &= ~TLS_SSL_NEEDS_SHUTDOWN;
877 }
878
879 if (ctx->socket != -1) {
880 if (shutdown(ctx->socket, SHUT_RDWR) != 0) {
881 if (rv == 0 &&
882 errno != ENOTCONN && errno != ECONNRESET) {
883 tls_set_error(ctx, "shutdown");
884 rv = -1;
885 }
886 }
887 if (close(ctx->socket) != 0) {
888 if (rv == 0) {
889 tls_set_error(ctx, "close");
890 rv = -1;
891 }
892 }
893 ctx->socket = -1;
894 }
895
896 if ((ctx->state & TLS_EOF_NO_CLOSE_NOTIFY) != 0) {
897 tls_set_errorx(ctx, "EOF without close notify");
898 rv = -1;
899 }
900
901 out:
902 /* Prevent callers from performing incorrect error handling */
903 errno = 0;
904 return (rv);
905 }
906