1 /* $OpenBSD: tls.c,v 1.104 2024/04/08 20:47:32 tb Exp $ */
2 /*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include <sys/socket.h>
19
20 #include <errno.h>
21 #include <limits.h>
22 #include <pthread.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <unistd.h>
26
27 #include <openssl/bio.h>
28 #include <openssl/err.h>
29 #include <openssl/evp.h>
30 #include <openssl/pem.h>
31 #include <openssl/safestack.h>
32 #include <openssl/ssl.h>
33 #include <openssl/x509.h>
34
35 #include <tls.h>
36 #include "tls_internal.h"
37
38 static struct tls_config *tls_config_default;
39
40 static int tls_init_rv = -1;
41
42 static void
tls_do_init(void)43 tls_do_init(void)
44 {
45 OPENSSL_init_ssl(OPENSSL_INIT_NO_LOAD_CONFIG, NULL);
46
47 if (BIO_sock_init() != 1)
48 return;
49
50 if ((tls_config_default = tls_config_new_internal()) == NULL)
51 return;
52
53 tls_config_default->refcount++;
54
55 tls_init_rv = 0;
56 }
57
58 int
tls_init(void)59 tls_init(void)
60 {
61 static pthread_once_t once = PTHREAD_ONCE_INIT;
62
63 if (pthread_once(&once, tls_do_init) != 0)
64 return -1;
65
66 return tls_init_rv;
67 }
68
69 const char *
tls_error(struct tls * ctx)70 tls_error(struct tls *ctx)
71 {
72 return ctx->error.msg;
73 }
74
75 int
tls_error_code(struct tls * ctx)76 tls_error_code(struct tls *ctx)
77 {
78 return ctx->error.code;
79 }
80
81 void
tls_error_clear(struct tls_error * error)82 tls_error_clear(struct tls_error *error)
83 {
84 free(error->msg);
85 error->msg = NULL;
86 error->code = TLS_ERROR_UNKNOWN;
87 error->errno_value = 0;
88 error->tls = 0;
89 }
90
91 static int
tls_error_vset(struct tls_error * error,int code,int errno_value,const char * fmt,va_list ap)92 tls_error_vset(struct tls_error *error, int code, int errno_value,
93 const char *fmt, va_list ap)
94 {
95 char *errmsg = NULL;
96 int rv = -1;
97
98 tls_error_clear(error);
99
100 error->code = code;
101 error->errno_value = errno_value;
102 error->tls = 1;
103
104 if (vasprintf(&errmsg, fmt, ap) == -1) {
105 errmsg = NULL;
106 goto err;
107 }
108
109 if (errno_value == -1) {
110 error->msg = errmsg;
111 return (0);
112 }
113
114 if (asprintf(&error->msg, "%s: %s", errmsg, strerror(errno_value)) == -1) {
115 error->msg = NULL;
116 goto err;
117 }
118 rv = 0;
119
120 err:
121 free(errmsg);
122
123 return (rv);
124 }
125
126 int
tls_error_set(struct tls_error * error,int code,const char * fmt,...)127 tls_error_set(struct tls_error *error, int code, const char *fmt, ...)
128 {
129 va_list ap;
130 int errno_value, rv;
131
132 errno_value = errno;
133
134 va_start(ap, fmt);
135 rv = tls_error_vset(error, code, errno_value, fmt, ap);
136 va_end(ap);
137
138 return (rv);
139 }
140
141 int
tls_error_setx(struct tls_error * error,int code,const char * fmt,...)142 tls_error_setx(struct tls_error *error, int code, const char *fmt, ...)
143 {
144 va_list ap;
145 int rv;
146
147 va_start(ap, fmt);
148 rv = tls_error_vset(error, code, -1, fmt, ap);
149 va_end(ap);
150
151 return (rv);
152 }
153
154 int
tls_config_set_error(struct tls_config * config,int code,const char * fmt,...)155 tls_config_set_error(struct tls_config *config, int code, const char *fmt, ...)
156 {
157 va_list ap;
158 int errno_value, rv;
159
160 errno_value = errno;
161
162 va_start(ap, fmt);
163 rv = tls_error_vset(&config->error, code, errno_value, fmt, ap);
164 va_end(ap);
165
166 return (rv);
167 }
168
169 int
tls_config_set_errorx(struct tls_config * config,int code,const char * fmt,...)170 tls_config_set_errorx(struct tls_config *config, int code, const char *fmt, ...)
171 {
172 va_list ap;
173 int rv;
174
175 va_start(ap, fmt);
176 rv = tls_error_vset(&config->error, code, -1, fmt, ap);
177 va_end(ap);
178
179 return (rv);
180 }
181
182 int
tls_set_error(struct tls * ctx,int code,const char * fmt,...)183 tls_set_error(struct tls *ctx, int code, const char *fmt, ...)
184 {
185 va_list ap;
186 int errno_value, rv;
187
188 errno_value = errno;
189
190 va_start(ap, fmt);
191 rv = tls_error_vset(&ctx->error, code, errno_value, fmt, ap);
192 va_end(ap);
193
194 return (rv);
195 }
196
197 int
tls_set_errorx(struct tls * ctx,int code,const char * fmt,...)198 tls_set_errorx(struct tls *ctx, int code, const char *fmt, ...)
199 {
200 va_list ap;
201 int rv;
202
203 va_start(ap, fmt);
204 rv = tls_error_vset(&ctx->error, code, -1, fmt, ap);
205 va_end(ap);
206
207 return (rv);
208 }
209
210 int
tls_set_ssl_errorx(struct tls * ctx,int code,const char * fmt,...)211 tls_set_ssl_errorx(struct tls *ctx, int code, const char *fmt, ...)
212 {
213 va_list ap;
214 int rv;
215
216 /* Only set an error if a more specific one does not already exist. */
217 if (ctx->error.tls != 0)
218 return (0);
219
220 va_start(ap, fmt);
221 rv = tls_error_vset(&ctx->error, code, -1, fmt, ap);
222 va_end(ap);
223
224 return (rv);
225 }
226
227 struct tls_sni_ctx *
tls_sni_ctx_new(void)228 tls_sni_ctx_new(void)
229 {
230 return (calloc(1, sizeof(struct tls_sni_ctx)));
231 }
232
233 void
tls_sni_ctx_free(struct tls_sni_ctx * sni_ctx)234 tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx)
235 {
236 if (sni_ctx == NULL)
237 return;
238
239 SSL_CTX_free(sni_ctx->ssl_ctx);
240 X509_free(sni_ctx->ssl_cert);
241
242 free(sni_ctx);
243 }
244
245 struct tls *
tls_new(void)246 tls_new(void)
247 {
248 struct tls *ctx;
249
250 if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
251 return (NULL);
252
253 tls_reset(ctx);
254
255 if (tls_configure(ctx, tls_config_default) == -1) {
256 free(ctx);
257 return NULL;
258 }
259
260 return (ctx);
261 }
262
263 int
tls_configure(struct tls * ctx,struct tls_config * config)264 tls_configure(struct tls *ctx, struct tls_config *config)
265 {
266 if (config == NULL)
267 config = tls_config_default;
268
269 pthread_mutex_lock(&config->mutex);
270 config->refcount++;
271 pthread_mutex_unlock(&config->mutex);
272
273 tls_config_free(ctx->config);
274
275 ctx->config = config;
276 ctx->keypair = config->keypair;
277
278 if ((ctx->flags & TLS_SERVER) != 0)
279 return (tls_configure_server(ctx));
280
281 return (0);
282 }
283
284 int
tls_cert_hash(X509 * cert,char ** hash)285 tls_cert_hash(X509 *cert, char **hash)
286 {
287 char d[EVP_MAX_MD_SIZE], *dhex = NULL;
288 int dlen, rv = -1;
289
290 free(*hash);
291 *hash = NULL;
292
293 if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1)
294 goto err;
295
296 if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
297 goto err;
298
299 if (asprintf(hash, "SHA256:%s", dhex) == -1) {
300 *hash = NULL;
301 goto err;
302 }
303
304 rv = 0;
305 err:
306 free(dhex);
307
308 return (rv);
309 }
310
311 int
tls_cert_pubkey_hash(X509 * cert,char ** hash)312 tls_cert_pubkey_hash(X509 *cert, char **hash)
313 {
314 char d[EVP_MAX_MD_SIZE], *dhex = NULL;
315 int dlen, rv = -1;
316
317 free(*hash);
318 *hash = NULL;
319
320 if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
321 goto err;
322
323 if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
324 goto err;
325
326 if (asprintf(hash, "SHA256:%s", dhex) == -1) {
327 *hash = NULL;
328 goto err;
329 }
330
331 rv = 0;
332
333 err:
334 free(dhex);
335
336 return (rv);
337 }
338
339 static int
tls_keypair_to_pkey(struct tls * ctx,struct tls_keypair * keypair,EVP_PKEY ** pkey)340 tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pkey)
341 {
342 BIO *bio = NULL;
343 X509 *x509 = NULL;
344 char *mem;
345 size_t len;
346 int ret = -1;
347
348 *pkey = NULL;
349
350 if (ctx->config->use_fake_private_key) {
351 mem = keypair->cert_mem;
352 len = keypair->cert_len;
353 } else {
354 mem = keypair->key_mem;
355 len = keypair->key_len;
356 }
357
358 if (mem == NULL)
359 return (0);
360
361 if (len > INT_MAX) {
362 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
363 ctx->config->use_fake_private_key ?
364 "certificate too long" : "key too long");
365 goto err;
366 }
367
368 if ((bio = BIO_new_mem_buf(mem, len)) == NULL) {
369 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "failed to create buffer");
370 goto err;
371 }
372
373 if (ctx->config->use_fake_private_key) {
374 if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb,
375 NULL)) == NULL) {
376 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
377 "failed to read X509 certificate");
378 goto err;
379 }
380 if ((*pkey = X509_get_pubkey(x509)) == NULL) {
381 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
382 "failed to retrieve pubkey");
383 goto err;
384 }
385 } else {
386 if ((*pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
387 NULL)) == NULL) {
388 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
389 "failed to read private key");
390 goto err;
391 }
392 }
393
394 ret = 0;
395 err:
396 BIO_free(bio);
397 X509_free(x509);
398 return (ret);
399 }
400
401 static int
tls_keypair_setup_pkey(struct tls * ctx,struct tls_keypair * keypair,EVP_PKEY * pkey)402 tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey)
403 {
404 RSA_METHOD *rsa_method;
405 EC_KEY_METHOD *ecdsa_method;
406 RSA *rsa = NULL;
407 EC_KEY *eckey = NULL;
408 int ret = -1;
409
410 /* Only install the pubkey hash if fake private keys are used. */
411 if (!ctx->config->skip_private_key_check)
412 return (0);
413
414 if (keypair->pubkey_hash == NULL) {
415 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "public key hash not set");
416 goto err;
417 }
418
419 switch (EVP_PKEY_id(pkey)) {
420 case EVP_PKEY_RSA:
421 if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL ||
422 RSA_set_ex_data(rsa, 0, keypair->pubkey_hash) == 0) {
423 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
424 "RSA key setup failure");
425 goto err;
426 }
427 if (ctx->config->sign_cb != NULL) {
428 rsa_method = tls_signer_rsa_method();
429 if (rsa_method == NULL ||
430 RSA_set_ex_data(rsa, 1, ctx->config) == 0 ||
431 RSA_set_method(rsa, rsa_method) == 0) {
432 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
433 "failed to setup RSA key");
434 goto err;
435 }
436 }
437 /* Reset the key to work around caching in OpenSSL 3. */
438 if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) {
439 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
440 "failed to set RSA key");
441 goto err;
442 }
443 break;
444 case EVP_PKEY_EC:
445 if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL ||
446 EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
447 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
448 "EC key setup failure");
449 goto err;
450 }
451 if (ctx->config->sign_cb != NULL) {
452 ecdsa_method = tls_signer_ecdsa_method();
453 if (ecdsa_method == NULL ||
454 EC_KEY_set_ex_data(eckey, 1, ctx->config) == 0 ||
455 EC_KEY_set_method(eckey, ecdsa_method) == 0) {
456 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
457 "failed to setup EC key");
458 goto err;
459 }
460 }
461 /* Reset the key to work around caching in OpenSSL 3. */
462 if (EVP_PKEY_set1_EC_KEY(pkey, eckey) == 0) {
463 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
464 "failed to set EC key");
465 goto err;
466 }
467 break;
468 default:
469 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "incorrect key type");
470 goto err;
471 }
472
473 ret = 0;
474
475 err:
476 RSA_free(rsa);
477 EC_KEY_free(eckey);
478 return (ret);
479 }
480
481 int
tls_configure_ssl_keypair(struct tls * ctx,SSL_CTX * ssl_ctx,struct tls_keypair * keypair,int required)482 tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
483 struct tls_keypair *keypair, int required)
484 {
485 EVP_PKEY *pkey = NULL;
486
487 if (!required &&
488 keypair->cert_mem == NULL &&
489 keypair->key_mem == NULL)
490 return(0);
491
492 if (keypair->cert_mem != NULL) {
493 if (keypair->cert_len > INT_MAX) {
494 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
495 "certificate too long");
496 goto err;
497 }
498
499 if (SSL_CTX_use_certificate_chain_mem(ssl_ctx,
500 keypair->cert_mem, keypair->cert_len) != 1) {
501 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
502 "failed to load certificate");
503 goto err;
504 }
505 }
506
507 if (tls_keypair_to_pkey(ctx, keypair, &pkey) == -1)
508 goto err;
509 if (pkey != NULL) {
510 if (tls_keypair_setup_pkey(ctx, keypair, pkey) == -1)
511 goto err;
512 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) {
513 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
514 "failed to load private key");
515 goto err;
516 }
517 EVP_PKEY_free(pkey);
518 pkey = NULL;
519 }
520
521 if (!ctx->config->skip_private_key_check &&
522 SSL_CTX_check_private_key(ssl_ctx) != 1) {
523 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
524 "private/public key mismatch");
525 goto err;
526 }
527
528 return (0);
529
530 err:
531 EVP_PKEY_free(pkey);
532
533 return (-1);
534 }
535
536 int
tls_configure_ssl(struct tls * ctx,SSL_CTX * ssl_ctx)537 tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx)
538 {
539 SSL_CTX_clear_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
540
541 SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
542 SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
543
544 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
545 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
546 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
547 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
548
549 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
550 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
551
552 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
553 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
554 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_3) == 0)
555 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
556
557 if (ctx->config->alpn != NULL) {
558 if (SSL_CTX_set_alpn_protos(ssl_ctx, ctx->config->alpn,
559 ctx->config->alpn_len) != 0) {
560 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
561 "failed to set alpn");
562 goto err;
563 }
564 }
565
566 if (ctx->config->ciphers != NULL) {
567 if (SSL_CTX_set_cipher_list(ssl_ctx,
568 ctx->config->ciphers) != 1) {
569 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
570 "failed to set ciphers");
571 goto err;
572 }
573 }
574
575 if (ctx->config->verify_time == 0) {
576 X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(ssl_ctx),
577 X509_V_FLAG_NO_CHECK_TIME);
578 }
579
580 /* Disable any form of session caching by default */
581 SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF);
582 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
583
584 return (0);
585
586 err:
587 return (-1);
588 }
589
590 static int
tls_ssl_cert_verify_cb(X509_STORE_CTX * x509_ctx,void * arg)591 tls_ssl_cert_verify_cb(X509_STORE_CTX *x509_ctx, void *arg)
592 {
593 struct tls *ctx = arg;
594 int x509_err;
595
596 if (ctx->config->verify_cert == 0)
597 return (1);
598
599 if ((X509_verify_cert(x509_ctx)) < 0) {
600 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
601 "X509 verify cert failed");
602 return (0);
603 }
604
605 x509_err = X509_STORE_CTX_get_error(x509_ctx);
606 if (x509_err == X509_V_OK)
607 return (1);
608
609 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
610 "certificate verification failed: %s",
611 X509_verify_cert_error_string(x509_err));
612
613 return (0);
614 }
615
616 int
tls_configure_ssl_verify(struct tls * ctx,SSL_CTX * ssl_ctx,int verify)617 tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
618 {
619 size_t ca_len = ctx->config->ca_len;
620 char *ca_mem = ctx->config->ca_mem;
621 char *crl_mem = ctx->config->crl_mem;
622 size_t crl_len = ctx->config->crl_len;
623 char *ca_free = NULL;
624 STACK_OF(X509_INFO) *xis = NULL;
625 X509_STORE *store;
626 X509_INFO *xi;
627 BIO *bio = NULL;
628 int rv = -1;
629 int i;
630
631 SSL_CTX_set_verify(ssl_ctx, verify, NULL);
632 SSL_CTX_set_cert_verify_callback(ssl_ctx, tls_ssl_cert_verify_cb, ctx);
633
634 if (ctx->config->verify_depth >= 0)
635 SSL_CTX_set_verify_depth(ssl_ctx, ctx->config->verify_depth);
636
637 if (ctx->config->verify_cert == 0)
638 goto done;
639
640 /* If no CA has been specified, attempt to load the default. */
641 if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
642 if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(),
643 &ca_mem, &ca_len) != 0)
644 goto err;
645 ca_free = ca_mem;
646 }
647
648 if (ca_mem != NULL) {
649 if (ca_len > INT_MAX) {
650 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
651 "ca too long");
652 goto err;
653 }
654 if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) {
655 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
656 "ssl verify memory setup failure");
657 goto err;
658 }
659 } else if (SSL_CTX_load_verify_locations(ssl_ctx, NULL,
660 ctx->config->ca_path) != 1) {
661 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
662 "ssl verify locations failure");
663 goto err;
664 }
665
666 if (crl_mem != NULL) {
667 if (crl_len > INT_MAX) {
668 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
669 "crl too long");
670 goto err;
671 }
672 if ((bio = BIO_new_mem_buf(crl_mem, crl_len)) == NULL) {
673 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
674 "failed to create buffer");
675 goto err;
676 }
677 if ((xis = PEM_X509_INFO_read_bio(bio, NULL, tls_password_cb,
678 NULL)) == NULL) {
679 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
680 "failed to parse crl");
681 goto err;
682 }
683 store = SSL_CTX_get_cert_store(ssl_ctx);
684 for (i = 0; i < sk_X509_INFO_num(xis); i++) {
685 xi = sk_X509_INFO_value(xis, i);
686 if (xi->crl == NULL)
687 continue;
688 if (!X509_STORE_add_crl(store, xi->crl)) {
689 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
690 "failed to add crl");
691 goto err;
692 }
693 }
694 X509_STORE_set_flags(store,
695 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
696 }
697
698 done:
699 rv = 0;
700
701 err:
702 sk_X509_INFO_pop_free(xis, X509_INFO_free);
703 BIO_free(bio);
704 free(ca_free);
705
706 return (rv);
707 }
708
709 void
tls_free(struct tls * ctx)710 tls_free(struct tls *ctx)
711 {
712 if (ctx == NULL)
713 return;
714
715 tls_reset(ctx);
716
717 free(ctx);
718 }
719
720 void
tls_reset(struct tls * ctx)721 tls_reset(struct tls *ctx)
722 {
723 struct tls_sni_ctx *sni, *nsni;
724
725 tls_config_free(ctx->config);
726 ctx->config = NULL;
727
728 SSL_CTX_free(ctx->ssl_ctx);
729 SSL_free(ctx->ssl_conn);
730 X509_free(ctx->ssl_peer_cert);
731
732 ctx->ssl_conn = NULL;
733 ctx->ssl_ctx = NULL;
734 ctx->ssl_peer_cert = NULL;
735 /* X509 objects in chain are freed with the SSL */
736 ctx->ssl_peer_chain = NULL;
737
738 ctx->socket = -1;
739 ctx->state = 0;
740
741 free(ctx->servername);
742 ctx->servername = NULL;
743
744 free(ctx->error.msg);
745 ctx->error.msg = NULL;
746 ctx->error.errno_value = -1;
747
748 tls_conninfo_free(ctx->conninfo);
749 ctx->conninfo = NULL;
750
751 tls_ocsp_free(ctx->ocsp);
752 ctx->ocsp = NULL;
753
754 for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) {
755 nsni = sni->next;
756 tls_sni_ctx_free(sni);
757 }
758 ctx->sni_ctx = NULL;
759
760 ctx->read_cb = NULL;
761 ctx->write_cb = NULL;
762 ctx->cb_arg = NULL;
763 }
764
765 int
tls_ssl_error(struct tls * ctx,SSL * ssl_conn,int ssl_ret,const char * prefix)766 tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
767 {
768 const char *errstr = "unknown error";
769 unsigned long err;
770 int ssl_err;
771
772 ssl_err = SSL_get_error(ssl_conn, ssl_ret);
773 switch (ssl_err) {
774 case SSL_ERROR_NONE:
775 case SSL_ERROR_ZERO_RETURN:
776 return (0);
777
778 case SSL_ERROR_WANT_READ:
779 return (TLS_WANT_POLLIN);
780
781 case SSL_ERROR_WANT_WRITE:
782 return (TLS_WANT_POLLOUT);
783
784 case SSL_ERROR_SYSCALL:
785 if ((err = ERR_peek_error()) != 0) {
786 errstr = ERR_error_string(err, NULL);
787 } else if (ssl_ret == 0) {
788 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
789 ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
790 return (0);
791 }
792 errstr = "unexpected EOF";
793 } else if (ssl_ret == -1) {
794 errstr = strerror(errno);
795 }
796 tls_set_ssl_errorx(ctx, TLS_ERROR_UNKNOWN,
797 "%s failed: %s", prefix, errstr);
798 return (-1);
799
800 case SSL_ERROR_SSL:
801 if ((err = ERR_peek_error()) != 0) {
802 errstr = ERR_error_string(err, NULL);
803 }
804 tls_set_ssl_errorx(ctx, TLS_ERROR_UNKNOWN,
805 "%s failed: %s", prefix, errstr);
806 return (-1);
807
808 case SSL_ERROR_WANT_CONNECT:
809 case SSL_ERROR_WANT_ACCEPT:
810 case SSL_ERROR_WANT_X509_LOOKUP:
811 default:
812 tls_set_ssl_errorx(ctx, TLS_ERROR_UNKNOWN,
813 "%s failed (%d)", prefix, ssl_err);
814 return (-1);
815 }
816 }
817
818 int
tls_handshake(struct tls * ctx)819 tls_handshake(struct tls *ctx)
820 {
821 int rv = -1;
822
823 tls_error_clear(&ctx->error);
824
825 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
826 tls_set_errorx(ctx, TLS_ERROR_INVALID_CONTEXT,
827 "invalid operation for context");
828 goto out;
829 }
830
831 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
832 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
833 "handshake already completed");
834 goto out;
835 }
836
837 if ((ctx->flags & TLS_CLIENT) != 0)
838 rv = tls_handshake_client(ctx);
839 else if ((ctx->flags & TLS_SERVER_CONN) != 0)
840 rv = tls_handshake_server(ctx);
841
842 if (rv == 0) {
843 ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn);
844 ctx->ssl_peer_chain = SSL_get_peer_cert_chain(ctx->ssl_conn);
845 if (tls_conninfo_populate(ctx) == -1)
846 rv = -1;
847 if (ctx->ocsp == NULL)
848 ctx->ocsp = tls_ocsp_setup_from_peer(ctx);
849 }
850 out:
851 /* Prevent callers from performing incorrect error handling */
852 errno = 0;
853 return (rv);
854 }
855
856 ssize_t
tls_read(struct tls * ctx,void * buf,size_t buflen)857 tls_read(struct tls *ctx, void *buf, size_t buflen)
858 {
859 ssize_t rv = -1;
860 int ssl_ret;
861
862 tls_error_clear(&ctx->error);
863
864 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
865 if ((rv = tls_handshake(ctx)) != 0)
866 goto out;
867 }
868
869 if (buflen > INT_MAX) {
870 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
871 "buflen too long");
872 goto out;
873 }
874
875 ERR_clear_error();
876 if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) {
877 rv = (ssize_t)ssl_ret;
878 goto out;
879 }
880 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read");
881
882 out:
883 /* Prevent callers from performing incorrect error handling */
884 errno = 0;
885 return (rv);
886 }
887
888 ssize_t
tls_write(struct tls * ctx,const void * buf,size_t buflen)889 tls_write(struct tls *ctx, const void *buf, size_t buflen)
890 {
891 ssize_t rv = -1;
892 int ssl_ret;
893
894 tls_error_clear(&ctx->error);
895
896 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
897 if ((rv = tls_handshake(ctx)) != 0)
898 goto out;
899 }
900
901 if (buflen > INT_MAX) {
902 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
903 "buflen too long");
904 goto out;
905 }
906
907 ERR_clear_error();
908 if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) {
909 rv = (ssize_t)ssl_ret;
910 goto out;
911 }
912 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");
913
914 out:
915 /* Prevent callers from performing incorrect error handling */
916 errno = 0;
917 return (rv);
918 }
919
920 int
tls_close(struct tls * ctx)921 tls_close(struct tls *ctx)
922 {
923 int ssl_ret;
924 int rv = 0;
925
926 tls_error_clear(&ctx->error);
927
928 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
929 tls_set_errorx(ctx, TLS_ERROR_INVALID_CONTEXT,
930 "invalid operation for context");
931 rv = -1;
932 goto out;
933 }
934
935 if (ctx->state & TLS_SSL_NEEDS_SHUTDOWN) {
936 ERR_clear_error();
937 ssl_ret = SSL_shutdown(ctx->ssl_conn);
938 if (ssl_ret < 0) {
939 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret,
940 "shutdown");
941 if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT)
942 goto out;
943 }
944 ctx->state &= ~TLS_SSL_NEEDS_SHUTDOWN;
945 }
946
947 if (ctx->socket != -1) {
948 if (shutdown(ctx->socket, SHUT_RDWR) != 0) {
949 if (rv == 0 &&
950 errno != ENOTCONN && errno != ECONNRESET) {
951 tls_set_error(ctx, TLS_ERROR_UNKNOWN, "shutdown");
952 rv = -1;
953 }
954 }
955 if (close(ctx->socket) != 0) {
956 if (rv == 0) {
957 tls_set_error(ctx, TLS_ERROR_UNKNOWN, "close");
958 rv = -1;
959 }
960 }
961 ctx->socket = -1;
962 }
963
964 if ((ctx->state & TLS_EOF_NO_CLOSE_NOTIFY) != 0) {
965 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "EOF without close notify");
966 rv = -1;
967 }
968
969 out:
970 /* Prevent callers from performing incorrect error handling */
971 errno = 0;
972 return (rv);
973 }
974