xref: /openbsd/lib/libtls/tls_server.c (revision 998de4a5) 
1 /* $OpenBSD: tls_server.c,v 1.25 2016/08/22 14:51:37 jsing Exp $ */
2 /*
3  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/socket.h>
19 
20 #include <arpa/inet.h>
21 
22 #include <openssl/ec.h>
23 #include <openssl/err.h>
24 #include <openssl/ssl.h>
25 
26 #include <tls.h>
27 #include "tls_internal.h"
28 
29 struct tls *
30 tls_server(void)
31 {
32 	struct tls *ctx;
33 
34 	if ((ctx = tls_new()) == NULL)
35 		return (NULL);
36 
37 	ctx->flags |= TLS_SERVER;
38 
39 	return (ctx);
40 }
41 
42 struct tls *
43 tls_server_conn(struct tls *ctx)
44 {
45 	struct tls *conn_ctx;
46 
47 	if ((conn_ctx = tls_new()) == NULL)
48 		return (NULL);
49 
50 	conn_ctx->flags |= TLS_SERVER_CONN;
51 
52 	return (conn_ctx);
53 }
54 
55 static int
56 tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen,
57     const unsigned char *in, unsigned int inlen, void *arg)
58 {
59 	struct tls *ctx = arg;
60 
61 	if (SSL_select_next_proto((unsigned char**)out, outlen,
62 	    ctx->config->alpn, ctx->config->alpn_len, in, inlen) ==
63 	    OPENSSL_NPN_NEGOTIATED)
64 		return (SSL_TLSEXT_ERR_OK);
65 
66 	return (SSL_TLSEXT_ERR_NOACK);
67 }
68 
69 static int
70 tls_servername_cb(SSL *ssl, int *al, void *arg)
71 {
72 	struct tls *ctx = (struct tls *)arg;
73 	struct tls_sni_ctx *sni_ctx;
74 	union tls_addr addrbuf;
75 	struct tls *conn_ctx;
76 	const char *name;
77 
78 	if ((conn_ctx = SSL_get_app_data(ssl)) == NULL)
79 		goto err;
80 
81 	if ((name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) == NULL) {
82 		/*
83 		 * The servername callback gets called even when there is no
84 		 * TLS servername extension provided by the client. Sigh!
85 		 */
86 		return (SSL_TLSEXT_ERR_NOACK);
87 	}
88 
89 	/* Per RFC 6066 section 3: ensure that name is not an IP literal. */
90 	if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
91             inet_pton(AF_INET6, name, &addrbuf) == 1)
92 		goto err;
93 
94 	free((char *)conn_ctx->servername);
95 	if ((conn_ctx->servername = strdup(name)) == NULL)
96 		goto err;
97 
98 	/* Find appropriate SSL context for requested servername. */
99 	for (sni_ctx = ctx->sni_ctx; sni_ctx != NULL; sni_ctx = sni_ctx->next) {
100 		if (tls_check_name(ctx, sni_ctx->ssl_cert, name) == 0) {
101 			SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx);
102 			return (SSL_TLSEXT_ERR_OK);
103 		}
104 	}
105 
106 	/* No match, use the existing context/certificate. */
107 	return (SSL_TLSEXT_ERR_OK);
108 
109  err:
110 	/*
111 	 * There is no way to tell libssl that an internal failure occurred.
112 	 * The only option we have is to return a fatal alert.
113 	 */
114 	*al = TLS1_AD_INTERNAL_ERROR;
115 	return (SSL_TLSEXT_ERR_ALERT_FATAL);
116 }
117 
118 static int
119 tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
120     X509 **cert)
121 {
122 	char *errstr = "unknown";
123 	BIO *cert_bio = NULL;
124 	int ssl_err;
125 
126 	X509_free(*cert);
127 	*cert = NULL;
128 
129 	if (keypair->cert_mem == NULL) {
130 		tls_error_set(error, "keypair has no certificate");
131 		goto err;
132 	}
133 	if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
134 	    keypair->cert_len)) == NULL) {
135 		tls_error_set(error, "failed to create certificate bio");
136 		goto err;
137 	}
138 	if ((*cert = PEM_read_bio_X509(cert_bio, NULL, NULL, NULL)) == NULL) {
139 		if ((ssl_err = ERR_peek_error()) != 0)
140 		    errstr = ERR_error_string(ssl_err, NULL);
141 		tls_error_set(error, "failed to load certificate: %s", errstr);
142 		goto err;
143 	}
144 
145 	BIO_free(cert_bio);
146 
147 	return (0);
148 
149  err:
150 	BIO_free(cert_bio);
151 
152 	return (-1);
153 }
154 
155 static int
156 tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
157     struct tls_keypair *keypair)
158 {
159 	unsigned char sid[SSL_MAX_SSL_SESSION_ID_LENGTH];
160 	EC_KEY *ecdh_key;
161 
162 	SSL_CTX_free(*ssl_ctx);
163 
164 	if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
165 		tls_set_errorx(ctx, "ssl context failure");
166 		goto err;
167 	}
168 
169 	if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx,
170 	    tls_servername_cb) != 1) {
171 		tls_set_error(ctx, "failed to set servername callback");
172 		goto err;
173 	}
174 	if (SSL_CTX_set_tlsext_servername_arg(*ssl_ctx, ctx) != 1) {
175 		tls_set_error(ctx, "failed to set servername callback arg");
176 		goto err;
177 	}
178 
179 	if (tls_configure_ssl(ctx, *ssl_ctx) != 0)
180 		goto err;
181 	if (tls_configure_ssl_keypair(ctx, *ssl_ctx, keypair, 1) != 0)
182 		goto err;
183 	if (ctx->config->verify_client != 0) {
184 		int verify = SSL_VERIFY_PEER;
185 		if (ctx->config->verify_client == 1)
186 			verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
187 		if (tls_configure_ssl_verify(ctx, *ssl_ctx, verify) == -1)
188 			goto err;
189 	}
190 
191 	if (ctx->config->alpn != NULL)
192 		SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb,
193 		    ctx);
194 
195 	if (ctx->config->dheparams == -1)
196 		SSL_CTX_set_dh_auto(*ssl_ctx, 1);
197 	else if (ctx->config->dheparams == 1024)
198 		SSL_CTX_set_dh_auto(*ssl_ctx, 2);
199 
200 	if (ctx->config->ecdhecurve == -1) {
201 		SSL_CTX_set_ecdh_auto(*ssl_ctx, 1);
202 	} else if (ctx->config->ecdhecurve != NID_undef) {
203 		if ((ecdh_key = EC_KEY_new_by_curve_name(
204 		    ctx->config->ecdhecurve)) == NULL) {
205 			tls_set_errorx(ctx, "failed to set ECDHE curve");
206 			goto err;
207 		}
208 		SSL_CTX_set_options(*ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
209 		SSL_CTX_set_tmp_ecdh(*ssl_ctx, ecdh_key);
210 		EC_KEY_free(ecdh_key);
211 	}
212 
213 	if (ctx->config->ciphers_server == 1)
214 		SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
215 
216 	/*
217 	 * Set session ID context to a random value.  We don't support
218 	 * persistent caching of sessions so it is OK to set a temporary
219 	 * session ID context that is valid during run time.
220 	 */
221 	arc4random_buf(sid, sizeof(sid));
222 	if (SSL_CTX_set_session_id_context(*ssl_ctx, sid,
223 	    sizeof(sid)) != 1) {
224 		tls_set_error(ctx, "failed to set session id context");
225 		goto err;
226 	}
227 
228 	return (0);
229 
230   err:
231 	SSL_CTX_free(*ssl_ctx);
232 	*ssl_ctx = NULL;
233 
234 	return (-1);
235 }
236 
237 static int
238 tls_configure_server_sni(struct tls *ctx)
239 {
240 	struct tls_sni_ctx **sni_ctx;
241 	struct tls_keypair *kp;
242 
243 	if (ctx->config->keypair->next == NULL)
244 		return (0);
245 
246 	/* Set up additional SSL contexts for SNI. */
247 	sni_ctx = &ctx->sni_ctx;
248 	for (kp = ctx->config->keypair->next; kp != NULL; kp = kp->next) {
249 		if ((*sni_ctx = tls_sni_ctx_new()) == NULL) {
250 			tls_set_errorx(ctx, "out of memory");
251 			goto err;
252 		}
253 		if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1)
254 			goto err;
255 		if (tls_keypair_load_cert(kp, &ctx->error,
256 		    &(*sni_ctx)->ssl_cert) == -1)
257 			goto err;
258 		sni_ctx = &(*sni_ctx)->next;
259 	}
260 
261 	return (0);
262 
263  err:
264 	return (-1);
265 }
266 
267 int
268 tls_configure_server(struct tls *ctx)
269 {
270 	if (tls_configure_server_ssl(ctx, &ctx->ssl_ctx,
271 	    ctx->config->keypair) == -1)
272 		goto err;
273 	if (tls_configure_server_sni(ctx) == -1)
274 		goto err;
275 
276 	return (0);
277 
278  err:
279 	return (-1);
280 }
281 
282 int
283 tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
284 {
285 	return (tls_accept_fds(ctx, cctx, socket, socket));
286 }
287 
288 int
289 tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
290 {
291 	struct tls *conn_ctx = NULL;
292 
293 	if ((ctx->flags & TLS_SERVER) == 0) {
294 		tls_set_errorx(ctx, "not a server context");
295 		goto err;
296 	}
297 
298 	if ((conn_ctx = tls_server_conn(ctx)) == NULL) {
299 		tls_set_errorx(ctx, "connection context failure");
300 		goto err;
301 	}
302 
303 	if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
304 		tls_set_errorx(ctx, "ssl failure");
305 		goto err;
306 	}
307 	if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
308 		tls_set_errorx(ctx, "ssl application data failure");
309 		goto err;
310 	}
311 	if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
312 	    SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
313 		tls_set_errorx(ctx, "ssl file descriptor failure");
314 		goto err;
315 	}
316 
317 	*cctx = conn_ctx;
318 
319 	return (0);
320 
321  err:
322 	tls_free(conn_ctx);
323 
324 	*cctx = NULL;
325 
326 	return (-1);
327 }
328 
329 int
330 tls_handshake_server(struct tls *ctx)
331 {
332 	int ssl_ret;
333 	int rv = -1;
334 
335 	if ((ctx->flags & TLS_SERVER_CONN) == 0) {
336 		tls_set_errorx(ctx, "not a server connection context");
337 		goto err;
338 	}
339 
340 	ERR_clear_error();
341 	if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) {
342 		rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
343 		goto err;
344 	}
345 
346 	ctx->state |= TLS_HANDSHAKE_COMPLETE;
347 	rv = 0;
348 
349  err:
350 	return (rv);
351 }
352