1 /* $OpenBSD: tls.c,v 1.40 2016/07/06 16:16:36 jsing Exp $ */ 2 /* 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <sys/socket.h> 19 20 #include <errno.h> 21 #include <limits.h> 22 #include <stdlib.h> 23 #include <unistd.h> 24 25 #include <openssl/bio.h> 26 #include <openssl/err.h> 27 #include <openssl/evp.h> 28 #include <openssl/pem.h> 29 #include <openssl/x509.h> 30 31 #include <tls.h> 32 #include "tls_internal.h" 33 34 static struct tls_config *tls_config_default; 35 36 int 37 tls_init(void) 38 { 39 static int tls_initialised = 0; 40 41 if (tls_initialised) 42 return (0); 43 44 SSL_load_error_strings(); 45 SSL_library_init(); 46 47 if (BIO_sock_init() != 1) 48 return (-1); 49 50 if ((tls_config_default = tls_config_new()) == NULL) 51 return (-1); 52 53 tls_initialised = 1; 54 55 return (0); 56 } 57 58 const char * 59 tls_error(struct tls *ctx) 60 { 61 return ctx->error.msg; 62 } 63 64 static int 65 tls_error_vset(struct tls_error *error, int errnum, const char *fmt, va_list ap) 66 { 67 char *errmsg = NULL; 68 int rv = -1; 69 70 free(error->msg); 71 error->msg = NULL; 72 error->num = errnum; 73 74 if (vasprintf(&errmsg, fmt, ap) == -1) { 75 errmsg = NULL; 76 goto err; 77 } 78 79 if (errnum == -1) { 80 error->msg = errmsg; 81 return (0); 82 } 83 84 if (asprintf(&error->msg, "%s: %s", errmsg, strerror(errnum)) == -1) { 85 error->msg = NULL; 86 goto err; 87 } 88 rv = 0; 89 90 err: 91 free(errmsg); 92 93 return (rv); 94 } 95 96 int 97 tls_error_set(struct tls_error *error, const char *fmt, ...) 98 { 99 va_list ap; 100 int errnum, rv; 101 102 errnum = errno; 103 104 va_start(ap, fmt); 105 rv = tls_error_vset(error, errnum, fmt, ap); 106 va_end(ap); 107 108 return (rv); 109 } 110 111 int 112 tls_error_setx(struct tls_error *error, const char *fmt, ...) 113 { 114 va_list ap; 115 int rv; 116 117 va_start(ap, fmt); 118 rv = tls_error_vset(error, -1, fmt, ap); 119 va_end(ap); 120 121 return (rv); 122 } 123 124 int 125 tls_config_set_error(struct tls_config *config, const char *fmt, ...) 126 { 127 va_list ap; 128 int errnum, rv; 129 130 errnum = errno; 131 132 va_start(ap, fmt); 133 rv = tls_error_vset(&config->error, errnum, fmt, ap); 134 va_end(ap); 135 136 return (rv); 137 } 138 139 int 140 tls_config_set_errorx(struct tls_config *config, const char *fmt, ...) 141 { 142 va_list ap; 143 int rv; 144 145 va_start(ap, fmt); 146 rv = tls_error_vset(&config->error, -1, fmt, ap); 147 va_end(ap); 148 149 return (rv); 150 } 151 152 int 153 tls_set_error(struct tls *ctx, const char *fmt, ...) 154 { 155 va_list ap; 156 int errnum, rv; 157 158 errnum = errno; 159 160 va_start(ap, fmt); 161 rv = tls_error_vset(&ctx->error, errnum, fmt, ap); 162 va_end(ap); 163 164 return (rv); 165 } 166 167 int 168 tls_set_errorx(struct tls *ctx, const char *fmt, ...) 169 { 170 va_list ap; 171 int rv; 172 173 va_start(ap, fmt); 174 rv = tls_error_vset(&ctx->error, -1, fmt, ap); 175 va_end(ap); 176 177 return (rv); 178 } 179 180 struct tls * 181 tls_new(void) 182 { 183 struct tls *ctx; 184 185 if ((ctx = calloc(1, sizeof(*ctx))) == NULL) 186 return (NULL); 187 188 ctx->config = tls_config_default; 189 190 tls_reset(ctx); 191 192 return (ctx); 193 } 194 195 int 196 tls_configure(struct tls *ctx, struct tls_config *config) 197 { 198 if (config == NULL) 199 config = tls_config_default; 200 201 ctx->config = config; 202 203 if ((ctx->flags & TLS_SERVER) != 0) 204 return (tls_configure_server(ctx)); 205 206 return (0); 207 } 208 209 int 210 tls_configure_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, 211 struct tls_keypair *keypair, int required) 212 { 213 EVP_PKEY *pkey = NULL; 214 X509 *cert = NULL; 215 BIO *bio = NULL; 216 217 if (!required && 218 keypair->cert_mem == NULL && 219 keypair->key_mem == NULL && 220 keypair->cert_file == NULL && 221 keypair->key_file == NULL) 222 return(0); 223 224 if (keypair->cert_mem != NULL) { 225 if (keypair->cert_len > INT_MAX) { 226 tls_set_errorx(ctx, "certificate too long"); 227 goto err; 228 } 229 230 if (SSL_CTX_use_certificate_chain_mem(ssl_ctx, 231 keypair->cert_mem, keypair->cert_len) != 1) { 232 tls_set_errorx(ctx, "failed to load certificate"); 233 goto err; 234 } 235 cert = NULL; 236 } 237 if (keypair->key_mem != NULL) { 238 if (keypair->key_len > INT_MAX) { 239 tls_set_errorx(ctx, "key too long"); 240 goto err; 241 } 242 243 if ((bio = BIO_new_mem_buf(keypair->key_mem, 244 keypair->key_len)) == NULL) { 245 tls_set_errorx(ctx, "failed to create buffer"); 246 goto err; 247 } 248 if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, 249 NULL)) == NULL) { 250 tls_set_errorx(ctx, "failed to read private key"); 251 goto err; 252 } 253 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) { 254 tls_set_errorx(ctx, "failed to load private key"); 255 goto err; 256 } 257 BIO_free(bio); 258 bio = NULL; 259 EVP_PKEY_free(pkey); 260 pkey = NULL; 261 } 262 263 if (keypair->cert_file != NULL) { 264 if (SSL_CTX_use_certificate_chain_file(ssl_ctx, 265 keypair->cert_file) != 1) { 266 tls_set_errorx(ctx, "failed to load certificate file"); 267 goto err; 268 } 269 } 270 if (keypair->key_file != NULL) { 271 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, 272 keypair->key_file, SSL_FILETYPE_PEM) != 1) { 273 tls_set_errorx(ctx, "failed to load private key file"); 274 goto err; 275 } 276 } 277 278 if (SSL_CTX_check_private_key(ssl_ctx) != 1) { 279 tls_set_errorx(ctx, "private/public key mismatch"); 280 goto err; 281 } 282 283 return (0); 284 285 err: 286 EVP_PKEY_free(pkey); 287 X509_free(cert); 288 BIO_free(bio); 289 290 return (1); 291 } 292 293 int 294 tls_configure_ssl(struct tls *ctx) 295 { 296 SSL_CTX_set_mode(ctx->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); 297 SSL_CTX_set_mode(ctx->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); 298 299 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2); 300 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3); 301 302 SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1); 303 SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1); 304 SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2); 305 306 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0) 307 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1); 308 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0) 309 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1); 310 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0) 311 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2); 312 313 if (ctx->config->ciphers != NULL) { 314 if (SSL_CTX_set_cipher_list(ctx->ssl_ctx, 315 ctx->config->ciphers) != 1) { 316 tls_set_errorx(ctx, "failed to set ciphers"); 317 goto err; 318 } 319 } 320 321 if (ctx->config->verify_time == 0) { 322 X509_VERIFY_PARAM_set_flags(ctx->ssl_ctx->param, 323 X509_V_FLAG_NO_CHECK_TIME); 324 } 325 326 return (0); 327 328 err: 329 return (-1); 330 } 331 332 int 333 tls_configure_ssl_verify(struct tls *ctx, int verify) 334 { 335 SSL_CTX_set_verify(ctx->ssl_ctx, verify, NULL); 336 337 if (ctx->config->ca_mem != NULL) { 338 /* XXX do this in set. */ 339 if (ctx->config->ca_len > INT_MAX) { 340 tls_set_errorx(ctx, "ca too long"); 341 goto err; 342 } 343 if (SSL_CTX_load_verify_mem(ctx->ssl_ctx, 344 ctx->config->ca_mem, ctx->config->ca_len) != 1) { 345 tls_set_errorx(ctx, "ssl verify memory setup failure"); 346 goto err; 347 } 348 } else if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, 349 ctx->config->ca_file, ctx->config->ca_path) != 1) { 350 tls_set_errorx(ctx, "ssl verify setup failure"); 351 goto err; 352 } 353 if (ctx->config->verify_depth >= 0) 354 SSL_CTX_set_verify_depth(ctx->ssl_ctx, 355 ctx->config->verify_depth); 356 357 return (0); 358 359 err: 360 return (-1); 361 } 362 363 void 364 tls_free(struct tls *ctx) 365 { 366 if (ctx == NULL) 367 return; 368 tls_reset(ctx); 369 free(ctx); 370 } 371 372 void 373 tls_reset(struct tls *ctx) 374 { 375 SSL_CTX_free(ctx->ssl_ctx); 376 SSL_free(ctx->ssl_conn); 377 X509_free(ctx->ssl_peer_cert); 378 379 ctx->ssl_conn = NULL; 380 ctx->ssl_ctx = NULL; 381 ctx->ssl_peer_cert = NULL; 382 383 ctx->socket = -1; 384 ctx->state = 0; 385 386 free(ctx->servername); 387 ctx->servername = NULL; 388 389 free(ctx->error.msg); 390 ctx->error.msg = NULL; 391 ctx->error.num = -1; 392 393 tls_free_conninfo(ctx->conninfo); 394 free(ctx->conninfo); 395 ctx->conninfo = NULL; 396 } 397 398 int 399 tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix) 400 { 401 const char *errstr = "unknown error"; 402 unsigned long err; 403 int ssl_err; 404 405 ssl_err = SSL_get_error(ssl_conn, ssl_ret); 406 switch (ssl_err) { 407 case SSL_ERROR_NONE: 408 case SSL_ERROR_ZERO_RETURN: 409 return (0); 410 411 case SSL_ERROR_WANT_READ: 412 return (TLS_WANT_POLLIN); 413 414 case SSL_ERROR_WANT_WRITE: 415 return (TLS_WANT_POLLOUT); 416 417 case SSL_ERROR_SYSCALL: 418 if ((err = ERR_peek_error()) != 0) { 419 errstr = ERR_error_string(err, NULL); 420 } else if (ssl_ret == 0) { 421 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) { 422 ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY; 423 return (0); 424 } 425 errstr = "unexpected EOF"; 426 } else if (ssl_ret == -1) { 427 errstr = strerror(errno); 428 } 429 tls_set_errorx(ctx, "%s failed: %s", prefix, errstr); 430 return (-1); 431 432 case SSL_ERROR_SSL: 433 if ((err = ERR_peek_error()) != 0) { 434 errstr = ERR_error_string(err, NULL); 435 } 436 tls_set_errorx(ctx, "%s failed: %s", prefix, errstr); 437 return (-1); 438 439 case SSL_ERROR_WANT_CONNECT: 440 case SSL_ERROR_WANT_ACCEPT: 441 case SSL_ERROR_WANT_X509_LOOKUP: 442 default: 443 tls_set_errorx(ctx, "%s failed (%i)", prefix, ssl_err); 444 return (-1); 445 } 446 } 447 448 int 449 tls_handshake(struct tls *ctx) 450 { 451 int rv = -1; 452 453 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) { 454 tls_set_errorx(ctx, "invalid operation for context"); 455 goto out; 456 } 457 458 if (ctx->conninfo == NULL && 459 (ctx->conninfo = calloc(1, sizeof(*ctx->conninfo))) == NULL) 460 goto out; 461 462 if ((ctx->flags & TLS_CLIENT) != 0) 463 rv = tls_handshake_client(ctx); 464 else if ((ctx->flags & TLS_SERVER_CONN) != 0) 465 rv = tls_handshake_server(ctx); 466 467 if (rv == 0) { 468 ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn); 469 if (tls_get_conninfo(ctx) == -1) 470 rv = -1; 471 } 472 out: 473 /* Prevent callers from performing incorrect error handling */ 474 errno = 0; 475 return (rv); 476 } 477 478 ssize_t 479 tls_read(struct tls *ctx, void *buf, size_t buflen) 480 { 481 ssize_t rv = -1; 482 int ssl_ret; 483 484 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) { 485 if ((rv = tls_handshake(ctx)) != 0) 486 goto out; 487 } 488 489 if (buflen > INT_MAX) { 490 tls_set_errorx(ctx, "buflen too long"); 491 goto out; 492 } 493 494 ERR_clear_error(); 495 if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) { 496 rv = (ssize_t)ssl_ret; 497 goto out; 498 } 499 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read"); 500 501 out: 502 /* Prevent callers from performing incorrect error handling */ 503 errno = 0; 504 return (rv); 505 } 506 507 ssize_t 508 tls_write(struct tls *ctx, const void *buf, size_t buflen) 509 { 510 ssize_t rv = -1; 511 int ssl_ret; 512 513 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) { 514 if ((rv = tls_handshake(ctx)) != 0) 515 goto out; 516 } 517 518 if (buflen > INT_MAX) { 519 tls_set_errorx(ctx, "buflen too long"); 520 goto out; 521 } 522 523 ERR_clear_error(); 524 if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) { 525 rv = (ssize_t)ssl_ret; 526 goto out; 527 } 528 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write"); 529 530 out: 531 /* Prevent callers from performing incorrect error handling */ 532 errno = 0; 533 return (rv); 534 } 535 536 int 537 tls_close(struct tls *ctx) 538 { 539 int ssl_ret; 540 int rv = 0; 541 542 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) { 543 tls_set_errorx(ctx, "invalid operation for context"); 544 rv = -1; 545 goto out; 546 } 547 548 if (ctx->ssl_conn != NULL) { 549 ERR_clear_error(); 550 ssl_ret = SSL_shutdown(ctx->ssl_conn); 551 if (ssl_ret < 0) { 552 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, 553 "shutdown"); 554 if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT) 555 goto out; 556 } 557 } 558 559 if (ctx->socket != -1) { 560 if (shutdown(ctx->socket, SHUT_RDWR) != 0) { 561 if (rv == 0 && 562 errno != ENOTCONN && errno != ECONNRESET) { 563 tls_set_error(ctx, "shutdown"); 564 rv = -1; 565 } 566 } 567 if (close(ctx->socket) != 0) { 568 if (rv == 0) { 569 tls_set_error(ctx, "close"); 570 rv = -1; 571 } 572 } 573 ctx->socket = -1; 574 } 575 576 if ((ctx->state & TLS_EOF_NO_CLOSE_NOTIFY) != 0) { 577 tls_set_errorx(ctx, "EOF without close notify"); 578 rv = -1; 579 } 580 581 out: 582 /* Prevent callers from performing incorrect error handling */ 583 errno = 0; 584 return (rv); 585 } 586