1 /* $OpenBSD: tls.c,v 1.94 2022/02/08 19:13:50 tb Exp $ */ 2 /* 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <sys/socket.h> 19 20 #include <errno.h> 21 #include <limits.h> 22 #include <pthread.h> 23 #include <stdlib.h> 24 #include <unistd.h> 25 26 #include <openssl/bio.h> 27 #include <openssl/err.h> 28 #include <openssl/evp.h> 29 #include <openssl/pem.h> 30 #include <openssl/safestack.h> 31 #include <openssl/ssl.h> 32 #include <openssl/x509.h> 33 34 #include <tls.h> 35 #include "tls_internal.h" 36 37 static struct tls_config *tls_config_default; 38 39 static int tls_init_rv = -1; 40 41 static void 42 tls_do_init(void) 43 { 44 OPENSSL_init_ssl(OPENSSL_INIT_NO_LOAD_CONFIG, NULL); 45 46 if (BIO_sock_init() != 1) 47 return; 48 49 if ((tls_config_default = tls_config_new_internal()) == NULL) 50 return; 51 52 tls_config_default->refcount++; 53 54 tls_init_rv = 0; 55 } 56 57 int 58 tls_init(void) 59 { 60 static pthread_once_t once = PTHREAD_ONCE_INIT; 61 62 if (pthread_once(&once, tls_do_init) != 0) 63 return -1; 64 65 return tls_init_rv; 66 } 67 68 const char * 69 tls_error(struct tls *ctx) 70 { 71 return ctx->error.msg; 72 } 73 74 void 75 tls_error_clear(struct tls_error *error) 76 { 77 free(error->msg); 78 error->msg = NULL; 79 error->num = 0; 80 error->tls = 0; 81 } 82 83 static int 84 tls_error_vset(struct tls_error *error, int errnum, const char *fmt, va_list ap) 85 { 86 char *errmsg = NULL; 87 int rv = -1; 88 89 tls_error_clear(error); 90 91 error->num = errnum; 92 error->tls = 1; 93 94 if (vasprintf(&errmsg, fmt, ap) == -1) { 95 errmsg = NULL; 96 goto err; 97 } 98 99 if (errnum == -1) { 100 error->msg = errmsg; 101 return (0); 102 } 103 104 if (asprintf(&error->msg, "%s: %s", errmsg, strerror(errnum)) == -1) { 105 error->msg = NULL; 106 goto err; 107 } 108 rv = 0; 109 110 err: 111 free(errmsg); 112 113 return (rv); 114 } 115 116 int 117 tls_error_set(struct tls_error *error, const char *fmt, ...) 118 { 119 va_list ap; 120 int errnum, rv; 121 122 errnum = errno; 123 124 va_start(ap, fmt); 125 rv = tls_error_vset(error, errnum, fmt, ap); 126 va_end(ap); 127 128 return (rv); 129 } 130 131 int 132 tls_error_setx(struct tls_error *error, const char *fmt, ...) 133 { 134 va_list ap; 135 int rv; 136 137 va_start(ap, fmt); 138 rv = tls_error_vset(error, -1, fmt, ap); 139 va_end(ap); 140 141 return (rv); 142 } 143 144 int 145 tls_config_set_error(struct tls_config *config, const char *fmt, ...) 146 { 147 va_list ap; 148 int errnum, rv; 149 150 errnum = errno; 151 152 va_start(ap, fmt); 153 rv = tls_error_vset(&config->error, errnum, fmt, ap); 154 va_end(ap); 155 156 return (rv); 157 } 158 159 int 160 tls_config_set_errorx(struct tls_config *config, const char *fmt, ...) 161 { 162 va_list ap; 163 int rv; 164 165 va_start(ap, fmt); 166 rv = tls_error_vset(&config->error, -1, fmt, ap); 167 va_end(ap); 168 169 return (rv); 170 } 171 172 int 173 tls_set_error(struct tls *ctx, const char *fmt, ...) 174 { 175 va_list ap; 176 int errnum, rv; 177 178 errnum = errno; 179 180 va_start(ap, fmt); 181 rv = tls_error_vset(&ctx->error, errnum, fmt, ap); 182 va_end(ap); 183 184 return (rv); 185 } 186 187 int 188 tls_set_errorx(struct tls *ctx, const char *fmt, ...) 189 { 190 va_list ap; 191 int rv; 192 193 va_start(ap, fmt); 194 rv = tls_error_vset(&ctx->error, -1, fmt, ap); 195 va_end(ap); 196 197 return (rv); 198 } 199 200 int 201 tls_set_ssl_errorx(struct tls *ctx, const char *fmt, ...) 202 { 203 va_list ap; 204 int rv; 205 206 /* Only set an error if a more specific one does not already exist. */ 207 if (ctx->error.tls != 0) 208 return (0); 209 210 va_start(ap, fmt); 211 rv = tls_error_vset(&ctx->error, -1, fmt, ap); 212 va_end(ap); 213 214 return (rv); 215 } 216 217 struct tls_sni_ctx * 218 tls_sni_ctx_new(void) 219 { 220 return (calloc(1, sizeof(struct tls_sni_ctx))); 221 } 222 223 void 224 tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx) 225 { 226 if (sni_ctx == NULL) 227 return; 228 229 SSL_CTX_free(sni_ctx->ssl_ctx); 230 X509_free(sni_ctx->ssl_cert); 231 232 free(sni_ctx); 233 } 234 235 struct tls * 236 tls_new(void) 237 { 238 struct tls *ctx; 239 240 if ((ctx = calloc(1, sizeof(*ctx))) == NULL) 241 return (NULL); 242 243 tls_reset(ctx); 244 245 if (tls_configure(ctx, tls_config_default) == -1) { 246 free(ctx); 247 return NULL; 248 } 249 250 return (ctx); 251 } 252 253 int 254 tls_configure(struct tls *ctx, struct tls_config *config) 255 { 256 if (config == NULL) 257 config = tls_config_default; 258 259 pthread_mutex_lock(&config->mutex); 260 config->refcount++; 261 pthread_mutex_unlock(&config->mutex); 262 263 tls_config_free(ctx->config); 264 265 ctx->config = config; 266 ctx->keypair = config->keypair; 267 268 if ((ctx->flags & TLS_SERVER) != 0) 269 return (tls_configure_server(ctx)); 270 271 return (0); 272 } 273 274 int 275 tls_cert_hash(X509 *cert, char **hash) 276 { 277 char d[EVP_MAX_MD_SIZE], *dhex = NULL; 278 int dlen, rv = -1; 279 280 free(*hash); 281 *hash = NULL; 282 283 if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1) 284 goto err; 285 286 if (tls_hex_string(d, dlen, &dhex, NULL) != 0) 287 goto err; 288 289 if (asprintf(hash, "SHA256:%s", dhex) == -1) { 290 *hash = NULL; 291 goto err; 292 } 293 294 rv = 0; 295 err: 296 free(dhex); 297 298 return (rv); 299 } 300 301 int 302 tls_cert_pubkey_hash(X509 *cert, char **hash) 303 { 304 char d[EVP_MAX_MD_SIZE], *dhex = NULL; 305 int dlen, rv = -1; 306 307 free(*hash); 308 *hash = NULL; 309 310 if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1) 311 goto err; 312 313 if (tls_hex_string(d, dlen, &dhex, NULL) != 0) 314 goto err; 315 316 if (asprintf(hash, "SHA256:%s", dhex) == -1) { 317 *hash = NULL; 318 goto err; 319 } 320 321 rv = 0; 322 323 err: 324 free(dhex); 325 326 return (rv); 327 } 328 329 static int 330 tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pkey) 331 { 332 BIO *bio = NULL; 333 X509 *x509 = NULL; 334 char *mem; 335 size_t len; 336 int ret = -1; 337 338 *pkey = NULL; 339 340 if (ctx->config->use_fake_private_key) { 341 mem = keypair->cert_mem; 342 len = keypair->cert_len; 343 } else { 344 mem = keypair->key_mem; 345 len = keypair->key_len; 346 } 347 348 if (mem == NULL) 349 return (0); 350 351 if (len > INT_MAX) { 352 tls_set_errorx(ctx, ctx->config->use_fake_private_key ? 353 "cert too long" : "key too long"); 354 goto err; 355 } 356 357 if ((bio = BIO_new_mem_buf(mem, len)) == NULL) { 358 tls_set_errorx(ctx, "failed to create buffer"); 359 goto err; 360 } 361 362 if (ctx->config->use_fake_private_key) { 363 if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb, 364 NULL)) == NULL) { 365 tls_set_errorx(ctx, "failed to read X509 certificate"); 366 goto err; 367 } 368 if ((*pkey = X509_get_pubkey(x509)) == NULL) { 369 tls_set_errorx(ctx, "failed to retrieve pubkey"); 370 goto err; 371 } 372 } else { 373 if ((*pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb, 374 NULL)) == NULL) { 375 tls_set_errorx(ctx, "failed to read private key"); 376 goto err; 377 } 378 } 379 380 ret = 0; 381 err: 382 BIO_free(bio); 383 X509_free(x509); 384 return (ret); 385 } 386 387 static int 388 tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey) 389 { 390 RSA_METHOD *rsa_method; 391 ECDSA_METHOD *ecdsa_method; 392 RSA *rsa = NULL; 393 EC_KEY *eckey = NULL; 394 int ret = -1; 395 396 /* Only install the pubkey hash if fake private keys are used. */ 397 if (!ctx->config->skip_private_key_check) 398 return (0); 399 400 if (keypair->pubkey_hash == NULL) { 401 tls_set_errorx(ctx, "public key hash not set"); 402 goto err; 403 } 404 405 switch (EVP_PKEY_id(pkey)) { 406 case EVP_PKEY_RSA: 407 if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL || 408 RSA_set_ex_data(rsa, 0, keypair->pubkey_hash) == 0) { 409 tls_set_errorx(ctx, "RSA key setup failure"); 410 goto err; 411 } 412 if (ctx->config->sign_cb == NULL) 413 break; 414 if ((rsa_method = tls_signer_rsa_method()) == NULL || 415 RSA_set_ex_data(rsa, 1, ctx->config) == 0 || 416 RSA_set_method(rsa, rsa_method) == 0) { 417 tls_set_errorx(ctx, "failed to setup RSA key"); 418 goto err; 419 } 420 break; 421 case EVP_PKEY_EC: 422 if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL || 423 ECDSA_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) { 424 tls_set_errorx(ctx, "EC key setup failure"); 425 goto err; 426 } 427 if (ctx->config->sign_cb == NULL) 428 break; 429 if ((ecdsa_method = tls_signer_ecdsa_method()) == NULL || 430 ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 || 431 ECDSA_set_method(eckey, ecdsa_method) == 0) { 432 tls_set_errorx(ctx, "failed to setup EC key"); 433 goto err; 434 } 435 break; 436 default: 437 tls_set_errorx(ctx, "incorrect key type"); 438 goto err; 439 } 440 441 ret = 0; 442 443 err: 444 RSA_free(rsa); 445 EC_KEY_free(eckey); 446 return (ret); 447 } 448 449 int 450 tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, 451 struct tls_keypair *keypair, int required) 452 { 453 EVP_PKEY *pkey = NULL; 454 455 if (!required && 456 keypair->cert_mem == NULL && 457 keypair->key_mem == NULL) 458 return(0); 459 460 if (keypair->cert_mem != NULL) { 461 if (keypair->cert_len > INT_MAX) { 462 tls_set_errorx(ctx, "certificate too long"); 463 goto err; 464 } 465 466 if (SSL_CTX_use_certificate_chain_mem(ssl_ctx, 467 keypair->cert_mem, keypair->cert_len) != 1) { 468 tls_set_errorx(ctx, "failed to load certificate"); 469 goto err; 470 } 471 } 472 473 if (tls_keypair_to_pkey(ctx, keypair, &pkey) == -1) 474 goto err; 475 if (pkey != NULL) { 476 if (tls_keypair_setup_pkey(ctx, keypair, pkey) == -1) 477 goto err; 478 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) { 479 tls_set_errorx(ctx, "failed to load private key"); 480 goto err; 481 } 482 EVP_PKEY_free(pkey); 483 pkey = NULL; 484 } 485 486 if (!ctx->config->skip_private_key_check && 487 SSL_CTX_check_private_key(ssl_ctx) != 1) { 488 tls_set_errorx(ctx, "private/public key mismatch"); 489 goto err; 490 } 491 492 return (0); 493 494 err: 495 EVP_PKEY_free(pkey); 496 497 return (-1); 498 } 499 500 int 501 tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx) 502 { 503 SSL_CTX_clear_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); 504 505 SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); 506 SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); 507 508 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2); 509 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3); 510 511 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1); 512 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_1); 513 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2); 514 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_3); 515 516 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0) 517 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1); 518 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0) 519 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1); 520 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0) 521 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2); 522 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_3) == 0) 523 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3); 524 525 if (ctx->config->alpn != NULL) { 526 if (SSL_CTX_set_alpn_protos(ssl_ctx, ctx->config->alpn, 527 ctx->config->alpn_len) != 0) { 528 tls_set_errorx(ctx, "failed to set alpn"); 529 goto err; 530 } 531 } 532 533 if (ctx->config->ciphers != NULL) { 534 if (SSL_CTX_set_cipher_list(ssl_ctx, 535 ctx->config->ciphers) != 1) { 536 tls_set_errorx(ctx, "failed to set ciphers"); 537 goto err; 538 } 539 } 540 541 if (ctx->config->verify_time == 0) { 542 X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(ssl_ctx), 543 X509_V_FLAG_NO_CHECK_TIME); 544 } 545 546 /* Disable any form of session caching by default */ 547 SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF); 548 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET); 549 550 return (0); 551 552 err: 553 return (-1); 554 } 555 556 static int 557 tls_ssl_cert_verify_cb(X509_STORE_CTX *x509_ctx, void *arg) 558 { 559 struct tls *ctx = arg; 560 int x509_err; 561 562 if (ctx->config->verify_cert == 0) 563 return (1); 564 565 if ((X509_verify_cert(x509_ctx)) < 0) { 566 tls_set_errorx(ctx, "X509 verify cert failed"); 567 return (0); 568 } 569 570 x509_err = X509_STORE_CTX_get_error(x509_ctx); 571 if (x509_err == X509_V_OK) 572 return (1); 573 574 tls_set_errorx(ctx, "certificate verification failed: %s", 575 X509_verify_cert_error_string(x509_err)); 576 577 return (0); 578 } 579 580 int 581 tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) 582 { 583 size_t ca_len = ctx->config->ca_len; 584 char *ca_mem = ctx->config->ca_mem; 585 char *crl_mem = ctx->config->crl_mem; 586 size_t crl_len = ctx->config->crl_len; 587 char *ca_free = NULL; 588 STACK_OF(X509_INFO) *xis = NULL; 589 X509_STORE *store; 590 X509_INFO *xi; 591 BIO *bio = NULL; 592 int rv = -1; 593 int i; 594 595 SSL_CTX_set_verify(ssl_ctx, verify, NULL); 596 SSL_CTX_set_cert_verify_callback(ssl_ctx, tls_ssl_cert_verify_cb, ctx); 597 598 if (ctx->config->verify_depth >= 0) 599 SSL_CTX_set_verify_depth(ssl_ctx, ctx->config->verify_depth); 600 601 if (ctx->config->verify_cert == 0) 602 goto done; 603 604 /* If no CA has been specified, attempt to load the default. */ 605 if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) { 606 if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(), 607 &ca_mem, &ca_len) != 0) 608 goto err; 609 ca_free = ca_mem; 610 } 611 612 if (ca_mem != NULL) { 613 if (ca_len > INT_MAX) { 614 tls_set_errorx(ctx, "ca too long"); 615 goto err; 616 } 617 if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) { 618 tls_set_errorx(ctx, "ssl verify memory setup failure"); 619 goto err; 620 } 621 } else if (SSL_CTX_load_verify_locations(ssl_ctx, NULL, 622 ctx->config->ca_path) != 1) { 623 tls_set_errorx(ctx, "ssl verify locations failure"); 624 goto err; 625 } 626 627 if (crl_mem != NULL) { 628 if (crl_len > INT_MAX) { 629 tls_set_errorx(ctx, "crl too long"); 630 goto err; 631 } 632 if ((bio = BIO_new_mem_buf(crl_mem, crl_len)) == NULL) { 633 tls_set_errorx(ctx, "failed to create buffer"); 634 goto err; 635 } 636 if ((xis = PEM_X509_INFO_read_bio(bio, NULL, tls_password_cb, 637 NULL)) == NULL) { 638 tls_set_errorx(ctx, "failed to parse crl"); 639 goto err; 640 } 641 store = SSL_CTX_get_cert_store(ssl_ctx); 642 for (i = 0; i < sk_X509_INFO_num(xis); i++) { 643 xi = sk_X509_INFO_value(xis, i); 644 if (xi->crl == NULL) 645 continue; 646 if (!X509_STORE_add_crl(store, xi->crl)) { 647 tls_set_error(ctx, "failed to add crl"); 648 goto err; 649 } 650 } 651 X509_STORE_set_flags(store, 652 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); 653 } 654 655 done: 656 rv = 0; 657 658 err: 659 sk_X509_INFO_pop_free(xis, X509_INFO_free); 660 BIO_free(bio); 661 free(ca_free); 662 663 return (rv); 664 } 665 666 void 667 tls_free(struct tls *ctx) 668 { 669 if (ctx == NULL) 670 return; 671 672 tls_reset(ctx); 673 674 free(ctx); 675 } 676 677 void 678 tls_reset(struct tls *ctx) 679 { 680 struct tls_sni_ctx *sni, *nsni; 681 682 tls_config_free(ctx->config); 683 ctx->config = NULL; 684 685 SSL_CTX_free(ctx->ssl_ctx); 686 SSL_free(ctx->ssl_conn); 687 X509_free(ctx->ssl_peer_cert); 688 689 ctx->ssl_conn = NULL; 690 ctx->ssl_ctx = NULL; 691 ctx->ssl_peer_cert = NULL; 692 /* X509 objects in chain are freed with the SSL */ 693 ctx->ssl_peer_chain = NULL; 694 695 ctx->socket = -1; 696 ctx->state = 0; 697 698 free(ctx->servername); 699 ctx->servername = NULL; 700 701 free(ctx->error.msg); 702 ctx->error.msg = NULL; 703 ctx->error.num = -1; 704 705 tls_conninfo_free(ctx->conninfo); 706 ctx->conninfo = NULL; 707 708 tls_ocsp_free(ctx->ocsp); 709 ctx->ocsp = NULL; 710 711 for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) { 712 nsni = sni->next; 713 tls_sni_ctx_free(sni); 714 } 715 ctx->sni_ctx = NULL; 716 717 ctx->read_cb = NULL; 718 ctx->write_cb = NULL; 719 ctx->cb_arg = NULL; 720 } 721 722 int 723 tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix) 724 { 725 const char *errstr = "unknown error"; 726 unsigned long err; 727 int ssl_err; 728 729 ssl_err = SSL_get_error(ssl_conn, ssl_ret); 730 switch (ssl_err) { 731 case SSL_ERROR_NONE: 732 case SSL_ERROR_ZERO_RETURN: 733 return (0); 734 735 case SSL_ERROR_WANT_READ: 736 return (TLS_WANT_POLLIN); 737 738 case SSL_ERROR_WANT_WRITE: 739 return (TLS_WANT_POLLOUT); 740 741 case SSL_ERROR_SYSCALL: 742 if ((err = ERR_peek_error()) != 0) { 743 errstr = ERR_error_string(err, NULL); 744 } else if (ssl_ret == 0) { 745 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) { 746 ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY; 747 return (0); 748 } 749 errstr = "unexpected EOF"; 750 } else if (ssl_ret == -1) { 751 errstr = strerror(errno); 752 } 753 tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr); 754 return (-1); 755 756 case SSL_ERROR_SSL: 757 if ((err = ERR_peek_error()) != 0) { 758 errstr = ERR_error_string(err, NULL); 759 } 760 tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr); 761 return (-1); 762 763 case SSL_ERROR_WANT_CONNECT: 764 case SSL_ERROR_WANT_ACCEPT: 765 case SSL_ERROR_WANT_X509_LOOKUP: 766 default: 767 tls_set_ssl_errorx(ctx, "%s failed (%d)", prefix, ssl_err); 768 return (-1); 769 } 770 } 771 772 int 773 tls_handshake(struct tls *ctx) 774 { 775 int rv = -1; 776 777 tls_error_clear(&ctx->error); 778 779 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) { 780 tls_set_errorx(ctx, "invalid operation for context"); 781 goto out; 782 } 783 784 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) { 785 tls_set_errorx(ctx, "handshake already completed"); 786 goto out; 787 } 788 789 if ((ctx->flags & TLS_CLIENT) != 0) 790 rv = tls_handshake_client(ctx); 791 else if ((ctx->flags & TLS_SERVER_CONN) != 0) 792 rv = tls_handshake_server(ctx); 793 794 if (rv == 0) { 795 ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn); 796 ctx->ssl_peer_chain = SSL_get_peer_cert_chain(ctx->ssl_conn); 797 if (tls_conninfo_populate(ctx) == -1) 798 rv = -1; 799 if (ctx->ocsp == NULL) 800 ctx->ocsp = tls_ocsp_setup_from_peer(ctx); 801 } 802 out: 803 /* Prevent callers from performing incorrect error handling */ 804 errno = 0; 805 return (rv); 806 } 807 808 ssize_t 809 tls_read(struct tls *ctx, void *buf, size_t buflen) 810 { 811 ssize_t rv = -1; 812 int ssl_ret; 813 814 tls_error_clear(&ctx->error); 815 816 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) { 817 if ((rv = tls_handshake(ctx)) != 0) 818 goto out; 819 } 820 821 if (buflen > INT_MAX) { 822 tls_set_errorx(ctx, "buflen too long"); 823 goto out; 824 } 825 826 ERR_clear_error(); 827 if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) { 828 rv = (ssize_t)ssl_ret; 829 goto out; 830 } 831 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read"); 832 833 out: 834 /* Prevent callers from performing incorrect error handling */ 835 errno = 0; 836 return (rv); 837 } 838 839 ssize_t 840 tls_write(struct tls *ctx, const void *buf, size_t buflen) 841 { 842 ssize_t rv = -1; 843 int ssl_ret; 844 845 tls_error_clear(&ctx->error); 846 847 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) { 848 if ((rv = tls_handshake(ctx)) != 0) 849 goto out; 850 } 851 852 if (buflen > INT_MAX) { 853 tls_set_errorx(ctx, "buflen too long"); 854 goto out; 855 } 856 857 ERR_clear_error(); 858 if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) { 859 rv = (ssize_t)ssl_ret; 860 goto out; 861 } 862 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write"); 863 864 out: 865 /* Prevent callers from performing incorrect error handling */ 866 errno = 0; 867 return (rv); 868 } 869 870 int 871 tls_close(struct tls *ctx) 872 { 873 int ssl_ret; 874 int rv = 0; 875 876 tls_error_clear(&ctx->error); 877 878 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) { 879 tls_set_errorx(ctx, "invalid operation for context"); 880 rv = -1; 881 goto out; 882 } 883 884 if (ctx->state & TLS_SSL_NEEDS_SHUTDOWN) { 885 ERR_clear_error(); 886 ssl_ret = SSL_shutdown(ctx->ssl_conn); 887 if (ssl_ret < 0) { 888 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, 889 "shutdown"); 890 if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT) 891 goto out; 892 } 893 ctx->state &= ~TLS_SSL_NEEDS_SHUTDOWN; 894 } 895 896 if (ctx->socket != -1) { 897 if (shutdown(ctx->socket, SHUT_RDWR) != 0) { 898 if (rv == 0 && 899 errno != ENOTCONN && errno != ECONNRESET) { 900 tls_set_error(ctx, "shutdown"); 901 rv = -1; 902 } 903 } 904 if (close(ctx->socket) != 0) { 905 if (rv == 0) { 906 tls_set_error(ctx, "close"); 907 rv = -1; 908 } 909 } 910 ctx->socket = -1; 911 } 912 913 if ((ctx->state & TLS_EOF_NO_CLOSE_NOTIFY) != 0) { 914 tls_set_errorx(ctx, "EOF without close notify"); 915 rv = -1; 916 } 917 918 out: 919 /* Prevent callers from performing incorrect error handling */ 920 errno = 0; 921 return (rv); 922 } 923