1/* $OpenBSD: tls.c,v 1.104 2024/04/08 20:47:32 tb Exp $ */ 2/* 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18#include <sys/socket.h> 19 20#include <errno.h> 21#include <limits.h> 22#include <pthread.h> 23#include <stdlib.h> 24#include <string.h> 25#include <unistd.h> 26 27#include <openssl/bio.h> 28#include <openssl/err.h> 29#include <openssl/evp.h> 30#include <openssl/pem.h> 31#include <openssl/safestack.h> 32#include <openssl/ssl.h> 33#include <openssl/x509.h> 34 35#include <tls.h> 36#include "tls_internal.h" 37 38static struct tls_config *tls_config_default; 39 40static int tls_init_rv = -1; 41 42static void 43tls_do_init(void) 44{ 45 OPENSSL_init_ssl(OPENSSL_INIT_NO_LOAD_CONFIG, NULL); 46 47 if (BIO_sock_init() != 1) 48 return; 49 50 if ((tls_config_default = tls_config_new_internal()) == NULL) 51 return; 52 53 tls_config_default->refcount++; 54 55 tls_init_rv = 0; 56} 57 58int 59tls_init(void) 60{ 61 static pthread_once_t once = PTHREAD_ONCE_INIT; 62 63 if (pthread_once(&once, tls_do_init) != 0) 64 return -1; 65 66 return tls_init_rv; 67} 68 69const char * 70tls_error(struct tls *ctx) 71{ 72 return ctx->error.msg; 73} 74 75int 76tls_error_code(struct tls *ctx) 77{ 78 return ctx->error.code; 79} 80 81void 82tls_error_clear(struct tls_error *error) 83{ 84 free(error->msg); 85 error->msg = NULL; 86 error->code = TLS_ERROR_UNKNOWN; 87 error->errno_value = 0; 88 error->tls = 0; 89} 90 91static int 92tls_error_vset(struct tls_error *error, int code, int errno_value, 93 const char *fmt, va_list ap) 94{ 95 char *errmsg = NULL; 96 int rv = -1; 97 98 tls_error_clear(error); 99 100 error->code = code; 101 error->errno_value = errno_value; 102 error->tls = 1; 103 104 if (vasprintf(&errmsg, fmt, ap) == -1) { 105 errmsg = NULL; 106 goto err; 107 } 108 109 if (errno_value == -1) { 110 error->msg = errmsg; 111 return (0); 112 } 113 114 if (asprintf(&error->msg, "%s: %s", errmsg, strerror(errno_value)) == -1) { 115 error->msg = NULL; 116 goto err; 117 } 118 rv = 0; 119 120 err: 121 free(errmsg); 122 123 return (rv); 124} 125 126int 127tls_error_set(struct tls_error *error, int code, const char *fmt, ...) 128{ 129 va_list ap; 130 int errno_value, rv; 131 132 errno_value = errno; 133 134 va_start(ap, fmt); 135 rv = tls_error_vset(error, code, errno_value, fmt, ap); 136 va_end(ap); 137 138 return (rv); 139} 140 141int 142tls_error_setx(struct tls_error *error, int code, const char *fmt, ...) 143{ 144 va_list ap; 145 int rv; 146 147 va_start(ap, fmt); 148 rv = tls_error_vset(error, code, -1, fmt, ap); 149 va_end(ap); 150 151 return (rv); 152} 153 154int 155tls_config_set_error(struct tls_config *config, int code, const char *fmt, ...) 156{ 157 va_list ap; 158 int errno_value, rv; 159 160 errno_value = errno; 161 162 va_start(ap, fmt); 163 rv = tls_error_vset(&config->error, code, errno_value, fmt, ap); 164 va_end(ap); 165 166 return (rv); 167} 168 169int 170tls_config_set_errorx(struct tls_config *config, int code, const char *fmt, ...) 171{ 172 va_list ap; 173 int rv; 174 175 va_start(ap, fmt); 176 rv = tls_error_vset(&config->error, code, -1, fmt, ap); 177 va_end(ap); 178 179 return (rv); 180} 181 182int 183tls_set_error(struct tls *ctx, int code, const char *fmt, ...) 184{ 185 va_list ap; 186 int errno_value, rv; 187 188 errno_value = errno; 189 190 va_start(ap, fmt); 191 rv = tls_error_vset(&ctx->error, code, errno_value, fmt, ap); 192 va_end(ap); 193 194 return (rv); 195} 196 197int 198tls_set_errorx(struct tls *ctx, int code, const char *fmt, ...) 199{ 200 va_list ap; 201 int rv; 202 203 va_start(ap, fmt); 204 rv = tls_error_vset(&ctx->error, code, -1, fmt, ap); 205 va_end(ap); 206 207 return (rv); 208} 209 210int 211tls_set_ssl_errorx(struct tls *ctx, int code, const char *fmt, ...) 212{ 213 va_list ap; 214 int rv; 215 216 /* Only set an error if a more specific one does not already exist. */ 217 if (ctx->error.tls != 0) 218 return (0); 219 220 va_start(ap, fmt); 221 rv = tls_error_vset(&ctx->error, code, -1, fmt, ap); 222 va_end(ap); 223 224 return (rv); 225} 226 227struct tls_sni_ctx * 228tls_sni_ctx_new(void) 229{ 230 return (calloc(1, sizeof(struct tls_sni_ctx))); 231} 232 233void 234tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx) 235{ 236 if (sni_ctx == NULL) 237 return; 238 239 SSL_CTX_free(sni_ctx->ssl_ctx); 240 X509_free(sni_ctx->ssl_cert); 241 242 free(sni_ctx); 243} 244 245struct tls * 246tls_new(void) 247{ 248 struct tls *ctx; 249 250 if ((ctx = calloc(1, sizeof(*ctx))) == NULL) 251 return (NULL); 252 253 tls_reset(ctx); 254 255 if (tls_configure(ctx, tls_config_default) == -1) { 256 free(ctx); 257 return NULL; 258 } 259 260 return (ctx); 261} 262 263int 264tls_configure(struct tls *ctx, struct tls_config *config) 265{ 266 if (config == NULL) 267 config = tls_config_default; 268 269 pthread_mutex_lock(&config->mutex); 270 config->refcount++; 271 pthread_mutex_unlock(&config->mutex); 272 273 tls_config_free(ctx->config); 274 275 ctx->config = config; 276 ctx->keypair = config->keypair; 277 278 if ((ctx->flags & TLS_SERVER) != 0) 279 return (tls_configure_server(ctx)); 280 281 return (0); 282} 283 284int 285tls_cert_hash(X509 *cert, char **hash) 286{ 287 char d[EVP_MAX_MD_SIZE], *dhex = NULL; 288 int dlen, rv = -1; 289 290 free(*hash); 291 *hash = NULL; 292 293 if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1) 294 goto err; 295 296 if (tls_hex_string(d, dlen, &dhex, NULL) != 0) 297 goto err; 298 299 if (asprintf(hash, "SHA256:%s", dhex) == -1) { 300 *hash = NULL; 301 goto err; 302 } 303 304 rv = 0; 305 err: 306 free(dhex); 307 308 return (rv); 309} 310 311int 312tls_cert_pubkey_hash(X509 *cert, char **hash) 313{ 314 char d[EVP_MAX_MD_SIZE], *dhex = NULL; 315 int dlen, rv = -1; 316 317 free(*hash); 318 *hash = NULL; 319 320 if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1) 321 goto err; 322 323 if (tls_hex_string(d, dlen, &dhex, NULL) != 0) 324 goto err; 325 326 if (asprintf(hash, "SHA256:%s", dhex) == -1) { 327 *hash = NULL; 328 goto err; 329 } 330 331 rv = 0; 332 333 err: 334 free(dhex); 335 336 return (rv); 337} 338 339static int 340tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pkey) 341{ 342 BIO *bio = NULL; 343 X509 *x509 = NULL; 344 char *mem; 345 size_t len; 346 int ret = -1; 347 348 *pkey = NULL; 349 350 if (ctx->config->use_fake_private_key) { 351 mem = keypair->cert_mem; 352 len = keypair->cert_len; 353 } else { 354 mem = keypair->key_mem; 355 len = keypair->key_len; 356 } 357 358 if (mem == NULL) 359 return (0); 360 361 if (len > INT_MAX) { 362 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, 363 ctx->config->use_fake_private_key ? 364 "certificate too long" : "key too long"); 365 goto err; 366 } 367 368 if ((bio = BIO_new_mem_buf(mem, len)) == NULL) { 369 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "failed to create buffer"); 370 goto err; 371 } 372 373 if (ctx->config->use_fake_private_key) { 374 if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb, 375 NULL)) == NULL) { 376 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 377 "failed to read X509 certificate"); 378 goto err; 379 } 380 if ((*pkey = X509_get_pubkey(x509)) == NULL) { 381 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 382 "failed to retrieve pubkey"); 383 goto err; 384 } 385 } else { 386 if ((*pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb, 387 NULL)) == NULL) { 388 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 389 "failed to read private key"); 390 goto err; 391 } 392 } 393 394 ret = 0; 395 err: 396 BIO_free(bio); 397 X509_free(x509); 398 return (ret); 399} 400 401static int 402tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey) 403{ 404 RSA_METHOD *rsa_method; 405 EC_KEY_METHOD *ecdsa_method; 406 RSA *rsa = NULL; 407 EC_KEY *eckey = NULL; 408 int ret = -1; 409 410 /* Only install the pubkey hash if fake private keys are used. */ 411 if (!ctx->config->skip_private_key_check) 412 return (0); 413 414 if (keypair->pubkey_hash == NULL) { 415 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "public key hash not set"); 416 goto err; 417 } 418 419 switch (EVP_PKEY_id(pkey)) { 420 case EVP_PKEY_RSA: 421 if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL || 422 RSA_set_ex_data(rsa, 0, keypair->pubkey_hash) == 0) { 423 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 424 "RSA key setup failure"); 425 goto err; 426 } 427 if (ctx->config->sign_cb != NULL) { 428 rsa_method = tls_signer_rsa_method(); 429 if (rsa_method == NULL || 430 RSA_set_ex_data(rsa, 1, ctx->config) == 0 || 431 RSA_set_method(rsa, rsa_method) == 0) { 432 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 433 "failed to setup RSA key"); 434 goto err; 435 } 436 } 437 /* Reset the key to work around caching in OpenSSL 3. */ 438 if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) { 439 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 440 "failed to set RSA key"); 441 goto err; 442 } 443 break; 444 case EVP_PKEY_EC: 445 if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL || 446 EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) { 447 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 448 "EC key setup failure"); 449 goto err; 450 } 451 if (ctx->config->sign_cb != NULL) { 452 ecdsa_method = tls_signer_ecdsa_method(); 453 if (ecdsa_method == NULL || 454 EC_KEY_set_ex_data(eckey, 1, ctx->config) == 0 || 455 EC_KEY_set_method(eckey, ecdsa_method) == 0) { 456 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 457 "failed to setup EC key"); 458 goto err; 459 } 460 } 461 /* Reset the key to work around caching in OpenSSL 3. */ 462 if (EVP_PKEY_set1_EC_KEY(pkey, eckey) == 0) { 463 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 464 "failed to set EC key"); 465 goto err; 466 } 467 break; 468 default: 469 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "incorrect key type"); 470 goto err; 471 } 472 473 ret = 0; 474 475 err: 476 RSA_free(rsa); 477 EC_KEY_free(eckey); 478 return (ret); 479} 480 481int 482tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, 483 struct tls_keypair *keypair, int required) 484{ 485 EVP_PKEY *pkey = NULL; 486 487 if (!required && 488 keypair->cert_mem == NULL && 489 keypair->key_mem == NULL) 490 return(0); 491 492 if (keypair->cert_mem != NULL) { 493 if (keypair->cert_len > INT_MAX) { 494 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, 495 "certificate too long"); 496 goto err; 497 } 498 499 if (SSL_CTX_use_certificate_chain_mem(ssl_ctx, 500 keypair->cert_mem, keypair->cert_len) != 1) { 501 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 502 "failed to load certificate"); 503 goto err; 504 } 505 } 506 507 if (tls_keypair_to_pkey(ctx, keypair, &pkey) == -1) 508 goto err; 509 if (pkey != NULL) { 510 if (tls_keypair_setup_pkey(ctx, keypair, pkey) == -1) 511 goto err; 512 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) { 513 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 514 "failed to load private key"); 515 goto err; 516 } 517 EVP_PKEY_free(pkey); 518 pkey = NULL; 519 } 520 521 if (!ctx->config->skip_private_key_check && 522 SSL_CTX_check_private_key(ssl_ctx) != 1) { 523 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 524 "private/public key mismatch"); 525 goto err; 526 } 527 528 return (0); 529 530 err: 531 EVP_PKEY_free(pkey); 532 533 return (-1); 534} 535 536int 537tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx) 538{ 539 SSL_CTX_clear_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); 540 541 SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); 542 SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); 543 544 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2); 545 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3); 546 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1); 547 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1); 548 549 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2); 550 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_3); 551 552 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0) 553 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2); 554 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_3) == 0) 555 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3); 556 557 if (ctx->config->alpn != NULL) { 558 if (SSL_CTX_set_alpn_protos(ssl_ctx, ctx->config->alpn, 559 ctx->config->alpn_len) != 0) { 560 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 561 "failed to set alpn"); 562 goto err; 563 } 564 } 565 566 if (ctx->config->ciphers != NULL) { 567 if (SSL_CTX_set_cipher_list(ssl_ctx, 568 ctx->config->ciphers) != 1) { 569 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 570 "failed to set ciphers"); 571 goto err; 572 } 573 } 574 575 if (ctx->config->verify_time == 0) { 576 X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(ssl_ctx), 577 X509_V_FLAG_NO_CHECK_TIME); 578 } 579 580 /* Disable any form of session caching by default */ 581 SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF); 582 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET); 583 584 return (0); 585 586 err: 587 return (-1); 588} 589 590static int 591tls_ssl_cert_verify_cb(X509_STORE_CTX *x509_ctx, void *arg) 592{ 593 struct tls *ctx = arg; 594 int x509_err; 595 596 if (ctx->config->verify_cert == 0) 597 return (1); 598 599 if ((X509_verify_cert(x509_ctx)) < 0) { 600 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 601 "X509 verify cert failed"); 602 return (0); 603 } 604 605 x509_err = X509_STORE_CTX_get_error(x509_ctx); 606 if (x509_err == X509_V_OK) 607 return (1); 608 609 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 610 "certificate verification failed: %s", 611 X509_verify_cert_error_string(x509_err)); 612 613 return (0); 614} 615 616int 617tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) 618{ 619 size_t ca_len = ctx->config->ca_len; 620 char *ca_mem = ctx->config->ca_mem; 621 char *crl_mem = ctx->config->crl_mem; 622 size_t crl_len = ctx->config->crl_len; 623 char *ca_free = NULL; 624 STACK_OF(X509_INFO) *xis = NULL; 625 X509_STORE *store; 626 X509_INFO *xi; 627 BIO *bio = NULL; 628 int rv = -1; 629 int i; 630 631 SSL_CTX_set_verify(ssl_ctx, verify, NULL); 632 SSL_CTX_set_cert_verify_callback(ssl_ctx, tls_ssl_cert_verify_cb, ctx); 633 634 if (ctx->config->verify_depth >= 0) 635 SSL_CTX_set_verify_depth(ssl_ctx, ctx->config->verify_depth); 636 637 if (ctx->config->verify_cert == 0) 638 goto done; 639 640 /* If no CA has been specified, attempt to load the default. */ 641 if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) { 642 if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(), 643 &ca_mem, &ca_len) != 0) 644 goto err; 645 ca_free = ca_mem; 646 } 647 648 if (ca_mem != NULL) { 649 if (ca_len > INT_MAX) { 650 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, 651 "ca too long"); 652 goto err; 653 } 654 if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) { 655 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 656 "ssl verify memory setup failure"); 657 goto err; 658 } 659 } else if (SSL_CTX_load_verify_locations(ssl_ctx, NULL, 660 ctx->config->ca_path) != 1) { 661 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 662 "ssl verify locations failure"); 663 goto err; 664 } 665 666 if (crl_mem != NULL) { 667 if (crl_len > INT_MAX) { 668 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, 669 "crl too long"); 670 goto err; 671 } 672 if ((bio = BIO_new_mem_buf(crl_mem, crl_len)) == NULL) { 673 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 674 "failed to create buffer"); 675 goto err; 676 } 677 if ((xis = PEM_X509_INFO_read_bio(bio, NULL, tls_password_cb, 678 NULL)) == NULL) { 679 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 680 "failed to parse crl"); 681 goto err; 682 } 683 store = SSL_CTX_get_cert_store(ssl_ctx); 684 for (i = 0; i < sk_X509_INFO_num(xis); i++) { 685 xi = sk_X509_INFO_value(xis, i); 686 if (xi->crl == NULL) 687 continue; 688 if (!X509_STORE_add_crl(store, xi->crl)) { 689 tls_set_error(ctx, TLS_ERROR_UNKNOWN, 690 "failed to add crl"); 691 goto err; 692 } 693 } 694 X509_STORE_set_flags(store, 695 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); 696 } 697 698 done: 699 rv = 0; 700 701 err: 702 sk_X509_INFO_pop_free(xis, X509_INFO_free); 703 BIO_free(bio); 704 free(ca_free); 705 706 return (rv); 707} 708 709void 710tls_free(struct tls *ctx) 711{ 712 if (ctx == NULL) 713 return; 714 715 tls_reset(ctx); 716 717 free(ctx); 718} 719 720void 721tls_reset(struct tls *ctx) 722{ 723 struct tls_sni_ctx *sni, *nsni; 724 725 tls_config_free(ctx->config); 726 ctx->config = NULL; 727 728 SSL_CTX_free(ctx->ssl_ctx); 729 SSL_free(ctx->ssl_conn); 730 X509_free(ctx->ssl_peer_cert); 731 732 ctx->ssl_conn = NULL; 733 ctx->ssl_ctx = NULL; 734 ctx->ssl_peer_cert = NULL; 735 /* X509 objects in chain are freed with the SSL */ 736 ctx->ssl_peer_chain = NULL; 737 738 ctx->socket = -1; 739 ctx->state = 0; 740 741 free(ctx->servername); 742 ctx->servername = NULL; 743 744 free(ctx->error.msg); 745 ctx->error.msg = NULL; 746 ctx->error.errno_value = -1; 747 748 tls_conninfo_free(ctx->conninfo); 749 ctx->conninfo = NULL; 750 751 tls_ocsp_free(ctx->ocsp); 752 ctx->ocsp = NULL; 753 754 for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) { 755 nsni = sni->next; 756 tls_sni_ctx_free(sni); 757 } 758 ctx->sni_ctx = NULL; 759 760 ctx->read_cb = NULL; 761 ctx->write_cb = NULL; 762 ctx->cb_arg = NULL; 763} 764 765int 766tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix) 767{ 768 const char *errstr = "unknown error"; 769 unsigned long err; 770 int ssl_err; 771 772 ssl_err = SSL_get_error(ssl_conn, ssl_ret); 773 switch (ssl_err) { 774 case SSL_ERROR_NONE: 775 case SSL_ERROR_ZERO_RETURN: 776 return (0); 777 778 case SSL_ERROR_WANT_READ: 779 return (TLS_WANT_POLLIN); 780 781 case SSL_ERROR_WANT_WRITE: 782 return (TLS_WANT_POLLOUT); 783 784 case SSL_ERROR_SYSCALL: 785 if ((err = ERR_peek_error()) != 0) { 786 errstr = ERR_error_string(err, NULL); 787 } else if (ssl_ret == 0) { 788 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) { 789 ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY; 790 return (0); 791 } 792 errstr = "unexpected EOF"; 793 } else if (ssl_ret == -1) { 794 errstr = strerror(errno); 795 } 796 tls_set_ssl_errorx(ctx, TLS_ERROR_UNKNOWN, 797 "%s failed: %s", prefix, errstr); 798 return (-1); 799 800 case SSL_ERROR_SSL: 801 if ((err = ERR_peek_error()) != 0) { 802 errstr = ERR_error_string(err, NULL); 803 } 804 tls_set_ssl_errorx(ctx, TLS_ERROR_UNKNOWN, 805 "%s failed: %s", prefix, errstr); 806 return (-1); 807 808 case SSL_ERROR_WANT_CONNECT: 809 case SSL_ERROR_WANT_ACCEPT: 810 case SSL_ERROR_WANT_X509_LOOKUP: 811 default: 812 tls_set_ssl_errorx(ctx, TLS_ERROR_UNKNOWN, 813 "%s failed (%d)", prefix, ssl_err); 814 return (-1); 815 } 816} 817 818int 819tls_handshake(struct tls *ctx) 820{ 821 int rv = -1; 822 823 tls_error_clear(&ctx->error); 824 825 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) { 826 tls_set_errorx(ctx, TLS_ERROR_INVALID_CONTEXT, 827 "invalid operation for context"); 828 goto out; 829 } 830 831 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) { 832 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 833 "handshake already completed"); 834 goto out; 835 } 836 837 if ((ctx->flags & TLS_CLIENT) != 0) 838 rv = tls_handshake_client(ctx); 839 else if ((ctx->flags & TLS_SERVER_CONN) != 0) 840 rv = tls_handshake_server(ctx); 841 842 if (rv == 0) { 843 ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn); 844 ctx->ssl_peer_chain = SSL_get_peer_cert_chain(ctx->ssl_conn); 845 if (tls_conninfo_populate(ctx) == -1) 846 rv = -1; 847 if (ctx->ocsp == NULL) 848 ctx->ocsp = tls_ocsp_setup_from_peer(ctx); 849 } 850 out: 851 /* Prevent callers from performing incorrect error handling */ 852 errno = 0; 853 return (rv); 854} 855 856ssize_t 857tls_read(struct tls *ctx, void *buf, size_t buflen) 858{ 859 ssize_t rv = -1; 860 int ssl_ret; 861 862 tls_error_clear(&ctx->error); 863 864 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) { 865 if ((rv = tls_handshake(ctx)) != 0) 866 goto out; 867 } 868 869 if (buflen > INT_MAX) { 870 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, 871 "buflen too long"); 872 goto out; 873 } 874 875 ERR_clear_error(); 876 if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) { 877 rv = (ssize_t)ssl_ret; 878 goto out; 879 } 880 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read"); 881 882 out: 883 /* Prevent callers from performing incorrect error handling */ 884 errno = 0; 885 return (rv); 886} 887 888ssize_t 889tls_write(struct tls *ctx, const void *buf, size_t buflen) 890{ 891 ssize_t rv = -1; 892 int ssl_ret; 893 894 tls_error_clear(&ctx->error); 895 896 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) { 897 if ((rv = tls_handshake(ctx)) != 0) 898 goto out; 899 } 900 901 if (buflen > INT_MAX) { 902 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, 903 "buflen too long"); 904 goto out; 905 } 906 907 ERR_clear_error(); 908 if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) { 909 rv = (ssize_t)ssl_ret; 910 goto out; 911 } 912 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write"); 913 914 out: 915 /* Prevent callers from performing incorrect error handling */ 916 errno = 0; 917 return (rv); 918} 919 920int 921tls_close(struct tls *ctx) 922{ 923 int ssl_ret; 924 int rv = 0; 925 926 tls_error_clear(&ctx->error); 927 928 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) { 929 tls_set_errorx(ctx, TLS_ERROR_INVALID_CONTEXT, 930 "invalid operation for context"); 931 rv = -1; 932 goto out; 933 } 934 935 if (ctx->state & TLS_SSL_NEEDS_SHUTDOWN) { 936 ERR_clear_error(); 937 ssl_ret = SSL_shutdown(ctx->ssl_conn); 938 if (ssl_ret < 0) { 939 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, 940 "shutdown"); 941 if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT) 942 goto out; 943 } 944 ctx->state &= ~TLS_SSL_NEEDS_SHUTDOWN; 945 } 946 947 if (ctx->socket != -1) { 948 if (shutdown(ctx->socket, SHUT_RDWR) != 0) { 949 if (rv == 0 && 950 errno != ENOTCONN && errno != ECONNRESET) { 951 tls_set_error(ctx, TLS_ERROR_UNKNOWN, "shutdown"); 952 rv = -1; 953 } 954 } 955 if (close(ctx->socket) != 0) { 956 if (rv == 0) { 957 tls_set_error(ctx, TLS_ERROR_UNKNOWN, "close"); 958 rv = -1; 959 } 960 } 961 ctx->socket = -1; 962 } 963 964 if ((ctx->state & TLS_EOF_NO_CLOSE_NOTIFY) != 0) { 965 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "EOF without close notify"); 966 rv = -1; 967 } 968 969 out: 970 /* Prevent callers from performing incorrect error handling */ 971 errno = 0; 972 return (rv); 973} 974