1 /* $OpenBSD: tls.c,v 1.40 2016/07/06 16:16:36 jsing Exp $ */
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include <sys/socket.h>
25 #include <openssl/bio.h>
26 #include <openssl/err.h>
27 #include <openssl/evp.h>
28 #include <openssl/pem.h>
29 #include <openssl/x509.h>
32 #include "tls_internal.h"
34 static struct tls_config
*tls_config_default
;
39 static int tls_initialised
= 0;
44 SSL_load_error_strings();
47 if (BIO_sock_init() != 1)
50 if ((tls_config_default
= tls_config_new()) == NULL
)
59 tls_error(struct tls
*ctx
)
61 return ctx
->error
.msg
;
65 tls_error_vset(struct tls_error
*error
, int errnum
, const char *fmt
, va_list ap
)
74 if (vasprintf(&errmsg
, fmt
, ap
) == -1) {
84 if (asprintf(&error
->msg
, "%s: %s", errmsg
, strerror(errnum
)) == -1) {
97 tls_error_set(struct tls_error
*error
, const char *fmt
, ...)
105 rv
= tls_error_vset(error
, errnum
, fmt
, ap
);
112 tls_error_setx(struct tls_error
*error
, const char *fmt
, ...)
118 rv
= tls_error_vset(error
, -1, fmt
, ap
);
125 tls_config_set_error(struct tls_config
*config
, const char *fmt
, ...)
133 rv
= tls_error_vset(&config
->error
, errnum
, fmt
, ap
);
140 tls_config_set_errorx(struct tls_config
*config
, const char *fmt
, ...)
146 rv
= tls_error_vset(&config
->error
, -1, fmt
, ap
);
153 tls_set_error(struct tls
*ctx
, const char *fmt
, ...)
161 rv
= tls_error_vset(&ctx
->error
, errnum
, fmt
, ap
);
168 tls_set_errorx(struct tls
*ctx
, const char *fmt
, ...)
174 rv
= tls_error_vset(&ctx
->error
, -1, fmt
, ap
);
185 if ((ctx
= calloc(1, sizeof(*ctx
))) == NULL
)
188 ctx
->config
= tls_config_default
;
196 tls_configure(struct tls
*ctx
, struct tls_config
*config
)
199 config
= tls_config_default
;
201 ctx
->config
= config
;
203 if ((ctx
->flags
& TLS_SERVER
) != 0)
204 return (tls_configure_server(ctx
));
210 tls_configure_keypair(struct tls
*ctx
, SSL_CTX
*ssl_ctx
,
211 struct tls_keypair
*keypair
, int required
)
213 EVP_PKEY
*pkey
= NULL
;
218 keypair
->cert_mem
== NULL
&&
219 keypair
->key_mem
== NULL
&&
220 keypair
->cert_file
== NULL
&&
221 keypair
->key_file
== NULL
)
224 if (keypair
->cert_mem
!= NULL
) {
225 if (keypair
->cert_len
> INT_MAX
) {
226 tls_set_errorx(ctx
, "certificate too long");
230 if (SSL_CTX_use_certificate_chain_mem(ssl_ctx
,
231 keypair
->cert_mem
, keypair
->cert_len
) != 1) {
232 tls_set_errorx(ctx
, "failed to load certificate");
237 if (keypair
->key_mem
!= NULL
) {
238 if (keypair
->key_len
> INT_MAX
) {
239 tls_set_errorx(ctx
, "key too long");
243 if ((bio
= BIO_new_mem_buf(keypair
->key_mem
,
244 keypair
->key_len
)) == NULL
) {
245 tls_set_errorx(ctx
, "failed to create buffer");
248 if ((pkey
= PEM_read_bio_PrivateKey(bio
, NULL
, NULL
,
250 tls_set_errorx(ctx
, "failed to read private key");
253 if (SSL_CTX_use_PrivateKey(ssl_ctx
, pkey
) != 1) {
254 tls_set_errorx(ctx
, "failed to load private key");
263 if (keypair
->cert_file
!= NULL
) {
264 if (SSL_CTX_use_certificate_chain_file(ssl_ctx
,
265 keypair
->cert_file
) != 1) {
266 tls_set_errorx(ctx
, "failed to load certificate file");
270 if (keypair
->key_file
!= NULL
) {
271 if (SSL_CTX_use_PrivateKey_file(ssl_ctx
,
272 keypair
->key_file
, SSL_FILETYPE_PEM
) != 1) {
273 tls_set_errorx(ctx
, "failed to load private key file");
278 if (SSL_CTX_check_private_key(ssl_ctx
) != 1) {
279 tls_set_errorx(ctx
, "private/public key mismatch");
294 tls_configure_ssl(struct tls
*ctx
)
296 SSL_CTX_set_mode(ctx
->ssl_ctx
, SSL_MODE_ENABLE_PARTIAL_WRITE
);
297 SSL_CTX_set_mode(ctx
->ssl_ctx
, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
);
299 SSL_CTX_set_options(ctx
->ssl_ctx
, SSL_OP_NO_SSLv2
);
300 SSL_CTX_set_options(ctx
->ssl_ctx
, SSL_OP_NO_SSLv3
);
302 SSL_CTX_clear_options(ctx
->ssl_ctx
, SSL_OP_NO_TLSv1
);
303 SSL_CTX_clear_options(ctx
->ssl_ctx
, SSL_OP_NO_TLSv1_1
);
304 SSL_CTX_clear_options(ctx
->ssl_ctx
, SSL_OP_NO_TLSv1_2
);
306 if ((ctx
->config
->protocols
& TLS_PROTOCOL_TLSv1_0
) == 0)
307 SSL_CTX_set_options(ctx
->ssl_ctx
, SSL_OP_NO_TLSv1
);
308 if ((ctx
->config
->protocols
& TLS_PROTOCOL_TLSv1_1
) == 0)
309 SSL_CTX_set_options(ctx
->ssl_ctx
, SSL_OP_NO_TLSv1_1
);
310 if ((ctx
->config
->protocols
& TLS_PROTOCOL_TLSv1_2
) == 0)
311 SSL_CTX_set_options(ctx
->ssl_ctx
, SSL_OP_NO_TLSv1_2
);
313 if (ctx
->config
->ciphers
!= NULL
) {
314 if (SSL_CTX_set_cipher_list(ctx
->ssl_ctx
,
315 ctx
->config
->ciphers
) != 1) {
316 tls_set_errorx(ctx
, "failed to set ciphers");
321 if (ctx
->config
->verify_time
== 0) {
322 X509_VERIFY_PARAM_set_flags(ctx
->ssl_ctx
->param
,
323 X509_V_FLAG_NO_CHECK_TIME
);
333 tls_configure_ssl_verify(struct tls
*ctx
, int verify
)
335 SSL_CTX_set_verify(ctx
->ssl_ctx
, verify
, NULL
);
337 if (ctx
->config
->ca_mem
!= NULL
) {
338 /* XXX do this in set. */
339 if (ctx
->config
->ca_len
> INT_MAX
) {
340 tls_set_errorx(ctx
, "ca too long");
343 if (SSL_CTX_load_verify_mem(ctx
->ssl_ctx
,
344 ctx
->config
->ca_mem
, ctx
->config
->ca_len
) != 1) {
345 tls_set_errorx(ctx
, "ssl verify memory setup failure");
348 } else if (SSL_CTX_load_verify_locations(ctx
->ssl_ctx
,
349 ctx
->config
->ca_file
, ctx
->config
->ca_path
) != 1) {
350 tls_set_errorx(ctx
, "ssl verify setup failure");
353 if (ctx
->config
->verify_depth
>= 0)
354 SSL_CTX_set_verify_depth(ctx
->ssl_ctx
,
355 ctx
->config
->verify_depth
);
364 tls_free(struct tls
*ctx
)
373 tls_reset(struct tls
*ctx
)
375 SSL_CTX_free(ctx
->ssl_ctx
);
376 SSL_free(ctx
->ssl_conn
);
377 X509_free(ctx
->ssl_peer_cert
);
379 ctx
->ssl_conn
= NULL
;
381 ctx
->ssl_peer_cert
= NULL
;
386 free(ctx
->servername
);
387 ctx
->servername
= NULL
;
389 free(ctx
->error
.msg
);
390 ctx
->error
.msg
= NULL
;
393 tls_free_conninfo(ctx
->conninfo
);
395 ctx
->conninfo
= NULL
;
399 tls_ssl_error(struct tls
*ctx
, SSL
*ssl_conn
, int ssl_ret
, const char *prefix
)
401 const char *errstr
= "unknown error";
405 ssl_err
= SSL_get_error(ssl_conn
, ssl_ret
);
408 case SSL_ERROR_ZERO_RETURN
:
411 case SSL_ERROR_WANT_READ
:
412 return (TLS_WANT_POLLIN
);
414 case SSL_ERROR_WANT_WRITE
:
415 return (TLS_WANT_POLLOUT
);
417 case SSL_ERROR_SYSCALL
:
418 if ((err
= ERR_peek_error()) != 0) {
419 errstr
= ERR_error_string(err
, NULL
);
420 } else if (ssl_ret
== 0) {
421 if ((ctx
->state
& TLS_HANDSHAKE_COMPLETE
) != 0) {
422 ctx
->state
|= TLS_EOF_NO_CLOSE_NOTIFY
;
425 errstr
= "unexpected EOF";
426 } else if (ssl_ret
== -1) {
427 errstr
= strerror(errno
);
429 tls_set_errorx(ctx
, "%s failed: %s", prefix
, errstr
);
433 if ((err
= ERR_peek_error()) != 0) {
434 errstr
= ERR_error_string(err
, NULL
);
436 tls_set_errorx(ctx
, "%s failed: %s", prefix
, errstr
);
439 case SSL_ERROR_WANT_CONNECT
:
440 case SSL_ERROR_WANT_ACCEPT
:
441 case SSL_ERROR_WANT_X509_LOOKUP
:
443 tls_set_errorx(ctx
, "%s failed (%i)", prefix
, ssl_err
);
449 tls_handshake(struct tls
*ctx
)
453 if ((ctx
->flags
& (TLS_CLIENT
| TLS_SERVER_CONN
)) == 0) {
454 tls_set_errorx(ctx
, "invalid operation for context");
458 if (ctx
->conninfo
== NULL
&&
459 (ctx
->conninfo
= calloc(1, sizeof(*ctx
->conninfo
))) == NULL
)
462 if ((ctx
->flags
& TLS_CLIENT
) != 0)
463 rv
= tls_handshake_client(ctx
);
464 else if ((ctx
->flags
& TLS_SERVER_CONN
) != 0)
465 rv
= tls_handshake_server(ctx
);
468 ctx
->ssl_peer_cert
= SSL_get_peer_certificate(ctx
->ssl_conn
);
469 if (tls_get_conninfo(ctx
) == -1)
473 /* Prevent callers from performing incorrect error handling */
479 tls_read(struct tls
*ctx
, void *buf
, size_t buflen
)
484 if ((ctx
->state
& TLS_HANDSHAKE_COMPLETE
) == 0) {
485 if ((rv
= tls_handshake(ctx
)) != 0)
489 if (buflen
> INT_MAX
) {
490 tls_set_errorx(ctx
, "buflen too long");
495 if ((ssl_ret
= SSL_read(ctx
->ssl_conn
, buf
, buflen
)) > 0) {
496 rv
= (ssize_t
)ssl_ret
;
499 rv
= (ssize_t
)tls_ssl_error(ctx
, ctx
->ssl_conn
, ssl_ret
, "read");
502 /* Prevent callers from performing incorrect error handling */
508 tls_write(struct tls
*ctx
, const void *buf
, size_t buflen
)
513 if ((ctx
->state
& TLS_HANDSHAKE_COMPLETE
) == 0) {
514 if ((rv
= tls_handshake(ctx
)) != 0)
518 if (buflen
> INT_MAX
) {
519 tls_set_errorx(ctx
, "buflen too long");
524 if ((ssl_ret
= SSL_write(ctx
->ssl_conn
, buf
, buflen
)) > 0) {
525 rv
= (ssize_t
)ssl_ret
;
528 rv
= (ssize_t
)tls_ssl_error(ctx
, ctx
->ssl_conn
, ssl_ret
, "write");
531 /* Prevent callers from performing incorrect error handling */
537 tls_close(struct tls
*ctx
)
542 if ((ctx
->flags
& (TLS_CLIENT
| TLS_SERVER_CONN
)) == 0) {
543 tls_set_errorx(ctx
, "invalid operation for context");
548 if (ctx
->ssl_conn
!= NULL
) {
550 ssl_ret
= SSL_shutdown(ctx
->ssl_conn
);
552 rv
= tls_ssl_error(ctx
, ctx
->ssl_conn
, ssl_ret
,
554 if (rv
== TLS_WANT_POLLIN
|| rv
== TLS_WANT_POLLOUT
)
559 if (ctx
->socket
!= -1) {
560 if (shutdown(ctx
->socket
, SHUT_RDWR
) != 0) {
562 errno
!= ENOTCONN
&& errno
!= ECONNRESET
) {
563 tls_set_error(ctx
, "shutdown");
567 if (close(ctx
->socket
) != 0) {
569 tls_set_error(ctx
, "close");
576 if ((ctx
->state
& TLS_EOF_NO_CLOSE_NOTIFY
) != 0) {
577 tls_set_errorx(ctx
, "EOF without close notify");
582 /* Prevent callers from performing incorrect error handling */