1 /* $OpenBSD: tls_config.c,v 1.36 2017/01/31 16:18:57 beck Exp $ */
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
27 #include "tls_internal.h"
30 set_string(const char **dest
, const char *src
)
35 if ((*dest
= strdup(src
)) == NULL
)
41 memdup(const void *in
, size_t len
)
45 if ((out
= malloc(len
)) == NULL
)
52 set_mem(char **dest
, size_t *destlen
, const void *src
, size_t srclen
)
58 if ((*dest
= memdup(src
, srclen
)) == NULL
)
64 static struct tls_keypair
*
67 return calloc(1, sizeof(struct tls_keypair
));
71 tls_keypair_set_cert_file(struct tls_keypair
*keypair
, struct tls_error
*error
,
72 const char *cert_file
)
74 return tls_config_load_file(error
, "certificate", cert_file
,
75 &keypair
->cert_mem
, &keypair
->cert_len
);
79 tls_keypair_set_cert_mem(struct tls_keypair
*keypair
, const uint8_t *cert
,
82 return set_mem(&keypair
->cert_mem
, &keypair
->cert_len
, cert
, len
);
86 tls_keypair_set_key_file(struct tls_keypair
*keypair
, struct tls_error
*error
,
89 if (keypair
->key_mem
!= NULL
)
90 explicit_bzero(keypair
->key_mem
, keypair
->key_len
);
91 return tls_config_load_file(error
, "key", key_file
,
92 &keypair
->key_mem
, &keypair
->key_len
);
96 tls_keypair_set_key_mem(struct tls_keypair
*keypair
, const uint8_t *key
,
99 if (keypair
->key_mem
!= NULL
)
100 explicit_bzero(keypair
->key_mem
, keypair
->key_len
);
101 return set_mem(&keypair
->key_mem
, &keypair
->key_len
, key
, len
);
105 tls_keypair_set_ocsp_staple_file(struct tls_keypair
*keypair
,
106 struct tls_error
*error
, const char *ocsp_file
)
108 return tls_config_load_file(error
, "ocsp", ocsp_file
,
109 &keypair
->ocsp_staple
, &keypair
->ocsp_staple_len
);
113 tls_keypair_set_ocsp_staple_mem(struct tls_keypair
*keypair
,
114 const uint8_t *staple
, size_t len
)
116 return set_mem(&keypair
->ocsp_staple
, &keypair
->ocsp_staple_len
, staple
,
121 tls_keypair_clear(struct tls_keypair
*keypair
)
123 tls_keypair_set_cert_mem(keypair
, NULL
, 0);
124 tls_keypair_set_key_mem(keypair
, NULL
, 0);
128 tls_keypair_free(struct tls_keypair
*keypair
)
133 tls_keypair_clear(keypair
);
135 free(keypair
->cert_mem
);
136 free(keypair
->key_mem
);
137 free(keypair
->ocsp_staple
);
143 tls_config_load_file(struct tls_error
*error
, const char *filetype
,
144 const char *filename
, char **buf
, size_t *len
)
154 if ((fd
= open(filename
, O_RDONLY
)) == -1) {
155 tls_error_set(error
, "failed to open %s file '%s'",
159 if (fstat(fd
, &st
) != 0) {
160 tls_error_set(error
, "failed to stat %s file '%s'",
166 *len
= (size_t)st
.st_size
;
167 if ((*buf
= malloc(*len
)) == NULL
) {
168 tls_error_set(error
, "failed to allocate buffer for "
169 "%s file", filetype
);
172 n
= read(fd
, *buf
, *len
);
173 if (n
< 0 || (size_t)n
!= *len
) {
174 tls_error_set(error
, "failed to read %s file '%s'",
185 explicit_bzero(*buf
, *len
);
196 struct tls_config
*config
;
197 unsigned char sid
[TLS_MAX_SESSION_ID_LENGTH
];
199 if ((config
= calloc(1, sizeof(*config
))) == NULL
)
202 if ((config
->keypair
= tls_keypair_new()) == NULL
)
206 * Default configuration.
208 if (tls_config_set_dheparams(config
, "none") != 0)
210 if (tls_config_set_ecdhecurve(config
, "auto") != 0)
212 if (tls_config_set_ciphers(config
, "secure") != 0)
215 if (tls_config_set_protocols(config
, TLS_PROTOCOLS_DEFAULT
) != 0)
217 if (tls_config_set_verify_depth(config
, 6) != 0)
221 * Set session ID context to a random value. For the simple case
222 * of a single process server this is good enough. For multiprocess
223 * servers the session ID needs to be set by the caller.
225 arc4random_buf(sid
, sizeof(sid
));
226 if (tls_config_set_session_id(config
, sid
, sizeof(sid
)) != 0)
228 config
->ticket_keyrev
= arc4random();
229 config
->ticket_autorekey
= 1;
231 tls_config_prefer_ciphers_server(config
);
233 tls_config_verify(config
);
238 tls_config_free(config
);
243 tls_config_free(struct tls_config
*config
)
245 struct tls_keypair
*kp
, *nkp
;
250 for (kp
= config
->keypair
; kp
!= NULL
; kp
= nkp
) {
252 tls_keypair_free(kp
);
255 free(config
->error
.msg
);
258 free((char *)config
->ca_mem
);
259 free((char *)config
->ca_path
);
260 free((char *)config
->ciphers
);
266 tls_config_keypair_add(struct tls_config
*config
, struct tls_keypair
*keypair
)
268 struct tls_keypair
*kp
;
270 kp
= config
->keypair
;
271 while (kp
->next
!= NULL
)
278 tls_config_error(struct tls_config
*config
)
280 return config
->error
.msg
;
284 tls_config_clear_keys(struct tls_config
*config
)
286 struct tls_keypair
*kp
;
288 for (kp
= config
->keypair
; kp
!= NULL
; kp
= kp
->next
)
289 tls_keypair_clear(kp
);
291 tls_config_set_ca_mem(config
, NULL
, 0);
295 tls_config_parse_protocols(uint32_t *protocols
, const char *protostr
)
297 uint32_t proto
, protos
= 0;
301 if ((s
= strdup(protostr
)) == NULL
)
305 while ((p
= strsep(&q
, ",:")) != NULL
) {
306 while (*p
== ' ' || *p
== '\t')
315 if (negate
&& protos
== 0)
316 protos
= TLS_PROTOCOLS_ALL
;
319 if (strcasecmp(p
, "all") == 0 ||
320 strcasecmp(p
, "legacy") == 0)
321 proto
= TLS_PROTOCOLS_ALL
;
322 else if (strcasecmp(p
, "default") == 0 ||
323 strcasecmp(p
, "secure") == 0)
324 proto
= TLS_PROTOCOLS_DEFAULT
;
325 if (strcasecmp(p
, "tlsv1") == 0)
326 proto
= TLS_PROTOCOL_TLSv1
;
327 else if (strcasecmp(p
, "tlsv1.0") == 0)
328 proto
= TLS_PROTOCOL_TLSv1_0
;
329 else if (strcasecmp(p
, "tlsv1.1") == 0)
330 proto
= TLS_PROTOCOL_TLSv1_1
;
331 else if (strcasecmp(p
, "tlsv1.2") == 0)
332 proto
= TLS_PROTOCOL_TLSv1_2
;
353 tls_config_parse_alpn(struct tls_config
*config
, const char *alpn
,
354 char **alpn_data
, size_t *alpn_len
)
356 size_t buf_len
, i
, len
;
365 if ((buf_len
= strlen(alpn
) + 1) > 65535) {
366 tls_config_set_errorx(config
, "alpn too large");
370 if ((buf
= malloc(buf_len
)) == NULL
) {
371 tls_config_set_errorx(config
, "out of memory");
375 if ((s
= strdup(alpn
)) == NULL
) {
376 tls_config_set_errorx(config
, "out of memory");
382 while ((p
= strsep(&q
, ",")) != NULL
) {
383 if ((len
= strlen(p
)) == 0) {
384 tls_config_set_errorx(config
,
385 "alpn protocol with zero length");
389 tls_config_set_errorx(config
,
390 "alpn protocol too long");
393 buf
[i
++] = len
& 0xff;
394 memcpy(&buf
[i
], p
, len
);
413 tls_config_set_alpn(struct tls_config
*config
, const char *alpn
)
415 return tls_config_parse_alpn(config
, alpn
, &config
->alpn
,
420 tls_config_add_keypair_file_internal(struct tls_config
*config
,
421 const char *cert_file
, const char *key_file
, const char *ocsp_file
)
423 struct tls_keypair
*keypair
;
425 if ((keypair
= tls_keypair_new()) == NULL
)
427 if (tls_keypair_set_cert_file(keypair
, &config
->error
, cert_file
) != 0)
429 if (tls_keypair_set_key_file(keypair
, &config
->error
, key_file
) != 0)
431 if (ocsp_file
!= NULL
&&
432 tls_keypair_set_ocsp_staple_file(keypair
, &config
->error
,
436 tls_config_keypair_add(config
, keypair
);
441 tls_keypair_free(keypair
);
446 tls_config_add_keypair_mem_internal(struct tls_config
*config
, const uint8_t *cert
,
447 size_t cert_len
, const uint8_t *key
, size_t key_len
,
448 const uint8_t *staple
, size_t staple_len
)
450 struct tls_keypair
*keypair
;
452 if ((keypair
= tls_keypair_new()) == NULL
)
454 if (tls_keypair_set_cert_mem(keypair
, cert
, cert_len
) != 0)
456 if (tls_keypair_set_key_mem(keypair
, key
, key_len
) != 0)
458 if (staple
!= NULL
&&
459 tls_keypair_set_ocsp_staple_mem(keypair
, staple
, staple_len
) != 0)
462 tls_config_keypair_add(config
, keypair
);
467 tls_keypair_free(keypair
);
472 tls_config_add_keypair_mem(struct tls_config
*config
, const uint8_t *cert
,
473 size_t cert_len
, const uint8_t *key
, size_t key_len
)
475 return tls_config_add_keypair_mem_internal(config
, cert
, cert_len
, key
,
480 tls_config_add_keypair_file(struct tls_config
*config
,
481 const char *cert_file
, const char *key_file
)
483 return tls_config_add_keypair_file_internal(config
, cert_file
,
488 tls_config_add_keypair_ocsp_mem(struct tls_config
*config
, const uint8_t *cert
,
489 size_t cert_len
, const uint8_t *key
, size_t key_len
, const uint8_t *staple
,
492 return tls_config_add_keypair_mem_internal(config
, cert
, cert_len
, key
,
493 key_len
, staple
, staple_len
);
497 tls_config_add_keypair_ocsp_file(struct tls_config
*config
,
498 const char *cert_file
, const char *key_file
, const char *ocsp_file
)
500 return tls_config_add_keypair_file_internal(config
, cert_file
,
501 key_file
, ocsp_file
);
505 tls_config_set_ca_file(struct tls_config
*config
, const char *ca_file
)
507 return tls_config_load_file(&config
->error
, "CA", ca_file
,
508 &config
->ca_mem
, &config
->ca_len
);
512 tls_config_set_ca_path(struct tls_config
*config
, const char *ca_path
)
514 return set_string(&config
->ca_path
, ca_path
);
518 tls_config_set_ca_mem(struct tls_config
*config
, const uint8_t *ca
, size_t len
)
520 return set_mem(&config
->ca_mem
, &config
->ca_len
, ca
, len
);
524 tls_config_set_cert_file(struct tls_config
*config
, const char *cert_file
)
526 return tls_keypair_set_cert_file(config
->keypair
, &config
->error
,
531 tls_config_set_cert_mem(struct tls_config
*config
, const uint8_t *cert
,
534 return tls_keypair_set_cert_mem(config
->keypair
, cert
, len
);
538 tls_config_set_ciphers(struct tls_config
*config
, const char *ciphers
)
540 SSL_CTX
*ssl_ctx
= NULL
;
542 if (ciphers
== NULL
||
543 strcasecmp(ciphers
, "default") == 0 ||
544 strcasecmp(ciphers
, "secure") == 0)
545 ciphers
= TLS_CIPHERS_DEFAULT
;
546 else if (strcasecmp(ciphers
, "compat") == 0)
547 ciphers
= TLS_CIPHERS_COMPAT
;
548 else if (strcasecmp(ciphers
, "legacy") == 0)
549 ciphers
= TLS_CIPHERS_LEGACY
;
550 else if (strcasecmp(ciphers
, "all") == 0 ||
551 strcasecmp(ciphers
, "insecure") == 0)
552 ciphers
= TLS_CIPHERS_ALL
;
554 if ((ssl_ctx
= SSL_CTX_new(SSLv23_method())) == NULL
) {
555 tls_config_set_errorx(config
, "out of memory");
558 if (SSL_CTX_set_cipher_list(ssl_ctx
, ciphers
) != 1) {
559 tls_config_set_errorx(config
, "no ciphers for '%s'", ciphers
);
563 SSL_CTX_free(ssl_ctx
);
564 return set_string(&config
->ciphers
, ciphers
);
567 SSL_CTX_free(ssl_ctx
);
572 tls_config_set_dheparams(struct tls_config
*config
, const char *params
)
576 if (params
== NULL
|| strcasecmp(params
, "none") == 0)
578 else if (strcasecmp(params
, "auto") == 0)
580 else if (strcasecmp(params
, "legacy") == 0)
583 tls_config_set_errorx(config
, "invalid dhe param '%s'", params
);
587 config
->dheparams
= keylen
;
593 tls_config_set_ecdhecurve(struct tls_config
*config
, const char *name
)
597 if (name
== NULL
|| strcasecmp(name
, "none") == 0)
599 else if (strcasecmp(name
, "auto") == 0)
601 else if ((nid
= OBJ_txt2nid(name
)) == NID_undef
) {
602 tls_config_set_errorx(config
, "invalid ecdhe curve '%s'", name
);
606 config
->ecdhecurve
= nid
;
612 tls_config_set_key_file(struct tls_config
*config
, const char *key_file
)
614 return tls_keypair_set_key_file(config
->keypair
, &config
->error
,
619 tls_config_set_key_mem(struct tls_config
*config
, const uint8_t *key
,
622 return tls_keypair_set_key_mem(config
->keypair
, key
, len
);
626 tls_config_set_keypair_file_internal(struct tls_config
*config
,
627 const char *cert_file
, const char *key_file
, const char *ocsp_file
)
629 if (tls_config_set_cert_file(config
, cert_file
) != 0)
631 if (tls_config_set_key_file(config
, key_file
) != 0)
633 if (tls_config_set_key_file(config
, key_file
) != 0)
635 if (ocsp_file
!= NULL
&&
636 tls_config_set_ocsp_staple_file(config
, ocsp_file
) != 0)
643 tls_config_set_keypair_mem_internal(struct tls_config
*config
, const uint8_t *cert
,
644 size_t cert_len
, const uint8_t *key
, size_t key_len
,
645 const uint8_t *staple
, size_t staple_len
)
647 if (tls_config_set_cert_mem(config
, cert
, cert_len
) != 0)
649 if (tls_config_set_key_mem(config
, key
, key_len
) != 0)
651 if ((staple
!= NULL
) &&
652 (tls_config_set_ocsp_staple_mem(config
, staple
, staple_len
) != 0))
659 tls_config_set_keypair_file(struct tls_config
*config
,
660 const char *cert_file
, const char *key_file
)
662 return tls_config_set_keypair_file_internal(config
, cert_file
, key_file
,
667 tls_config_set_keypair_mem(struct tls_config
*config
, const uint8_t *cert
,
668 size_t cert_len
, const uint8_t *key
, size_t key_len
)
670 return tls_config_set_keypair_mem_internal(config
, cert
, cert_len
,
671 key
, key_len
, NULL
, 0);
675 tls_config_set_keypair_ocsp_file(struct tls_config
*config
,
676 const char *cert_file
, const char *key_file
, const char *ocsp_file
)
678 return tls_config_set_keypair_file_internal(config
, cert_file
, key_file
,
683 tls_config_set_keypair_ocsp_mem(struct tls_config
*config
, const uint8_t *cert
,
684 size_t cert_len
, const uint8_t *key
, size_t key_len
,
685 const uint8_t *staple
, size_t staple_len
)
687 return tls_config_set_keypair_mem_internal(config
, cert
, cert_len
,
688 key
, key_len
, staple
, staple_len
);
693 tls_config_set_protocols(struct tls_config
*config
, uint32_t protocols
)
695 config
->protocols
= protocols
;
701 tls_config_set_verify_depth(struct tls_config
*config
, int verify_depth
)
703 config
->verify_depth
= verify_depth
;
709 tls_config_prefer_ciphers_client(struct tls_config
*config
)
711 config
->ciphers_server
= 0;
715 tls_config_prefer_ciphers_server(struct tls_config
*config
)
717 config
->ciphers_server
= 1;
721 tls_config_insecure_noverifycert(struct tls_config
*config
)
723 config
->verify_cert
= 0;
727 tls_config_insecure_noverifyname(struct tls_config
*config
)
729 config
->verify_name
= 0;
733 tls_config_insecure_noverifytime(struct tls_config
*config
)
735 config
->verify_time
= 0;
739 tls_config_verify(struct tls_config
*config
)
741 config
->verify_cert
= 1;
742 config
->verify_name
= 1;
743 config
->verify_time
= 1;
747 tls_config_ocsp_require_stapling(struct tls_config
*config
)
749 config
->ocsp_require_stapling
= 1;
753 tls_config_verify_client(struct tls_config
*config
)
755 config
->verify_client
= 1;
759 tls_config_verify_client_optional(struct tls_config
*config
)
761 config
->verify_client
= 2;
765 tls_config_set_ocsp_staple_file(struct tls_config
*config
, const char *staple_file
)
767 return tls_keypair_set_ocsp_staple_file(config
->keypair
, &config
->error
,
772 tls_config_set_ocsp_staple_mem(struct tls_config
*config
, const uint8_t *staple
,
775 return tls_keypair_set_ocsp_staple_mem(config
->keypair
, staple
, len
);
779 tls_config_set_session_id(struct tls_config
*config
,
780 const unsigned char *session_id
, size_t len
)
782 if (len
> TLS_MAX_SESSION_ID_LENGTH
) {
783 tls_config_set_errorx(config
, "session ID too large");
786 memset(config
->session_id
, 0, sizeof(config
->session_id
));
787 memcpy(config
->session_id
, session_id
, len
);
792 tls_config_set_session_lifetime(struct tls_config
*config
, int lifetime
)
794 if (lifetime
> TLS_MAX_SESSION_TIMEOUT
) {
795 tls_config_set_errorx(config
, "session lifetime too large");
798 if (lifetime
!= 0 && lifetime
< TLS_MIN_SESSION_TIMEOUT
) {
799 tls_config_set_errorx(config
, "session lifetime too small");
803 config
->session_lifetime
= lifetime
;
808 tls_config_add_ticket_key(struct tls_config
*config
, uint32_t keyrev
,
809 unsigned char *key
, size_t keylen
)
811 struct tls_ticket_key newkey
;
814 if (TLS_TICKET_KEY_SIZE
!= keylen
||
815 sizeof(newkey
.aes_key
) + sizeof(newkey
.hmac_key
) > keylen
) {
816 tls_config_set_errorx(config
,
817 "wrong amount of ticket key data");
821 keyrev
= htonl(keyrev
);
822 memset(&newkey
, 0, sizeof(newkey
));
823 memcpy(newkey
.key_name
, &keyrev
, sizeof(keyrev
));
824 memcpy(newkey
.aes_key
, key
, sizeof(newkey
.aes_key
));
825 memcpy(newkey
.hmac_key
, key
+ sizeof(newkey
.aes_key
),
826 sizeof(newkey
.hmac_key
));
827 newkey
.time
= time(NULL
);
829 for (i
= 0; i
< TLS_NUM_TICKETS
; i
++) {
830 struct tls_ticket_key
*tk
= &config
->ticket_keys
[i
];
831 if (memcmp(newkey
.key_name
, tk
->key_name
,
832 sizeof(tk
->key_name
)) != 0)
835 /* allow re-entry of most recent key */
836 if (i
== 0 && memcmp(newkey
.aes_key
, tk
->aes_key
,
837 sizeof(tk
->aes_key
)) == 0 && memcmp(newkey
.hmac_key
,
838 tk
->hmac_key
, sizeof(tk
->hmac_key
)) == 0)
840 tls_config_set_errorx(config
, "ticket key already present");
844 memmove(&config
->ticket_keys
[1], &config
->ticket_keys
[0],
845 sizeof(config
->ticket_keys
) - sizeof(config
->ticket_keys
[0]));
846 config
->ticket_keys
[0] = newkey
;
848 config
->ticket_autorekey
= 0;
854 tls_config_ticket_autorekey(struct tls_config
*config
)
856 unsigned char key
[TLS_TICKET_KEY_SIZE
];
859 arc4random_buf(key
, sizeof(key
));
860 rv
= tls_config_add_ticket_key(config
, config
->ticket_keyrev
++, key
,
862 config
->ticket_autorekey
= 1;