search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update libressl to v2.7.4
[unleashed.git] / lib / libtls / tls_server.c
blob44bef6bb11dc7701cad616288ca76c9e1a30c300
1 /* $OpenBSD: tls_server.c,v 1.44 2018/03/19 16:34:47 jsing Exp $ */
2 /*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include <sys/socket.h>
19
20 #include <arpa/inet.h>
21
22 #include <openssl/ec.h>
23 #include <openssl/err.h>
24 #include <openssl/ssl.h>
25
26 #include <tls.h>
27 #include "tls_internal.h"
28
29 struct tls *
30 tls_server(void)
31 {
32 struct tls *ctx;
33
34 if (tls_init() == -1)
35 return (NULL);
36
37 if ((ctx = tls_new()) == NULL)
38 return (NULL);
39
40 ctx->flags |= TLS_SERVER;
41
42 return (ctx);
43 }
44
45 struct tls *
46 tls_server_conn(struct tls *ctx)
47 {
48 struct tls *conn_ctx;
49
50 if ((conn_ctx = tls_new()) == NULL)
51 return (NULL);
52
53 conn_ctx->flags |= TLS_SERVER_CONN;
54
55 ctx->config->refcount++;
56
57 conn_ctx->config = ctx->config;
58 conn_ctx->keypair = ctx->config->keypair;
59
60 return (conn_ctx);
61 }
62
63 static int
64 tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen,
65 const unsigned char *in, unsigned int inlen, void *arg)
66 {
67 struct tls *ctx = arg;
68
69 if (SSL_select_next_proto((unsigned char**)out, outlen,
70 ctx->config->alpn, ctx->config->alpn_len, in, inlen) ==
71 OPENSSL_NPN_NEGOTIATED)
72 return (SSL_TLSEXT_ERR_OK);
73
74 return (SSL_TLSEXT_ERR_NOACK);
75 }
76
77 static int
78 tls_servername_cb(SSL *ssl, int *al, void *arg)
79 {
80 struct tls *ctx = (struct tls *)arg;
81 struct tls_sni_ctx *sni_ctx;
82 union tls_addr addrbuf;
83 struct tls *conn_ctx;
84 const char *name;
85 int match;
86
87 if ((conn_ctx = SSL_get_app_data(ssl)) == NULL)
88 goto err;
89
90 if ((name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) ==
91 NULL) {
92 /*
93 * The servername callback gets called even when there is no
94 * TLS servername extension provided by the client. Sigh!
95 */
96 return (SSL_TLSEXT_ERR_NOACK);
97 }
98
99 /*
100 * Per RFC 6066 section 3: ensure that name is not an IP literal.
101 *
102 * While we should treat this as an error, a number of clients
103 * (Python, Ruby and Safari) are not RFC compliant. To avoid handshake
104 * failures, pretend that we did not receive the extension.
105 */
106 if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
107 inet_pton(AF_INET6, name, &addrbuf) == 1)
108 return (SSL_TLSEXT_ERR_NOACK);
109
110 free((char *)conn_ctx->servername);
111 if ((conn_ctx->servername = strdup(name)) == NULL)
112 goto err;
113
114 /* Find appropriate SSL context for requested servername. */
115 for (sni_ctx = ctx->sni_ctx; sni_ctx != NULL; sni_ctx = sni_ctx->next) {
116 if (tls_check_name(ctx, sni_ctx->ssl_cert, name,
117 &match) == -1)
118 goto err;
119 if (match) {
120 conn_ctx->keypair = sni_ctx->keypair;
121 SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx);
122 return (SSL_TLSEXT_ERR_OK);
123 }
124 }
125
126 /* No match, use the existing context/certificate. */
127 return (SSL_TLSEXT_ERR_OK);
128
129 err:
130 /*
131 * There is no way to tell libssl that an internal failure occurred.
132 * The only option we have is to return a fatal alert.
133 */
134 *al = TLS1_AD_INTERNAL_ERROR;
135 return (SSL_TLSEXT_ERR_ALERT_FATAL);
136 }
137
138 static struct tls_ticket_key *
139 tls_server_ticket_key(struct tls_config *config, unsigned char *keyname)
140 {
141 struct tls_ticket_key *key = NULL;
142 time_t now;
143 int i;
144
145 now = time(NULL);
146 if (config->ticket_autorekey == 1) {
147 if (now - 3 * (config->session_lifetime / 4) >
148 config->ticket_keys[0].time) {
149 if (tls_config_ticket_autorekey(config) == -1)
150 return (NULL);
151 }
152 }
153 for (i = 0; i < TLS_NUM_TICKETS; i++) {
154 struct tls_ticket_key *tk = &config->ticket_keys[i];
155 if (now - config->session_lifetime > tk->time)
156 continue;
157 if (keyname == NULL || timingsafe_memcmp(keyname,
158 tk->key_name, sizeof(tk->key_name)) == 0) {
159 key = tk;
160 break;
161 }
162 }
163 return (key);
164 }
165
166 static int
167 tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv,
168 EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int mode)
169 {
170 struct tls_ticket_key *key;
171 struct tls *tls_ctx;
172
173 if ((tls_ctx = SSL_get_app_data(ssl)) == NULL)
174 return (-1);
175
176 if (mode == 1) {
177 /* create new session */
178 key = tls_server_ticket_key(tls_ctx->config, NULL);
179 if (key == NULL) {
180 tls_set_errorx(tls_ctx, "no valid ticket key found");
181 return (-1);
182 }
183
184 memcpy(keyname, key->key_name, sizeof(key->key_name));
185 arc4random_buf(iv, EVP_MAX_IV_LENGTH);
186 EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
187 key->aes_key, iv);
188 HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
189 EVP_sha256(), NULL);
190 return (0);
191 } else {
192 /* get key by name */
193 key = tls_server_ticket_key(tls_ctx->config, keyname);
194 if (key == NULL)
195 return (0);
196
197 EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
198 key->aes_key, iv);
199 HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
200 EVP_sha256(), NULL);
201
202 /* time to renew the ticket? is it the primary key? */
203 if (key != &tls_ctx->config->ticket_keys[0])
204 return (2);
205 return (1);
206 }
207 }
208
209 static int
210 tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
211 struct tls_keypair *keypair)
212 {
213 SSL_CTX_free(*ssl_ctx);
214
215 if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
216 tls_set_errorx(ctx, "ssl context failure");
217 goto err;
218 }
219
220 SSL_CTX_set_options(*ssl_ctx, SSL_OP_NO_CLIENT_RENEGOTIATION);
221
222 if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx,
223 tls_servername_cb) != 1) {
224 tls_set_error(ctx, "failed to set servername callback");
225 goto err;
226 }
227 if (SSL_CTX_set_tlsext_servername_arg(*ssl_ctx, ctx) != 1) {
228 tls_set_error(ctx, "failed to set servername callback arg");
229 goto err;
230 }
231
232 if (tls_configure_ssl(ctx, *ssl_ctx) != 0)
233 goto err;
234 if (tls_configure_ssl_keypair(ctx, *ssl_ctx, keypair, 1) != 0)
235 goto err;
236 if (ctx->config->verify_client != 0) {
237 int verify = SSL_VERIFY_PEER;
238 if (ctx->config->verify_client == 1)
239 verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
240 if (tls_configure_ssl_verify(ctx, *ssl_ctx, verify) == -1)
241 goto err;
242 }
243
244 if (ctx->config->alpn != NULL)
245 SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb,
246 ctx);
247
248 if (ctx->config->dheparams == -1)
249 SSL_CTX_set_dh_auto(*ssl_ctx, 1);
250 else if (ctx->config->dheparams == 1024)
251 SSL_CTX_set_dh_auto(*ssl_ctx, 2);
252
253 if (ctx->config->ecdhecurves != NULL) {
254 SSL_CTX_set_ecdh_auto(*ssl_ctx, 1);
255 if (SSL_CTX_set1_groups(*ssl_ctx, ctx->config->ecdhecurves,
256 ctx->config->ecdhecurves_len) != 1) {
257 tls_set_errorx(ctx, "failed to set ecdhe curves");
258 goto err;
259 }
260 }
261
262 if (ctx->config->ciphers_server == 1)
263 SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
264
265 if (SSL_CTX_set_tlsext_status_cb(*ssl_ctx, tls_ocsp_stapling_cb) != 1) {
266 tls_set_errorx(ctx, "failed to add OCSP stapling callback");
267 goto err;
268 }
269
270 if (ctx->config->session_lifetime > 0) {
271 /* set the session lifetime and enable tickets */
272 SSL_CTX_set_timeout(*ssl_ctx, ctx->config->session_lifetime);
273 SSL_CTX_clear_options(*ssl_ctx, SSL_OP_NO_TICKET);
274 if (!SSL_CTX_set_tlsext_ticket_key_cb(*ssl_ctx,
275 tls_server_ticket_cb)) {
276 tls_set_error(ctx,
277 "failed to set the TLS ticket callback");
278 goto err;
279 }
280 }
281
282 if (SSL_CTX_set_session_id_context(*ssl_ctx, ctx->config->session_id,
283 sizeof(ctx->config->session_id)) != 1) {
284 tls_set_error(ctx, "failed to set session id context");
285 goto err;
286 }
287
288 return (0);
289
290 err:
291 SSL_CTX_free(*ssl_ctx);
292 *ssl_ctx = NULL;
293
294 return (-1);
295 }
296
297 static int
298 tls_configure_server_sni(struct tls *ctx)
299 {
300 struct tls_sni_ctx **sni_ctx;
301 struct tls_keypair *kp;
302
303 if (ctx->config->keypair->next == NULL)
304 return (0);
305
306 /* Set up additional SSL contexts for SNI. */
307 sni_ctx = &ctx->sni_ctx;
308 for (kp = ctx->config->keypair->next; kp != NULL; kp = kp->next) {
309 if ((*sni_ctx = tls_sni_ctx_new()) == NULL) {
310 tls_set_errorx(ctx, "out of memory");
311 goto err;
312 }
313 (*sni_ctx)->keypair = kp;
314 if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1)
315 goto err;
316 if (tls_keypair_load_cert(kp, &ctx->error,
317 &(*sni_ctx)->ssl_cert) == -1)
318 goto err;
319 sni_ctx = &(*sni_ctx)->next;
320 }
321
322 return (0);
323
324 err:
325 return (-1);
326 }
327
328 int
329 tls_configure_server(struct tls *ctx)
330 {
331 if (tls_configure_server_ssl(ctx, &ctx->ssl_ctx,
332 ctx->config->keypair) == -1)
333 goto err;
334 if (tls_configure_server_sni(ctx) == -1)
335 goto err;
336
337 return (0);
338
339 err:
340 return (-1);
341 }
342
343 static struct tls *
344 tls_accept_common(struct tls *ctx)
345 {
346 struct tls *conn_ctx = NULL;
347
348 if ((ctx->flags & TLS_SERVER) == 0) {
349 tls_set_errorx(ctx, "not a server context");
350 goto err;
351 }
352
353 if ((conn_ctx = tls_server_conn(ctx)) == NULL) {
354 tls_set_errorx(ctx, "connection context failure");
355 goto err;
356 }
357
358 if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
359 tls_set_errorx(ctx, "ssl failure");
360 goto err;
361 }
362
363 if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
364 tls_set_errorx(ctx, "ssl application data failure");
365 goto err;
366 }
367
368 return conn_ctx;
369
370 err:
371 tls_free(conn_ctx);
372
373 return (NULL);
374 }
375
376 int
377 tls_accept_socket(struct tls *ctx, struct tls **cctx, int s)
378 {
379 return (tls_accept_fds(ctx, cctx, s, s));
380 }
381
382 int
383 tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
384 {
385 struct tls *conn_ctx;
386
387 if ((conn_ctx = tls_accept_common(ctx)) == NULL)
388 goto err;
389
390 if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
391 SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
392 tls_set_errorx(ctx, "ssl file descriptor failure");
393 goto err;
394 }
395
396 *cctx = conn_ctx;
397
398 return (0);
399 err:
400 tls_free(conn_ctx);
401 *cctx = NULL;
402
403 return (-1);
404 }
405
406 int
407 tls_accept_cbs(struct tls *ctx, struct tls **cctx,
408 tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)
409 {
410 struct tls *conn_ctx;
411
412 if ((conn_ctx = tls_accept_common(ctx)) == NULL)
413 goto err;
414
415 if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0)
416 goto err;
417
418 *cctx = conn_ctx;
419
420 return (0);
421 err:
422 tls_free(conn_ctx);
423 *cctx = NULL;
424
425 return (-1);
426 }
427
428 int
429 tls_handshake_server(struct tls *ctx)
430 {
431 int ssl_ret;
432 int rv = -1;
433
434 if ((ctx->flags & TLS_SERVER_CONN) == 0) {
435 tls_set_errorx(ctx, "not a server connection context");
436 goto err;
437 }
438
439 ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;
440
441 ERR_clear_error();
442 if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) {
443 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
444 goto err;
445 }
446
447 ctx->state |= TLS_HANDSHAKE_COMPLETE;
448 rv = 0;
449
450 err:
451 return (rv);
452 }
Unleashed OS