preprocessor cleanup: __lint
[unleashed/tickless.git] / lib / libtls / tls_server.c
blob51deff25105b3645c001a241c67356e67797affd
1 /* $OpenBSD: tls_server.c,v 1.35 2017/01/31 15:57:43 jsing Exp $ */
2 /*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include <sys/socket.h>
20 #include <arpa/inet.h>
22 #include <openssl/ec.h>
23 #include <openssl/err.h>
24 #include <openssl/ssl.h>
26 #include <tls.h>
27 #include "tls_internal.h"
29 struct tls *
30 tls_server(void)
32 struct tls *ctx;
34 if ((ctx = tls_new()) == NULL)
35 return (NULL);
37 ctx->flags |= TLS_SERVER;
39 return (ctx);
42 struct tls *
43 tls_server_conn(struct tls *ctx)
45 struct tls *conn_ctx;
47 if ((conn_ctx = tls_new()) == NULL)
48 return (NULL);
50 conn_ctx->flags |= TLS_SERVER_CONN;
51 conn_ctx->config = ctx->config;
53 return (conn_ctx);
56 static int
57 tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen,
58 const unsigned char *in, unsigned int inlen, void *arg)
60 struct tls *ctx = arg;
62 if (SSL_select_next_proto((unsigned char**)out, outlen,
63 ctx->config->alpn, ctx->config->alpn_len, in, inlen) ==
64 OPENSSL_NPN_NEGOTIATED)
65 return (SSL_TLSEXT_ERR_OK);
67 return (SSL_TLSEXT_ERR_NOACK);
70 static int
71 tls_servername_cb(SSL *ssl, int *al, void *arg)
73 struct tls *ctx = (struct tls *)arg;
74 struct tls_sni_ctx *sni_ctx;
75 union tls_addr addrbuf;
76 struct tls *conn_ctx;
77 const char *name;
79 if ((conn_ctx = SSL_get_app_data(ssl)) == NULL)
80 goto err;
82 if ((name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) == NULL) {
84 * The servername callback gets called even when there is no
85 * TLS servername extension provided by the client. Sigh!
87 return (SSL_TLSEXT_ERR_NOACK);
90 /* Per RFC 6066 section 3: ensure that name is not an IP literal. */
91 if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
92 inet_pton(AF_INET6, name, &addrbuf) == 1)
93 goto err;
95 free((char *)conn_ctx->servername);
96 if ((conn_ctx->servername = strdup(name)) == NULL)
97 goto err;
99 /* Find appropriate SSL context for requested servername. */
100 for (sni_ctx = ctx->sni_ctx; sni_ctx != NULL; sni_ctx = sni_ctx->next) {
101 if (tls_check_name(ctx, sni_ctx->ssl_cert, name) == 0) {
102 SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx);
103 return (SSL_TLSEXT_ERR_OK);
107 /* No match, use the existing context/certificate. */
108 return (SSL_TLSEXT_ERR_OK);
110 err:
112 * There is no way to tell libssl that an internal failure occurred.
113 * The only option we have is to return a fatal alert.
115 *al = TLS1_AD_INTERNAL_ERROR;
116 return (SSL_TLSEXT_ERR_ALERT_FATAL);
119 static struct tls_ticket_key *
120 tls_server_ticket_key(struct tls_config *config, unsigned char *keyname)
122 struct tls_ticket_key *key = NULL;
123 time_t now;
124 int i;
126 now = time(NULL);
127 if (config->ticket_autorekey == 1) {
128 if (now - 3 * (config->session_lifetime / 4) >
129 config->ticket_keys[0].time) {
130 if (tls_config_ticket_autorekey(config) == -1)
131 return (NULL);
134 for (i = 0; i < TLS_NUM_TICKETS; i++) {
135 struct tls_ticket_key *tk = &config->ticket_keys[i];
136 if (now - config->session_lifetime > tk->time)
137 continue;
138 if (keyname == NULL || timingsafe_memcmp(keyname,
139 tk->key_name, sizeof(tk->key_name)) == 0) {
140 key = tk;
141 break;
144 return (key);
147 static int
148 tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv,
149 EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int mode)
151 struct tls_ticket_key *key;
152 struct tls *tls_ctx;
154 if ((tls_ctx = SSL_get_app_data(ssl)) == NULL)
155 return (-1);
157 if (mode == 1) {
158 /* create new session */
159 key = tls_server_ticket_key(tls_ctx->config, NULL);
160 if (key == NULL) {
161 tls_set_errorx(tls_ctx, "no valid ticket key found");
162 return (-1);
165 memcpy(keyname, key->key_name, sizeof(key->key_name));
166 arc4random_buf(iv, EVP_MAX_IV_LENGTH);
167 EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
168 key->aes_key, iv);
169 HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
170 EVP_sha256(), NULL);
171 return (0);
172 } else {
173 /* get key by name */
174 key = tls_server_ticket_key(tls_ctx->config, keyname);
175 if (key == NULL)
176 return (0);
178 EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
179 key->aes_key, iv);
180 HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
181 EVP_sha256(), NULL);
183 /* time to renew the ticket? is it the primary key? */
184 if (key != &tls_ctx->config->ticket_keys[0])
185 return (2);
186 return (1);
190 static int
191 tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
192 X509 **cert)
194 char *errstr = "unknown";
195 BIO *cert_bio = NULL;
196 int ssl_err;
198 X509_free(*cert);
199 *cert = NULL;
201 if (keypair->cert_mem == NULL) {
202 tls_error_set(error, "keypair has no certificate");
203 goto err;
205 if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
206 keypair->cert_len)) == NULL) {
207 tls_error_set(error, "failed to create certificate bio");
208 goto err;
210 if ((*cert = PEM_read_bio_X509(cert_bio, NULL, NULL, NULL)) == NULL) {
211 if ((ssl_err = ERR_peek_error()) != 0)
212 errstr = ERR_error_string(ssl_err, NULL);
213 tls_error_set(error, "failed to load certificate: %s", errstr);
214 goto err;
217 BIO_free(cert_bio);
219 return (0);
221 err:
222 BIO_free(cert_bio);
224 return (-1);
227 static int
228 tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
229 struct tls_keypair *keypair)
231 EC_KEY *ecdh_key;
233 SSL_CTX_free(*ssl_ctx);
235 if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
236 tls_set_errorx(ctx, "ssl context failure");
237 goto err;
240 SSL_CTX_set_options(*ssl_ctx, SSL_OP_NO_CLIENT_RENEGOTIATION);
242 if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx,
243 tls_servername_cb) != 1) {
244 tls_set_error(ctx, "failed to set servername callback");
245 goto err;
247 if (SSL_CTX_set_tlsext_servername_arg(*ssl_ctx, ctx) != 1) {
248 tls_set_error(ctx, "failed to set servername callback arg");
249 goto err;
252 if (tls_configure_ssl(ctx, *ssl_ctx) != 0)
253 goto err;
254 if (tls_configure_ssl_keypair(ctx, *ssl_ctx, keypair, 1) != 0)
255 goto err;
256 if (ctx->config->verify_client != 0) {
257 int verify = SSL_VERIFY_PEER;
258 if (ctx->config->verify_client == 1)
259 verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
260 if (tls_configure_ssl_verify(ctx, *ssl_ctx, verify) == -1)
261 goto err;
264 if (ctx->config->alpn != NULL)
265 SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb,
266 ctx);
268 if (ctx->config->dheparams == -1)
269 SSL_CTX_set_dh_auto(*ssl_ctx, 1);
270 else if (ctx->config->dheparams == 1024)
271 SSL_CTX_set_dh_auto(*ssl_ctx, 2);
273 if (ctx->config->ecdhecurve == -1) {
274 SSL_CTX_set_ecdh_auto(*ssl_ctx, 1);
275 } else if (ctx->config->ecdhecurve != NID_undef) {
276 if ((ecdh_key = EC_KEY_new_by_curve_name(
277 ctx->config->ecdhecurve)) == NULL) {
278 tls_set_errorx(ctx, "failed to set ECDHE curve");
279 goto err;
281 SSL_CTX_set_options(*ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
282 SSL_CTX_set_tmp_ecdh(*ssl_ctx, ecdh_key);
283 EC_KEY_free(ecdh_key);
286 if (ctx->config->ciphers_server == 1)
287 SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
289 if (SSL_CTX_set_tlsext_status_cb(*ssl_ctx, tls_ocsp_stapling_cb) != 1) {
290 tls_set_errorx(ctx, "failed to add OCSP stapling callback");
291 goto err;
294 if (ctx->config->session_lifetime > 0) {
295 /* set the session lifetime and enable tickets */
296 SSL_CTX_set_timeout(*ssl_ctx, ctx->config->session_lifetime);
297 SSL_CTX_clear_options(*ssl_ctx, SSL_OP_NO_TICKET);
298 if (!SSL_CTX_set_tlsext_ticket_key_cb(*ssl_ctx,
299 tls_server_ticket_cb)) {
300 tls_set_error(ctx,
301 "failed to set the TLS ticket callback");
302 goto err;
306 if (SSL_CTX_set_session_id_context(*ssl_ctx, ctx->config->session_id,
307 sizeof(ctx->config->session_id)) != 1) {
308 tls_set_error(ctx, "failed to set session id context");
309 goto err;
312 return (0);
314 err:
315 SSL_CTX_free(*ssl_ctx);
316 *ssl_ctx = NULL;
318 return (-1);
321 static int
322 tls_configure_server_sni(struct tls *ctx)
324 struct tls_sni_ctx **sni_ctx;
325 struct tls_keypair *kp;
327 if (ctx->config->keypair->next == NULL)
328 return (0);
330 /* Set up additional SSL contexts for SNI. */
331 sni_ctx = &ctx->sni_ctx;
332 for (kp = ctx->config->keypair->next; kp != NULL; kp = kp->next) {
333 if ((*sni_ctx = tls_sni_ctx_new()) == NULL) {
334 tls_set_errorx(ctx, "out of memory");
335 goto err;
337 if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1)
338 goto err;
339 if (tls_keypair_load_cert(kp, &ctx->error,
340 &(*sni_ctx)->ssl_cert) == -1)
341 goto err;
342 sni_ctx = &(*sni_ctx)->next;
345 return (0);
347 err:
348 return (-1);
352 tls_configure_server(struct tls *ctx)
354 if (tls_configure_server_ssl(ctx, &ctx->ssl_ctx,
355 ctx->config->keypair) == -1)
356 goto err;
357 if (tls_configure_server_sni(ctx) == -1)
358 goto err;
360 return (0);
362 err:
363 return (-1);
366 static struct tls *
367 tls_accept_common(struct tls *ctx)
369 struct tls *conn_ctx = NULL;
371 if ((ctx->flags & TLS_SERVER) == 0) {
372 tls_set_errorx(ctx, "not a server context");
373 goto err;
376 if ((conn_ctx = tls_server_conn(ctx)) == NULL) {
377 tls_set_errorx(ctx, "connection context failure");
378 goto err;
381 if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
382 tls_set_errorx(ctx, "ssl failure");
383 goto err;
386 if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
387 tls_set_errorx(ctx, "ssl application data failure");
388 goto err;
391 return conn_ctx;
393 err:
394 tls_free(conn_ctx);
396 return (NULL);
400 tls_accept_socket(struct tls *ctx, struct tls **cctx, int s)
402 return (tls_accept_fds(ctx, cctx, s, s));
406 tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
408 struct tls *conn_ctx;
410 if ((conn_ctx = tls_accept_common(ctx)) == NULL)
411 goto err;
413 if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
414 SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
415 tls_set_errorx(ctx, "ssl file descriptor failure");
416 goto err;
419 *cctx = conn_ctx;
421 return (0);
422 err:
423 tls_free(conn_ctx);
424 *cctx = NULL;
426 return (-1);
430 tls_accept_cbs(struct tls *ctx, struct tls **cctx,
431 tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)
433 struct tls *conn_ctx;
435 if ((conn_ctx = tls_accept_common(ctx)) == NULL)
436 goto err;
438 if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0)
439 goto err;
441 *cctx = conn_ctx;
443 return (0);
444 err:
445 tls_free(conn_ctx);
446 *cctx = NULL;
448 return (-1);
452 tls_handshake_server(struct tls *ctx)
454 int ssl_ret;
455 int rv = -1;
457 if ((ctx->flags & TLS_SERVER_CONN) == 0) {
458 tls_set_errorx(ctx, "not a server connection context");
459 goto err;
462 ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;
464 ERR_clear_error();
465 if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) {
466 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
467 goto err;
470 ctx->state |= TLS_HANDSHAKE_COMPLETE;
471 rv = 0;
473 err:
474 return (rv);