1 f9ab77a8 2023-08-23 op /* $OpenBSD: tls_client.c,v 1.49 2023/05/14 07:26:25 op Exp $ */
3 f9ab77a8 2023-08-23 op * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
5 f9ab77a8 2023-08-23 op * Permission to use, copy, modify, and distribute this software for any
6 f9ab77a8 2023-08-23 op * purpose with or without fee is hereby granted, provided that the above
7 f9ab77a8 2023-08-23 op * copyright notice and this permission notice appear in all copies.
9 f9ab77a8 2023-08-23 op * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 f9ab77a8 2023-08-23 op * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 f9ab77a8 2023-08-23 op * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 f9ab77a8 2023-08-23 op * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 f9ab77a8 2023-08-23 op * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 f9ab77a8 2023-08-23 op * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 f9ab77a8 2023-08-23 op * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 f9ab77a8 2023-08-23 op #include "config.h"
20 f9ab77a8 2023-08-23 op #include <sys/types.h>
21 f9ab77a8 2023-08-23 op #include <sys/socket.h>
22 f9ab77a8 2023-08-23 op #include <sys/stat.h>
24 f9ab77a8 2023-08-23 op #include <arpa/inet.h>
25 f9ab77a8 2023-08-23 op #include <netinet/in.h>
27 f9ab77a8 2023-08-23 op #include <limits.h>
28 f9ab77a8 2023-08-23 op #include <netdb.h>
29 f9ab77a8 2023-08-23 op #include <stdlib.h>
30 f9ab77a8 2023-08-23 op #include <string.h>
31 f9ab77a8 2023-08-23 op #include <unistd.h>
33 f9ab77a8 2023-08-23 op #include <openssl/err.h>
34 f9ab77a8 2023-08-23 op #include <openssl/x509.h>
36 f9ab77a8 2023-08-23 op #include <tls.h>
37 f9ab77a8 2023-08-23 op #include "tls_internal.h"
40 f9ab77a8 2023-08-23 op tls_client(void)
42 f9ab77a8 2023-08-23 op struct tls *ctx;
44 f9ab77a8 2023-08-23 op if (tls_init() == -1)
45 f9ab77a8 2023-08-23 op return (NULL);
47 f9ab77a8 2023-08-23 op if ((ctx = tls_new()) == NULL)
48 f9ab77a8 2023-08-23 op return (NULL);
50 f9ab77a8 2023-08-23 op ctx->flags |= TLS_CLIENT;
56 f9ab77a8 2023-08-23 op tls_connect(struct tls *ctx, const char *host, const char *port)
58 f9ab77a8 2023-08-23 op return tls_connect_servername(ctx, host, port, NULL);
62 f9ab77a8 2023-08-23 op tls_connect_servername(struct tls *ctx, const char *host, const char *port,
63 f9ab77a8 2023-08-23 op const char *servername)
65 f9ab77a8 2023-08-23 op struct addrinfo hints, *res, *res0;
66 f9ab77a8 2023-08-23 op const char *h = NULL, *p = NULL;
67 f9ab77a8 2023-08-23 op char *hs = NULL, *ps = NULL;
68 f9ab77a8 2023-08-23 op int rv = -1, s = -1, ret;
70 f9ab77a8 2023-08-23 op if ((ctx->flags & TLS_CLIENT) == 0) {
71 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "not a client context");
75 f9ab77a8 2023-08-23 op if (host == NULL) {
76 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "host not specified");
80 f9ab77a8 2023-08-23 op /* If port is NULL, try to extract a port from the specified host. */
81 f9ab77a8 2023-08-23 op if (port == NULL) {
82 f9ab77a8 2023-08-23 op ret = tls_host_port(host, &hs, &ps);
83 f9ab77a8 2023-08-23 op if (ret == -1) {
84 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "memory allocation failure");
87 f9ab77a8 2023-08-23 op if (ret != 0) {
88 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "no port provided");
93 f9ab77a8 2023-08-23 op h = (hs != NULL) ? hs : host;
94 f9ab77a8 2023-08-23 op p = (ps != NULL) ? ps : port;
97 f9ab77a8 2023-08-23 op * First check if the host is specified as a numeric IP address,
98 f9ab77a8 2023-08-23 op * either IPv4 or IPv6, before trying to resolve the host.
99 f9ab77a8 2023-08-23 op * The AI_ADDRCONFIG resolver option will not return IPv4 or IPv6
100 f9ab77a8 2023-08-23 op * records if it is not configured on an interface; not considering
101 f9ab77a8 2023-08-23 op * loopback addresses. Checking the numeric addresses first makes
102 f9ab77a8 2023-08-23 op * sure that connection attempts to numeric addresses and especially
103 f9ab77a8 2023-08-23 op * 127.0.0.1 or ::1 loopback addresses are always possible.
105 f9ab77a8 2023-08-23 op memset(&hints, 0, sizeof(hints));
106 f9ab77a8 2023-08-23 op hints.ai_socktype = SOCK_STREAM;
108 f9ab77a8 2023-08-23 op /* try as an IPv4 literal */
109 f9ab77a8 2023-08-23 op hints.ai_family = AF_INET;
110 f9ab77a8 2023-08-23 op hints.ai_flags = AI_NUMERICHOST;
111 f9ab77a8 2023-08-23 op if (getaddrinfo(h, p, &hints, &res0) != 0) {
112 f9ab77a8 2023-08-23 op /* try again as an IPv6 literal */
113 f9ab77a8 2023-08-23 op hints.ai_family = AF_INET6;
114 f9ab77a8 2023-08-23 op if (getaddrinfo(h, p, &hints, &res0) != 0) {
115 f9ab77a8 2023-08-23 op /* last try, with name resolution and save the error */
116 f9ab77a8 2023-08-23 op hints.ai_family = AF_UNSPEC;
117 f9ab77a8 2023-08-23 op hints.ai_flags = AI_ADDRCONFIG;
118 f9ab77a8 2023-08-23 op if ((s = getaddrinfo(h, p, &hints, &res0)) != 0) {
119 f9ab77a8 2023-08-23 op tls_set_error(ctx, "%s", gai_strerror(s));
125 f9ab77a8 2023-08-23 op /* It was resolved somehow; now try connecting to what we got */
127 f9ab77a8 2023-08-23 op for (res = res0; res; res = res->ai_next) {
128 f9ab77a8 2023-08-23 op s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
129 f9ab77a8 2023-08-23 op if (s == -1) {
130 f9ab77a8 2023-08-23 op tls_set_error(ctx, "socket");
133 f9ab77a8 2023-08-23 op if (connect(s, res->ai_addr, res->ai_addrlen) == -1) {
134 f9ab77a8 2023-08-23 op tls_set_error(ctx, "connect");
140 f9ab77a8 2023-08-23 op break; /* Connected. */
142 f9ab77a8 2023-08-23 op freeaddrinfo(res0);
147 f9ab77a8 2023-08-23 op if (servername == NULL)
148 f9ab77a8 2023-08-23 op servername = h;
150 f9ab77a8 2023-08-23 op if (tls_connect_socket(ctx, s, servername) != 0) {
155 f9ab77a8 2023-08-23 op ctx->socket = s;
167 f9ab77a8 2023-08-23 op tls_client_read_session(struct tls *ctx)
169 f9ab77a8 2023-08-23 op int sfd = ctx->config->session_fd;
170 f9ab77a8 2023-08-23 op uint8_t *session = NULL;
171 f9ab77a8 2023-08-23 op size_t session_len = 0;
172 f9ab77a8 2023-08-23 op SSL_SESSION *ss = NULL;
173 f9ab77a8 2023-08-23 op BIO *bio = NULL;
174 f9ab77a8 2023-08-23 op struct stat sb;
178 f9ab77a8 2023-08-23 op if (fstat(sfd, &sb) == -1) {
179 f9ab77a8 2023-08-23 op tls_set_error(ctx, "failed to stat session file");
182 f9ab77a8 2023-08-23 op if (sb.st_size < 0 || sb.st_size > INT_MAX) {
183 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "invalid session file size");
186 f9ab77a8 2023-08-23 op session_len = (size_t)sb.st_size;
188 f9ab77a8 2023-08-23 op /* A zero size file means that we do not yet have a valid session. */
189 f9ab77a8 2023-08-23 op if (session_len == 0)
192 f9ab77a8 2023-08-23 op if ((session = malloc(session_len)) == NULL)
195 f9ab77a8 2023-08-23 op n = pread(sfd, session, session_len, 0);
196 f9ab77a8 2023-08-23 op if (n < 0 || (size_t)n != session_len) {
197 f9ab77a8 2023-08-23 op tls_set_error(ctx, "failed to read session file");
200 f9ab77a8 2023-08-23 op if ((bio = BIO_new_mem_buf(session, session_len)) == NULL)
202 f9ab77a8 2023-08-23 op if ((ss = PEM_read_bio_SSL_SESSION(bio, NULL, tls_password_cb,
203 f9ab77a8 2023-08-23 op NULL)) == NULL) {
204 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "failed to parse session");
208 f9ab77a8 2023-08-23 op if (SSL_set_session(ctx->ssl_conn, ss) != 1) {
209 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "failed to set session");
217 f9ab77a8 2023-08-23 op freezero(session, session_len);
218 f9ab77a8 2023-08-23 op SSL_SESSION_free(ss);
219 f9ab77a8 2023-08-23 op BIO_free(bio);
225 f9ab77a8 2023-08-23 op tls_client_write_session(struct tls *ctx)
227 f9ab77a8 2023-08-23 op int sfd = ctx->config->session_fd;
228 f9ab77a8 2023-08-23 op SSL_SESSION *ss = NULL;
229 f9ab77a8 2023-08-23 op BIO *bio = NULL;
230 f9ab77a8 2023-08-23 op long data_len;
232 f9ab77a8 2023-08-23 op off_t offset;
237 f9ab77a8 2023-08-23 op if ((ss = SSL_get1_session(ctx->ssl_conn)) == NULL) {
238 f9ab77a8 2023-08-23 op if (ftruncate(sfd, 0) == -1) {
239 f9ab77a8 2023-08-23 op tls_set_error(ctx, "failed to truncate session file");
245 f9ab77a8 2023-08-23 op if ((bio = BIO_new(BIO_s_mem())) == NULL)
247 f9ab77a8 2023-08-23 op if (PEM_write_bio_SSL_SESSION(bio, ss) == 0)
249 f9ab77a8 2023-08-23 op if ((data_len = BIO_get_mem_data(bio, &data)) <= 0)
252 f9ab77a8 2023-08-23 op len = (size_t)data_len;
255 f9ab77a8 2023-08-23 op if (ftruncate(sfd, len) == -1) {
256 f9ab77a8 2023-08-23 op tls_set_error(ctx, "failed to truncate session file");
259 f9ab77a8 2023-08-23 op while (len > 0) {
260 f9ab77a8 2023-08-23 op if ((n = pwrite(sfd, data + offset, len, offset)) == -1) {
261 f9ab77a8 2023-08-23 op tls_set_error(ctx, "failed to write session file");
272 f9ab77a8 2023-08-23 op SSL_SESSION_free(ss);
273 f9ab77a8 2023-08-23 op BIO_free_all(bio);
279 f9ab77a8 2023-08-23 op tls_connect_common(struct tls *ctx, const char *servername)
281 f9ab77a8 2023-08-23 op union tls_addr addrbuf;
282 f9ab77a8 2023-08-23 op size_t servername_len;
285 f9ab77a8 2023-08-23 op if ((ctx->flags & TLS_CLIENT) == 0) {
286 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "not a client context");
290 f9ab77a8 2023-08-23 op if (servername != NULL) {
291 f9ab77a8 2023-08-23 op if ((ctx->servername = strdup(servername)) == NULL) {
292 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "out of memory");
297 f9ab77a8 2023-08-23 op * If there's a trailing dot, remove it. While an FQDN includes
298 f9ab77a8 2023-08-23 op * the terminating dot representing the zero-length label of
299 f9ab77a8 2023-08-23 op * the root (RFC 8499, section 2), the SNI explicitly does not
300 f9ab77a8 2023-08-23 op * include it (RFC 6066, section 3).
302 f9ab77a8 2023-08-23 op servername_len = strlen(ctx->servername);
303 f9ab77a8 2023-08-23 op if (servername_len > 0 &&
304 f9ab77a8 2023-08-23 op ctx->servername[servername_len - 1] == '.')
305 f9ab77a8 2023-08-23 op ctx->servername[servername_len - 1] = '\0';
308 f9ab77a8 2023-08-23 op if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
309 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "ssl context failure");
313 f9ab77a8 2023-08-23 op if (tls_configure_ssl(ctx, ctx->ssl_ctx) != 0)
316 f9ab77a8 2023-08-23 op if (tls_configure_ssl_keypair(ctx, ctx->ssl_ctx,
317 f9ab77a8 2023-08-23 op ctx->config->keypair, 0) != 0)
320 f9ab77a8 2023-08-23 op if (ctx->config->verify_name) {
321 f9ab77a8 2023-08-23 op if (ctx->servername == NULL) {
322 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "server name not specified");
327 f9ab77a8 2023-08-23 op if (tls_configure_ssl_verify(ctx, ctx->ssl_ctx, SSL_VERIFY_PEER) == -1)
330 f9ab77a8 2023-08-23 op if (ctx->config->ecdhecurves != NULL) {
331 f9ab77a8 2023-08-23 op if (SSL_CTX_set1_groups(ctx->ssl_ctx, ctx->config->ecdhecurves,
332 f9ab77a8 2023-08-23 op ctx->config->ecdhecurves_len) != 1) {
333 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "failed to set ecdhe curves");
338 f9ab77a8 2023-08-23 op if (SSL_CTX_set_tlsext_status_cb(ctx->ssl_ctx, tls_ocsp_verify_cb) != 1) {
339 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "ssl OCSP verification setup failure");
343 f9ab77a8 2023-08-23 op if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
344 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "ssl connection failure");
348 f9ab77a8 2023-08-23 op if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {
349 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "ssl application data failure");
353 f9ab77a8 2023-08-23 op if (ctx->config->session_fd != -1) {
354 f9ab77a8 2023-08-23 op SSL_clear_options(ctx->ssl_conn, SSL_OP_NO_TICKET);
355 f9ab77a8 2023-08-23 op if (tls_client_read_session(ctx) == -1)
359 f9ab77a8 2023-08-23 op if (SSL_set_tlsext_status_type(ctx->ssl_conn, TLSEXT_STATUSTYPE_ocsp) != 1) {
360 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "ssl OCSP extension setup failure");
365 f9ab77a8 2023-08-23 op * RFC 6066 (SNI): Literal IPv4 and IPv6 addresses are not
366 f9ab77a8 2023-08-23 op * permitted in "HostName".
368 f9ab77a8 2023-08-23 op if (ctx->servername != NULL &&
369 f9ab77a8 2023-08-23 op inet_pton(AF_INET, ctx->servername, &addrbuf) != 1 &&
370 f9ab77a8 2023-08-23 op inet_pton(AF_INET6, ctx->servername, &addrbuf) != 1) {
371 f9ab77a8 2023-08-23 op if (SSL_set_tlsext_host_name(ctx->ssl_conn,
372 f9ab77a8 2023-08-23 op ctx->servername) == 0) {
373 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "server name indication failure");
378 f9ab77a8 2023-08-23 op ctx->state |= TLS_CONNECTED;
386 f9ab77a8 2023-08-23 op tls_connect_socket(struct tls *ctx, int s, const char *servername)
388 f9ab77a8 2023-08-23 op return tls_connect_fds(ctx, s, s, servername);
392 f9ab77a8 2023-08-23 op tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
393 f9ab77a8 2023-08-23 op const char *servername)
397 f9ab77a8 2023-08-23 op if (fd_read < 0 || fd_write < 0) {
398 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "invalid file descriptors");
402 f9ab77a8 2023-08-23 op if (tls_connect_common(ctx, servername) != 0)
405 f9ab77a8 2023-08-23 op if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 ||
406 f9ab77a8 2023-08-23 op SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {
407 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "ssl file descriptor failure");
417 f9ab77a8 2023-08-23 op tls_connect_cbs(struct tls *ctx, tls_read_cb read_cb,
418 f9ab77a8 2023-08-23 op tls_write_cb write_cb, void *cb_arg, const char *servername)
422 f9ab77a8 2023-08-23 op if (tls_connect_common(ctx, servername) != 0)
425 f9ab77a8 2023-08-23 op if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0)
435 f9ab77a8 2023-08-23 op tls_handshake_client(struct tls *ctx)
437 f9ab77a8 2023-08-23 op X509 *cert = NULL;
438 f9ab77a8 2023-08-23 op int match, ssl_ret;
441 f9ab77a8 2023-08-23 op if ((ctx->flags & TLS_CLIENT) == 0) {
442 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "not a client context");
446 f9ab77a8 2023-08-23 op if ((ctx->state & TLS_CONNECTED) == 0) {
447 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "context not connected");
451 f9ab77a8 2023-08-23 op ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;
453 f9ab77a8 2023-08-23 op ERR_clear_error();
454 f9ab77a8 2023-08-23 op if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) {
455 f9ab77a8 2023-08-23 op rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
459 f9ab77a8 2023-08-23 op if (ctx->config->verify_name) {
460 f9ab77a8 2023-08-23 op cert = SSL_get_peer_certificate(ctx->ssl_conn);
461 f9ab77a8 2023-08-23 op if (cert == NULL) {
462 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "no server certificate");
465 f9ab77a8 2023-08-23 op if (tls_check_name(ctx, cert, ctx->servername, &match) == -1)
467 f9ab77a8 2023-08-23 op if (!match) {
468 f9ab77a8 2023-08-23 op tls_set_errorx(ctx, "name `%s' not present in"
469 f9ab77a8 2023-08-23 op " server certificate", ctx->servername);
474 f9ab77a8 2023-08-23 op ctx->state |= TLS_HANDSHAKE_COMPLETE;
476 f9ab77a8 2023-08-23 op if (ctx->config->session_fd != -1) {
477 f9ab77a8 2023-08-23 op if (tls_client_write_session(ctx) == -1)
484 f9ab77a8 2023-08-23 op X509_free(cert);