op public repos

Blame

Date:: Wed Aug 23 17:38:49 2023 UTC
Message:: bundle libtls gmid (like all other daemons that want to do privsep crypto) has a very close relationship with libtls and need to stay in sync with it. OpenBSD' libtls was recently changed to use OpenSSL' EC_KEY_METHOD instead of the older ECDSA_METHOD, on the gmid side we have to do the same otherwise failures happens at runtime. In a similar manner, privsep crypto is silently broken in the current libretls (next version should fix it.) The proper solution would be to complete the signer APIs so that applications don't need to dive into the library' internals, but that's a mid-term goal, for the immediate bundling the 'little' libtls is the lesser evil. The configure script has gained a new (undocumented for the time being) flag `--with-libtls=bundled|system' to control which libtls to use. It defaults to `bundled' except for OpenBSD where it uses the `system' one. Note that OpenBSD versions before 7.3 (inclusive) ought to use --with-libtls=bundled too since they still do ECDSA_METHOD.
Actions:: History | Blob | Raw File
  1 f9ab77a8 2023-08-23 op /* $OpenBSD: tls_client.c,v 1.49 2023/05/14 07:26:25 op Exp $ */
  2 f9ab77a8 2023-08-23 op /*
  3 f9ab77a8 2023-08-23 op  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  4 f9ab77a8 2023-08-23 op  *
  5 f9ab77a8 2023-08-23 op  * Permission to use, copy, modify, and distribute this software for any
  6 f9ab77a8 2023-08-23 op  * purpose with or without fee is hereby granted, provided that the above
  7 f9ab77a8 2023-08-23 op  * copyright notice and this permission notice appear in all copies.
  8 f9ab77a8 2023-08-23 op  *
  9 f9ab77a8 2023-08-23 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 10 f9ab77a8 2023-08-23 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 11 f9ab77a8 2023-08-23 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 12 f9ab77a8 2023-08-23 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 13 f9ab77a8 2023-08-23 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 14 f9ab77a8 2023-08-23 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 15 f9ab77a8 2023-08-23 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 16 f9ab77a8 2023-08-23 op  */
 17 f9ab77a8 2023-08-23 op 
 18 f9ab77a8 2023-08-23 op #include "config.h"
 19 f9ab77a8 2023-08-23 op 
 20 f9ab77a8 2023-08-23 op #include <sys/types.h>
 21 f9ab77a8 2023-08-23 op #include <sys/socket.h>
 22 f9ab77a8 2023-08-23 op #include <sys/stat.h>
 23 f9ab77a8 2023-08-23 op 
 24 f9ab77a8 2023-08-23 op #include <arpa/inet.h>
 25 f9ab77a8 2023-08-23 op #include <netinet/in.h>
 26 f9ab77a8 2023-08-23 op 
 27 f9ab77a8 2023-08-23 op #include <limits.h>
 28 f9ab77a8 2023-08-23 op #include <netdb.h>
 29 f9ab77a8 2023-08-23 op #include <stdlib.h>
 30 f9ab77a8 2023-08-23 op #include <string.h>
 31 f9ab77a8 2023-08-23 op #include <unistd.h>
 32 f9ab77a8 2023-08-23 op 
 33 f9ab77a8 2023-08-23 op #include <openssl/err.h>
 34 f9ab77a8 2023-08-23 op #include <openssl/x509.h>
 35 f9ab77a8 2023-08-23 op 
 36 f9ab77a8 2023-08-23 op #include <tls.h>
 37 f9ab77a8 2023-08-23 op #include "tls_internal.h"
 38 f9ab77a8 2023-08-23 op 
 39 f9ab77a8 2023-08-23 op struct tls *
 40 f9ab77a8 2023-08-23 op tls_client(void)
 41 f9ab77a8 2023-08-23 op {
 42 f9ab77a8 2023-08-23 op 	struct tls *ctx;
 43 f9ab77a8 2023-08-23 op 
 44 f9ab77a8 2023-08-23 op 	if (tls_init() == -1)
 45 f9ab77a8 2023-08-23 op 		return (NULL);
 46 f9ab77a8 2023-08-23 op 
 47 f9ab77a8 2023-08-23 op 	if ((ctx = tls_new()) == NULL)
 48 f9ab77a8 2023-08-23 op 		return (NULL);
 49 f9ab77a8 2023-08-23 op 
 50 f9ab77a8 2023-08-23 op 	ctx->flags |= TLS_CLIENT;
 51 f9ab77a8 2023-08-23 op 
 52 f9ab77a8 2023-08-23 op 	return (ctx);
 53 f9ab77a8 2023-08-23 op }
 54 f9ab77a8 2023-08-23 op 
 55 f9ab77a8 2023-08-23 op int
 56 f9ab77a8 2023-08-23 op tls_connect(struct tls *ctx, const char *host, const char *port)
 57 f9ab77a8 2023-08-23 op {
 58 f9ab77a8 2023-08-23 op 	return tls_connect_servername(ctx, host, port, NULL);
 59 f9ab77a8 2023-08-23 op }
 60 f9ab77a8 2023-08-23 op 
 61 f9ab77a8 2023-08-23 op int
 62 f9ab77a8 2023-08-23 op tls_connect_servername(struct tls *ctx, const char *host, const char *port,
 63 f9ab77a8 2023-08-23 op     const char *servername)
 64 f9ab77a8 2023-08-23 op {
 65 f9ab77a8 2023-08-23 op 	struct addrinfo hints, *res, *res0;
 66 f9ab77a8 2023-08-23 op 	const char *h = NULL, *p = NULL;
 67 f9ab77a8 2023-08-23 op 	char *hs = NULL, *ps = NULL;
 68 f9ab77a8 2023-08-23 op 	int rv = -1, s = -1, ret;
 69 f9ab77a8 2023-08-23 op 
 70 f9ab77a8 2023-08-23 op 	if ((ctx->flags & TLS_CLIENT) == 0) {
 71 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "not a client context");
 72 f9ab77a8 2023-08-23 op 		goto err;
 73 f9ab77a8 2023-08-23 op 	}
 74 f9ab77a8 2023-08-23 op 
 75 f9ab77a8 2023-08-23 op 	if (host == NULL) {
 76 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "host not specified");
 77 f9ab77a8 2023-08-23 op 		goto err;
 78 f9ab77a8 2023-08-23 op 	}
 79 f9ab77a8 2023-08-23 op 
 80 f9ab77a8 2023-08-23 op 	/* If port is NULL, try to extract a port from the specified host. */
 81 f9ab77a8 2023-08-23 op 	if (port == NULL) {
 82 f9ab77a8 2023-08-23 op 		ret = tls_host_port(host, &hs, &ps);
 83 f9ab77a8 2023-08-23 op 		if (ret == -1) {
 84 f9ab77a8 2023-08-23 op 			tls_set_errorx(ctx, "memory allocation failure");
 85 f9ab77a8 2023-08-23 op 			goto err;
 86 f9ab77a8 2023-08-23 op 		}
 87 f9ab77a8 2023-08-23 op 		if (ret != 0) {
 88 f9ab77a8 2023-08-23 op 			tls_set_errorx(ctx, "no port provided");
 89 f9ab77a8 2023-08-23 op 			goto err;
 90 f9ab77a8 2023-08-23 op 		}
 91 f9ab77a8 2023-08-23 op 	}
 92 f9ab77a8 2023-08-23 op 
 93 f9ab77a8 2023-08-23 op 	h = (hs != NULL) ? hs : host;
 94 f9ab77a8 2023-08-23 op 	p = (ps != NULL) ? ps : port;
 95 f9ab77a8 2023-08-23 op 
 96 f9ab77a8 2023-08-23 op 	/*
 97 f9ab77a8 2023-08-23 op 	 * First check if the host is specified as a numeric IP address,
 98 f9ab77a8 2023-08-23 op 	 * either IPv4 or IPv6, before trying to resolve the host.
 99 f9ab77a8 2023-08-23 op 	 * The AI_ADDRCONFIG resolver option will not return IPv4 or IPv6
100 f9ab77a8 2023-08-23 op 	 * records if it is not configured on an interface;  not considering
101 f9ab77a8 2023-08-23 op 	 * loopback addresses.  Checking the numeric addresses first makes
102 f9ab77a8 2023-08-23 op 	 * sure that connection attempts to numeric addresses and especially
103 f9ab77a8 2023-08-23 op 	 * 127.0.0.1 or ::1 loopback addresses are always possible.
104 f9ab77a8 2023-08-23 op 	 */
105 f9ab77a8 2023-08-23 op 	memset(&hints, 0, sizeof(hints));
106 f9ab77a8 2023-08-23 op 	hints.ai_socktype = SOCK_STREAM;
107 f9ab77a8 2023-08-23 op 
108 f9ab77a8 2023-08-23 op 	/* try as an IPv4 literal */
109 f9ab77a8 2023-08-23 op 	hints.ai_family = AF_INET;
110 f9ab77a8 2023-08-23 op 	hints.ai_flags = AI_NUMERICHOST;
111 f9ab77a8 2023-08-23 op 	if (getaddrinfo(h, p, &hints, &res0) != 0) {
112 f9ab77a8 2023-08-23 op 		/* try again as an IPv6 literal */
113 f9ab77a8 2023-08-23 op 		hints.ai_family = AF_INET6;
114 f9ab77a8 2023-08-23 op 		if (getaddrinfo(h, p, &hints, &res0) != 0) {
115 f9ab77a8 2023-08-23 op 			/* last try, with name resolution and save the error */
116 f9ab77a8 2023-08-23 op 			hints.ai_family = AF_UNSPEC;
117 f9ab77a8 2023-08-23 op 			hints.ai_flags = AI_ADDRCONFIG;
118 f9ab77a8 2023-08-23 op 			if ((s = getaddrinfo(h, p, &hints, &res0)) != 0) {
119 f9ab77a8 2023-08-23 op 				tls_set_error(ctx, "%s", gai_strerror(s));
120 f9ab77a8 2023-08-23 op 				goto err;
121 f9ab77a8 2023-08-23 op 			}
122 f9ab77a8 2023-08-23 op 		}
123 f9ab77a8 2023-08-23 op 	}
124 f9ab77a8 2023-08-23 op 
125 f9ab77a8 2023-08-23 op 	/* It was resolved somehow; now try connecting to what we got */
126 f9ab77a8 2023-08-23 op 	s = -1;
127 f9ab77a8 2023-08-23 op 	for (res = res0; res; res = res->ai_next) {
128 f9ab77a8 2023-08-23 op 		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
129 f9ab77a8 2023-08-23 op 		if (s == -1) {
130 f9ab77a8 2023-08-23 op 			tls_set_error(ctx, "socket");
131 f9ab77a8 2023-08-23 op 			continue;
132 f9ab77a8 2023-08-23 op 		}
133 f9ab77a8 2023-08-23 op 		if (connect(s, res->ai_addr, res->ai_addrlen) == -1) {
134 f9ab77a8 2023-08-23 op 			tls_set_error(ctx, "connect");
135 f9ab77a8 2023-08-23 op 			close(s);
136 f9ab77a8 2023-08-23 op 			s = -1;
137 f9ab77a8 2023-08-23 op 			continue;
138 f9ab77a8 2023-08-23 op 		}
139 f9ab77a8 2023-08-23 op 
140 f9ab77a8 2023-08-23 op 		break;  /* Connected. */
141 f9ab77a8 2023-08-23 op 	}
142 f9ab77a8 2023-08-23 op 	freeaddrinfo(res0);
143 f9ab77a8 2023-08-23 op 
144 f9ab77a8 2023-08-23 op 	if (s == -1)
145 f9ab77a8 2023-08-23 op 		goto err;
146 f9ab77a8 2023-08-23 op 
147 f9ab77a8 2023-08-23 op 	if (servername == NULL)
148 f9ab77a8 2023-08-23 op 		servername = h;
149 f9ab77a8 2023-08-23 op 
150 f9ab77a8 2023-08-23 op 	if (tls_connect_socket(ctx, s, servername) != 0) {
151 f9ab77a8 2023-08-23 op 		close(s);
152 f9ab77a8 2023-08-23 op 		goto err;
153 f9ab77a8 2023-08-23 op 	}
154 f9ab77a8 2023-08-23 op 
155 f9ab77a8 2023-08-23 op 	ctx->socket = s;
156 f9ab77a8 2023-08-23 op 
157 f9ab77a8 2023-08-23 op 	rv = 0;
158 f9ab77a8 2023-08-23 op 
159 f9ab77a8 2023-08-23 op  err:
160 f9ab77a8 2023-08-23 op 	free(hs);
161 f9ab77a8 2023-08-23 op 	free(ps);
162 f9ab77a8 2023-08-23 op 
163 f9ab77a8 2023-08-23 op 	return (rv);
164 f9ab77a8 2023-08-23 op }
165 f9ab77a8 2023-08-23 op 
166 f9ab77a8 2023-08-23 op static int
167 f9ab77a8 2023-08-23 op tls_client_read_session(struct tls *ctx)
168 f9ab77a8 2023-08-23 op {
169 f9ab77a8 2023-08-23 op 	int sfd = ctx->config->session_fd;
170 f9ab77a8 2023-08-23 op 	uint8_t *session = NULL;
171 f9ab77a8 2023-08-23 op 	size_t session_len = 0;
172 f9ab77a8 2023-08-23 op 	SSL_SESSION *ss = NULL;
173 f9ab77a8 2023-08-23 op 	BIO *bio = NULL;
174 f9ab77a8 2023-08-23 op 	struct stat sb;
175 f9ab77a8 2023-08-23 op 	ssize_t n;
176 f9ab77a8 2023-08-23 op 	int rv = -1;
177 f9ab77a8 2023-08-23 op 
178 f9ab77a8 2023-08-23 op 	if (fstat(sfd, &sb) == -1) {
179 f9ab77a8 2023-08-23 op 		tls_set_error(ctx, "failed to stat session file");
180 f9ab77a8 2023-08-23 op 		goto err;
181 f9ab77a8 2023-08-23 op 	}
182 f9ab77a8 2023-08-23 op 	if (sb.st_size < 0 || sb.st_size > INT_MAX) {
183 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "invalid session file size");
184 f9ab77a8 2023-08-23 op 		goto err;
185 f9ab77a8 2023-08-23 op 	}
186 f9ab77a8 2023-08-23 op 	session_len = (size_t)sb.st_size;
187 f9ab77a8 2023-08-23 op 
188 f9ab77a8 2023-08-23 op 	/* A zero size file means that we do not yet have a valid session. */
189 f9ab77a8 2023-08-23 op 	if (session_len == 0)
190 f9ab77a8 2023-08-23 op 		goto done;
191 f9ab77a8 2023-08-23 op 
192 f9ab77a8 2023-08-23 op 	if ((session = malloc(session_len)) == NULL)
193 f9ab77a8 2023-08-23 op 		goto err;
194 f9ab77a8 2023-08-23 op 
195 f9ab77a8 2023-08-23 op 	n = pread(sfd, session, session_len, 0);
196 f9ab77a8 2023-08-23 op 	if (n < 0 || (size_t)n != session_len) {
197 f9ab77a8 2023-08-23 op 		tls_set_error(ctx, "failed to read session file");
198 f9ab77a8 2023-08-23 op 		goto err;
199 f9ab77a8 2023-08-23 op 	}
200 f9ab77a8 2023-08-23 op 	if ((bio = BIO_new_mem_buf(session, session_len)) == NULL)
201 f9ab77a8 2023-08-23 op 		goto err;
202 f9ab77a8 2023-08-23 op 	if ((ss = PEM_read_bio_SSL_SESSION(bio, NULL, tls_password_cb,
203 f9ab77a8 2023-08-23 op 	    NULL)) == NULL) {
204 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "failed to parse session");
205 f9ab77a8 2023-08-23 op 		goto err;
206 f9ab77a8 2023-08-23 op 	}
207 f9ab77a8 2023-08-23 op 
208 f9ab77a8 2023-08-23 op 	if (SSL_set_session(ctx->ssl_conn, ss) != 1) {
209 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "failed to set session");
210 f9ab77a8 2023-08-23 op 		goto err;
211 f9ab77a8 2023-08-23 op 	}
212 f9ab77a8 2023-08-23 op 
213 f9ab77a8 2023-08-23 op  done:
214 f9ab77a8 2023-08-23 op 	rv = 0;
215 f9ab77a8 2023-08-23 op 
216 f9ab77a8 2023-08-23 op  err:
217 f9ab77a8 2023-08-23 op 	freezero(session, session_len);
218 f9ab77a8 2023-08-23 op 	SSL_SESSION_free(ss);
219 f9ab77a8 2023-08-23 op 	BIO_free(bio);
220 f9ab77a8 2023-08-23 op 
221 f9ab77a8 2023-08-23 op 	return rv;
222 f9ab77a8 2023-08-23 op }
223 f9ab77a8 2023-08-23 op 
224 f9ab77a8 2023-08-23 op static int
225 f9ab77a8 2023-08-23 op tls_client_write_session(struct tls *ctx)
226 f9ab77a8 2023-08-23 op {
227 f9ab77a8 2023-08-23 op 	int sfd = ctx->config->session_fd;
228 f9ab77a8 2023-08-23 op 	SSL_SESSION *ss = NULL;
229 f9ab77a8 2023-08-23 op 	BIO *bio = NULL;
230 f9ab77a8 2023-08-23 op 	long data_len;
231 f9ab77a8 2023-08-23 op 	char *data;
232 f9ab77a8 2023-08-23 op 	off_t offset;
233 f9ab77a8 2023-08-23 op 	size_t len;
234 f9ab77a8 2023-08-23 op 	ssize_t n;
235 f9ab77a8 2023-08-23 op 	int rv = -1;
236 f9ab77a8 2023-08-23 op 
237 f9ab77a8 2023-08-23 op 	if ((ss = SSL_get1_session(ctx->ssl_conn)) == NULL) {
238 f9ab77a8 2023-08-23 op 		if (ftruncate(sfd, 0) == -1) {
239 f9ab77a8 2023-08-23 op 			tls_set_error(ctx, "failed to truncate session file");
240 f9ab77a8 2023-08-23 op 			goto err;
241 f9ab77a8 2023-08-23 op 		}
242 f9ab77a8 2023-08-23 op 		goto done;
243 f9ab77a8 2023-08-23 op 	}
244 f9ab77a8 2023-08-23 op 
245 f9ab77a8 2023-08-23 op 	if ((bio = BIO_new(BIO_s_mem())) == NULL)
246 f9ab77a8 2023-08-23 op 		goto err;
247 f9ab77a8 2023-08-23 op 	if (PEM_write_bio_SSL_SESSION(bio, ss) == 0)
248 f9ab77a8 2023-08-23 op 		goto err;
249 f9ab77a8 2023-08-23 op 	if ((data_len = BIO_get_mem_data(bio, &data)) <= 0)
250 f9ab77a8 2023-08-23 op 		goto err;
251 f9ab77a8 2023-08-23 op 
252 f9ab77a8 2023-08-23 op 	len = (size_t)data_len;
253 f9ab77a8 2023-08-23 op 	offset = 0;
254 f9ab77a8 2023-08-23 op 
255 f9ab77a8 2023-08-23 op 	if (ftruncate(sfd, len) == -1) {
256 f9ab77a8 2023-08-23 op 		tls_set_error(ctx, "failed to truncate session file");
257 f9ab77a8 2023-08-23 op 		goto err;
258 f9ab77a8 2023-08-23 op 	}
259 f9ab77a8 2023-08-23 op 	while (len > 0) {
260 f9ab77a8 2023-08-23 op 		if ((n = pwrite(sfd, data + offset, len, offset)) == -1) {
261 f9ab77a8 2023-08-23 op 			tls_set_error(ctx, "failed to write session file");
262 f9ab77a8 2023-08-23 op 			goto err;
263 f9ab77a8 2023-08-23 op 		}
264 f9ab77a8 2023-08-23 op 		offset += n;
265 f9ab77a8 2023-08-23 op 		len -= n;
266 f9ab77a8 2023-08-23 op 	}
267 f9ab77a8 2023-08-23 op 
268 f9ab77a8 2023-08-23 op  done:
269 f9ab77a8 2023-08-23 op 	rv = 0;
270 f9ab77a8 2023-08-23 op 
271 f9ab77a8 2023-08-23 op  err:
272 f9ab77a8 2023-08-23 op 	SSL_SESSION_free(ss);
273 f9ab77a8 2023-08-23 op 	BIO_free_all(bio);
274 f9ab77a8 2023-08-23 op 
275 f9ab77a8 2023-08-23 op 	return (rv);
276 f9ab77a8 2023-08-23 op }
277 f9ab77a8 2023-08-23 op 
278 f9ab77a8 2023-08-23 op static int
279 f9ab77a8 2023-08-23 op tls_connect_common(struct tls *ctx, const char *servername)
280 f9ab77a8 2023-08-23 op {
281 f9ab77a8 2023-08-23 op 	union tls_addr addrbuf;
282 f9ab77a8 2023-08-23 op 	size_t servername_len;
283 f9ab77a8 2023-08-23 op 	int rv = -1;
284 f9ab77a8 2023-08-23 op 
285 f9ab77a8 2023-08-23 op 	if ((ctx->flags & TLS_CLIENT) == 0) {
286 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "not a client context");
287 f9ab77a8 2023-08-23 op 		goto err;
288 f9ab77a8 2023-08-23 op 	}
289 f9ab77a8 2023-08-23 op 
290 f9ab77a8 2023-08-23 op 	if (servername != NULL) {
291 f9ab77a8 2023-08-23 op 		if ((ctx->servername = strdup(servername)) == NULL) {
292 f9ab77a8 2023-08-23 op 			tls_set_errorx(ctx, "out of memory");
293 f9ab77a8 2023-08-23 op 			goto err;
294 f9ab77a8 2023-08-23 op 		}
295 f9ab77a8 2023-08-23 op 
296 f9ab77a8 2023-08-23 op 		/*
297 f9ab77a8 2023-08-23 op 		 * If there's a trailing dot, remove it. While an FQDN includes
298 f9ab77a8 2023-08-23 op 		 * the terminating dot representing the zero-length label of
299 f9ab77a8 2023-08-23 op 		 * the root (RFC 8499, section 2), the SNI explicitly does not
300 f9ab77a8 2023-08-23 op 		 * include it (RFC 6066, section 3).
301 f9ab77a8 2023-08-23 op 		 */
302 f9ab77a8 2023-08-23 op 		servername_len = strlen(ctx->servername);
303 f9ab77a8 2023-08-23 op 		if (servername_len > 0 &&
304 f9ab77a8 2023-08-23 op 		    ctx->servername[servername_len - 1] == '.')
305 f9ab77a8 2023-08-23 op 			ctx->servername[servername_len - 1] = '\0';
306 f9ab77a8 2023-08-23 op 	}
307 f9ab77a8 2023-08-23 op 
308 f9ab77a8 2023-08-23 op 	if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
309 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "ssl context failure");
310 f9ab77a8 2023-08-23 op 		goto err;
311 f9ab77a8 2023-08-23 op 	}
312 f9ab77a8 2023-08-23 op 
313 f9ab77a8 2023-08-23 op 	if (tls_configure_ssl(ctx, ctx->ssl_ctx) != 0)
314 f9ab77a8 2023-08-23 op 		goto err;
315 f9ab77a8 2023-08-23 op 
316 f9ab77a8 2023-08-23 op 	if (tls_configure_ssl_keypair(ctx, ctx->ssl_ctx,
317 f9ab77a8 2023-08-23 op 	    ctx->config->keypair, 0) != 0)
318 f9ab77a8 2023-08-23 op 		goto err;
319 f9ab77a8 2023-08-23 op 
320 f9ab77a8 2023-08-23 op 	if (ctx->config->verify_name) {
321 f9ab77a8 2023-08-23 op 		if (ctx->servername == NULL) {
322 f9ab77a8 2023-08-23 op 			tls_set_errorx(ctx, "server name not specified");
323 f9ab77a8 2023-08-23 op 			goto err;
324 f9ab77a8 2023-08-23 op 		}
325 f9ab77a8 2023-08-23 op 	}
326 f9ab77a8 2023-08-23 op 
327 f9ab77a8 2023-08-23 op 	if (tls_configure_ssl_verify(ctx, ctx->ssl_ctx, SSL_VERIFY_PEER) == -1)
328 f9ab77a8 2023-08-23 op 		goto err;
329 f9ab77a8 2023-08-23 op 
330 f9ab77a8 2023-08-23 op 	if (ctx->config->ecdhecurves != NULL) {
331 f9ab77a8 2023-08-23 op 		if (SSL_CTX_set1_groups(ctx->ssl_ctx, ctx->config->ecdhecurves,
332 f9ab77a8 2023-08-23 op 		    ctx->config->ecdhecurves_len) != 1) {
333 f9ab77a8 2023-08-23 op 			tls_set_errorx(ctx, "failed to set ecdhe curves");
334 f9ab77a8 2023-08-23 op 			goto err;
335 f9ab77a8 2023-08-23 op 		}
336 f9ab77a8 2023-08-23 op 	}
337 f9ab77a8 2023-08-23 op 
338 f9ab77a8 2023-08-23 op 	if (SSL_CTX_set_tlsext_status_cb(ctx->ssl_ctx, tls_ocsp_verify_cb) != 1) {
339 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "ssl OCSP verification setup failure");
340 f9ab77a8 2023-08-23 op 		goto err;
341 f9ab77a8 2023-08-23 op 	}
342 f9ab77a8 2023-08-23 op 
343 f9ab77a8 2023-08-23 op 	if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
344 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "ssl connection failure");
345 f9ab77a8 2023-08-23 op 		goto err;
346 f9ab77a8 2023-08-23 op 	}
347 f9ab77a8 2023-08-23 op 
348 f9ab77a8 2023-08-23 op 	if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {
349 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "ssl application data failure");
350 f9ab77a8 2023-08-23 op 		goto err;
351 f9ab77a8 2023-08-23 op 	}
352 f9ab77a8 2023-08-23 op 
353 f9ab77a8 2023-08-23 op 	if (ctx->config->session_fd != -1) {
354 f9ab77a8 2023-08-23 op 		SSL_clear_options(ctx->ssl_conn, SSL_OP_NO_TICKET);
355 f9ab77a8 2023-08-23 op 		if (tls_client_read_session(ctx) == -1)
356 f9ab77a8 2023-08-23 op 			goto err;
357 f9ab77a8 2023-08-23 op 	}
358 f9ab77a8 2023-08-23 op 
359 f9ab77a8 2023-08-23 op 	if (SSL_set_tlsext_status_type(ctx->ssl_conn, TLSEXT_STATUSTYPE_ocsp) != 1) {
360 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "ssl OCSP extension setup failure");
361 f9ab77a8 2023-08-23 op 		goto err;
362 f9ab77a8 2023-08-23 op 	}
363 f9ab77a8 2023-08-23 op 
364 f9ab77a8 2023-08-23 op 	/*
365 f9ab77a8 2023-08-23 op 	 * RFC 6066 (SNI): Literal IPv4 and IPv6 addresses are not
366 f9ab77a8 2023-08-23 op 	 * permitted in "HostName".
367 f9ab77a8 2023-08-23 op 	 */
368 f9ab77a8 2023-08-23 op 	if (ctx->servername != NULL &&
369 f9ab77a8 2023-08-23 op 	    inet_pton(AF_INET, ctx->servername, &addrbuf) != 1 &&
370 f9ab77a8 2023-08-23 op 	    inet_pton(AF_INET6, ctx->servername, &addrbuf) != 1) {
371 f9ab77a8 2023-08-23 op 		if (SSL_set_tlsext_host_name(ctx->ssl_conn,
372 f9ab77a8 2023-08-23 op 		    ctx->servername) == 0) {
373 f9ab77a8 2023-08-23 op 			tls_set_errorx(ctx, "server name indication failure");
374 f9ab77a8 2023-08-23 op 			goto err;
375 f9ab77a8 2023-08-23 op 		}
376 f9ab77a8 2023-08-23 op 	}
377 f9ab77a8 2023-08-23 op 
378 f9ab77a8 2023-08-23 op 	ctx->state |= TLS_CONNECTED;
379 f9ab77a8 2023-08-23 op 	rv = 0;
380 f9ab77a8 2023-08-23 op 
381 f9ab77a8 2023-08-23 op  err:
382 f9ab77a8 2023-08-23 op 	return (rv);
383 f9ab77a8 2023-08-23 op }
384 f9ab77a8 2023-08-23 op 
385 f9ab77a8 2023-08-23 op int
386 f9ab77a8 2023-08-23 op tls_connect_socket(struct tls *ctx, int s, const char *servername)
387 f9ab77a8 2023-08-23 op {
388 f9ab77a8 2023-08-23 op 	return tls_connect_fds(ctx, s, s, servername);
389 f9ab77a8 2023-08-23 op }
390 f9ab77a8 2023-08-23 op 
391 f9ab77a8 2023-08-23 op int
392 f9ab77a8 2023-08-23 op tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
393 f9ab77a8 2023-08-23 op     const char *servername)
394 f9ab77a8 2023-08-23 op {
395 f9ab77a8 2023-08-23 op 	int rv = -1;
396 f9ab77a8 2023-08-23 op 
397 f9ab77a8 2023-08-23 op 	if (fd_read < 0 || fd_write < 0) {
398 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "invalid file descriptors");
399 f9ab77a8 2023-08-23 op 		goto err;
400 f9ab77a8 2023-08-23 op 	}
401 f9ab77a8 2023-08-23 op 
402 f9ab77a8 2023-08-23 op 	if (tls_connect_common(ctx, servername) != 0)
403 f9ab77a8 2023-08-23 op 		goto err;
404 f9ab77a8 2023-08-23 op 
405 f9ab77a8 2023-08-23 op 	if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 ||
406 f9ab77a8 2023-08-23 op 	    SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {
407 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "ssl file descriptor failure");
408 f9ab77a8 2023-08-23 op 		goto err;
409 f9ab77a8 2023-08-23 op 	}
410 f9ab77a8 2023-08-23 op 
411 f9ab77a8 2023-08-23 op 	rv = 0;
412 f9ab77a8 2023-08-23 op  err:
413 f9ab77a8 2023-08-23 op 	return (rv);
414 f9ab77a8 2023-08-23 op }
415 f9ab77a8 2023-08-23 op 
416 f9ab77a8 2023-08-23 op int
417 f9ab77a8 2023-08-23 op tls_connect_cbs(struct tls *ctx, tls_read_cb read_cb,
418 f9ab77a8 2023-08-23 op     tls_write_cb write_cb, void *cb_arg, const char *servername)
419 f9ab77a8 2023-08-23 op {
420 f9ab77a8 2023-08-23 op 	int rv = -1;
421 f9ab77a8 2023-08-23 op 
422 f9ab77a8 2023-08-23 op 	if (tls_connect_common(ctx, servername) != 0)
423 f9ab77a8 2023-08-23 op 		goto err;
424 f9ab77a8 2023-08-23 op 
425 f9ab77a8 2023-08-23 op 	if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0)
426 f9ab77a8 2023-08-23 op 		goto err;
427 f9ab77a8 2023-08-23 op 
428 f9ab77a8 2023-08-23 op 	rv = 0;
429 f9ab77a8 2023-08-23 op 
430 f9ab77a8 2023-08-23 op  err:
431 f9ab77a8 2023-08-23 op 	return (rv);
432 f9ab77a8 2023-08-23 op }
433 f9ab77a8 2023-08-23 op 
434 f9ab77a8 2023-08-23 op int
435 f9ab77a8 2023-08-23 op tls_handshake_client(struct tls *ctx)
436 f9ab77a8 2023-08-23 op {
437 f9ab77a8 2023-08-23 op 	X509 *cert = NULL;
438 f9ab77a8 2023-08-23 op 	int match, ssl_ret;
439 f9ab77a8 2023-08-23 op 	int rv = -1;
440 f9ab77a8 2023-08-23 op 
441 f9ab77a8 2023-08-23 op 	if ((ctx->flags & TLS_CLIENT) == 0) {
442 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "not a client context");
443 f9ab77a8 2023-08-23 op 		goto err;
444 f9ab77a8 2023-08-23 op 	}
445 f9ab77a8 2023-08-23 op 
446 f9ab77a8 2023-08-23 op 	if ((ctx->state & TLS_CONNECTED) == 0) {
447 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "context not connected");
448 f9ab77a8 2023-08-23 op 		goto err;
449 f9ab77a8 2023-08-23 op 	}
450 f9ab77a8 2023-08-23 op 
451 f9ab77a8 2023-08-23 op 	ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;
452 f9ab77a8 2023-08-23 op 
453 f9ab77a8 2023-08-23 op 	ERR_clear_error();
454 f9ab77a8 2023-08-23 op 	if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) {
455 f9ab77a8 2023-08-23 op 		rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
456 f9ab77a8 2023-08-23 op 		goto err;
457 f9ab77a8 2023-08-23 op 	}
458 f9ab77a8 2023-08-23 op 
459 f9ab77a8 2023-08-23 op 	if (ctx->config->verify_name) {
460 f9ab77a8 2023-08-23 op 		cert = SSL_get_peer_certificate(ctx->ssl_conn);
461 f9ab77a8 2023-08-23 op 		if (cert == NULL) {
462 f9ab77a8 2023-08-23 op 			tls_set_errorx(ctx, "no server certificate");
463 f9ab77a8 2023-08-23 op 			goto err;
464 f9ab77a8 2023-08-23 op 		}
465 f9ab77a8 2023-08-23 op 		if (tls_check_name(ctx, cert, ctx->servername, &match) == -1)
466 f9ab77a8 2023-08-23 op 			goto err;
467 f9ab77a8 2023-08-23 op 		if (!match) {
468 f9ab77a8 2023-08-23 op 			tls_set_errorx(ctx, "name `%s' not present in"
469 f9ab77a8 2023-08-23 op 			    " server certificate", ctx->servername);
470 f9ab77a8 2023-08-23 op 			goto err;
471 f9ab77a8 2023-08-23 op 		}
472 f9ab77a8 2023-08-23 op 	}
473 f9ab77a8 2023-08-23 op 
474 f9ab77a8 2023-08-23 op 	ctx->state |= TLS_HANDSHAKE_COMPLETE;
475 f9ab77a8 2023-08-23 op 
476 f9ab77a8 2023-08-23 op 	if (ctx->config->session_fd != -1) {
477 f9ab77a8 2023-08-23 op 		if (tls_client_write_session(ctx) == -1)
478 f9ab77a8 2023-08-23 op 			goto err;
479 f9ab77a8 2023-08-23 op 	}
480 f9ab77a8 2023-08-23 op 
481 f9ab77a8 2023-08-23 op 	rv = 0;
482 f9ab77a8 2023-08-23 op 
483 f9ab77a8 2023-08-23 op  err:
484 f9ab77a8 2023-08-23 op 	X509_free(cert);
485 f9ab77a8 2023-08-23 op 
486 f9ab77a8 2023-08-23 op 	return (rv);
487 f9ab77a8 2023-08-23 op }