op public repos

Blame

Date:: Wed Aug 23 17:38:49 2023 UTC
Message:: bundle libtls gmid (like all other daemons that want to do privsep crypto) has a very close relationship with libtls and need to stay in sync with it. OpenBSD' libtls was recently changed to use OpenSSL' EC_KEY_METHOD instead of the older ECDSA_METHOD, on the gmid side we have to do the same otherwise failures happens at runtime. In a similar manner, privsep crypto is silently broken in the current libretls (next version should fix it.) The proper solution would be to complete the signer APIs so that applications don't need to dive into the library' internals, but that's a mid-term goal, for the immediate bundling the 'little' libtls is the lesser evil. The configure script has gained a new (undocumented for the time being) flag `--with-libtls=bundled|system' to control which libtls to use. It defaults to `bundled' except for OpenBSD where it uses the `system' one. Note that OpenBSD versions before 7.3 (inclusive) ought to use --with-libtls=bundled too since they still do ECDSA_METHOD.
Actions:: History | Blob | Raw File
  1 f9ab77a8 2023-08-23 op /* $OpenBSD: tls_server.c,v 1.49 2023/05/14 07:26:25 op Exp $ */
  2 f9ab77a8 2023-08-23 op /*
  3 f9ab77a8 2023-08-23 op  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  4 f9ab77a8 2023-08-23 op  *
  5 f9ab77a8 2023-08-23 op  * Permission to use, copy, modify, and distribute this software for any
  6 f9ab77a8 2023-08-23 op  * purpose with or without fee is hereby granted, provided that the above
  7 f9ab77a8 2023-08-23 op  * copyright notice and this permission notice appear in all copies.
  8 f9ab77a8 2023-08-23 op  *
  9 f9ab77a8 2023-08-23 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 10 f9ab77a8 2023-08-23 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 11 f9ab77a8 2023-08-23 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 12 f9ab77a8 2023-08-23 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 13 f9ab77a8 2023-08-23 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 14 f9ab77a8 2023-08-23 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 15 f9ab77a8 2023-08-23 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 16 f9ab77a8 2023-08-23 op  */
 17 f9ab77a8 2023-08-23 op 
 18 f9ab77a8 2023-08-23 op #include "config.h"
 19 f9ab77a8 2023-08-23 op 
 20 f9ab77a8 2023-08-23 op #include <sys/socket.h>
 21 f9ab77a8 2023-08-23 op 
 22 f9ab77a8 2023-08-23 op #include <arpa/inet.h>
 23 f9ab77a8 2023-08-23 op 
 24 f9ab77a8 2023-08-23 op #include <string.h>
 25 f9ab77a8 2023-08-23 op 
 26 f9ab77a8 2023-08-23 op #include <openssl/asn1.h>
 27 f9ab77a8 2023-08-23 op #include <openssl/ec.h>
 28 f9ab77a8 2023-08-23 op #include <openssl/err.h>
 29 f9ab77a8 2023-08-23 op #include <openssl/ssl.h>
 30 f9ab77a8 2023-08-23 op 
 31 f9ab77a8 2023-08-23 op #include <tls.h>
 32 f9ab77a8 2023-08-23 op #include "tls_internal.h"
 33 f9ab77a8 2023-08-23 op 
 34 f9ab77a8 2023-08-23 op struct tls *
 35 f9ab77a8 2023-08-23 op tls_server(void)
 36 f9ab77a8 2023-08-23 op {
 37 f9ab77a8 2023-08-23 op 	struct tls *ctx;
 38 f9ab77a8 2023-08-23 op 
 39 f9ab77a8 2023-08-23 op 	if (tls_init() == -1)
 40 f9ab77a8 2023-08-23 op 		return (NULL);
 41 f9ab77a8 2023-08-23 op 
 42 f9ab77a8 2023-08-23 op 	if ((ctx = tls_new()) == NULL)
 43 f9ab77a8 2023-08-23 op 		return (NULL);
 44 f9ab77a8 2023-08-23 op 
 45 f9ab77a8 2023-08-23 op 	ctx->flags |= TLS_SERVER;
 46 f9ab77a8 2023-08-23 op 
 47 f9ab77a8 2023-08-23 op 	return (ctx);
 48 f9ab77a8 2023-08-23 op }
 49 f9ab77a8 2023-08-23 op 
 50 f9ab77a8 2023-08-23 op struct tls *
 51 f9ab77a8 2023-08-23 op tls_server_conn(struct tls *ctx)
 52 f9ab77a8 2023-08-23 op {
 53 f9ab77a8 2023-08-23 op 	struct tls *conn_ctx;
 54 f9ab77a8 2023-08-23 op 
 55 f9ab77a8 2023-08-23 op 	if ((conn_ctx = tls_new()) == NULL)
 56 f9ab77a8 2023-08-23 op 		return (NULL);
 57 f9ab77a8 2023-08-23 op 
 58 f9ab77a8 2023-08-23 op 	conn_ctx->flags |= TLS_SERVER_CONN;
 59 f9ab77a8 2023-08-23 op 
 60 f9ab77a8 2023-08-23 op 	ctx->config->refcount++;
 61 f9ab77a8 2023-08-23 op 
 62 f9ab77a8 2023-08-23 op 	conn_ctx->config = ctx->config;
 63 f9ab77a8 2023-08-23 op 	conn_ctx->keypair = ctx->config->keypair;
 64 f9ab77a8 2023-08-23 op 
 65 f9ab77a8 2023-08-23 op 	return (conn_ctx);
 66 f9ab77a8 2023-08-23 op }
 67 f9ab77a8 2023-08-23 op 
 68 f9ab77a8 2023-08-23 op static int
 69 f9ab77a8 2023-08-23 op tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen,
 70 f9ab77a8 2023-08-23 op     const unsigned char *in, unsigned int inlen, void *arg)
 71 f9ab77a8 2023-08-23 op {
 72 f9ab77a8 2023-08-23 op 	struct tls *ctx = arg;
 73 f9ab77a8 2023-08-23 op 
 74 f9ab77a8 2023-08-23 op 	if (SSL_select_next_proto((unsigned char**)out, outlen,
 75 f9ab77a8 2023-08-23 op 	    ctx->config->alpn, ctx->config->alpn_len, in, inlen) ==
 76 f9ab77a8 2023-08-23 op 	    OPENSSL_NPN_NEGOTIATED)
 77 f9ab77a8 2023-08-23 op 		return (SSL_TLSEXT_ERR_OK);
 78 f9ab77a8 2023-08-23 op 
 79 f9ab77a8 2023-08-23 op 	return (SSL_TLSEXT_ERR_NOACK);
 80 f9ab77a8 2023-08-23 op }
 81 f9ab77a8 2023-08-23 op 
 82 f9ab77a8 2023-08-23 op static int
 83 f9ab77a8 2023-08-23 op tls_servername_cb(SSL *ssl, int *al, void *arg)
 84 f9ab77a8 2023-08-23 op {
 85 f9ab77a8 2023-08-23 op 	struct tls *ctx = (struct tls *)arg;
 86 f9ab77a8 2023-08-23 op 	struct tls_sni_ctx *sni_ctx;
 87 f9ab77a8 2023-08-23 op 	union tls_addr addrbuf;
 88 f9ab77a8 2023-08-23 op 	struct tls *conn_ctx;
 89 f9ab77a8 2023-08-23 op 	const char *name;
 90 f9ab77a8 2023-08-23 op 	int match;
 91 f9ab77a8 2023-08-23 op 
 92 f9ab77a8 2023-08-23 op 	if ((conn_ctx = SSL_get_app_data(ssl)) == NULL)
 93 f9ab77a8 2023-08-23 op 		goto err;
 94 f9ab77a8 2023-08-23 op 
 95 f9ab77a8 2023-08-23 op 	if ((name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) ==
 96 f9ab77a8 2023-08-23 op 	    NULL) {
 97 f9ab77a8 2023-08-23 op 		/*
 98 f9ab77a8 2023-08-23 op 		 * The servername callback gets called even when there is no
 99 f9ab77a8 2023-08-23 op 		 * TLS servername extension provided by the client. Sigh!
100 f9ab77a8 2023-08-23 op 		 */
101 f9ab77a8 2023-08-23 op 		return (SSL_TLSEXT_ERR_NOACK);
102 f9ab77a8 2023-08-23 op 	}
103 f9ab77a8 2023-08-23 op 
104 f9ab77a8 2023-08-23 op 	/*
105 f9ab77a8 2023-08-23 op 	 * Per RFC 6066 section 3: ensure that name is not an IP literal.
106 f9ab77a8 2023-08-23 op 	 *
107 f9ab77a8 2023-08-23 op 	 * While we should treat this as an error, a number of clients
108 f9ab77a8 2023-08-23 op 	 * (Python, Ruby and Safari) are not RFC compliant. To avoid handshake
109 f9ab77a8 2023-08-23 op 	 * failures, pretend that we did not receive the extension.
110 f9ab77a8 2023-08-23 op 	 */
111 f9ab77a8 2023-08-23 op 	if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
112 f9ab77a8 2023-08-23 op             inet_pton(AF_INET6, name, &addrbuf) == 1)
113 f9ab77a8 2023-08-23 op 		return (SSL_TLSEXT_ERR_NOACK);
114 f9ab77a8 2023-08-23 op 
115 f9ab77a8 2023-08-23 op 	free(conn_ctx->servername);
116 f9ab77a8 2023-08-23 op 	if ((conn_ctx->servername = strdup(name)) == NULL)
117 f9ab77a8 2023-08-23 op 		goto err;
118 f9ab77a8 2023-08-23 op 
119 f9ab77a8 2023-08-23 op 	/* Find appropriate SSL context for requested servername. */
120 f9ab77a8 2023-08-23 op 	for (sni_ctx = ctx->sni_ctx; sni_ctx != NULL; sni_ctx = sni_ctx->next) {
121 f9ab77a8 2023-08-23 op 		if (tls_check_name(ctx, sni_ctx->ssl_cert, name,
122 f9ab77a8 2023-08-23 op 		    &match) == -1)
123 f9ab77a8 2023-08-23 op 			goto err;
124 f9ab77a8 2023-08-23 op 		if (match) {
125 f9ab77a8 2023-08-23 op 			conn_ctx->keypair = sni_ctx->keypair;
126 f9ab77a8 2023-08-23 op 			SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx);
127 f9ab77a8 2023-08-23 op 			return (SSL_TLSEXT_ERR_OK);
128 f9ab77a8 2023-08-23 op 		}
129 f9ab77a8 2023-08-23 op 	}
130 f9ab77a8 2023-08-23 op 
131 f9ab77a8 2023-08-23 op 	/* No match, use the existing context/certificate. */
132 f9ab77a8 2023-08-23 op 	return (SSL_TLSEXT_ERR_OK);
133 f9ab77a8 2023-08-23 op 
134 f9ab77a8 2023-08-23 op  err:
135 f9ab77a8 2023-08-23 op 	/*
136 f9ab77a8 2023-08-23 op 	 * There is no way to tell libssl that an internal failure occurred.
137 f9ab77a8 2023-08-23 op 	 * The only option we have is to return a fatal alert.
138 f9ab77a8 2023-08-23 op 	 */
139 f9ab77a8 2023-08-23 op 	*al = SSL_AD_INTERNAL_ERROR;
140 f9ab77a8 2023-08-23 op 	return (SSL_TLSEXT_ERR_ALERT_FATAL);
141 f9ab77a8 2023-08-23 op }
142 f9ab77a8 2023-08-23 op 
143 f9ab77a8 2023-08-23 op static struct tls_ticket_key *
144 f9ab77a8 2023-08-23 op tls_server_ticket_key(struct tls_config *config, unsigned char *keyname)
145 f9ab77a8 2023-08-23 op {
146 f9ab77a8 2023-08-23 op 	struct tls_ticket_key *key = NULL;
147 f9ab77a8 2023-08-23 op 	time_t now;
148 f9ab77a8 2023-08-23 op 	int i;
149 f9ab77a8 2023-08-23 op 
150 f9ab77a8 2023-08-23 op 	now = time(NULL);
151 f9ab77a8 2023-08-23 op 	if (config->ticket_autorekey == 1) {
152 f9ab77a8 2023-08-23 op 		if (now - 3 * (config->session_lifetime / 4) >
153 f9ab77a8 2023-08-23 op 		    config->ticket_keys[0].time) {
154 f9ab77a8 2023-08-23 op 			if (tls_config_ticket_autorekey(config) == -1)
155 f9ab77a8 2023-08-23 op 				return (NULL);
156 f9ab77a8 2023-08-23 op 		}
157 f9ab77a8 2023-08-23 op 	}
158 f9ab77a8 2023-08-23 op 	for (i = 0; i < TLS_NUM_TICKETS; i++) {
159 f9ab77a8 2023-08-23 op 		struct tls_ticket_key *tk = &config->ticket_keys[i];
160 f9ab77a8 2023-08-23 op 		if (now - config->session_lifetime > tk->time)
161 f9ab77a8 2023-08-23 op 			continue;
162 f9ab77a8 2023-08-23 op 		if (keyname == NULL || timingsafe_memcmp(keyname,
163 f9ab77a8 2023-08-23 op 		    tk->key_name, sizeof(tk->key_name)) == 0) {
164 f9ab77a8 2023-08-23 op 			key = tk;
165 f9ab77a8 2023-08-23 op 			break;
166 f9ab77a8 2023-08-23 op 		}
167 f9ab77a8 2023-08-23 op 	}
168 f9ab77a8 2023-08-23 op 	return (key);
169 f9ab77a8 2023-08-23 op }
170 f9ab77a8 2023-08-23 op 
171 f9ab77a8 2023-08-23 op static int
172 f9ab77a8 2023-08-23 op tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv,
173 f9ab77a8 2023-08-23 op     EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int mode)
174 f9ab77a8 2023-08-23 op {
175 f9ab77a8 2023-08-23 op 	struct tls_ticket_key *key;
176 f9ab77a8 2023-08-23 op 	struct tls *tls_ctx;
177 f9ab77a8 2023-08-23 op 
178 f9ab77a8 2023-08-23 op 	if ((tls_ctx = SSL_get_app_data(ssl)) == NULL)
179 f9ab77a8 2023-08-23 op 		return (-1);
180 f9ab77a8 2023-08-23 op 
181 f9ab77a8 2023-08-23 op 	if (mode == 1) {
182 f9ab77a8 2023-08-23 op 		/* create new session */
183 f9ab77a8 2023-08-23 op 		key = tls_server_ticket_key(tls_ctx->config, NULL);
184 f9ab77a8 2023-08-23 op 		if (key == NULL) {
185 f9ab77a8 2023-08-23 op 			tls_set_errorx(tls_ctx, "no valid ticket key found");
186 f9ab77a8 2023-08-23 op 			return (-1);
187 f9ab77a8 2023-08-23 op 		}
188 f9ab77a8 2023-08-23 op 
189 f9ab77a8 2023-08-23 op 		memcpy(keyname, key->key_name, sizeof(key->key_name));
190 f9ab77a8 2023-08-23 op 		arc4random_buf(iv, EVP_MAX_IV_LENGTH);
191 f9ab77a8 2023-08-23 op 		if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
192 f9ab77a8 2023-08-23 op 		    key->aes_key, iv)) {
193 f9ab77a8 2023-08-23 op 			tls_set_errorx(tls_ctx, "failed to init encrypt");
194 f9ab77a8 2023-08-23 op 			return (-1);
195 f9ab77a8 2023-08-23 op 		}
196 f9ab77a8 2023-08-23 op 		if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
197 f9ab77a8 2023-08-23 op 		    EVP_sha256(), NULL)) {
198 f9ab77a8 2023-08-23 op 			tls_set_errorx(tls_ctx, "failed to init hmac");
199 f9ab77a8 2023-08-23 op 			return (-1);
200 f9ab77a8 2023-08-23 op 		}
201 f9ab77a8 2023-08-23 op 		return (0);
202 f9ab77a8 2023-08-23 op 	} else {
203 f9ab77a8 2023-08-23 op 		/* get key by name */
204 f9ab77a8 2023-08-23 op 		key = tls_server_ticket_key(tls_ctx->config, keyname);
205 f9ab77a8 2023-08-23 op 		if (key == NULL)
206 f9ab77a8 2023-08-23 op 			return (0);
207 f9ab77a8 2023-08-23 op 
208 f9ab77a8 2023-08-23 op 		if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
209 f9ab77a8 2023-08-23 op 		    key->aes_key, iv)) {
210 f9ab77a8 2023-08-23 op 			tls_set_errorx(tls_ctx, "failed to init decrypt");
211 f9ab77a8 2023-08-23 op 			return (-1);
212 f9ab77a8 2023-08-23 op 		}
213 f9ab77a8 2023-08-23 op 		if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
214 f9ab77a8 2023-08-23 op 		    EVP_sha256(), NULL)) {
215 f9ab77a8 2023-08-23 op 			tls_set_errorx(tls_ctx, "failed to init hmac");
216 f9ab77a8 2023-08-23 op 			return (-1);
217 f9ab77a8 2023-08-23 op 		}
218 f9ab77a8 2023-08-23 op 
219 f9ab77a8 2023-08-23 op 		/* time to renew the ticket? is it the primary key? */
220 f9ab77a8 2023-08-23 op 		if (key != &tls_ctx->config->ticket_keys[0])
221 f9ab77a8 2023-08-23 op 			return (2);
222 f9ab77a8 2023-08-23 op 		return (1);
223 f9ab77a8 2023-08-23 op 	}
224 f9ab77a8 2023-08-23 op }
225 f9ab77a8 2023-08-23 op 
226 f9ab77a8 2023-08-23 op static int
227 f9ab77a8 2023-08-23 op tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
228 f9ab77a8 2023-08-23 op     struct tls_keypair *keypair)
229 f9ab77a8 2023-08-23 op {
230 f9ab77a8 2023-08-23 op 	SSL_CTX_free(*ssl_ctx);
231 f9ab77a8 2023-08-23 op 
232 f9ab77a8 2023-08-23 op 	if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
233 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "ssl context failure");
234 f9ab77a8 2023-08-23 op 		goto err;
235 f9ab77a8 2023-08-23 op 	}
236 f9ab77a8 2023-08-23 op 
237 f9ab77a8 2023-08-23 op #ifdef SSL_OP_NO_CLIENT_RENEGOTIATION
238 f9ab77a8 2023-08-23 op 	SSL_CTX_set_options(*ssl_ctx, SSL_OP_NO_CLIENT_RENEGOTIATION);
239 f9ab77a8 2023-08-23 op #endif
240 f9ab77a8 2023-08-23 op 
241 f9ab77a8 2023-08-23 op 	if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx,
242 f9ab77a8 2023-08-23 op 	    tls_servername_cb) != 1) {
243 f9ab77a8 2023-08-23 op 		tls_set_error(ctx, "failed to set servername callback");
244 f9ab77a8 2023-08-23 op 		goto err;
245 f9ab77a8 2023-08-23 op 	}
246 f9ab77a8 2023-08-23 op 	if (SSL_CTX_set_tlsext_servername_arg(*ssl_ctx, ctx) != 1) {
247 f9ab77a8 2023-08-23 op 		tls_set_error(ctx, "failed to set servername callback arg");
248 f9ab77a8 2023-08-23 op 		goto err;
249 f9ab77a8 2023-08-23 op 	}
250 f9ab77a8 2023-08-23 op 
251 f9ab77a8 2023-08-23 op 	if (tls_configure_ssl(ctx, *ssl_ctx) != 0)
252 f9ab77a8 2023-08-23 op 		goto err;
253 f9ab77a8 2023-08-23 op 	if (tls_configure_ssl_keypair(ctx, *ssl_ctx, keypair, 1) != 0)
254 f9ab77a8 2023-08-23 op 		goto err;
255 f9ab77a8 2023-08-23 op 	if (ctx->config->verify_client != 0) {
256 f9ab77a8 2023-08-23 op 		int verify = SSL_VERIFY_PEER;
257 f9ab77a8 2023-08-23 op 		if (ctx->config->verify_client == 1)
258 f9ab77a8 2023-08-23 op 			verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
259 f9ab77a8 2023-08-23 op 		if (tls_configure_ssl_verify(ctx, *ssl_ctx, verify) == -1)
260 f9ab77a8 2023-08-23 op 			goto err;
261 f9ab77a8 2023-08-23 op 	}
262 f9ab77a8 2023-08-23 op 
263 f9ab77a8 2023-08-23 op 	if (ctx->config->alpn != NULL)
264 f9ab77a8 2023-08-23 op 		SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb,
265 f9ab77a8 2023-08-23 op 		    ctx);
266 f9ab77a8 2023-08-23 op 
267 f9ab77a8 2023-08-23 op 	if (ctx->config->dheparams == -1)
268 f9ab77a8 2023-08-23 op 		SSL_CTX_set_dh_auto(*ssl_ctx, 1);
269 f9ab77a8 2023-08-23 op 	else if (ctx->config->dheparams == 1024)
270 f9ab77a8 2023-08-23 op 		SSL_CTX_set_dh_auto(*ssl_ctx, 2);
271 f9ab77a8 2023-08-23 op 
272 f9ab77a8 2023-08-23 op 	if (ctx->config->ecdhecurves != NULL) {
273 f9ab77a8 2023-08-23 op 		SSL_CTX_set_ecdh_auto(*ssl_ctx, 1);
274 f9ab77a8 2023-08-23 op 		if (SSL_CTX_set1_groups(*ssl_ctx, ctx->config->ecdhecurves,
275 f9ab77a8 2023-08-23 op 		    ctx->config->ecdhecurves_len) != 1) {
276 f9ab77a8 2023-08-23 op 			tls_set_errorx(ctx, "failed to set ecdhe curves");
277 f9ab77a8 2023-08-23 op 			goto err;
278 f9ab77a8 2023-08-23 op 		}
279 f9ab77a8 2023-08-23 op 	}
280 f9ab77a8 2023-08-23 op 
281 f9ab77a8 2023-08-23 op 	if (ctx->config->ciphers_server == 1)
282 f9ab77a8 2023-08-23 op 		SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
283 f9ab77a8 2023-08-23 op 
284 f9ab77a8 2023-08-23 op 	if (SSL_CTX_set_tlsext_status_cb(*ssl_ctx, tls_ocsp_stapling_cb) != 1) {
285 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "failed to add OCSP stapling callback");
286 f9ab77a8 2023-08-23 op 		goto err;
287 f9ab77a8 2023-08-23 op 	}
288 f9ab77a8 2023-08-23 op 
289 f9ab77a8 2023-08-23 op 	if (ctx->config->session_lifetime > 0) {
290 f9ab77a8 2023-08-23 op 		/* set the session lifetime and enable tickets */
291 f9ab77a8 2023-08-23 op 		SSL_CTX_set_timeout(*ssl_ctx, ctx->config->session_lifetime);
292 f9ab77a8 2023-08-23 op 		SSL_CTX_clear_options(*ssl_ctx, SSL_OP_NO_TICKET);
293 f9ab77a8 2023-08-23 op 		if (!SSL_CTX_set_tlsext_ticket_key_cb(*ssl_ctx,
294 f9ab77a8 2023-08-23 op 		    tls_server_ticket_cb)) {
295 f9ab77a8 2023-08-23 op 			tls_set_error(ctx,
296 f9ab77a8 2023-08-23 op 			    "failed to set the TLS ticket callback");
297 f9ab77a8 2023-08-23 op 			goto err;
298 f9ab77a8 2023-08-23 op 		}
299 f9ab77a8 2023-08-23 op 	}
300 f9ab77a8 2023-08-23 op 
301 f9ab77a8 2023-08-23 op 	if (SSL_CTX_set_session_id_context(*ssl_ctx, ctx->config->session_id,
302 f9ab77a8 2023-08-23 op 	    sizeof(ctx->config->session_id)) != 1) {
303 f9ab77a8 2023-08-23 op 		tls_set_error(ctx, "failed to set session id context");
304 f9ab77a8 2023-08-23 op 		goto err;
305 f9ab77a8 2023-08-23 op 	}
306 f9ab77a8 2023-08-23 op 
307 f9ab77a8 2023-08-23 op 	return (0);
308 f9ab77a8 2023-08-23 op 
309 f9ab77a8 2023-08-23 op   err:
310 f9ab77a8 2023-08-23 op 	SSL_CTX_free(*ssl_ctx);
311 f9ab77a8 2023-08-23 op 	*ssl_ctx = NULL;
312 f9ab77a8 2023-08-23 op 
313 f9ab77a8 2023-08-23 op 	return (-1);
314 f9ab77a8 2023-08-23 op }
315 f9ab77a8 2023-08-23 op 
316 f9ab77a8 2023-08-23 op static int
317 f9ab77a8 2023-08-23 op tls_configure_server_sni(struct tls *ctx)
318 f9ab77a8 2023-08-23 op {
319 f9ab77a8 2023-08-23 op 	struct tls_sni_ctx **sni_ctx;
320 f9ab77a8 2023-08-23 op 	struct tls_keypair *kp;
321 f9ab77a8 2023-08-23 op 
322 f9ab77a8 2023-08-23 op 	if (ctx->config->keypair->next == NULL)
323 f9ab77a8 2023-08-23 op 		return (0);
324 f9ab77a8 2023-08-23 op 
325 f9ab77a8 2023-08-23 op 	/* Set up additional SSL contexts for SNI. */
326 f9ab77a8 2023-08-23 op 	sni_ctx = &ctx->sni_ctx;
327 f9ab77a8 2023-08-23 op 	for (kp = ctx->config->keypair->next; kp != NULL; kp = kp->next) {
328 f9ab77a8 2023-08-23 op 		if ((*sni_ctx = tls_sni_ctx_new()) == NULL) {
329 f9ab77a8 2023-08-23 op 			tls_set_errorx(ctx, "out of memory");
330 f9ab77a8 2023-08-23 op 			goto err;
331 f9ab77a8 2023-08-23 op 		}
332 f9ab77a8 2023-08-23 op 		(*sni_ctx)->keypair = kp;
333 f9ab77a8 2023-08-23 op 		if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1)
334 f9ab77a8 2023-08-23 op 			goto err;
335 f9ab77a8 2023-08-23 op 		if (tls_keypair_load_cert(kp, &ctx->error,
336 f9ab77a8 2023-08-23 op 		    &(*sni_ctx)->ssl_cert) == -1)
337 f9ab77a8 2023-08-23 op 			goto err;
338 f9ab77a8 2023-08-23 op 		sni_ctx = &(*sni_ctx)->next;
339 f9ab77a8 2023-08-23 op 	}
340 f9ab77a8 2023-08-23 op 
341 f9ab77a8 2023-08-23 op 	return (0);
342 f9ab77a8 2023-08-23 op 
343 f9ab77a8 2023-08-23 op  err:
344 f9ab77a8 2023-08-23 op 	return (-1);
345 f9ab77a8 2023-08-23 op }
346 f9ab77a8 2023-08-23 op 
347 f9ab77a8 2023-08-23 op int
348 f9ab77a8 2023-08-23 op tls_configure_server(struct tls *ctx)
349 f9ab77a8 2023-08-23 op {
350 f9ab77a8 2023-08-23 op 	if (tls_configure_server_ssl(ctx, &ctx->ssl_ctx,
351 f9ab77a8 2023-08-23 op 	    ctx->config->keypair) == -1)
352 f9ab77a8 2023-08-23 op 		goto err;
353 f9ab77a8 2023-08-23 op 	if (tls_configure_server_sni(ctx) == -1)
354 f9ab77a8 2023-08-23 op 		goto err;
355 f9ab77a8 2023-08-23 op 
356 f9ab77a8 2023-08-23 op 	return (0);
357 f9ab77a8 2023-08-23 op 
358 f9ab77a8 2023-08-23 op  err:
359 f9ab77a8 2023-08-23 op 	return (-1);
360 f9ab77a8 2023-08-23 op }
361 f9ab77a8 2023-08-23 op 
362 f9ab77a8 2023-08-23 op static struct tls *
363 f9ab77a8 2023-08-23 op tls_accept_common(struct tls *ctx)
364 f9ab77a8 2023-08-23 op {
365 f9ab77a8 2023-08-23 op 	struct tls *conn_ctx = NULL;
366 f9ab77a8 2023-08-23 op 
367 f9ab77a8 2023-08-23 op 	if ((ctx->flags & TLS_SERVER) == 0) {
368 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "not a server context");
369 f9ab77a8 2023-08-23 op 		goto err;
370 f9ab77a8 2023-08-23 op 	}
371 f9ab77a8 2023-08-23 op 
372 f9ab77a8 2023-08-23 op 	if ((conn_ctx = tls_server_conn(ctx)) == NULL) {
373 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "connection context failure");
374 f9ab77a8 2023-08-23 op 		goto err;
375 f9ab77a8 2023-08-23 op 	}
376 f9ab77a8 2023-08-23 op 
377 f9ab77a8 2023-08-23 op 	if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
378 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "ssl failure");
379 f9ab77a8 2023-08-23 op 		goto err;
380 f9ab77a8 2023-08-23 op 	}
381 f9ab77a8 2023-08-23 op 
382 f9ab77a8 2023-08-23 op 	if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
383 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "ssl application data failure");
384 f9ab77a8 2023-08-23 op 		goto err;
385 f9ab77a8 2023-08-23 op 	}
386 f9ab77a8 2023-08-23 op 
387 f9ab77a8 2023-08-23 op 	return conn_ctx;
388 f9ab77a8 2023-08-23 op 
389 f9ab77a8 2023-08-23 op  err:
390 f9ab77a8 2023-08-23 op 	tls_free(conn_ctx);
391 f9ab77a8 2023-08-23 op 
392 f9ab77a8 2023-08-23 op 	return (NULL);
393 f9ab77a8 2023-08-23 op }
394 f9ab77a8 2023-08-23 op 
395 f9ab77a8 2023-08-23 op int
396 f9ab77a8 2023-08-23 op tls_accept_socket(struct tls *ctx, struct tls **cctx, int s)
397 f9ab77a8 2023-08-23 op {
398 f9ab77a8 2023-08-23 op 	return (tls_accept_fds(ctx, cctx, s, s));
399 f9ab77a8 2023-08-23 op }
400 f9ab77a8 2023-08-23 op 
401 f9ab77a8 2023-08-23 op int
402 f9ab77a8 2023-08-23 op tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
403 f9ab77a8 2023-08-23 op {
404 f9ab77a8 2023-08-23 op 	struct tls *conn_ctx;
405 f9ab77a8 2023-08-23 op 
406 f9ab77a8 2023-08-23 op 	if ((conn_ctx = tls_accept_common(ctx)) == NULL)
407 f9ab77a8 2023-08-23 op 		goto err;
408 f9ab77a8 2023-08-23 op 
409 f9ab77a8 2023-08-23 op 	if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
410 f9ab77a8 2023-08-23 op 	    SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
411 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "ssl file descriptor failure");
412 f9ab77a8 2023-08-23 op 		goto err;
413 f9ab77a8 2023-08-23 op 	}
414 f9ab77a8 2023-08-23 op 
415 f9ab77a8 2023-08-23 op 	*cctx = conn_ctx;
416 f9ab77a8 2023-08-23 op 
417 f9ab77a8 2023-08-23 op 	return (0);
418 f9ab77a8 2023-08-23 op  err:
419 f9ab77a8 2023-08-23 op 	tls_free(conn_ctx);
420 f9ab77a8 2023-08-23 op 	*cctx = NULL;
421 f9ab77a8 2023-08-23 op 
422 f9ab77a8 2023-08-23 op 	return (-1);
423 f9ab77a8 2023-08-23 op }
424 f9ab77a8 2023-08-23 op 
425 f9ab77a8 2023-08-23 op int
426 f9ab77a8 2023-08-23 op tls_accept_cbs(struct tls *ctx, struct tls **cctx,
427 f9ab77a8 2023-08-23 op     tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)
428 f9ab77a8 2023-08-23 op {
429 f9ab77a8 2023-08-23 op 	struct tls *conn_ctx;
430 f9ab77a8 2023-08-23 op 
431 f9ab77a8 2023-08-23 op 	if ((conn_ctx = tls_accept_common(ctx)) == NULL)
432 f9ab77a8 2023-08-23 op 		goto err;
433 f9ab77a8 2023-08-23 op 
434 f9ab77a8 2023-08-23 op 	if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0)
435 f9ab77a8 2023-08-23 op 		goto err;
436 f9ab77a8 2023-08-23 op 
437 f9ab77a8 2023-08-23 op 	*cctx = conn_ctx;
438 f9ab77a8 2023-08-23 op 
439 f9ab77a8 2023-08-23 op 	return (0);
440 f9ab77a8 2023-08-23 op  err:
441 f9ab77a8 2023-08-23 op 	tls_free(conn_ctx);
442 f9ab77a8 2023-08-23 op 	*cctx = NULL;
443 f9ab77a8 2023-08-23 op 
444 f9ab77a8 2023-08-23 op 	return (-1);
445 f9ab77a8 2023-08-23 op }
446 f9ab77a8 2023-08-23 op 
447 f9ab77a8 2023-08-23 op int
448 f9ab77a8 2023-08-23 op tls_handshake_server(struct tls *ctx)
449 f9ab77a8 2023-08-23 op {
450 f9ab77a8 2023-08-23 op 	int ssl_ret;
451 f9ab77a8 2023-08-23 op 	int rv = -1;
452 f9ab77a8 2023-08-23 op 
453 f9ab77a8 2023-08-23 op 	if ((ctx->flags & TLS_SERVER_CONN) == 0) {
454 f9ab77a8 2023-08-23 op 		tls_set_errorx(ctx, "not a server connection context");
455 f9ab77a8 2023-08-23 op 		goto err;
456 f9ab77a8 2023-08-23 op 	}
457 f9ab77a8 2023-08-23 op 
458 f9ab77a8 2023-08-23 op 	ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;
459 f9ab77a8 2023-08-23 op 
460 f9ab77a8 2023-08-23 op 	ERR_clear_error();
461 f9ab77a8 2023-08-23 op 	if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) {
462 f9ab77a8 2023-08-23 op 		rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
463 f9ab77a8 2023-08-23 op 		goto err;
464 f9ab77a8 2023-08-23 op 	}
465 f9ab77a8 2023-08-23 op 
466 f9ab77a8 2023-08-23 op 	ctx->state |= TLS_HANDSHAKE_COMPLETE;
467 f9ab77a8 2023-08-23 op 	rv = 0;
468 f9ab77a8 2023-08-23 op 
469 f9ab77a8 2023-08-23 op  err:
470 f9ab77a8 2023-08-23 op 	return (rv);
471 f9ab77a8 2023-08-23 op }