op public repos

Blob

Date:: Sun Jan 7 18:52:51 2024 UTC
Message:: sync libtls
Actions:: History | Blame | Raw File
1 /* $OpenBSD: tls.c,v 1.98 2023/07/02 06:37:27 beck Exp $ */
2 /*
3  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include "config.h"
19 
20 #include <sys/socket.h>
21 
22 #include <errno.h>
23 #include <limits.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <unistd.h>
27 
28 #include <openssl/bio.h>
29 #include <openssl/err.h>
30 #include <openssl/evp.h>
31 #include <openssl/pem.h>
32 #include <openssl/safestack.h>
33 #include <openssl/ssl.h>
34 #include <openssl/x509.h>
35 
36 #include <tls.h>
37 #include "tls_internal.h"
38 
39 static struct tls_config *tls_config_default;
40 
41 static int tls_init_rv = -1;
42 
43 static void
44 tls_do_init(void)
45 {
46 	OPENSSL_init_ssl(OPENSSL_INIT_NO_LOAD_CONFIG, NULL);
47 
48 	if (BIO_sock_init() != 1)
49 		return;
50 
51 	if ((tls_config_default = tls_config_new_internal()) == NULL)
52 		return;
53 
54 	tls_config_default->refcount++;
55 
56 	tls_init_rv = 0;
57 }
58 
59 int
60 tls_init(void)
61 {
62 	if (tls_init_rv == -1)
63 		tls_do_init();
64 	return tls_init_rv;
65 }
66 
67 const char *
68 tls_error(struct tls *ctx)
69 {
70 	return ctx->error.msg;
71 }
72 
73 void
74 tls_error_clear(struct tls_error *error)
75 {
76 	free(error->msg);
77 	error->msg = NULL;
78 	error->num = 0;
79 	error->tls = 0;
80 }
81 
82 static int
83 tls_error_vset(struct tls_error *error, int errnum, const char *fmt, va_list ap)
84 {
85 	char *errmsg = NULL;
86 	int rv = -1;
87 
88 	tls_error_clear(error);
89 
90 	error->num = errnum;
91 	error->tls = 1;
92 
93 	if (vasprintf(&errmsg, fmt, ap) == -1) {
94 		errmsg = NULL;
95 		goto err;
96 	}
97 
98 	if (errnum == -1) {
99 		error->msg = errmsg;
100 		return (0);
101 	}
102 
103 	if (asprintf(&error->msg, "%s: %s", errmsg, strerror(errnum)) == -1) {
104 		error->msg = NULL;
105 		goto err;
106 	}
107 	rv = 0;
108 
109  err:
110 	free(errmsg);
111 
112 	return (rv);
113 }
114 
115 int
116 tls_error_set(struct tls_error *error, const char *fmt, ...)
117 {
118 	va_list ap;
119 	int errnum, rv;
120 
121 	errnum = errno;
122 
123 	va_start(ap, fmt);
124 	rv = tls_error_vset(error, errnum, fmt, ap);
125 	va_end(ap);
126 
127 	return (rv);
128 }
129 
130 int
131 tls_error_setx(struct tls_error *error, const char *fmt, ...)
132 {
133 	va_list ap;
134 	int rv;
135 
136 	va_start(ap, fmt);
137 	rv = tls_error_vset(error, -1, fmt, ap);
138 	va_end(ap);
139 
140 	return (rv);
141 }
142 
143 int
144 tls_config_set_error(struct tls_config *config, const char *fmt, ...)
145 {
146 	va_list ap;
147 	int errnum, rv;
148 
149 	errnum = errno;
150 
151 	va_start(ap, fmt);
152 	rv = tls_error_vset(&config->error, errnum, fmt, ap);
153 	va_end(ap);
154 
155 	return (rv);
156 }
157 
158 int
159 tls_config_set_errorx(struct tls_config *config, const char *fmt, ...)
160 {
161 	va_list ap;
162 	int rv;
163 
164 	va_start(ap, fmt);
165 	rv = tls_error_vset(&config->error, -1, fmt, ap);
166 	va_end(ap);
167 
168 	return (rv);
169 }
170 
171 int
172 tls_set_error(struct tls *ctx, const char *fmt, ...)
173 {
174 	va_list ap;
175 	int errnum, rv;
176 
177 	errnum = errno;
178 
179 	va_start(ap, fmt);
180 	rv = tls_error_vset(&ctx->error, errnum, fmt, ap);
181 	va_end(ap);
182 
183 	return (rv);
184 }
185 
186 int
187 tls_set_errorx(struct tls *ctx, const char *fmt, ...)
188 {
189 	va_list ap;
190 	int rv;
191 
192 	va_start(ap, fmt);
193 	rv = tls_error_vset(&ctx->error, -1, fmt, ap);
194 	va_end(ap);
195 
196 	return (rv);
197 }
198 
199 int
200 tls_set_ssl_errorx(struct tls *ctx, const char *fmt, ...)
201 {
202 	va_list ap;
203 	int rv;
204 
205 	/* Only set an error if a more specific one does not already exist. */
206 	if (ctx->error.tls != 0)
207 		return (0);
208 
209 	va_start(ap, fmt);
210 	rv = tls_error_vset(&ctx->error, -1, fmt, ap);
211 	va_end(ap);
212 
213 	return (rv);
214 }
215 
216 struct tls_sni_ctx *
217 tls_sni_ctx_new(void)
218 {
219 	return (calloc(1, sizeof(struct tls_sni_ctx)));
220 }
221 
222 void
223 tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx)
224 {
225 	if (sni_ctx == NULL)
226 		return;
227 
228 	SSL_CTX_free(sni_ctx->ssl_ctx);
229 	X509_free(sni_ctx->ssl_cert);
230 
231 	free(sni_ctx);
232 }
233 
234 struct tls *
235 tls_new(void)
236 {
237 	struct tls *ctx;
238 
239 	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
240 		return (NULL);
241 
242 	tls_reset(ctx);
243 
244 	if (tls_configure(ctx, tls_config_default) == -1) {
245 		free(ctx);
246 		return NULL;
247 	}
248 
249 	return (ctx);
250 }
251 
252 int
253 tls_configure(struct tls *ctx, struct tls_config *config)
254 {
255 	if (config == NULL)
256 		config = tls_config_default;
257 
258 	config->refcount++;
259 
260 	tls_config_free(ctx->config);
261 
262 	ctx->config = config;
263 	ctx->keypair = config->keypair;
264 
265 	if ((ctx->flags & TLS_SERVER) != 0)
266 		return (tls_configure_server(ctx));
267 
268 	return (0);
269 }
270 
271 int
272 tls_cert_hash(X509 *cert, char **hash)
273 {
274 	char d[EVP_MAX_MD_SIZE], *dhex = NULL;
275 	int dlen, rv = -1;
276 
277 	free(*hash);
278 	*hash = NULL;
279 
280 	if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1)
281 		goto err;
282 
283 	if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
284 		goto err;
285 
286 	if (asprintf(hash, "SHA256:%s", dhex) == -1) {
287 		*hash = NULL;
288 		goto err;
289 	}
290 
291 	rv = 0;
292  err:
293 	free(dhex);
294 
295 	return (rv);
296 }
297 
298 int
299 tls_cert_pubkey_hash(X509 *cert, char **hash)
300 {
301 	char d[EVP_MAX_MD_SIZE], *dhex = NULL;
302 	int dlen, rv = -1;
303 
304 	free(*hash);
305 	*hash = NULL;
306 
307 	if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
308 		goto err;
309 
310 	if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
311 		goto err;
312 
313 	if (asprintf(hash, "SHA256:%s", dhex) == -1) {
314 		*hash = NULL;
315 		goto err;
316 	}
317 
318 	rv = 0;
319 
320  err:
321 	free(dhex);
322 
323 	return (rv);
324 }
325 
326 static int
327 tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pkey)
328 {
329 	BIO *bio = NULL;
330 	X509 *x509 = NULL;
331 	char *mem;
332 	size_t len;
333 	int ret = -1;
334 
335 	*pkey = NULL;
336 
337 	if (ctx->config->use_fake_private_key) {
338 		mem = keypair->cert_mem;
339 		len = keypair->cert_len;
340 	} else {
341 		mem = keypair->key_mem;
342 		len = keypair->key_len;
343 	}
344 
345 	if (mem == NULL)
346 		return (0);
347 
348 	if (len > INT_MAX) {
349 		tls_set_errorx(ctx, ctx->config->use_fake_private_key ?
350 		    "cert too long" : "key too long");
351 		goto err;
352 	}
353 
354 	if ((bio = BIO_new_mem_buf(mem, len)) == NULL) {
355 		tls_set_errorx(ctx, "failed to create buffer");
356 		goto err;
357 	}
358 
359 	if (ctx->config->use_fake_private_key) {
360 		if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb,
361 		    NULL)) == NULL) {
362 			tls_set_errorx(ctx, "failed to read X509 certificate");
363 			goto err;
364 		}
365 		if ((*pkey = X509_get_pubkey(x509)) == NULL) {
366 			tls_set_errorx(ctx, "failed to retrieve pubkey");
367 			goto err;
368 		}
369 	} else {
370 		if ((*pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
371 		    NULL)) ==  NULL) {
372 			tls_set_errorx(ctx, "failed to read private key");
373 			goto err;
374 		}
375 	}
376 
377 	ret = 0;
378  err:
379 	BIO_free(bio);
380 	X509_free(x509);
381 	return (ret);
382 }
383 
384 static int
385 tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey)
386 {
387 	RSA_METHOD *rsa_method;
388 	EC_KEY_METHOD *ecdsa_method;
389 	RSA *rsa = NULL;
390 	EC_KEY *eckey = NULL;
391 	int ret = -1;
392 
393 	/* Only install the pubkey hash if fake private keys are used. */
394 	if (!ctx->config->skip_private_key_check)
395 		return (0);
396 
397 	if (keypair->pubkey_hash == NULL) {
398 		tls_set_errorx(ctx, "public key hash not set");
399 		goto err;
400 	}
401 
402 	switch (EVP_PKEY_id(pkey)) {
403 	case EVP_PKEY_RSA:
404 		if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL ||
405 		    RSA_set_ex_data(rsa, 0, keypair->pubkey_hash) == 0) {
406 			tls_set_errorx(ctx, "RSA key setup failure");
407 			goto err;
408 		}
409 		if (ctx->config->sign_cb != NULL) {
410 			rsa_method = tls_signer_rsa_method();
411 			if (rsa_method == NULL ||
412 			    RSA_set_ex_data(rsa, 1, ctx->config) == 0 ||
413 			    RSA_set_method(rsa, rsa_method) == 0) {
414 				tls_set_errorx(ctx, "failed to setup RSA key");
415 				goto err;
416 			}
417 		}
418 		/* Reset the key to work around caching in OpenSSL 3. */
419 		if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) {
420 			tls_set_errorx(ctx, "failed to set RSA key");
421 			goto err;
422 		}
423 		break;
424 	case EVP_PKEY_EC:
425 		if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL ||
426 		    EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
427 			tls_set_errorx(ctx, "EC key setup failure");
428 			goto err;
429 		}
430 		if (ctx->config->sign_cb != NULL) {
431 			ecdsa_method = tls_signer_ecdsa_method();
432 			if (ecdsa_method == NULL ||
433 			    EC_KEY_set_ex_data(eckey, 1, ctx->config) == 0 ||
434 			    EC_KEY_set_method(eckey, ecdsa_method) == 0) {
435 				tls_set_errorx(ctx, "failed to setup EC key");
436 				goto err;
437 			}
438 		}
439 		/* Reset the key to work around caching in OpenSSL 3. */
440 		if (EVP_PKEY_set1_EC_KEY(pkey, eckey) == 0) {
441 			tls_set_errorx(ctx, "failed to set EC key");
442 			goto err;
443 		}
444 		break;
445 	default:
446 		tls_set_errorx(ctx, "incorrect key type");
447 		goto err;
448 	}
449 
450 	ret = 0;
451 
452  err:
453 	RSA_free(rsa);
454 	EC_KEY_free(eckey);
455 	return (ret);
456 }
457 
458 int
459 tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
460     struct tls_keypair *keypair, int required)
461 {
462 	EVP_PKEY *pkey = NULL;
463 
464 	if (!required &&
465 	    keypair->cert_mem == NULL &&
466 	    keypair->key_mem == NULL)
467 		return(0);
468 
469 	if (keypair->cert_mem != NULL) {
470 		if (keypair->cert_len > INT_MAX) {
471 			tls_set_errorx(ctx, "certificate too long");
472 			goto err;
473 		}
474 
475 		if (SSL_CTX_use_certificate_chain_mem(ssl_ctx,
476 		    keypair->cert_mem, keypair->cert_len) != 1) {
477 			tls_set_errorx(ctx, "failed to load certificate");
478 			goto err;
479 		}
480 	}
481 
482 	if (tls_keypair_to_pkey(ctx, keypair, &pkey) == -1)
483 		goto err;
484 	if (pkey != NULL) {
485 		if (tls_keypair_setup_pkey(ctx, keypair, pkey) == -1)
486 			goto err;
487 		if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) {
488 			tls_set_errorx(ctx, "failed to load private key");
489 			goto err;
490 		}
491 		EVP_PKEY_free(pkey);
492 		pkey = NULL;
493 	}
494 
495 	if (!ctx->config->skip_private_key_check &&
496 	    SSL_CTX_check_private_key(ssl_ctx) != 1) {
497 		tls_set_errorx(ctx, "private/public key mismatch");
498 		goto err;
499 	}
500 
501 	return (0);
502 
503  err:
504 	EVP_PKEY_free(pkey);
505 
506 	return (-1);
507 }
508 
509 int
510 tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx)
511 {
512 	SSL_CTX_clear_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
513 
514 	SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
515 	SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
516 
517 	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
518 	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
519 	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
520 	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
521 
522 	SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
523 	SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
524 
525 	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
526 		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
527 	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_3) == 0)
528 		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
529 
530 	if (ctx->config->alpn != NULL) {
531 		if (SSL_CTX_set_alpn_protos(ssl_ctx, ctx->config->alpn,
532 		    ctx->config->alpn_len) != 0) {
533 			tls_set_errorx(ctx, "failed to set alpn");
534 			goto err;
535 		}
536 	}
537 
538 	if (ctx->config->ciphers != NULL) {
539 		if (SSL_CTX_set_cipher_list(ssl_ctx,
540 		    ctx->config->ciphers) != 1) {
541 			tls_set_errorx(ctx, "failed to set ciphers");
542 			goto err;
543 		}
544 	}
545 
546 	if (ctx->config->verify_time == 0) {
547 		X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(ssl_ctx),
548 		    X509_V_FLAG_NO_CHECK_TIME);
549 	}
550 
551 	/* Disable any form of session caching by default */
552 	SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF);
553 	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
554 
555 	return (0);
556 
557  err:
558 	return (-1);
559 }
560 
561 static int
562 tls_ssl_cert_verify_cb(X509_STORE_CTX *x509_ctx, void *arg)
563 {
564 	struct tls *ctx = arg;
565 	int x509_err;
566 
567 	if (ctx->config->verify_cert == 0)
568 		return (1);
569 
570 	if ((X509_verify_cert(x509_ctx)) < 0) {
571 		tls_set_errorx(ctx, "X509 verify cert failed");
572 		return (0);
573 	}
574 
575 	x509_err = X509_STORE_CTX_get_error(x509_ctx);
576 	if (x509_err == X509_V_OK)
577 		return (1);
578 
579 	tls_set_errorx(ctx, "certificate verification failed: %s",
580 	    X509_verify_cert_error_string(x509_err));
581 
582 	return (0);
583 }
584 
585 int
586 tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
587 {
588 	size_t ca_len = ctx->config->ca_len;
589 	char *ca_mem = ctx->config->ca_mem;
590 	char *crl_mem = ctx->config->crl_mem;
591 	size_t crl_len = ctx->config->crl_len;
592 	char *ca_free = NULL;
593 	STACK_OF(X509_INFO) *xis = NULL;
594 	X509_STORE *store;
595 	X509_INFO *xi;
596 	BIO *bio = NULL;
597 	int rv = -1;
598 	int i;
599 
600 	SSL_CTX_set_verify(ssl_ctx, verify, NULL);
601 	SSL_CTX_set_cert_verify_callback(ssl_ctx, tls_ssl_cert_verify_cb, ctx);
602 
603 	if (ctx->config->verify_depth >= 0)
604 		SSL_CTX_set_verify_depth(ssl_ctx, ctx->config->verify_depth);
605 
606 	if (ctx->config->verify_cert == 0)
607 		goto done;
608 
609 	/* If no CA has been specified, attempt to load the default. */
610 	if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
611 		if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(),
612 		    &ca_mem, &ca_len) != 0)
613 			goto err;
614 		ca_free = ca_mem;
615 	}
616 
617 	if (ca_mem != NULL) {
618 		if (ca_len > INT_MAX) {
619 			tls_set_errorx(ctx, "ca too long");
620 			goto err;
621 		}
622 		if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) {
623 			tls_set_errorx(ctx, "ssl verify memory setup failure");
624 			goto err;
625 		}
626 	} else if (SSL_CTX_load_verify_locations(ssl_ctx, NULL,
627 	    ctx->config->ca_path) != 1) {
628 		tls_set_errorx(ctx, "ssl verify locations failure");
629 		goto err;
630 	}
631 
632 	if (crl_mem != NULL) {
633 		if (crl_len > INT_MAX) {
634 			tls_set_errorx(ctx, "crl too long");
635 			goto err;
636 		}
637 		if ((bio = BIO_new_mem_buf(crl_mem, crl_len)) == NULL) {
638 			tls_set_errorx(ctx, "failed to create buffer");
639 			goto err;
640 		}
641 		if ((xis = PEM_X509_INFO_read_bio(bio, NULL, tls_password_cb,
642 		    NULL)) == NULL) {
643 			tls_set_errorx(ctx, "failed to parse crl");
644 			goto err;
645 		}
646 		store = SSL_CTX_get_cert_store(ssl_ctx);
647 		for (i = 0; i < sk_X509_INFO_num(xis); i++) {
648 			xi = sk_X509_INFO_value(xis, i);
649 			if (xi->crl == NULL)
650 				continue;
651 			if (!X509_STORE_add_crl(store, xi->crl)) {
652 				tls_set_error(ctx, "failed to add crl");
653 				goto err;
654 			}
655 		}
656 		X509_STORE_set_flags(store,
657 		    X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
658 	}
659 
660  done:
661 	rv = 0;
662 
663  err:
664 	sk_X509_INFO_pop_free(xis, X509_INFO_free);
665 	BIO_free(bio);
666 	free(ca_free);
667 
668 	return (rv);
669 }
670 
671 void
672 tls_free(struct tls *ctx)
673 {
674 	if (ctx == NULL)
675 		return;
676 
677 	tls_reset(ctx);
678 
679 	free(ctx);
680 }
681 
682 void
683 tls_reset(struct tls *ctx)
684 {
685 	struct tls_sni_ctx *sni, *nsni;
686 
687 	tls_config_free(ctx->config);
688 	ctx->config = NULL;
689 
690 	SSL_CTX_free(ctx->ssl_ctx);
691 	SSL_free(ctx->ssl_conn);
692 	X509_free(ctx->ssl_peer_cert);
693 
694 	ctx->ssl_conn = NULL;
695 	ctx->ssl_ctx = NULL;
696 	ctx->ssl_peer_cert = NULL;
697 	/* X509 objects in chain are freed with the SSL */
698 	ctx->ssl_peer_chain = NULL;
699 
700 	ctx->socket = -1;
701 	ctx->state = 0;
702 
703 	free(ctx->servername);
704 	ctx->servername = NULL;
705 
706 	free(ctx->error.msg);
707 	ctx->error.msg = NULL;
708 	ctx->error.num = -1;
709 
710 	tls_conninfo_free(ctx->conninfo);
711 	ctx->conninfo = NULL;
712 
713 	tls_ocsp_free(ctx->ocsp);
714 	ctx->ocsp = NULL;
715 
716 	for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) {
717 		nsni = sni->next;
718 		tls_sni_ctx_free(sni);
719 	}
720 	ctx->sni_ctx = NULL;
721 
722 	ctx->read_cb = NULL;
723 	ctx->write_cb = NULL;
724 	ctx->cb_arg = NULL;
725 }
726 
727 int
728 tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
729 {
730 	const char *errstr = "unknown error";
731 	unsigned long err;
732 	int ssl_err;
733 
734 	ssl_err = SSL_get_error(ssl_conn, ssl_ret);
735 	switch (ssl_err) {
736 	case SSL_ERROR_NONE:
737 	case SSL_ERROR_ZERO_RETURN:
738 		return (0);
739 
740 	case SSL_ERROR_WANT_READ:
741 		return (TLS_WANT_POLLIN);
742 
743 	case SSL_ERROR_WANT_WRITE:
744 		return (TLS_WANT_POLLOUT);
745 
746 	case SSL_ERROR_SYSCALL:
747 		if ((err = ERR_peek_error()) != 0) {
748 			errstr = ERR_error_string(err, NULL);
749 		} else if (ssl_ret == 0) {
750 			if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
751 				ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
752 				return (0);
753 			}
754 			errstr = "unexpected EOF";
755 		} else if (ssl_ret == -1) {
756 			errstr = strerror(errno);
757 		}
758 		tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr);
759 		return (-1);
760 
761 	case SSL_ERROR_SSL:
762 		if ((err = ERR_peek_error()) != 0) {
763 			errstr = ERR_error_string(err, NULL);
764 		}
765 		tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr);
766 		return (-1);
767 
768 	case SSL_ERROR_WANT_CONNECT:
769 	case SSL_ERROR_WANT_ACCEPT:
770 	case SSL_ERROR_WANT_X509_LOOKUP:
771 	default:
772 		tls_set_ssl_errorx(ctx, "%s failed (%d)", prefix, ssl_err);
773 		return (-1);
774 	}
775 }
776 
777 int
778 tls_handshake(struct tls *ctx)
779 {
780 	int rv = -1;
781 
782 	tls_error_clear(&ctx->error);
783 
784 	if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
785 		tls_set_errorx(ctx, "invalid operation for context");
786 		goto out;
787 	}
788 
789 	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
790 		tls_set_errorx(ctx, "handshake already completed");
791 		goto out;
792 	}
793 
794 	if ((ctx->flags & TLS_CLIENT) != 0)
795 		rv = tls_handshake_client(ctx);
796 	else if ((ctx->flags & TLS_SERVER_CONN) != 0)
797 		rv = tls_handshake_server(ctx);
798 
799 	if (rv == 0) {
800 		ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn);
801 		ctx->ssl_peer_chain = SSL_get_peer_cert_chain(ctx->ssl_conn);
802 		if (tls_conninfo_populate(ctx) == -1)
803 			rv = -1;
804 		if (ctx->ocsp == NULL)
805 			ctx->ocsp = tls_ocsp_setup_from_peer(ctx);
806 	}
807  out:
808 	/* Prevent callers from performing incorrect error handling */
809 	errno = 0;
810 	return (rv);
811 }
812 
813 ssize_t
814 tls_read(struct tls *ctx, void *buf, size_t buflen)
815 {
816 	ssize_t rv = -1;
817 	int ssl_ret;
818 
819 	tls_error_clear(&ctx->error);
820 
821 	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
822 		if ((rv = tls_handshake(ctx)) != 0)
823 			goto out;
824 	}
825 
826 	if (buflen > INT_MAX) {
827 		tls_set_errorx(ctx, "buflen too long");
828 		goto out;
829 	}
830 
831 	ERR_clear_error();
832 	if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) {
833 		rv = (ssize_t)ssl_ret;
834 		goto out;
835 	}
836 	rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read");
837 
838  out:
839 	/* Prevent callers from performing incorrect error handling */
840 	errno = 0;
841 	return (rv);
842 }
843 
844 ssize_t
845 tls_write(struct tls *ctx, const void *buf, size_t buflen)
846 {
847 	ssize_t rv = -1;
848 	int ssl_ret;
849 
850 	tls_error_clear(&ctx->error);
851 
852 	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
853 		if ((rv = tls_handshake(ctx)) != 0)
854 			goto out;
855 	}
856 
857 	if (buflen > INT_MAX) {
858 		tls_set_errorx(ctx, "buflen too long");
859 		goto out;
860 	}
861 
862 	ERR_clear_error();
863 	if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) {
864 		rv = (ssize_t)ssl_ret;
865 		goto out;
866 	}
867 	rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");
868 
869  out:
870 	/* Prevent callers from performing incorrect error handling */
871 	errno = 0;
872 	return (rv);
873 }
874 
875 int
876 tls_close(struct tls *ctx)
877 {
878 	int ssl_ret;
879 	int rv = 0;
880 
881 	tls_error_clear(&ctx->error);
882 
883 	if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
884 		tls_set_errorx(ctx, "invalid operation for context");
885 		rv = -1;
886 		goto out;
887 	}
888 
889 	if (ctx->state & TLS_SSL_NEEDS_SHUTDOWN) {
890 		ERR_clear_error();
891 		ssl_ret = SSL_shutdown(ctx->ssl_conn);
892 		if (ssl_ret < 0) {
893 			rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret,
894 			    "shutdown");
895 			if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT)
896 				goto out;
897 		}
898 		ctx->state &= ~TLS_SSL_NEEDS_SHUTDOWN;
899 	}
900 
901 	if (ctx->socket != -1) {
902 		if (shutdown(ctx->socket, SHUT_RDWR) != 0) {
903 			if (rv == 0 &&
904 			    errno != ENOTCONN && errno != ECONNRESET) {
905 				tls_set_error(ctx, "shutdown");
906 				rv = -1;
907 			}
908 		}
909 		if (close(ctx->socket) != 0) {
910 			if (rv == 0) {
911 				tls_set_error(ctx, "close");
912 				rv = -1;
913 			}
914 		}
915 		ctx->socket = -1;
916 	}
917 
918 	if ((ctx->state & TLS_EOF_NO_CLOSE_NOTIFY) != 0) {
919 		tls_set_errorx(ctx, "EOF without close notify");
920 		rv = -1;
921 	}
922 
923  out:
924 	/* Prevent callers from performing incorrect error handling */
925 	errno = 0;
926 	return (rv);
927 }