1 /* $OpenBSD: tls_config.c,v 1.67 2023/07/02 06:37:27 beck Exp $ */
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
31 #include "tls_internal.h"
34 tls_default_ca_cert_file(void)
36 #ifdef OPENSMTPD_CA_FILE
37 return OPENSMTPD_CA_FILE;
39 return X509_get_default_cert_file();
44 tls_config_load_file(struct tls_error *error, const char *filetype,
45 const char *filename, char **buf, size_t *len)
55 if ((fd = open(filename, O_RDONLY)) == -1) {
56 tls_error_set(error, "failed to open %s file '%s'",
60 if (fstat(fd, &st) != 0) {
61 tls_error_set(error, "failed to stat %s file '%s'",
67 *len = (size_t)st.st_size;
68 if ((*buf = malloc(*len)) == NULL) {
69 tls_error_set(error, "failed to allocate buffer for "
73 n = read(fd, *buf, *len);
74 if (n < 0 || (size_t)n != *len) {
75 tls_error_set(error, "failed to read %s file '%s'",
93 tls_config_new_internal(void)
95 struct tls_config *config;
96 unsigned char sid[TLS_MAX_SESSION_ID_LENGTH];
98 if ((config = calloc(1, sizeof(*config))) == NULL)
101 config->refcount = 1;
102 config->session_fd = -1;
104 if ((config->keypair = tls_keypair_new()) == NULL)
108 * Default configuration.
110 if (tls_config_set_dheparams(config, "none") != 0)
112 if (tls_config_set_ecdhecurves(config, "default") != 0)
114 if (tls_config_set_ciphers(config, "secure") != 0)
117 if (tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT) != 0)
119 if (tls_config_set_verify_depth(config, 6) != 0)
123 * Set session ID context to a random value. For the simple case
124 * of a single process server this is good enough. For multiprocess
125 * servers the session ID needs to be set by the caller.
127 arc4random_buf(sid, sizeof(sid));
128 if (tls_config_set_session_id(config, sid, sizeof(sid)) != 0)
130 config->ticket_keyrev = arc4random();
131 config->ticket_autorekey = 1;
133 tls_config_prefer_ciphers_server(config);
135 tls_config_verify(config);
140 tls_config_free(config);
147 if (tls_init() == -1)
150 return tls_config_new_internal();
154 tls_config_free(struct tls_config *config)
156 struct tls_keypair *kp, *nkp;
162 refcount = --config->refcount;
167 for (kp = config->keypair; kp != NULL; kp = nkp) {
169 tls_keypair_free(kp);
172 free(config->error.msg);
175 free((char *)config->ca_mem);
176 free((char *)config->ca_path);
177 free((char *)config->ciphers);
178 free((char *)config->crl_mem);
179 free(config->ecdhecurves);
185 tls_config_keypair_add(struct tls_config *config, struct tls_keypair *keypair)
187 struct tls_keypair *kp;
189 kp = config->keypair;
190 while (kp->next != NULL)
197 tls_config_error(struct tls_config *config)
199 return config->error.msg;
203 tls_config_clear_keys(struct tls_config *config)
205 struct tls_keypair *kp;
207 for (kp = config->keypair; kp != NULL; kp = kp->next)
208 tls_keypair_clear_key(kp);
212 tls_config_parse_protocols(uint32_t *protocols, const char *protostr)
214 uint32_t proto, protos = 0;
218 if (protostr == NULL) {
219 *protocols = TLS_PROTOCOLS_DEFAULT;
223 if ((s = strdup(protostr)) == NULL)
227 while ((p = strsep(&q, ",:")) != NULL) {
228 while (*p == ' ' || *p == '\t')
237 if (negate && protos == 0)
238 protos = TLS_PROTOCOLS_ALL;
241 if (strcasecmp(p, "all") == 0 ||
242 strcasecmp(p, "legacy") == 0)
243 proto = TLS_PROTOCOLS_ALL;
244 else if (strcasecmp(p, "default") == 0 ||
245 strcasecmp(p, "secure") == 0)
246 proto = TLS_PROTOCOLS_DEFAULT;
247 if (strcasecmp(p, "tlsv1") == 0)
248 proto = TLS_PROTOCOL_TLSv1;
249 else if (strcasecmp(p, "tlsv1.0") == 0)
250 proto = TLS_PROTOCOL_TLSv1_2;
251 else if (strcasecmp(p, "tlsv1.1") == 0)
252 proto = TLS_PROTOCOL_TLSv1_2;
253 else if (strcasecmp(p, "tlsv1.2") == 0)
254 proto = TLS_PROTOCOL_TLSv1_2;
255 else if (strcasecmp(p, "tlsv1.3") == 0)
256 proto = TLS_PROTOCOL_TLSv1_3;
277 tls_config_parse_alpn(struct tls_config *config, const char *alpn,
278 char **alpn_data, size_t *alpn_len)
280 size_t buf_len, i, len;
289 if ((buf_len = strlen(alpn) + 1) > 65535) {
290 tls_config_set_errorx(config, "alpn too large");
294 if ((buf = malloc(buf_len)) == NULL) {
295 tls_config_set_errorx(config, "out of memory");
299 if ((s = strdup(alpn)) == NULL) {
300 tls_config_set_errorx(config, "out of memory");
306 while ((p = strsep(&q, ",")) != NULL) {
307 if ((len = strlen(p)) == 0) {
308 tls_config_set_errorx(config,
309 "alpn protocol with zero length");
313 tls_config_set_errorx(config,
314 "alpn protocol too long");
317 buf[i++] = len & 0xff;
318 memcpy(&buf[i], p, len);
337 tls_config_set_alpn(struct tls_config *config, const char *alpn)
339 return tls_config_parse_alpn(config, alpn, &config->alpn,
344 tls_config_add_keypair_file_internal(struct tls_config *config,
345 const char *cert_file, const char *key_file, const char *ocsp_file)
347 struct tls_keypair *keypair;
349 if ((keypair = tls_keypair_new()) == NULL)
351 if (tls_keypair_set_cert_file(keypair, &config->error, cert_file) != 0)
353 if (key_file != NULL &&
354 tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)
356 if (ocsp_file != NULL &&
357 tls_keypair_set_ocsp_staple_file(keypair, &config->error,
361 tls_config_keypair_add(config, keypair);
366 tls_keypair_free(keypair);
371 tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
372 size_t cert_len, const uint8_t *key, size_t key_len,
373 const uint8_t *staple, size_t staple_len)
375 struct tls_keypair *keypair;
377 if ((keypair = tls_keypair_new()) == NULL)
379 if (tls_keypair_set_cert_mem(keypair, &config->error, cert, cert_len) != 0)
382 tls_keypair_set_key_mem(keypair, &config->error, key, key_len) != 0)
384 if (staple != NULL &&
385 tls_keypair_set_ocsp_staple_mem(keypair, &config->error, staple,
389 tls_config_keypair_add(config, keypair);
394 tls_keypair_free(keypair);
399 tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
400 size_t cert_len, const uint8_t *key, size_t key_len)
402 return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
407 tls_config_add_keypair_file(struct tls_config *config,
408 const char *cert_file, const char *key_file)
410 return tls_config_add_keypair_file_internal(config, cert_file,
415 tls_config_add_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
416 size_t cert_len, const uint8_t *key, size_t key_len, const uint8_t *staple,
419 return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
420 key_len, staple, staple_len);
424 tls_config_add_keypair_ocsp_file(struct tls_config *config,
425 const char *cert_file, const char *key_file, const char *ocsp_file)
427 return tls_config_add_keypair_file_internal(config, cert_file,
428 key_file, ocsp_file);
432 tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
434 return tls_config_load_file(&config->error, "CA", ca_file,
435 &config->ca_mem, &config->ca_len);
439 tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
441 return tls_set_string(&config->ca_path, ca_path);
445 tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
447 return tls_set_mem(&config->ca_mem, &config->ca_len, ca, len);
451 tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
453 return tls_keypair_set_cert_file(config->keypair, &config->error,
458 tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
461 return tls_keypair_set_cert_mem(config->keypair, &config->error,
466 tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
468 SSL_CTX *ssl_ctx = NULL;
470 if (ciphers == NULL ||
471 strcasecmp(ciphers, "default") == 0 ||
472 strcasecmp(ciphers, "secure") == 0)
473 ciphers = TLS_CIPHERS_DEFAULT;
474 else if (strcasecmp(ciphers, "compat") == 0)
475 ciphers = TLS_CIPHERS_COMPAT;
476 else if (strcasecmp(ciphers, "legacy") == 0)
477 ciphers = TLS_CIPHERS_LEGACY;
478 else if (strcasecmp(ciphers, "all") == 0 ||
479 strcasecmp(ciphers, "insecure") == 0)
480 ciphers = TLS_CIPHERS_ALL;
482 if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
483 tls_config_set_errorx(config, "out of memory");
486 if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) != 1) {
487 tls_config_set_errorx(config, "no ciphers for '%s'", ciphers);
491 SSL_CTX_free(ssl_ctx);
492 return tls_set_string(&config->ciphers, ciphers);
495 SSL_CTX_free(ssl_ctx);
500 tls_config_set_crl_file(struct tls_config *config, const char *crl_file)
502 return tls_config_load_file(&config->error, "CRL", crl_file,
503 &config->crl_mem, &config->crl_len);
507 tls_config_set_crl_mem(struct tls_config *config, const uint8_t *crl,
510 return tls_set_mem(&config->crl_mem, &config->crl_len, crl, len);
514 tls_config_set_dheparams(struct tls_config *config, const char *params)
518 if (params == NULL || strcasecmp(params, "none") == 0)
520 else if (strcasecmp(params, "auto") == 0)
522 else if (strcasecmp(params, "legacy") == 0)
525 tls_config_set_errorx(config, "invalid dhe param '%s'", params);
529 config->dheparams = keylen;
535 tls_config_set_ecdhecurve(struct tls_config *config, const char *curve)
538 strcasecmp(curve, "none") == 0 ||
539 strcasecmp(curve, "auto") == 0) {
540 curve = TLS_ECDHE_CURVES;
541 } else if (strchr(curve, ',') != NULL || strchr(curve, ':') != NULL) {
542 tls_config_set_errorx(config, "invalid ecdhe curve '%s'",
547 return tls_config_set_ecdhecurves(config, curve);
551 tls_config_set_ecdhecurves(struct tls_config *config, const char *curves)
553 int *curves_list = NULL, *curves_new;
554 size_t curves_num = 0;
560 free(config->ecdhecurves);
561 config->ecdhecurves = NULL;
562 config->ecdhecurves_len = 0;
564 if (curves == NULL || strcasecmp(curves, "default") == 0)
565 curves = TLS_ECDHE_CURVES;
567 if ((cs = strdup(curves)) == NULL) {
568 tls_config_set_errorx(config, "out of memory");
573 while ((p = strsep(&q, ",:")) != NULL) {
574 while (*p == ' ' || *p == '\t')
578 if (nid == NID_undef)
580 if (nid == NID_undef)
581 nid = EC_curve_nist2nid(p);
582 if (nid == NID_undef) {
583 tls_config_set_errorx(config,
584 "invalid ecdhe curve '%s'", p);
588 if ((curves_new = reallocarray(curves_list, curves_num + 1,
589 sizeof(int))) == NULL) {
590 tls_config_set_errorx(config, "out of memory");
593 curves_list = curves_new;
594 curves_list[curves_num] = nid;
598 config->ecdhecurves = curves_list;
599 config->ecdhecurves_len = curves_num;
612 tls_config_set_key_file(struct tls_config *config, const char *key_file)
614 return tls_keypair_set_key_file(config->keypair, &config->error,
619 tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
622 return tls_keypair_set_key_mem(config->keypair, &config->error,
627 tls_config_set_keypair_file_internal(struct tls_config *config,
628 const char *cert_file, const char *key_file, const char *ocsp_file)
630 if (tls_config_set_cert_file(config, cert_file) != 0)
632 if (tls_config_set_key_file(config, key_file) != 0)
634 if (ocsp_file != NULL &&
635 tls_config_set_ocsp_staple_file(config, ocsp_file) != 0)
642 tls_config_set_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
643 size_t cert_len, const uint8_t *key, size_t key_len,
644 const uint8_t *staple, size_t staple_len)
646 if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
648 if (tls_config_set_key_mem(config, key, key_len) != 0)
650 if ((staple != NULL) &&
651 (tls_config_set_ocsp_staple_mem(config, staple, staple_len) != 0))
658 tls_config_set_keypair_file(struct tls_config *config,
659 const char *cert_file, const char *key_file)
661 return tls_config_set_keypair_file_internal(config, cert_file, key_file,
666 tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
667 size_t cert_len, const uint8_t *key, size_t key_len)
669 return tls_config_set_keypair_mem_internal(config, cert, cert_len,
670 key, key_len, NULL, 0);
674 tls_config_set_keypair_ocsp_file(struct tls_config *config,
675 const char *cert_file, const char *key_file, const char *ocsp_file)
677 return tls_config_set_keypair_file_internal(config, cert_file, key_file,
682 tls_config_set_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
683 size_t cert_len, const uint8_t *key, size_t key_len,
684 const uint8_t *staple, size_t staple_len)
686 return tls_config_set_keypair_mem_internal(config, cert, cert_len,
687 key, key_len, staple, staple_len);
692 tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
694 config->protocols = protocols;
700 tls_config_set_session_fd(struct tls_config *config, int session_fd)
705 if (session_fd == -1) {
706 config->session_fd = session_fd;
710 if (fstat(session_fd, &sb) == -1) {
711 tls_config_set_error(config, "failed to stat session file");
714 if (!S_ISREG(sb.st_mode)) {
715 tls_config_set_errorx(config,
716 "session file is not a regular file");
720 if (sb.st_uid != getuid()) {
721 tls_config_set_errorx(config, "session file has incorrect "
722 "owner (uid %u != %u)", sb.st_uid, getuid());
725 mugo = sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO);
726 if (mugo != (S_IRUSR|S_IWUSR)) {
727 tls_config_set_errorx(config, "session file has incorrect "
728 "permissions (%o != 600)", mugo);
732 config->session_fd = session_fd;
738 tls_config_set_sign_cb(struct tls_config *config, tls_sign_cb cb, void *cb_arg)
740 config->use_fake_private_key = 1;
741 config->skip_private_key_check = 1;
742 config->sign_cb = cb;
743 config->sign_cb_arg = cb_arg;
749 tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
751 config->verify_depth = verify_depth;
757 tls_config_prefer_ciphers_client(struct tls_config *config)
759 config->ciphers_server = 0;
763 tls_config_prefer_ciphers_server(struct tls_config *config)
765 config->ciphers_server = 1;
769 tls_config_insecure_noverifycert(struct tls_config *config)
771 config->verify_cert = 0;
775 tls_config_insecure_noverifyname(struct tls_config *config)
777 config->verify_name = 0;
781 tls_config_insecure_noverifytime(struct tls_config *config)
783 config->verify_time = 0;
787 tls_config_verify(struct tls_config *config)
789 config->verify_cert = 1;
790 config->verify_name = 1;
791 config->verify_time = 1;
795 tls_config_ocsp_require_stapling(struct tls_config *config)
797 config->ocsp_require_stapling = 1;
801 tls_config_verify_client(struct tls_config *config)
803 config->verify_client = 1;
807 tls_config_verify_client_optional(struct tls_config *config)
809 config->verify_client = 2;
813 tls_config_skip_private_key_check(struct tls_config *config)
815 config->skip_private_key_check = 1;
819 tls_config_use_fake_private_key(struct tls_config *config)
821 config->use_fake_private_key = 1;
822 config->skip_private_key_check = 1;
826 tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file)
828 return tls_keypair_set_ocsp_staple_file(config->keypair, &config->error,
833 tls_config_set_ocsp_staple_mem(struct tls_config *config, const uint8_t *staple,
836 return tls_keypair_set_ocsp_staple_mem(config->keypair, &config->error,
841 tls_config_set_session_id(struct tls_config *config,
842 const unsigned char *session_id, size_t len)
844 if (len > TLS_MAX_SESSION_ID_LENGTH) {
845 tls_config_set_errorx(config, "session ID too large");
848 memset(config->session_id, 0, sizeof(config->session_id));
849 memcpy(config->session_id, session_id, len);
854 tls_config_set_session_lifetime(struct tls_config *config, int lifetime)
856 if (lifetime > TLS_MAX_SESSION_TIMEOUT) {
857 tls_config_set_errorx(config, "session lifetime too large");
860 if (lifetime != 0 && lifetime < TLS_MIN_SESSION_TIMEOUT) {
861 tls_config_set_errorx(config, "session lifetime too small");
865 config->session_lifetime = lifetime;
870 tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev,
871 unsigned char *key, size_t keylen)
873 struct tls_ticket_key newkey;
876 if (TLS_TICKET_KEY_SIZE != keylen ||
877 sizeof(newkey.aes_key) + sizeof(newkey.hmac_key) > keylen) {
878 tls_config_set_errorx(config,
879 "wrong amount of ticket key data");
883 keyrev = htonl(keyrev);
884 memset(&newkey, 0, sizeof(newkey));
885 memcpy(newkey.key_name, &keyrev, sizeof(keyrev));
886 memcpy(newkey.aes_key, key, sizeof(newkey.aes_key));
887 memcpy(newkey.hmac_key, key + sizeof(newkey.aes_key),
888 sizeof(newkey.hmac_key));
889 newkey.time = time(NULL);
891 for (i = 0; i < TLS_NUM_TICKETS; i++) {
892 struct tls_ticket_key *tk = &config->ticket_keys[i];
893 if (memcmp(newkey.key_name, tk->key_name,
894 sizeof(tk->key_name)) != 0)
897 /* allow re-entry of most recent key */
898 if (i == 0 && memcmp(newkey.aes_key, tk->aes_key,
899 sizeof(tk->aes_key)) == 0 && memcmp(newkey.hmac_key,
900 tk->hmac_key, sizeof(tk->hmac_key)) == 0)
902 tls_config_set_errorx(config, "ticket key already present");
906 memmove(&config->ticket_keys[1], &config->ticket_keys[0],
907 sizeof(config->ticket_keys) - sizeof(config->ticket_keys[0]));
908 config->ticket_keys[0] = newkey;
910 config->ticket_autorekey = 0;
916 tls_config_ticket_autorekey(struct tls_config *config)
918 unsigned char key[TLS_TICKET_KEY_SIZE];
921 arc4random_buf(key, sizeof(key));
922 rv = tls_config_add_ticket_key(config, config->ticket_keyrev++, key,
924 config->ticket_autorekey = 1;