openbsd-src/lib/libtls/tls_server.c

/* $OpenBSD: tls_server.c,v 1.6 2015/03/31 12:21:27 jsing Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <openssl/ec.h>
#include <openssl/ssl.h>

#include <tls.h>
#include "tls_internal.h"

struct tls *
tls_server(void)
{
	struct tls *ctx;

	if ((ctx = tls_new()) == NULL)
		return (NULL);

	ctx->flags |= TLS_SERVER;

	return (ctx);
}

struct tls *
tls_server_conn(struct tls *ctx)
{
	struct tls *conn_ctx;

	if ((conn_ctx = tls_new()) == NULL)
		return (NULL);

	conn_ctx->flags |= TLS_SERVER_CONN;

	return (conn_ctx);
}

int
tls_configure_server(struct tls *ctx)
{
	EC_KEY *ecdh_key;
	unsigned char sid[SSL_MAX_SSL_SESSION_ID_LENGTH];

	if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
		tls_set_error(ctx, "ssl context failure");
		goto err;
	}

	if (tls_configure_ssl(ctx) != 0)
		goto err;
	if (tls_configure_keypair(ctx) != 0)
		goto err;

	if (ctx->config->dheparams == -1)
		SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1);
	else if (ctx->config->dheparams == 1024)
		SSL_CTX_set_dh_auto(ctx->ssl_ctx, 2);

	if (ctx->config->ecdhecurve == -1) {
		SSL_CTX_set_ecdh_auto(ctx->ssl_ctx, 1);
	} else if (ctx->config->ecdhecurve != NID_undef) {
		if ((ecdh_key = EC_KEY_new_by_curve_name(
		    ctx->config->ecdhecurve)) == NULL) {
			tls_set_error(ctx, "failed to set ECDHE curve");
			goto err;
		}
		SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
		SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key);
		EC_KEY_free(ecdh_key);
	}

	/*
	 * Set session ID context to a random value.  We don't support
	 * persistent caching of sessions so it is OK to set a temporary
	 * session ID context that is valid during run time.
	 */
	arc4random_buf(sid, sizeof(sid));
	if (!SSL_CTX_set_session_id_context(ctx->ssl_ctx, sid, sizeof(sid))) {
		tls_set_error(ctx, "failed to set session id context");
		goto err;
	}

	return (0);

err:
	return (-1);
}

int
tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
{
	struct tls *conn_ctx = *cctx;
	int ret, err;
	
	if ((ctx->flags & TLS_SERVER) == 0) {
		tls_set_error(ctx, "not a server context");
		goto err;
	}

	if (conn_ctx == NULL) {
		if ((conn_ctx = tls_server_conn(ctx)) == NULL) {
			tls_set_error(ctx, "connection context failure");
			goto err;
		}
		*cctx = conn_ctx;

		conn_ctx->socket = socket;

		if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
			tls_set_error(ctx, "ssl failure");
			goto err;
		}

		if (SSL_set_fd(conn_ctx->ssl_conn, socket) != 1) {
			tls_set_error(ctx, "ssl set fd failure");
			goto err;
		}
		SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx);
	}

	if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {
		err = tls_ssl_error(ctx, conn_ctx->ssl_conn, ret, "accept");
		if (err == TLS_READ_AGAIN || err == TLS_WRITE_AGAIN) {
			return (err);
		}
		goto err;
	}

	return (0);

err:
	return (-1);
}
Store errors that occur during a tls_accept_socket() call on the context for the server, rather than on the context for the connection. This makes more sense than the current behaviour does. Issue reported by Tim van der Molen. 2015-03-31 05:21:27 -07:00			`/* $OpenBSD: tls_server.c,v 1.6 2015/03/31 12:21:27 jsing Exp $ */`
Add stubs for the proposed server API. 2014-07-13 16:36:24 -07:00			`/*`
			`* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>`
			`*`
			`* Permission to use, copy, modify, and distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES`
			`* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF`
			`* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR`
			`* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES`
			`* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN`
			`* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF`
			`* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.`
			`*/`

A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure. 2014-08-04 09:18:42 -07:00			`#include <openssl/ec.h>`
			`#include <openssl/ssl.h>`

Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`#include <tls.h>`
			`#include "tls_internal.h"`
Add stubs for the proposed server API. 2014-07-13 16:36:24 -07:00
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`struct tls *`
			`tls_server(void)`
Add stubs for the proposed server API. 2014-07-13 16:36:24 -07:00			`{`
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`struct tls *ctx;`
Add stubs for the proposed server API. 2014-07-13 16:36:24 -07:00
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`if ((ctx = tls_new()) == NULL)`
Add stubs for the proposed server API. 2014-07-13 16:36:24 -07:00			`return (NULL);`

Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`ctx->flags \|= TLS_SERVER;`
Add stubs for the proposed server API. 2014-07-13 16:36:24 -07:00
			`return (ctx);`
			`}`

Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`struct tls *`
			`tls_server_conn(struct tls *ctx)`
Provide a function that returns a server connection context. 2014-08-04 09:07:25 -07:00			`{`
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`struct tls *conn_ctx;`
Provide a function that returns a server connection context. 2014-08-04 09:07:25 -07:00
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`if ((conn_ctx = tls_new()) == NULL)`
Provide a function that returns a server connection context. 2014-08-04 09:07:25 -07:00			`return (NULL);`

Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`conn_ctx->flags \|= TLS_SERVER_CONN;`
Provide a function that returns a server connection context. 2014-08-04 09:07:25 -07:00
			`return (conn_ctx);`
			`}`

A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure. 2014-08-04 09:18:42 -07:00			`int`
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`tls_configure_server(struct tls *ctx)`
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure. 2014-08-04 09:18:42 -07:00			`{`
			`EC_KEY *ecdh_key;`
The SSL/TLS session Id context is limited to 32 bytes. Instead of using the name of relayd relay or smtpd pki, use a 32 byte arc4random buffer that should be unique for the context. This fixes an issue in OpenSMTPD when a long pki name could break the configuration. OK gilles@ benno@ 2015-01-16 06:34:51 -08:00			`unsigned char sid[SSL_MAX_SSL_SESSION_ID_LENGTH];`
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure. 2014-08-04 09:18:42 -07:00
			`if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {`
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`tls_set_error(ctx, "ssl context failure");`
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure. 2014-08-04 09:18:42 -07:00			`goto err;`
			`}`

Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`if (tls_configure_ssl(ctx) != 0)`
Add an option that allows the enabled SSL protocols to be explicitly configured. Discussed with several. ok bcook@ 2014-09-29 08:11:29 -07:00			`goto err;`
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`if (tls_configure_keypair(ctx) != 0)`
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure. 2014-08-04 09:18:42 -07:00			`goto err;`

Add tls_config_set_dheparams() to allow specification of the parameters to use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@ 2015-02-06 22:19:26 -08:00			`if (ctx->config->dheparams == -1)`
			`SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1);`
			`else if (ctx->config->dheparams == 1024)`
			`SSL_CTX_set_dh_auto(ctx->ssl_ctx, 2);`

			`if (ctx->config->ecdhecurve == -1) {`
Allow "auto" to be specified as an ECDH curve name and make this the default. This enables automatic handling of ephemeral EC keys. Discussed with reyk@ and tedu@ 2014-10-03 07:09:09 -07:00			`SSL_CTX_set_ecdh_auto(ctx->ssl_ctx, 1);`
Add tls_config_set_dheparams() to allow specification of the parameters to use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@ 2015-02-06 22:19:26 -08:00			`} else if (ctx->config->ecdhecurve != NID_undef) {`
Add the API function ressl_config_set_ecdhcurve(config, name) to set a non-standard ECDH curve by name or to disable it by passing NULL. OK jsing@ 2014-08-27 03:46:53 -07:00			`if ((ecdh_key = EC_KEY_new_by_curve_name(`
Add tls_config_set_dheparams() to allow specification of the parameters to use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@ 2015-02-06 22:19:26 -08:00			`ctx->config->ecdhecurve)) == NULL) {`
			`tls_set_error(ctx, "failed to set ECDHE curve");`
Add the API function ressl_config_set_ecdhcurve(config, name) to set a non-standard ECDH curve by name or to disable it by passing NULL. OK jsing@ 2014-08-27 03:46:53 -07:00			`goto err;`
			`}`
			`SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);`
Set SSL_OP_SINGLE_ECDH_USE before calling SSL_CTX_set_tmp_ecdh() - this avoids generating an EC key pair that will never be used. 2014-10-15 07:08:26 -07:00			`SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key);`
Add the API function ressl_config_set_ecdhcurve(config, name) to set a non-standard ECDH curve by name or to disable it by passing NULL. OK jsing@ 2014-08-27 03:46:53 -07:00			`EC_KEY_free(ecdh_key);`
			`}`
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure. 2014-08-04 09:18:42 -07:00
The SSL/TLS session Id context is limited to 32 bytes. Instead of using the name of relayd relay or smtpd pki, use a 32 byte arc4random buffer that should be unique for the context. This fixes an issue in OpenSMTPD when a long pki name could break the configuration. OK gilles@ benno@ 2015-01-16 06:34:51 -08:00			`/*`
			`* Set session ID context to a random value. We don't support`
			`* persistent caching of sessions so it is OK to set a temporary`
			`* session ID context that is valid during run time.`
			`*/`
			`arc4random_buf(sid, sizeof(sid));`
			`if (!SSL_CTX_set_session_id_context(ctx->ssl_ctx, sid, sizeof(sid))) {`
			`tls_set_error(ctx, "failed to set session id context");`
			`goto err;`
			`}`

A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure. 2014-08-04 09:18:42 -07:00			`return (0);`

			`err:`
			`return (-1);`
			`}`

Add stubs for the proposed server API. 2014-07-13 16:36:24 -07:00			`int`
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`tls_accept_socket(struct tls ctx, struct tls *cctx, int socket)`
Add stubs for the proposed server API. 2014-07-13 16:36:24 -07:00			`{`
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`struct tls conn_ctx = cctx;`
Convert tls_connect_fds() and tls_accept_socket() to the new OpenSSL error dance handling code. This means that we get slightly useful messages when a TLS connection or accept fails. Requested by reyk@ 2015-02-07 01:50:09 -08:00			`int ret, err;`
Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket. 2014-08-04 09:34:11 -07:00
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`if ((ctx->flags & TLS_SERVER) == 0) {`
			`tls_set_error(ctx, "not a server context");`
Add stubs for the proposed server API. 2014-07-13 16:36:24 -07:00			`goto err;`
			`}`

Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket. 2014-08-04 09:34:11 -07:00			`if (conn_ctx == NULL) {`
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`if ((conn_ctx = tls_server_conn(ctx)) == NULL) {`
			`tls_set_error(ctx, "connection context failure");`
Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket. 2014-08-04 09:34:11 -07:00			`goto err;`
			`}`
			`*cctx = conn_ctx;`

			`conn_ctx->socket = socket;`

			`if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {`
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`tls_set_error(ctx, "ssl failure");`
Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket. 2014-08-04 09:34:11 -07:00			`goto err;`
			`}`

			`if (SSL_set_fd(conn_ctx->ssl_conn, socket) != 1) {`
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. 2014-10-31 06:46:17 -07:00			`tls_set_error(ctx, "ssl set fd failure");`
Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket. 2014-08-04 09:34:11 -07:00			`goto err;`
			`}`
			`SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx);`
			`}`

			`if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {`
Store errors that occur during a tls_accept_socket() call on the context for the server, rather than on the context for the connection. This makes more sense than the current behaviour does. Issue reported by Tim van der Molen. 2015-03-31 05:21:27 -07:00			`err = tls_ssl_error(ctx, conn_ctx->ssl_conn, ret, "accept");`
Convert tls_connect_fds() and tls_accept_socket() to the new OpenSSL error dance handling code. This means that we get slightly useful messages when a TLS connection or accept fails. Requested by reyk@ 2015-02-07 01:50:09 -08:00			`if (err == TLS_READ_AGAIN \|\| err == TLS_WRITE_AGAIN) {`
			`return (err);`
Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket. 2014-08-04 09:34:11 -07:00			`}`
Convert tls_connect_fds() and tls_accept_socket() to the new OpenSSL error dance handling code. This means that we get slightly useful messages when a TLS connection or accept fails. Requested by reyk@ 2015-02-07 01:50:09 -08:00			`goto err;`
Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket. 2014-08-04 09:34:11 -07:00			`}`

			`return (0);`

Add stubs for the proposed server API. 2014-07-13 16:36:24 -07:00			`err:`
Return -1 on error (not 1). 2014-08-04 09:19:50 -07:00			`return (-1);`
Add stubs for the proposed server API. 2014-07-13 16:36:24 -07:00			`}`