mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code
f713bb539f
openbsd-src/lib/libtls/tls_server.c

392 lines
8.9 KiB
C
Raw Normal View History

Maintain consistency with function naming.
2016-09-04 06:20:56 -07:00
/* $OpenBSD: tls_server.c,v 1.27 2016/09/04 13:20:56 jsing Exp $ */
Add stubs for the proposed server API.
2014-07-13 16:36:24 -07:00
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
Create contexts for server side SNI - these include the additional SSL_CTX that is required for certificate switching with libssl and the certificate itself so that we can match against the subject and SANs. Hook up the servername callback and switch to the appropriate SSL_CTX if we find a matching certificate. ok beck@
2016-08-22 07:51:37 -07:00
#include <sys/socket.h>
#include <arpa/inet.h>
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure.
2014-08-04 09:18:42 -07:00
#include <openssl/ec.h>
Ensure that we clear the libssl error stack before we make a function call that we will pass the result through tls_ssl_error() on failure. Otherwise we can end up reporting spurious errors due to their being unrelated errors already on the error stack. Spotted by Marko Kreen. ok beck@
2015-09-12 12:54:31 -07:00
#include <openssl/err.h>
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure.
2014-08-04 09:18:42 -07:00
#include <openssl/ssl.h>
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
2014-10-31 06:46:17 -07:00
#include <tls.h>
#include "tls_internal.h"
Add stubs for the proposed server API.
2014-07-13 16:36:24 -07:00
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
2014-10-31 06:46:17 -07:00
struct tls *
tls_server(void)
Add stubs for the proposed server API.
2014-07-13 16:36:24 -07:00
{
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
2014-10-31 06:46:17 -07:00
struct tls *ctx;
Add stubs for the proposed server API.
2014-07-13 16:36:24 -07:00
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
2014-10-31 06:46:17 -07:00
if ((ctx = tls_new()) == NULL)
Add stubs for the proposed server API.
2014-07-13 16:36:24 -07:00
return (NULL);
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
2014-10-31 06:46:17 -07:00
ctx->flags |= TLS_SERVER;
Add stubs for the proposed server API.
2014-07-13 16:36:24 -07:00
return (ctx);
}
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
2014-10-31 06:46:17 -07:00
struct tls *
tls_server_conn(struct tls *ctx)
Provide a function that returns a server connection context.
2014-08-04 09:07:25 -07:00
{
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
2014-10-31 06:46:17 -07:00
struct tls *conn_ctx;
Provide a function that returns a server connection context.
2014-08-04 09:07:25 -07:00
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
2014-10-31 06:46:17 -07:00
if ((conn_ctx = tls_new()) == NULL)
Provide a function that returns a server connection context.
2014-08-04 09:07:25 -07:00
return (NULL);
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
2014-10-31 06:46:17 -07:00
conn_ctx->flags |= TLS_SERVER_CONN;
Provide a function that returns a server connection context.
2014-08-04 09:07:25 -07:00
return (conn_ctx);
}
Add ALPN support to libtls. ok beck@ doug@
2016-08-12 08:10:59 -07:00
static int
tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen, void *arg)
{
struct tls *ctx = arg;
if (SSL_select_next_proto((unsigned char**)out, outlen,
ctx->config->alpn, ctx->config->alpn_len, in, inlen) ==
OPENSSL_NPN_NEGOTIATED)
return (SSL_TLSEXT_ERR_OK);
return (SSL_TLSEXT_ERR_NOACK);
}
Create contexts for server side SNI - these include the additional SSL_CTX that is required for certificate switching with libssl and the certificate itself so that we can match against the subject and SANs. Hook up the servername callback and switch to the appropriate SSL_CTX if we find a matching certificate. ok beck@
2016-08-22 07:51:37 -07:00
static int
tls_servername_cb(SSL *ssl, int *al, void *arg)
{
struct tls *ctx = (struct tls *)arg;
struct tls_sni_ctx *sni_ctx;
union tls_addr addrbuf;
struct tls *conn_ctx;
const char *name;
if ((conn_ctx = SSL_get_app_data(ssl)) == NULL)
goto err;
if ((name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) == NULL) {
/*
* The servername callback gets called even when there is no
* TLS servername extension provided by the client. Sigh!
*/
return (SSL_TLSEXT_ERR_NOACK);
}
/* Per RFC 6066 section 3: ensure that name is not an IP literal. */
if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
inet_pton(AF_INET6, name, &addrbuf) == 1)
goto err;
free((char *)conn_ctx->servername);
if ((conn_ctx->servername = strdup(name)) == NULL)
goto err;
/* Find appropriate SSL context for requested servername. */
for (sni_ctx = ctx->sni_ctx; sni_ctx != NULL; sni_ctx = sni_ctx->next) {
if (tls_check_name(ctx, sni_ctx->ssl_cert, name) == 0) {
SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx);
return (SSL_TLSEXT_ERR_OK);
}
}
/* No match, use the existing context/certificate. */
return (SSL_TLSEXT_ERR_OK);
err:
/*
* There is no way to tell libssl that an internal failure occurred.
* The only option we have is to return a fatal alert.
*/
*al = TLS1_AD_INTERNAL_ERROR;
return (SSL_TLSEXT_ERR_ALERT_FATAL);
}
static int
tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
X509 **cert)
{
char *errstr = "unknown";
BIO *cert_bio = NULL;
int ssl_err;
X509_free(*cert);
*cert = NULL;
if (keypair->cert_mem == NULL) {
tls_error_set(error, "keypair has no certificate");
goto err;
}
if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
keypair->cert_len)) == NULL) {
tls_error_set(error, "failed to create certificate bio");
goto err;
}
if ((*cert = PEM_read_bio_X509(cert_bio, NULL, NULL, NULL)) == NULL) {
if ((ssl_err = ERR_peek_error()) != 0)
errstr = ERR_error_string(ssl_err, NULL);
tls_error_set(error, "failed to load certificate: %s", errstr);
goto err;
}
BIO_free(cert_bio);
return (0);
err:
BIO_free(cert_bio);
return (-1);
}
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
static int
tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
struct tls_keypair *keypair)
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure.
2014-08-04 09:18:42 -07:00
{
The SSL/TLS session Id context is limited to 32 bytes. Instead of using the name of relayd relay or smtpd pki, use a 32 byte arc4random buffer that should be unique for the context. This fixes an issue in OpenSMTPD when a long pki name could break the configuration. OK gilles@ benno@
2015-01-16 06:34:51 -08:00
unsigned char sid[SSL_MAX_SSL_SESSION_ID_LENGTH];
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
EC_KEY *ecdh_key;
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure.
2014-08-04 09:18:42 -07:00
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
SSL_CTX_free(*ssl_ctx);
if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
Improve libtls error messages. The tls_set_error() function previously stored the errno but did nothing with it. Change tls_set_error() to append the strerror(3) of the stored errno so that we include useful information regarding failures. Provide a tls_set_errorx() function that does not store the errno or include strerror(3) in the error message. Call this function instead of tls_set_error() for errors where the errno value has no useful meaning. With feedback from and ok doug@
2015-08-27 08:26:49 -07:00
tls_set_errorx(ctx, "ssl context failure");
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure.
2014-08-04 09:18:42 -07:00
goto err;
}
Create contexts for server side SNI - these include the additional SSL_CTX that is required for certificate switching with libssl and the certificate itself so that we can match against the subject and SANs. Hook up the servername callback and switch to the appropriate SSL_CTX if we find a matching certificate. ok beck@
2016-08-22 07:51:37 -07:00
if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx,
tls_servername_cb) != 1) {
tls_set_error(ctx, "failed to set servername callback");
goto err;
}
if (SSL_CTX_set_tlsext_servername_arg(*ssl_ctx, ctx) != 1) {
tls_set_error(ctx, "failed to set servername callback arg");
goto err;
}
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
if (tls_configure_ssl(ctx, *ssl_ctx) != 0)
Add an option that allows the enabled SSL protocols to be explicitly configured. Discussed with several. ok bcook@
2014-09-29 08:11:29 -07:00
goto err;
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
if (tls_configure_ssl_keypair(ctx, *ssl_ctx, keypair, 1) != 0)
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure.
2014-08-04 09:18:42 -07:00
goto err;
Add client certificate support. Still needs a few tweaks but this will ride upcoming minor bump ok jsing@
2015-09-09 12:23:04 -07:00
if (ctx->config->verify_client != 0) {
int verify = SSL_VERIFY_PEER;
if (ctx->config->verify_client == 1)
verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
if (tls_configure_ssl_verify(ctx, *ssl_ctx, verify) == -1)
Add client certificate support. Still needs a few tweaks but this will ride upcoming minor bump ok jsing@
2015-09-09 12:23:04 -07:00
goto err;
}
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure.
2014-08-04 09:18:42 -07:00
Add ALPN support to libtls. ok beck@ doug@
2016-08-12 08:10:59 -07:00
if (ctx->config->alpn != NULL)
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb,
Add ALPN support to libtls. ok beck@ doug@
2016-08-12 08:10:59 -07:00
ctx);
Add tls_config_set_dheparams() to allow specification of the parameters to use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@
2015-02-06 22:19:26 -08:00
if (ctx->config->dheparams == -1)
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
SSL_CTX_set_dh_auto(*ssl_ctx, 1);
Add tls_config_set_dheparams() to allow specification of the parameters to use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@
2015-02-06 22:19:26 -08:00
else if (ctx->config->dheparams == 1024)
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
SSL_CTX_set_dh_auto(*ssl_ctx, 2);
Add tls_config_set_dheparams() to allow specification of the parameters to use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@
2015-02-06 22:19:26 -08:00
if (ctx->config->ecdhecurve == -1) {
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
SSL_CTX_set_ecdh_auto(*ssl_ctx, 1);
Add tls_config_set_dheparams() to allow specification of the parameters to use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@
2015-02-06 22:19:26 -08:00
} else if (ctx->config->ecdhecurve != NID_undef) {
Add the API function ressl_config_set_ecdhcurve(config, name) to set a non-standard ECDH curve by name or to disable it by passing NULL. OK jsing@
2014-08-27 03:46:53 -07:00
if ((ecdh_key = EC_KEY_new_by_curve_name(
Add tls_config_set_dheparams() to allow specification of the parameters to use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@
2015-02-06 22:19:26 -08:00
ctx->config->ecdhecurve)) == NULL) {
Improve libtls error messages. The tls_set_error() function previously stored the errno but did nothing with it. Change tls_set_error() to append the strerror(3) of the stored errno so that we include useful information regarding failures. Provide a tls_set_errorx() function that does not store the errno or include strerror(3) in the error message. Call this function instead of tls_set_error() for errors where the errno value has no useful meaning. With feedback from and ok doug@
2015-08-27 08:26:49 -07:00
tls_set_errorx(ctx, "failed to set ECDHE curve");
Add the API function ressl_config_set_ecdhcurve(config, name) to set a non-standard ECDH curve by name or to disable it by passing NULL. OK jsing@
2014-08-27 03:46:53 -07:00
goto err;
}
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
SSL_CTX_set_options(*ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
SSL_CTX_set_tmp_ecdh(*ssl_ctx, ecdh_key);
Add the API function ressl_config_set_ecdhcurve(config, name) to set a non-standard ECDH curve by name or to disable it by passing NULL. OK jsing@
2014-08-27 03:46:53 -07:00
EC_KEY_free(ecdh_key);
}
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure.
2014-08-04 09:18:42 -07:00
Add support for preferring the server's cipher list or the client's cipher list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@
2015-09-10 02:10:42 -07:00
if (ctx->config->ciphers_server == 1)
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
Add support for preferring the server's cipher list or the client's cipher list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@
2015-09-10 02:10:42 -07:00
The SSL/TLS session Id context is limited to 32 bytes. Instead of using the name of relayd relay or smtpd pki, use a 32 byte arc4random buffer that should be unique for the context. This fixes an issue in OpenSMTPD when a long pki name could break the configuration. OK gilles@ benno@
2015-01-16 06:34:51 -08:00
/*
* Set session ID context to a random value. We don't support
* persistent caching of sessions so it is OK to set a temporary
* session ID context that is valid during run time.
*/
arc4random_buf(sid, sizeof(sid));
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
if (SSL_CTX_set_session_id_context(*ssl_ctx, sid,
sizeof(sid)) != 1) {
tls_set_error(ctx, "failed to set session id context");
The SSL/TLS session Id context is limited to 32 bytes. Instead of using the name of relayd relay or smtpd pki, use a 32 byte arc4random buffer that should be unique for the context. This fixes an issue in OpenSMTPD when a long pki name could break the configuration. OK gilles@ benno@
2015-01-16 06:34:51 -08:00
goto err;
}
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure.
2014-08-04 09:18:42 -07:00
return (0);
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
err:
SSL_CTX_free(*ssl_ctx);
*ssl_ctx = NULL;
return (-1);
}
Create contexts for server side SNI - these include the additional SSL_CTX that is required for certificate switching with libssl and the certificate itself so that we can match against the subject and SANs. Hook up the servername callback and switch to the appropriate SSL_CTX if we find a matching certificate. ok beck@
2016-08-22 07:51:37 -07:00
static int
tls_configure_server_sni(struct tls *ctx)
{
struct tls_sni_ctx **sni_ctx;
struct tls_keypair *kp;
if (ctx->config->keypair->next == NULL)
return (0);
/* Set up additional SSL contexts for SNI. */
sni_ctx = &ctx->sni_ctx;
for (kp = ctx->config->keypair->next; kp != NULL; kp = kp->next) {
if ((*sni_ctx = tls_sni_ctx_new()) == NULL) {
tls_set_errorx(ctx, "out of memory");
goto err;
}
if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1)
goto err;
if (tls_keypair_load_cert(kp, &ctx->error,
&(*sni_ctx)->ssl_cert) == -1)
goto err;
sni_ctx = &(*sni_ctx)->next;
}
return (0);
err:
return (-1);
}
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
int
tls_configure_server(struct tls *ctx)
{
if (tls_configure_server_ssl(ctx, &ctx->ssl_ctx,
ctx->config->keypair) == -1)
goto err;
Create contexts for server side SNI - these include the additional SSL_CTX that is required for certificate switching with libssl and the certificate itself so that we can match against the subject and SANs. Hook up the servername callback and switch to the appropriate SSL_CTX if we find a matching certificate. ok beck@
2016-08-22 07:51:37 -07:00
if (tls_configure_server_sni(ctx) == -1)
goto err;
Split out the TLS server SSL_CTX allocation and configuration code, so that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18 08:52:03 -07:00
return (0);
Indent labels with a space so that diff -p is more friendly. Requested by bluhm@
2015-09-09 12:49:07 -07:00
err:
A ressl server needs different configuration from a ressl client - provide a specific server configuration function and call this from ressl_configure.
2014-08-04 09:18:42 -07:00
return (-1);
}
Add callback-based interface to libtls. This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
2016-09-04 05:26:43 -07:00
static struct tls *
Maintain consistency with function naming.
2016-09-04 06:20:56 -07:00
tls_accept_common(struct tls *ctx)
Add stubs for the proposed server API.
2014-07-13 16:36:24 -07:00
{
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
struct tls *conn_ctx = NULL;
clean some ugly intendation warts
2015-09-29 03:17:04 -07:00
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
2014-10-31 06:46:17 -07:00
if ((ctx->flags & TLS_SERVER) == 0) {
Improve libtls error messages. The tls_set_error() function previously stored the errno but did nothing with it. Change tls_set_error() to append the strerror(3) of the stored errno so that we include useful information regarding failures. Provide a tls_set_errorx() function that does not store the errno or include strerror(3) in the error message. Call this function instead of tls_set_error() for errors where the errno value has no useful meaning. With feedback from and ok doug@
2015-08-27 08:26:49 -07:00
tls_set_errorx(ctx, "not a server context");
Add stubs for the proposed server API.
2014-07-13 16:36:24 -07:00
goto err;
}
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
if ((conn_ctx = tls_server_conn(ctx)) == NULL) {
tls_set_errorx(ctx, "connection context failure");
goto err;
Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket.
2014-08-04 09:34:11 -07:00
}
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
tls_set_errorx(ctx, "ssl failure");
goto err;
}
Add callback-based interface to libtls. This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
2016-09-04 05:26:43 -07:00
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
tls_set_errorx(ctx, "ssl application data failure");
goto err;
}
Add callback-based interface to libtls. This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
2016-09-04 05:26:43 -07:00
return conn_ctx;
err:
tls_free(conn_ctx);
return (NULL);
}
int
tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
{
return (tls_accept_fds(ctx, cctx, socket, socket));
}
int
tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
{
struct tls *conn_ctx;
Maintain consistency with function naming.
2016-09-04 06:20:56 -07:00
if ((conn_ctx = tls_accept_common(ctx)) == NULL)
Add callback-based interface to libtls. This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
2016-09-04 05:26:43 -07:00
goto err;
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
tls_set_errorx(ctx, "ssl file descriptor failure");
Convert tls_connect_fds() and tls_accept_socket() to the new OpenSSL error dance handling code. This means that we get slightly useful messages when a TLS connection or accept fails. Requested by reyk@
2015-02-07 01:50:09 -08:00
goto err;
Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket.
2014-08-04 09:34:11 -07:00
}
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
*cctx = conn_ctx;
Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket.
2014-08-04 09:34:11 -07:00
return (0);
Indent labels with a space so that diff -p is more friendly. Requested by bluhm@
2015-09-09 12:49:07 -07:00
err:
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
tls_free(conn_ctx);
Add callback-based interface to libtls. This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
2016-09-04 05:26:43 -07:00
*cctx = NULL;
return (-1);
}
int
tls_accept_cbs(struct tls *ctx, struct tls **cctx,
tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)
{
struct tls *conn_ctx;
Maintain consistency with function naming.
2016-09-04 06:20:56 -07:00
if ((conn_ctx = tls_accept_common(ctx)) == NULL)
Add callback-based interface to libtls. This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
2016-09-04 05:26:43 -07:00
goto err;
if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0) {
tls_set_errorx(ctx, "callback registration failure");
goto err;
}
*cctx = conn_ctx;
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
Add callback-based interface to libtls. This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
2016-09-04 05:26:43 -07:00
return (0);
err:
tls_free(conn_ctx);
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
*cctx = NULL;
Return -1 on error (not 1).
2014-08-04 09:19:50 -07:00
return (-1);
Add stubs for the proposed server API.
2014-07-13 16:36:24 -07:00
}
Provide a tls_accept_fds() function, which allows a TLS connection to be accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow.
2015-03-31 07:03:38 -07:00
int
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
tls_handshake_server(struct tls *ctx)
Provide a tls_accept_fds() function, which allows a TLS connection to be accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow.
2015-03-31 07:03:38 -07:00
{
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
int ssl_ret;
int rv = -1;
if ((ctx->flags & TLS_SERVER_CONN) == 0) {
tls_set_errorx(ctx, "not a server connection context");
goto err;
}
Ensure that we clear the libssl error stack before we make a function call that we will pass the result through tls_ssl_error() on failure. Otherwise we can end up reporting spurious errors due to their being unrelated errors already on the error stack. Spotted by Marko Kreen. ok beck@
2015-09-12 12:54:31 -07:00
ERR_clear_error();
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) {
rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
goto err;
}
ctx->state |= TLS_HANDSHAKE_COMPLETE;
actually set return value to 0 on success. ok jsing@ who wears the cone of shame.
2015-09-11 01:31:26 -07:00
rv = 0;
Split tls_handshake() out from tls_accept/tls_connect. By doing this the tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10 03:14:20 -07:00
err:
return (rv);
Provide a tls_accept_fds() function, which allows a TLS connection to be accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow.
2015-03-31 07:03:38 -07:00
}
Copy Permalink