summaryrefslogtreecommitdiff
path: root/src/lib/libtls
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2025-04-14 17:32:06 +0000
committercvs2svn <admin@example.com>2025-04-14 17:32:06 +0000
commitb1ddde874c215cc8891531ed92876f091b7eb83e (patch)
treeedb6da6af7e865d488dc1a29309f1e1ec226e603 /src/lib/libtls
parentf0a36529837a161734c802ae4c42e84e42347be2 (diff)
downloadopenbsd-tb_20250414.tar.gz
openbsd-tb_20250414.tar.bz2
openbsd-tb_20250414.zip
This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414
Diffstat (limited to 'src/lib/libtls')
-rw-r--r--src/lib/libtls/Makefile57
-rw-r--r--src/lib/libtls/Symbols.list92
-rw-r--r--src/lib/libtls/man/Makefile23
-rw-r--r--src/lib/libtls/man/tls_accept_socket.3107
-rw-r--r--src/lib/libtls/man/tls_client.3110
-rw-r--r--src/lib/libtls/man/tls_config_ocsp_require_stapling.340
-rw-r--r--src/lib/libtls/man/tls_config_set_protocols.3229
-rw-r--r--src/lib/libtls/man/tls_config_set_session_id.3105
-rw-r--r--src/lib/libtls/man/tls_config_verify.379
-rw-r--r--src/lib/libtls/man/tls_conn_version.3225
-rw-r--r--src/lib/libtls/man/tls_connect.3144
-rw-r--r--src/lib/libtls/man/tls_init.3180
-rw-r--r--src/lib/libtls/man/tls_load_file.3369
-rw-r--r--src/lib/libtls/man/tls_ocsp_process_response.3167
-rw-r--r--src/lib/libtls/man/tls_read.3240
-rw-r--r--src/lib/libtls/shlib_version2
-rw-r--r--src/lib/libtls/tls.c973
-rw-r--r--src/lib/libtls/tls.h236
-rw-r--r--src/lib/libtls/tls_bio_cb.c173
-rw-r--r--src/lib/libtls/tls_client.c509
-rw-r--r--src/lib/libtls/tls_config.c954
-rw-r--r--src/lib/libtls/tls_conninfo.c368
-rw-r--r--src/lib/libtls/tls_internal.h330
-rw-r--r--src/lib/libtls/tls_keypair.c172
-rw-r--r--src/lib/libtls/tls_ocsp.c473
-rw-r--r--src/lib/libtls/tls_peer.c107
-rw-r--r--src/lib/libtls/tls_server.c483
-rw-r--r--src/lib/libtls/tls_signer.c471
-rw-r--r--src/lib/libtls/tls_util.c226
-rw-r--r--src/lib/libtls/tls_verify.c394
30 files changed, 0 insertions, 8038 deletions
diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile
deleted file mode 100644
index 8287fec8fd..0000000000
--- a/src/lib/libtls/Makefile
+++ /dev/null
@@ -1,57 +0,0 @@
1# $OpenBSD: Makefile,v 1.38 2023/05/05 21:23:02 tb Exp $
2
3.include <bsd.own.mk>
4.ifndef NOMAN
5SUBDIR= man
6.endif
7
8CFLAGS+= -Wall -Wimplicit -Wundef
9.if ${COMPILER_VERSION:L} == "clang"
10CFLAGS+= -Werror -Wshadow
11.endif
12CFLAGS+= -DLIBRESSL_INTERNAL
13
14CLEANFILES= ${VERSION_SCRIPT}
15
16WARNINGS= Yes
17
18LIB= tls
19
20DPADD= ${LIBCRYPTO} ${LIBSSL}
21
22LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
23LDADD+= -L${BSDOBJDIR}/lib/libssl -lssl
24
25VERSION_SCRIPT= Symbols.map
26SYMBOL_LIST= ${.CURDIR}/Symbols.list
27
28HDRS= tls.h
29
30SRCS= tls.c \
31 tls_bio_cb.c \
32 tls_client.c \
33 tls_config.c \
34 tls_conninfo.c \
35 tls_keypair.c \
36 tls_peer.c \
37 tls_server.c \
38 tls_signer.c \
39 tls_util.c \
40 tls_ocsp.c \
41 tls_verify.c
42
43includes:
44 @cd ${.CURDIR}; for i in $(HDRS); do \
45 j="cmp -s $$i ${DESTDIR}/usr/include/$$i || \
46 ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\
47 ${DESTDIR}/usr/include/"; \
48 echo $$j; \
49 eval "$$j"; \
50 done;
51
52${VERSION_SCRIPT}: ${SYMBOL_LIST}
53 { printf '{\n\tglobal:\n'; \
54 sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \
55 printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
56
57.include <bsd.lib.mk>
diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list
deleted file mode 100644
index ee7df862f4..0000000000
--- a/src/lib/libtls/Symbols.list
+++ /dev/null
@@ -1,92 +0,0 @@
1tls_accept_cbs
2tls_accept_fds
3tls_accept_socket
4tls_client
5tls_close
6tls_config_add_keypair_file
7tls_config_add_keypair_mem
8tls_config_add_keypair_ocsp_file
9tls_config_add_keypair_ocsp_mem
10tls_config_add_ticket_key
11tls_config_clear_keys
12tls_config_error
13tls_config_free
14tls_config_insecure_noverifycert
15tls_config_insecure_noverifyname
16tls_config_insecure_noverifytime
17tls_config_new
18tls_config_ocsp_require_stapling
19tls_config_parse_protocols
20tls_config_prefer_ciphers_client
21tls_config_prefer_ciphers_server
22tls_config_set_alpn
23tls_config_set_ca_file
24tls_config_set_ca_mem
25tls_config_set_ca_path
26tls_config_set_cert_file
27tls_config_set_cert_mem
28tls_config_set_ciphers
29tls_config_set_crl_file
30tls_config_set_crl_mem
31tls_config_set_dheparams
32tls_config_set_ecdhecurve
33tls_config_set_ecdhecurves
34tls_config_set_key_file
35tls_config_set_key_mem
36tls_config_set_keypair_file
37tls_config_set_keypair_mem
38tls_config_set_keypair_ocsp_file
39tls_config_set_keypair_ocsp_mem
40tls_config_set_ocsp_staple_mem
41tls_config_set_ocsp_staple_file
42tls_config_set_protocols
43tls_config_set_session_id
44tls_config_set_session_lifetime
45tls_config_set_session_fd
46tls_config_set_verify_depth
47tls_config_skip_private_key_check
48tls_config_use_fake_private_key
49tls_config_verify
50tls_config_verify_client
51tls_config_verify_client_optional
52tls_configure
53tls_conn_alpn_selected
54tls_conn_cipher
55tls_conn_cipher_strength
56tls_conn_servername
57tls_conn_session_resumed
58tls_conn_version
59tls_connect
60tls_connect_cbs
61tls_connect_fds
62tls_connect_servername
63tls_connect_socket
64tls_default_ca_cert_file
65tls_error
66tls_free
67tls_handshake
68tls_init
69tls_load_file
70tls_ocsp_process_response
71tls_peer_cert_chain_pem
72tls_peer_cert_common_name
73tls_peer_cert_contains_name
74tls_peer_cert_hash
75tls_peer_cert_issuer
76tls_peer_cert_notafter
77tls_peer_cert_notbefore
78tls_peer_cert_provided
79tls_peer_cert_subject
80tls_peer_ocsp_cert_status
81tls_peer_ocsp_crl_reason
82tls_peer_ocsp_next_update
83tls_peer_ocsp_response_status
84tls_peer_ocsp_result
85tls_peer_ocsp_revocation_time
86tls_peer_ocsp_this_update
87tls_peer_ocsp_url
88tls_read
89tls_reset
90tls_server
91tls_unload_file
92tls_write
diff --git a/src/lib/libtls/man/Makefile b/src/lib/libtls/man/Makefile
deleted file mode 100644
index 4883377669..0000000000
--- a/src/lib/libtls/man/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2017/01/25 23:53:18 schwarze Exp $
2
3.include <bsd.own.mk>
4
5MAN = \
6 tls_accept_socket.3 \
7 tls_client.3 \
8 tls_config_ocsp_require_stapling.3 \
9 tls_config_set_protocols.3 \
10 tls_config_set_session_id.3 \
11 tls_config_verify.3 \
12 tls_conn_version.3 \
13 tls_connect.3 \
14 tls_init.3 \
15 tls_load_file.3 \
16 tls_ocsp_process_response.3 \
17 tls_read.3 \
18
19all clean cleandir depend includes obj tags:
20
21install: maninstall
22
23.include <bsd.man.mk>
diff --git a/src/lib/libtls/man/tls_accept_socket.3 b/src/lib/libtls/man/tls_accept_socket.3
deleted file mode 100644
index 931b9346ec..0000000000
--- a/src/lib/libtls/man/tls_accept_socket.3
+++ /dev/null
@@ -1,107 +0,0 @@
1.\" $OpenBSD: tls_accept_socket.3,v 1.4 2018/05/26 12:35:26 schwarze Exp $
2.\"
3.\" Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
5.\" Copyright (c) 2016 Brent Cook <bcook@openbsd.org>
6.\"
7.\" Permission to use, copy, modify, and distribute this software for any
8.\" purpose with or without fee is hereby granted, provided that the above
9.\" copyright notice and this permission notice appear in all copies.
10.\"
11.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18.\"
19.Dd $Mdocdate: May 26 2018 $
20.Dt TLS_ACCEPT_SOCKET 3
21.Os
22.Sh NAME
23.Nm tls_accept_socket ,
24.Nm tls_accept_fds ,
25.Nm tls_accept_cbs
26.Nd accept an incoming client connection in a TLS server
27.Sh SYNOPSIS
28.In tls.h
29.Ft int
30.Fo tls_accept_socket
31.Fa "struct tls *tls"
32.Fa "struct tls **cctx"
33.Fa "int socket"
34.Fc
35.Ft int
36.Fo tls_accept_fds
37.Fa "struct tls *tls"
38.Fa "struct tls **cctx"
39.Fa "int fd_read"
40.Fa "int fd_write"
41.Fc
42.Ft int
43.Fo tls_accept_cbs
44.Fa "struct tls *tls"
45.Fa "struct tls **cctx"
46.Fa "ssize_t (*tls_read_cb)(struct tls *ctx,\
47 void *buf, size_t buflen, void *cb_arg)"
48.Fa "ssize_t (*tls_write_cb)(struct tls *ctx,\
49 const void *buf, size_t buflen, void *cb_arg)"
50.Fa "void *cb_arg"
51.Fc
52.Sh DESCRIPTION
53After creating a TLS server context
54.Fa tls
55with
56.Xr tls_server 3
57and configuring it with
58.Xr tls_configure 3 ,
59a server can accept a new client connection by calling
60.Fn tls_accept_socket
61on an already established socket connection.
62.Pp
63Alternatively, a new client connection can be accepted over a pair of existing
64file descriptors by calling
65.Fn tls_accept_fds .
66.Pp
67Calling
68.Fn tls_accept_cbs
69allows read and write callback functions to handle data transfers.
70The specified
71.Fa cb_arg
72parameter is passed back to the functions,
73and can contain a pointer to any caller-specified data.
74.Pp
75All these functions create a new context suitable for reading and writing
76and return it in
77.Pf * Fa cctx .
78.Sh RETURN VALUES
79These functions return 0 on success or -1 on error.
80.Sh SEE ALSO
81.Xr tls_close 3 ,
82.Xr tls_config_set_session_id 3 ,
83.Xr tls_configure 3 ,
84.Xr tls_connect 3 ,
85.Xr tls_init 3 ,
86.Xr tls_server 3
87.Sh HISTORY
88.Fn tls_accept_socket
89appeared in
90.Ox 5.6
91and got its final name in
92.Ox 5.7 .
93.Pp
94.Fn tls_accept_fds
95appeared in
96.Ox 5.8
97and
98.Fn tls_accept_cbs
99in
100.Ox 6.1 .
101.Sh AUTHORS
102.An Joel Sing Aq Mt jsing@openbsd.org
103.Pp
104.An -nosplit
105.Fn tls_accept_cbs
106was written by
107.An Tobias Pape Aq Mt tobias@netshed.de .
diff --git a/src/lib/libtls/man/tls_client.3 b/src/lib/libtls/man/tls_client.3
deleted file mode 100644
index 98f58d4c20..0000000000
--- a/src/lib/libtls/man/tls_client.3
+++ /dev/null
@@ -1,110 +0,0 @@
1.\" $OpenBSD: tls_client.3,v 1.4 2017/08/12 03:41:48 jsing Exp $
2.\"
3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd $Mdocdate: August 12 2017 $
18.Dt TLS_CLIENT 3
19.Os
20.Sh NAME
21.Nm tls_client ,
22.Nm tls_server ,
23.Nm tls_configure ,
24.Nm tls_reset ,
25.Nm tls_free
26.Nd configure a TLS connection
27.Sh SYNOPSIS
28.In tls.h
29.Ft struct tls *
30.Fn tls_client void
31.Ft struct tls *
32.Fn tls_server void
33.Ft int
34.Fo tls_configure
35.Fa "struct tls *ctx"
36.Fa "struct tls_config *config"
37.Fc
38.Ft void
39.Fn tls_free "struct tls *ctx"
40.Ft void
41.Fn tls_reset "struct tls *ctx"
42.Sh DESCRIPTION
43A TLS connection is represented as a
44.Vt struct tls
45object called a
46.Dq context .
47A new context is created by either the
48.Fn tls_client
49or
50.Fn tls_server
51functions.
52.Fn tls_client
53is used in TLS client programs,
54.Fn tls_server
55in TLS server programs.
56.Pp
57The context can then be configured with the function
58.Fn tls_configure .
59The same
60.Vt tls_config
61object can be used to configure multiple contexts.
62.Pp
63After configuration,
64.Xr tls_connect 3
65can be called on objects created with
66.Fn tls_client ,
67and
68.Xr tls_accept_socket 3
69on objects created with
70.Fn tls_server .
71.Pp
72After use, a TLS context should be closed with
73.Xr tls_close 3 ,
74and then freed by calling
75.Fn tls_free .
76If
77.Fn tls_free
78is called with an argument of
79.Dv NULL ,
80no action occurs.
81.Pp
82A TLS context can be reset by calling
83.Fn tls_reset ,
84allowing for it to be reused.
85This is essentially equivalent to calling
86.Fn tls_free ,
87followed by a call to the same function that was used to originally allocate
88the TLS context.
89.Sh RETURN VALUES
90.Fn tls_client
91and
92.Fn tls_server
93return
94.Dv NULL
95on error or an out of memory condition.
96.Pp
97.Fn tls_configure
98returns 0 on success or -1 on error.
99.Sh SEE ALSO
100.Xr tls_accept_socket 3 ,
101.Xr tls_config_new 3 ,
102.Xr tls_connect 3 ,
103.Xr tls_init 3
104.Sh HISTORY
105These functions appeared in
106.Ox 5.6
107and got their final names in
108.Ox 5.7 .
109.Sh AUTHORS
110.An Joel Sing Aq Mt jsing@openbsd.org
diff --git a/src/lib/libtls/man/tls_config_ocsp_require_stapling.3 b/src/lib/libtls/man/tls_config_ocsp_require_stapling.3
deleted file mode 100644
index a0694d304f..0000000000
--- a/src/lib/libtls/man/tls_config_ocsp_require_stapling.3
+++ /dev/null
@@ -1,40 +0,0 @@
1.\" $OpenBSD: tls_config_ocsp_require_stapling.3,v 1.5 2017/01/31 20:53:50 jmc Exp $
2.\"
3.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd $Mdocdate: January 31 2017 $
18.Dt TLS_CONFIG_OCSP_REQUIRE_STAPLING 3
19.Os
20.Sh NAME
21.Nm tls_config_ocsp_require_stapling
22.Nd OCSP configuration for libtls
23.Sh SYNOPSIS
24.In tls.h
25.Ft void
26.Fn tls_config_ocsp_require_stapling "struct tls_config *config"
27.Sh DESCRIPTION
28.Fn tls_config_ocsp_require_stapling
29requires that a valid stapled OCSP response be provided
30during the TLS handshake.
31.Sh SEE ALSO
32.Xr tls_config_add_keypair_file 3 ,
33.Xr tls_handshake 3 ,
34.Xr tls_init 3 ,
35.Xr tls_ocsp_process_response 3
36.Sh HISTORY
37These functions appeared in
38.Ox 6.1 .
39.Sh AUTHORS
40.An Bob Beck Aq Mt beck@openbsd.org
diff --git a/src/lib/libtls/man/tls_config_set_protocols.3 b/src/lib/libtls/man/tls_config_set_protocols.3
deleted file mode 100644
index 32b8cce757..0000000000
--- a/src/lib/libtls/man/tls_config_set_protocols.3
+++ /dev/null
@@ -1,229 +0,0 @@
1.\" $OpenBSD: tls_config_set_protocols.3,v 1.12 2023/07/02 06:37:27 beck Exp $
2.\"
3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4.\" Copyright (c) 2015, 2016 Joel Sing <jsing@openbsd.org>
5.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
6.\"
7.\" Permission to use, copy, modify, and distribute this software for any
8.\" purpose with or without fee is hereby granted, provided that the above
9.\" copyright notice and this permission notice appear in all copies.
10.\"
11.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18.\"
19.Dd $Mdocdate: July 2 2023 $
20.Dt TLS_CONFIG_SET_PROTOCOLS 3
21.Os
22.Sh NAME
23.Nm tls_config_set_protocols ,
24.Nm tls_config_parse_protocols ,
25.Nm tls_config_set_alpn ,
26.Nm tls_config_set_ciphers ,
27.Nm tls_config_set_dheparams ,
28.Nm tls_config_set_ecdhecurves ,
29.Nm tls_config_prefer_ciphers_client ,
30.Nm tls_config_prefer_ciphers_server
31.Nd TLS protocol and cipher selection
32.Sh SYNOPSIS
33.In tls.h
34.Ft int
35.Fo tls_config_set_protocols
36.Fa "struct tls_config *config"
37.Fa "uint32_t protocols"
38.Fc
39.Ft int
40.Fo tls_config_parse_protocols
41.Fa "uint32_t *protocols"
42.Fa "const char *protostr"
43.Fc
44.Ft int
45.Fo tls_config_set_alpn
46.Fa "struct tls_config *config"
47.Fa "const char *alpn"
48.Fc
49.Ft int
50.Fo tls_config_set_ciphers
51.Fa "struct tls_config *config"
52.Fa "const char *ciphers"
53.Fc
54.Ft int
55.Fo tls_config_set_dheparams
56.Fa "struct tls_config *config"
57.Fa "const char *params"
58.Fc
59.Ft int
60.Fo tls_config_set_ecdhecurves
61.Fa "struct tls_config *config"
62.Fa "const char *curves"
63.Fc
64.Ft void
65.Fn tls_config_prefer_ciphers_client "struct tls_config *config"
66.Ft void
67.Fn tls_config_prefer_ciphers_server "struct tls_config *config"
68.Sh DESCRIPTION
69These functions modify a configuration by setting parameters.
70The configuration options apply to both clients and servers, unless noted
71otherwise.
72.Pp
73.Fn tls_config_set_protocols
74specifies which versions of the TLS protocol may be used.
75Possible values are the bitwise OR of:
76.Pp
77.Bl -item -offset indent -compact
78.It
79.Dv TLS_PROTOCOL_TLSv1_2
80.It
81.Dv TLS_PROTOCOL_TLSv1_3
82.El
83.Pp
84Additionally, the values
85.Dv TLS_PROTOCOL_TLSv1
86(TLSv1.2, TLSv1.3),
87.Dv TLS_PROTOCOLS_ALL
88(all supported protocols) and
89.Dv TLS_PROTOCOLS_DEFAULT
90(TLSv1.2 and TLSv1.3) may be used.
91.Pp
92The
93.Fn tls_config_parse_protocols
94utility function parses a protocol string and returns the corresponding
95value via the
96.Ar protocols
97argument.
98This value can then be passed to the
99.Fn tls_config_set_protocols
100function.
101The protocol string is a comma or colon separated list of keywords.
102Valid keywords are:
103.Pp
104.Bl -tag -width "tlsv1.3" -offset indent -compact
105.It Dv tlsv1.2
106.It Dv tlsv1.3
107.It Dv all
108.Pq all supported protocols
109.It Dv default
110.Pq an alias for Dv secure
111.It Dv legacy
112.Pq an alias for Dv all
113.It Dv secure
114.Pq currently TLSv1.2 and TLSv1.3
115.El
116.Pp
117If a value has a negative prefix (in the form of a leading exclamation mark)
118then it is removed from the list of available protocols, rather than being
119added to it.
120.Pp
121.Fn tls_config_set_alpn
122sets the ALPN protocols that are supported.
123The alpn string is a comma separated list of protocols, in order of preference.
124.Pp
125.Fn tls_config_set_ciphers
126sets the list of ciphers that may be used.
127Lists of ciphers are specified by name, and the
128permitted names are:
129.Pp
130.Bl -item -offset indent -compact
131.It
132.Dv secure Pq or alias Dv default
133.It
134.Dv compat
135.It
136.Dv legacy
137.It
138.Dv insecure Pq or alias Dv all
139.El
140.Pp
141Alternatively, libssl cipher strings can be specified.
142See the CIPHERS section of
143.Xr openssl 1
144for further information.
145.Pp
146.Fn tls_config_set_dheparams
147specifies the parameters that will be used during Diffie-Hellman Ephemeral
148(DHE) key exchange.
149Possible values are:
150.Pp
151.Bl -item -offset indent -compact
152.It
153.Dv none
154.It
155.Dv auto
156.It
157.Dv legacy
158.El
159.Pp
160In
161.Dv auto
162mode, the key size for the ephemeral key is automatically selected
163based on the size of the private key being used for signing.
164In
165.Dv legacy
166mode, 1024 bit ephemeral keys are used.
167The default value is
168.Dv none ,
169which disables DHE key exchange.
170.Pp
171.Fn tls_config_set_ecdhecurves
172specifies the names of the elliptic curves that may be used during Elliptic
173Curve Diffie-Hellman Ephemeral (ECDHE) key exchange.
174This is a comma separated list, given in order of preference.
175The special value of "default" will use the default curves (currently X25519,
176P-256 and P-384).
177This function replaces
178.Fn tls_config_set_ecdhecurve ,
179which is deprecated.
180.Pp
181.Fn tls_config_prefer_ciphers_client
182prefers ciphers in the client's cipher list when selecting a cipher suite
183(server only).
184This is considered to be less secure than preferring the server's list.
185.Pp
186.Fn tls_config_prefer_ciphers_server
187prefers ciphers in the server's cipher list when selecting a cipher suite
188(server only).
189This is considered to be more secure than preferring the client's list and is
190the default.
191.Sh RETURN VALUES
192These functions return 0 on success or -1 on error.
193.Sh SEE ALSO
194.Xr tls_config_ocsp_require_stapling 3 ,
195.Xr tls_config_set_session_id 3 ,
196.Xr tls_config_verify 3 ,
197.Xr tls_init 3 ,
198.Xr tls_load_file 3
199.Sh HISTORY
200.Fn tls_config_set_ciphers
201appeared in
202.Ox 5.6
203and got its final name in
204.Ox 5.7 .
205.Pp
206.Fn tls_config_set_protocols ,
207.Fn tls_config_parse_protocols ,
208.Fn tls_config_set_dheparams ,
209and
210.Fn tls_config_set_ecdhecurve
211appeared in
212.Ox 5.7 ,
213.Fn tls_config_prefer_ciphers_client
214and
215.Fn tls_config_prefer_ciphers_server
216in
217.Ox 5.9 ,
218and
219.Fn tls_config_set_alpn
220in
221.Ox 6.1 .
222.Sh AUTHORS
223.An Joel Sing Aq Mt jsing@openbsd.org
224with contributions from
225.An Ted Unangst Aq Mt tedu@openbsd.org
226.Pq Fn tls_config_set_ciphers
227and
228.An Reyk Floeter Aq Mt reyk@openbsd.org
229.Pq Fn tls_config_set_ecdhecurve
diff --git a/src/lib/libtls/man/tls_config_set_session_id.3 b/src/lib/libtls/man/tls_config_set_session_id.3
deleted file mode 100644
index d969e01e33..0000000000
--- a/src/lib/libtls/man/tls_config_set_session_id.3
+++ /dev/null
@@ -1,105 +0,0 @@
1.\" $OpenBSD: tls_config_set_session_id.3,v 1.5 2018/02/10 06:07:43 jsing Exp $
2.\"
3.\" Copyright (c) 2017 Claudio Jeker <claudio@openbsd.org>
4.\" Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
5.\"
6.\" Permission to use, copy, modify, and distribute this software for any
7.\" purpose with or without fee is hereby granted, provided that the above
8.\" copyright notice and this permission notice appear in all copies.
9.\"
10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17.\"
18.Dd $Mdocdate: February 10 2018 $
19.Dt TLS_CONFIG_SET_SESSION_ID 3
20.Os
21.Sh NAME
22.Nm tls_config_set_session_fd ,
23.Nm tls_config_set_session_id ,
24.Nm tls_config_set_session_lifetime ,
25.Nm tls_config_add_ticket_key
26.Nd configure resuming of TLS handshakes
27.Sh SYNOPSIS
28.In tls.h
29.Ft int
30.Fo tls_config_set_session_fd
31.Fa "struct tls_config *config"
32.Fa "int session_fd"
33.Fc
34.Ft int
35.Fo tls_config_set_session_id
36.Fa "struct tls_config *config"
37.Fa "const unsigned char *session_id"
38.Fa "size_t len"
39.Fc
40.Ft int
41.Fo tls_config_set_session_lifetime
42.Fa "struct tls_config *config"
43.Fa "int lifetime"
44.Fc
45.Ft int
46.Fo tls_config_add_ticket_key
47.Fa "struct tls_config *config"
48.Fa "uint32_t keyrev"
49.Fa "unsigned char *key"
50.Fa "size_t keylen"
51.Fc
52.Sh DESCRIPTION
53.Fn tls_config_set_session_fd
54sets a file descriptor to be used to manage data for TLS sessions (client only).
55The given file descriptor must be a regular file and be owned by the current
56user, with permissions being restricted to only allow the owner to read and
57write the file (0600).
58If the file has a non-zero length, the client will attempt to read session
59data from this file and resume the previous TLS session with the server.
60Upon a successful handshake the file will be updated with current session
61data, if available.
62The caller is responsible for closing this file descriptor, after all TLS
63contexts that have been configured to use it have been freed via
64.Fn tls_free .
65.Pp
66.Fn tls_config_set_session_id
67sets the session identifier that will be used by the TLS server when
68sessions are enabled (server only).
69By default a random value is used.
70.Pp
71.Fn tls_config_set_session_lifetime
72sets the lifetime to be used for TLS sessions (server only).
73Session support is disabled if a lifetime of zero is specified, which is the
74default.
75.Pp
76.Fn tls_config_add_ticket_key
77adds a key used for the encryption and authentication of TLS tickets
78(server only).
79By default keys are generated and rotated automatically based on their lifetime.
80This function should only be used to synchronise ticket encryption key across
81multiple processes.
82Re-adding a known key will result in an error, unless it is the most recently
83added key.
84.Sh RETURN VALUES
85These functions return 0 on success or -1 on error.
86.Sh SEE ALSO
87.Xr tls_accept_socket 3 ,
88.Xr tls_config_set_protocols 3 ,
89.Xr tls_init 3 ,
90.Xr tls_load_file 3 ,
91.Xr tls_server 3
92.Sh HISTORY
93.Fn tls_config_set_session_id ,
94.Fn tls_config_set_session_lifetime
95and
96.Fn tls_config_add_ticket_key
97appeared in
98.Ox 6.1 .
99.Pp
100.Fn tls_config_set_session_fd
101appeared in
102.Ox 6.3 .
103.Sh AUTHORS
104.An Claudio Jeker Aq Mt claudio@openbsd.org
105.An Joel Sing Aq Mt jsing@openbsd.org
diff --git a/src/lib/libtls/man/tls_config_verify.3 b/src/lib/libtls/man/tls_config_verify.3
deleted file mode 100644
index 4a43c834d7..0000000000
--- a/src/lib/libtls/man/tls_config_verify.3
+++ /dev/null
@@ -1,79 +0,0 @@
1.\" $OpenBSD: tls_config_verify.3,v 1.4 2017/03/02 11:05:50 jmc Exp $
2.\"
3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
5.\"
6.\" Permission to use, copy, modify, and distribute this software for any
7.\" purpose with or without fee is hereby granted, provided that the above
8.\" copyright notice and this permission notice appear in all copies.
9.\"
10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17.\"
18.Dd $Mdocdate: March 2 2017 $
19.Dt TLS_CONFIG_VERIFY 3
20.Os
21.Sh NAME
22.Nm tls_config_verify ,
23.Nm tls_config_insecure_noverifycert ,
24.Nm tls_config_insecure_noverifyname ,
25.Nm tls_config_insecure_noverifytime
26.Nd insecure TLS configuration
27.Sh SYNOPSIS
28.In tls.h
29.Ft void
30.Fn tls_config_verify "struct tls_config *config"
31.Ft void
32.Fn tls_config_insecure_noverifycert "struct tls_config *config"
33.Ft void
34.Fn tls_config_insecure_noverifyname "struct tls_config *config"
35.Ft void
36.Fn tls_config_insecure_noverifytime "struct tls_config *config"
37.Sh DESCRIPTION
38These functions disable parts of the normal certificate verification
39process, resulting in insecure configurations.
40Be very careful when using them.
41.Pp
42.Fn tls_config_insecure_noverifycert
43disables certificate verification and OCSP validation.
44.Pp
45.Fn tls_config_insecure_noverifyname
46disables server name verification (client only).
47.Pp
48.Fn tls_config_insecure_noverifytime
49disables validity checking of certificates and OCSP validation.
50.Pp
51.Fn tls_config_verify
52reenables server name and certificate verification.
53.Sh SEE ALSO
54.Xr tls_client 3 ,
55.Xr tls_config_ocsp_require_stapling 3 ,
56.Xr tls_config_set_protocols 3 ,
57.Xr tls_conn_version 3 ,
58.Xr tls_connect 3 ,
59.Xr tls_handshake 3 ,
60.Xr tls_init 3
61.Sh HISTORY
62.Fn tls_config_verify
63appeared in
64.Ox 5.6
65and got its final name in
66.Ox 5.7 .
67.Pp
68.Fn tls_config_insecure_noverifycert
69and
70.Fn tls_config_insecure_noverifyname
71appeared in
72.Ox 5.7
73and
74.Nm tls_config_insecure_noverifytime
75in
76.Ox 5.9 .
77.Sh AUTHORS
78.An Joel Sing Aq Mt jsing@openbsd.org
79.An Ted Unangst Aq Mt tedu@openbsd.org
diff --git a/src/lib/libtls/man/tls_conn_version.3 b/src/lib/libtls/man/tls_conn_version.3
deleted file mode 100644
index 8fb30624d7..0000000000
--- a/src/lib/libtls/man/tls_conn_version.3
+++ /dev/null
@@ -1,225 +0,0 @@
1.\" $OpenBSD: tls_conn_version.3,v 1.11 2024/12/10 08:42:12 tb Exp $
2.\"
3.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
4.\" Copyright (c) 2016, 2018 Joel Sing <jsing@openbsd.org>
5.\"
6.\" Permission to use, copy, modify, and distribute this software for any
7.\" purpose with or without fee is hereby granted, provided that the above
8.\" copyright notice and this permission notice appear in all copies.
9.\"
10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17.\"
18.Dd $Mdocdate: December 10 2024 $
19.Dt TLS_CONN_VERSION 3
20.Os
21.Sh NAME
22.Nm tls_conn_version ,
23.Nm tls_conn_cipher ,
24.Nm tls_conn_cipher_strength ,
25.Nm tls_conn_alpn_selected ,
26.Nm tls_conn_servername ,
27.Nm tls_conn_session_resumed ,
28.Nm tls_peer_cert_provided ,
29.Nm tls_peer_cert_contains_name ,
30.Nm tls_peer_cert_chain_pem ,
31.Nm tls_peer_cert_issuer ,
32.Nm tls_peer_cert_subject ,
33.Nm tls_peer_cert_common_name ,
34.Nm tls_peer_cert_hash ,
35.Nm tls_peer_cert_notbefore ,
36.Nm tls_peer_cert_notafter
37.Nd inspect an established TLS connection
38.Sh SYNOPSIS
39.In tls.h
40.Ft const char *
41.Fn tls_conn_version "struct tls *ctx"
42.Ft const char *
43.Fn tls_conn_cipher "struct tls *ctx"
44.Ft int
45.Fn tls_conn_cipher_strength "struct tls *ctx"
46.Ft const char *
47.Fn tls_conn_alpn_selected "struct tls *ctx"
48.Ft const char *
49.Fn tls_conn_servername "struct tls *ctx"
50.Ft int
51.Fn tls_conn_session_resumed "struct tls *ctx"
52.Ft int
53.Fn tls_peer_cert_provided "struct tls *ctx"
54.Ft int
55.Fo tls_peer_cert_contains_name
56.Fa "struct tls *ctx"
57.Fa "const char *name"
58.Fc
59.Ft const uint8_t *
60.Fo tls_peer_cert_chain_pem
61.Fa "struct tls *ctx"
62.Fa "size_t *size"
63.Fc
64.Ft const char *
65.Fn tls_peer_cert_issuer "struct tls *ctx"
66.Ft const char *
67.Fn tls_peer_cert_subject "struct tls *ctx"
68.Ft const char *
69.Fn tls_peer_cert_common_name "struct tls *ctx"
70.Ft const char *
71.Fn tls_peer_cert_hash "struct tls *ctx"
72.Ft time_t
73.Fn tls_peer_cert_notbefore "struct tls *ctx"
74.Ft time_t
75.Fn tls_peer_cert_notafter "struct tls *ctx"
76.Sh DESCRIPTION
77These functions return information about a TLS connection and will only
78succeed after the handshake is complete (the connection information applies
79to both clients and servers, unless noted otherwise):
80.Pp
81.Fn tls_conn_version
82returns a string corresponding to a TLS version negotiated with the peer
83connected to
84.Ar ctx .
85.Pp
86.Fn tls_conn_cipher
87returns a string corresponding to the cipher suite negotiated with the peer
88connected to
89.Ar ctx .
90.Pp
91.Fn tls_conn_cipher_strength
92returns the strength in bits for the symmetric cipher that is being
93used with the peer connected to
94.Ar ctx .
95.Pp
96.Fn tls_conn_alpn_selected
97returns a string that specifies the ALPN protocol selected for use with the peer
98connected to
99.Ar ctx .
100If no protocol was selected then NULL is returned.
101.Pp
102.Fn tls_conn_servername
103returns a string corresponding to the servername that the client connected to
104.Ar ctx
105requested by sending a TLS Server Name Indication extension (server only).
106.Pp
107.Fn tls_conn_session_resumed
108indicates whether a TLS session has been resumed during the handshake with
109the server connected to
110.Ar ctx
111(client only).
112.Pp
113.Fn tls_peer_cert_provided
114checks if the peer of
115.Ar ctx
116has provided a certificate.
117.Pp
118.Fn tls_peer_cert_contains_name
119checks if the peer of a TLS
120.Ar ctx
121has provided a certificate that contains a
122SAN or CN that matches
123.Ar name .
124.Pp
125.Fn tls_peer_cert_chain_pem
126returns a pointer to memory containing a PEM-encoded certificate chain for the
127peer certificate from
128.Ar ctx .
129.Pp
130.Fn tls_peer_cert_subject
131returns a string
132corresponding to the subject of the peer certificate from
133.Ar ctx .
134.Pp
135.Fn tls_peer_cert_issuer
136returns a string
137corresponding to the issuer of the peer certificate from
138.Ar ctx .
139.Fn tls_peer_cert_common_name
140returns a string
141corresponding to the common name of the peer certificate from
142.Ar ctx
143or the empty string if no common name is present.
144.Pp
145.Fn tls_peer_cert_hash
146returns a string
147corresponding to a hash of the raw peer certificate from
148.Ar ctx
149prefixed by a hash name followed by a colon.
150The hash currently used is SHA256, though this
151could change in the future.
152The hash string for a certificate in file
153.Ar mycert.crt
154can be generated using the commands:
155.Bd -literal -offset indent
156h=$(openssl x509 -outform der -in mycert.crt | sha256)
157printf "SHA256:${h}\\n"
158.Ed
159.Pp
160.Fn tls_peer_cert_notbefore
161returns the time corresponding to the start of the validity period of
162the peer certificate from
163.Ar ctx .
164.Pp
165.Fn tls_peer_cert_notafter
166returns the time corresponding to the end of the validity period of
167the peer certificate from
168.Ar ctx .
169.Sh RETURN VALUES
170The
171.Fn tls_conn_session_resumed
172function returns 1 if a TLS session was resumed or 0 if it was not.
173.Pp
174The
175.Fn tls_peer_cert_provided
176and
177.Fn tls_peer_cert_contains_name
178functions return 1 if the check succeeds or 0 if it does not.
179.Pp
180.Fn tls_peer_cert_notbefore
181and
182.Fn tls_peer_cert_notafter
183return a time in epoch-seconds on success or -1 on error.
184.Pp
185The functions that return a pointer return
186.Dv NULL
187on error or an out of memory condition.
188.Sh SEE ALSO
189.Xr tls_configure 3 ,
190.Xr tls_handshake 3 ,
191.Xr tls_init 3 ,
192.Xr tls_ocsp_process_response 3
193.Sh HISTORY
194.Fn tls_conn_version ,
195.Fn tls_conn_cipher ,
196.Fn tls_peer_cert_provided ,
197.Fn tls_peer_cert_contains_name ,
198.Fn tls_peer_cert_issuer ,
199.Fn tls_peer_cert_subject ,
200.Fn tls_peer_cert_hash ,
201.Fn tls_peer_cert_notbefore ,
202and
203.Fn tls_peer_cert_notafter
204appeared in
205.Ox 5.9 .
206.Pp
207.Fn tls_conn_servername
208and
209.Fn tls_conn_alpn_selected
210appeared in
211.Ox 6.1 .
212.Pp
213.Fn tls_conn_session_resumed
214appeared in
215.Ox 6.3 .
216.Pp
217.Fn tls_conn_cipher_strength
218appeared in
219.Ox 6.7 .
220.Fn tls_peer_cert_common_name
221appeared in
222.Ox 7.7 .
223.Sh AUTHORS
224.An Bob Beck Aq Mt beck@openbsd.org
225.An Joel Sing Aq Mt jsing@openbsd.org
diff --git a/src/lib/libtls/man/tls_connect.3 b/src/lib/libtls/man/tls_connect.3
deleted file mode 100644
index 4c4f01c256..0000000000
--- a/src/lib/libtls/man/tls_connect.3
+++ /dev/null
@@ -1,144 +0,0 @@
1.\" $OpenBSD: tls_connect.3,v 1.4 2018/07/09 19:51:18 tb Exp $
2.\"
3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4.\" Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org>
5.\" Copyright (c) 2016 Brent Cook <bcook@openbsd.org>
6.\"
7.\" Permission to use, copy, modify, and distribute this software for any
8.\" purpose with or without fee is hereby granted, provided that the above
9.\" copyright notice and this permission notice appear in all copies.
10.\"
11.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18.\"
19.Dd $Mdocdate: July 9 2018 $
20.Dt TLS_CONNECT 3
21.Os
22.Sh NAME
23.Nm tls_connect ,
24.Nm tls_connect_fds ,
25.Nm tls_connect_servername ,
26.Nm tls_connect_socket ,
27.Nm tls_connect_cbs
28.Nd instruct a TLS client to establish a connection
29.Sh SYNOPSIS
30.In tls.h
31.Ft int
32.Fo tls_connect
33.Fa "struct tls *ctx"
34.Fa "const char *host"
35.Fa "const char *port"
36.Fc
37.Ft int
38.Fo tls_connect_fds
39.Fa "struct tls *ctx"
40.Fa "int fd_read"
41.Fa "int fd_write"
42.Fa "const char *servername"
43.Fc
44.Ft int
45.Fo tls_connect_servername
46.Fa "struct tls *ctx"
47.Fa "const char *host"
48.Fa "const char *port"
49.Fa "const char *servername"
50.Fc
51.Ft int
52.Fo tls_connect_socket
53.Fa "struct tls *ctx"
54.Fa "int s"
55.Fa "const char *servername"
56.Fc
57.Ft int
58.Fo tls_connect_cbs
59.Fa "struct tls *ctx"
60.Fa "ssize_t (*tls_read_cb)(struct tls *ctx,\
61 void *buf, size_t buflen, void *cb_arg)"
62.Fa "ssize_t (*tls_write_cb)(struct tls *ctx,\
63 const void *buf, size_t buflen, void *cb_arg)"
64.Fa "void *cb_arg"
65.Fa "const char *servername"
66.Fc
67.Sh DESCRIPTION
68After creating a TLS client context with
69.Xr tls_client 3
70and configuring it with
71.Xr tls_configure 3 ,
72a client connection is initiated by calling
73.Fn tls_connect .
74This function will create a new socket, connect to the specified
75.Fa host
76and
77.Fa port ,
78and then establish a secure connection.
79The
80.Fa port
81may be numeric or a service name.
82If it is
83.Dv NULL ,
84then a
85.Fa host
86of the format "hostname:port" is permitted.
87The name to use for verification is inferred from the
88.Ar host
89value.
90.Pp
91The
92.Fn tls_connect_servername
93function has the same behaviour, however the name to use for verification is
94explicitly provided, for the case where the TLS server name differs from the
95DNS name.
96.Pp
97An already existing socket can be upgraded to a secure connection by calling
98.Fn tls_connect_socket .
99.Pp
100Alternatively, a secure connection can be established over a pair of existing
101file descriptors by calling
102.Fn tls_connect_fds .
103.Pp
104Calling
105.Fn tls_connect_cbs
106allows read and write callback functions to handle data transfers.
107The specified cb_arg parameter is passed back to the functions,
108and can contain a pointer to any caller-specified data.
109.Sh RETURN VALUES
110These functions return 0 on success or -1 on error.
111.Sh SEE ALSO
112.Xr tls_accept_socket 3 ,
113.Xr tls_client 3 ,
114.Xr tls_close 3 ,
115.Xr tls_config_ocsp_require_stapling 3 ,
116.Xr tls_configure 3 ,
117.Xr tls_handshake 3 ,
118.Xr tls_init 3
119.Sh HISTORY
120.Fn tls_connect
121and
122.Fn tls_connect_socket
123appeared in
124.Ox 5.6
125and got their final names in
126.Ox 5.7 .
127.Pp
128.Fn tls_connect_fds
129and
130.Fn tls_connect_servername
131appeared in
132.Ox 5.7
133and
134.Fn tls_connect_cbs
135in
136.Ox 6.1 .
137.Sh AUTHORS
138.An Joel Sing Aq Mt jsing@openbsd.org
139.An Reyk Floeter Aq Mt reyk@openbsd.org
140.Pp
141.An -nosplit
142.Fn tls_connect_cbs
143was written by
144.An Tobias Pape Aq Mt tobias@netshed.de .
diff --git a/src/lib/libtls/man/tls_init.3 b/src/lib/libtls/man/tls_init.3
deleted file mode 100644
index 557998107c..0000000000
--- a/src/lib/libtls/man/tls_init.3
+++ /dev/null
@@ -1,180 +0,0 @@
1.\" $OpenBSD: tls_init.3,v 1.13 2018/07/09 19:47:20 tb Exp $
2.\"
3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4.\" Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
5.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
6.\"
7.\" Permission to use, copy, modify, and distribute this software for any
8.\" purpose with or without fee is hereby granted, provided that the above
9.\" copyright notice and this permission notice appear in all copies.
10.\"
11.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18.\"
19.Dd $Mdocdate: July 9 2018 $
20.Dt TLS_INIT 3
21.Os
22.Sh NAME
23.Nm tls_init ,
24.Nm tls_config_new ,
25.Nm tls_config_free ,
26.Nm tls_config_error
27.Nd initialize TLS client and server API
28.Sh SYNOPSIS
29.In tls.h
30.Ft int
31.Fn tls_init void
32.Ft struct tls_config *
33.Fn tls_config_new void
34.Ft void
35.Fn tls_config_free "struct tls_config *config"
36.Ft const char *
37.Fn tls_config_error "struct tls_config *config"
38.Sh DESCRIPTION
39The
40.Nm tls
41family of functions establishes a secure communications channel
42using the TLS socket protocol.
43Both clients and servers are supported.
44.Pp
45The
46.Fn tls_init
47function initializes global data structures.
48It is no longer necessary to call this function directly,
49since it is invoked internally when needed.
50It may be called more than once, and may be called concurrently.
51.Pp
52Before a connection is created, a configuration must be created.
53The
54.Fn tls_config_new
55function allocates, initializes, and returns a new default configuration
56object that can be used for future connections.
57Several functions exist to change the options of the configuration; see
58.Xr tls_config_set_protocols 3 ,
59.Xr tls_load_file 3 ,
60.Xr tls_config_ocsp_require_stapling 3 ,
61and
62.Xr tls_config_verify 3 .
63.Pp
64The
65.Fn tls_config_error
66function may be used to retrieve a string containing more information
67about the most recent error relating to a configuration.
68.Pp
69A TLS connection object is created by
70.Xr tls_client 3
71or
72.Xr tls_server 3
73and configured with
74.Xr tls_configure 3 .
75.Pp
76A client connection is initiated after configuration by calling
77.Xr tls_connect 3 .
78A server can accept a new client connection by calling
79.Xr tls_accept_socket 3
80on an already established socket connection.
81.Pp
82Two functions are provided for input and output,
83.Xr tls_read 3
84and
85.Xr tls_write 3 .
86Both automatically perform the
87.Xr tls_handshake 3
88when needed.
89.Pp
90The properties of established TLS connections
91can be inspected with the functions described in
92.Xr tls_conn_version 3
93and
94.Xr tls_ocsp_process_response 3 .
95.Pp
96After use, a TLS connection should be closed with
97.Xr tls_close 3
98and then freed by calling
99.Xr tls_free 3 .
100.Pp
101When no more contexts are to be configured,
102the configuration object should be freed by calling
103.Fn tls_config_free .
104It is safe to call
105.Fn tls_config_free
106as soon as the final call to
107.Fn tls_configure
108has been made.
109If
110.Fa config
111is
112.Dv NULL ,
113no action occurs.
114.Sh RETURN VALUES
115.Fn tls_init
116returns 0 on success or -1 on error.
117.Pp
118.Fn tls_config_new
119returns
120.Dv NULL
121on error or an out of memory condition.
122.Pp
123.Fn tls_config_error
124returns
125.Dv NULL
126if no error occurred with
127.Fa config
128at all, or if memory allocation failed while trying to assemble the
129string describing the most recent error related to
130.Fa config .
131.Sh SEE ALSO
132.Xr tls_accept_socket 3 ,
133.Xr tls_client 3 ,
134.Xr tls_config_ocsp_require_stapling 3 ,
135.Xr tls_config_set_protocols 3 ,
136.Xr tls_config_verify 3 ,
137.Xr tls_conn_version 3 ,
138.Xr tls_connect 3 ,
139.Xr tls_load_file 3 ,
140.Xr tls_ocsp_process_response 3 ,
141.Xr tls_read 3
142.Sh HISTORY
143The
144.Nm tls
145API first appeared in
146.Ox 5.6
147as a response to the unnecessary challenges other APIs present in
148order to use them safely.
149.Pp
150All functions were renamed from
151.Fn ressl_*
152to
153.Fn tls_*
154for
155.Ox 5.7 .
156.Pp
157.Fn tls_config_error
158appeared in
159.Ox 6.0 .
160.Sh AUTHORS
161.An Joel Sing Aq Mt jsing@openbsd.org
162.An Ted Unangst Aq Mt tedu@openbsd.org
163.Pp
164Many others contributed to various parts of the library; see the
165individual manual pages for more information.
166.Sh CAVEATS
167The function
168.Fn tls_config_error
169returns an internal pointer.
170It must not be freed by the application, or a double free error
171will occur.
172The pointer will become invalid when the next error occurs with
173.Fa config .
174Consequently, if the application may need the message at a later
175time, it has to copy the string before calling the next
176.Sy libtls
177function involving
178.Fa config ,
179or a segmentation fault or read access to unintended data is the
180likely result.
diff --git a/src/lib/libtls/man/tls_load_file.3 b/src/lib/libtls/man/tls_load_file.3
deleted file mode 100644
index cf33b575ef..0000000000
--- a/src/lib/libtls/man/tls_load_file.3
+++ /dev/null
@@ -1,369 +0,0 @@
1.\" $OpenBSD: tls_load_file.3,v 1.14 2022/01/01 02:18:28 jsg Exp $
2.\"
3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
5.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
6.\" Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
7.\"
8.\" Permission to use, copy, modify, and distribute this software for any
9.\" purpose with or without fee is hereby granted, provided that the above
10.\" copyright notice and this permission notice appear in all copies.
11.\"
12.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19.\"
20.Dd $Mdocdate: January 1 2022 $
21.Dt TLS_LOAD_FILE 3
22.Os
23.Sh NAME
24.Nm tls_load_file ,
25.Nm tls_unload_file ,
26.Nm tls_config_set_ca_file ,
27.Nm tls_config_set_ca_path ,
28.Nm tls_config_set_ca_mem ,
29.Nm tls_config_set_cert_file ,
30.Nm tls_config_set_cert_mem ,
31.Nm tls_config_set_crl_file ,
32.Nm tls_config_set_crl_mem ,
33.Nm tls_config_set_key_file ,
34.Nm tls_config_set_key_mem ,
35.Nm tls_config_set_ocsp_staple_mem ,
36.Nm tls_config_set_ocsp_staple_file ,
37.Nm tls_config_set_keypair_file ,
38.Nm tls_config_set_keypair_mem ,
39.Nm tls_config_set_keypair_ocsp_file ,
40.Nm tls_config_set_keypair_ocsp_mem ,
41.Nm tls_config_add_keypair_file ,
42.Nm tls_config_add_keypair_ocsp_mem ,
43.Nm tls_config_add_keypair_ocsp_file ,
44.Nm tls_config_add_keypair_mem ,
45.Nm tls_config_clear_keys ,
46.Nm tls_config_set_verify_depth ,
47.Nm tls_config_verify_client ,
48.Nm tls_config_verify_client_optional ,
49.Nm tls_default_ca_cert_file
50.Nd TLS certificate and key configuration
51.Sh SYNOPSIS
52.In tls.h
53.Ft uint8_t *
54.Fo tls_load_file
55.Fa "const char *file"
56.Fa "size_t *len"
57.Fa "char *password"
58.Fc
59.Ft void
60.Fo tls_unload_file
61.Fa "uint8_t *buf"
62.Fa "size_t len"
63.Fc
64.Ft int
65.Fo tls_config_set_ca_file
66.Fa "struct tls_config *config"
67.Fa "const char *ca_file"
68.Fc
69.Ft int
70.Fo tls_config_set_ca_path
71.Fa "struct tls_config *config"
72.Fa "const char *ca_path"
73.Fc
74.Ft int
75.Fo tls_config_set_ca_mem
76.Fa "struct tls_config *config"
77.Fa "const uint8_t *cert"
78.Fa "size_t len"
79.Fc
80.Ft int
81.Fo tls_config_set_cert_file
82.Fa "struct tls_config *config"
83.Fa "const char *cert_file"
84.Fc
85.Ft int
86.Fo tls_config_set_cert_mem
87.Fa "struct tls_config *config"
88.Fa "const uint8_t *cert"
89.Fa "size_t len"
90.Fc
91.Ft int
92.Fo tls_config_set_crl_file
93.Fa "struct tls_config *config"
94.Fa "const char *crl_file"
95.Fc
96.Ft int
97.Fo tls_config_set_crl_mem
98.Fa "struct tls_config *config"
99.Fa "const uint8_t *crl"
100.Fa "size_t len"
101.Fc
102.Ft int
103.Fo tls_config_set_key_file
104.Fa "struct tls_config *config"
105.Fa "const char *key_file"
106.Fc
107.Ft int
108.Fo tls_config_set_key_mem
109.Fa "struct tls_config *config"
110.Fa "const uint8_t *key"
111.Fa "size_t len"
112.Fc
113.Ft int
114.Fo tls_config_set_ocsp_staple_mem
115.Fa "struct tls_config *config"
116.Fa "const uint8_t *staple"
117.Fa "size_t len"
118.Fc
119.Ft int
120.Fo tls_config_set_ocsp_staple_file
121.Fa "struct tls_config *config"
122.Fa "const char *staple_file"
123.Fc
124.Ft int
125.Fo tls_config_set_keypair_file
126.Fa "struct tls_config *config"
127.Fa "const char *cert_file"
128.Fa "const char *key_file"
129.Fc
130.Ft int
131.Fo tls_config_set_keypair_mem
132.Fa "struct tls_config *config"
133.Fa "const uint8_t *cert"
134.Fa "size_t cert_len"
135.Fa "const uint8_t *key"
136.Fa "size_t key_len"
137.Fc
138.Ft int
139.Fo tls_config_set_keypair_ocsp_file
140.Fa "struct tls_config *config"
141.Fa "const char *cert_file"
142.Fa "const char *key_file"
143.Fa "const char *staple_file"
144.Fc
145.Ft int
146.Fo tls_config_set_keypair_ocsp_mem
147.Fa "struct tls_config *config"
148.Fa "const uint8_t *cert"
149.Fa "size_t cert_len"
150.Fa "const uint8_t *key"
151.Fa "size_t key_len"
152.Fa "const uint8_t *staple"
153.Fa "size_t staple_len"
154.Fc
155.Ft int
156.Fo tls_config_add_keypair_file
157.Fa "struct tls_config *config"
158.Fa "const char *cert_file"
159.Fa "const char *key_file"
160.Fc
161.Ft int
162.Fo tls_config_add_keypair_mem
163.Fa "struct tls_config *config"
164.Fa "const uint8_t *cert"
165.Fa "size_t cert_len"
166.Fa "const uint8_t *key"
167.Fa "size_t key_len"
168.Fc
169.Ft int
170.Fo tls_config_add_keypair_ocsp_file
171.Fa "struct tls_config *config"
172.Fa "const char *cert_file"
173.Fa "const char *key_file"
174.Fa "const char *staple_file"
175.Fc
176.Ft int
177.Fo tls_config_add_keypair_ocsp_mem
178.Fa "struct tls_config *config"
179.Fa "const uint8_t *cert"
180.Fa "size_t cert_len"
181.Fa "const uint8_t *key"
182.Fa "size_t key_len"
183.Fa "const uint8_t *staple"
184.Fa "size_t staple_len"
185.Fc
186.Ft void
187.Fn tls_config_clear_keys "struct tls_config *config"
188.Ft int
189.Fo tls_config_set_verify_depth
190.Fa "struct tls_config *config"
191.Fa "int verify_depth"
192.Fc
193.Ft void
194.Fn tls_config_verify_client "struct tls_config *config"
195.Ft void
196.Fn tls_config_verify_client_optional "struct tls_config *config"
197.Ft const char *
198.Fn tls_default_ca_cert_file "void"
199.Sh DESCRIPTION
200.Fn tls_load_file
201loads a certificate or key from disk into memory to be used with
202.Fn tls_config_set_ca_mem ,
203.Fn tls_config_set_cert_mem ,
204.Fn tls_config_set_crl_mem
205or
206.Fn tls_config_set_key_mem .
207A private key will be decrypted if the optional
208.Ar password
209argument is specified.
210.Pp
211.Fn tls_unload_file
212unloads the memory that was returned from an earlier
213.Fn tls_load_file
214call, ensuring that the memory contents is discarded.
215.Pp
216.Fn tls_default_ca_cert_file
217returns the path of the file that contains the default root certificates.
218.Pp
219.Fn tls_config_set_ca_file
220loads a file containing the root certificates.
221.Pp
222.Fn tls_config_set_ca_path
223sets the path (directory) which should be searched for root
224certificates.
225.Pp
226.Fn tls_config_set_ca_mem
227sets the root certificates directly from memory.
228.Pp
229.Fn tls_config_set_cert_file
230loads a file containing the public certificate.
231.Pp
232.Fn tls_config_set_cert_mem
233sets the public certificate directly from memory.
234.Pp
235.Fn tls_config_set_crl_file
236loads a file containing the Certificate Revocation List (CRL).
237.Pp
238.Fn tls_config_set_crl_mem
239sets the CRL directly from memory.
240.Pp
241.Fn tls_config_set_key_file
242loads a file containing the private key.
243.Pp
244.Fn tls_config_set_key_mem
245directly sets the private key from memory.
246.Pp
247.Fn tls_config_set_ocsp_staple_file
248loads a file containing a DER-encoded OCSP response to be stapled
249during the TLS handshake.
250.Pp
251.Fn tls_config_set_ocsp_staple_mem
252sets a DER-encoded OCSP response to be stapled during the TLS handshake from
253memory.
254.Pp
255.Fn tls_config_set_keypair_file
256loads two files from which the public certificate and private key will be read.
257.Pp
258.Fn tls_config_set_keypair_mem
259directly sets the public certificate and private key from memory.
260.Pp
261.Fn tls_config_set_keypair_ocsp_file
262loads three files containing the public certificate, private key,
263and DER-encoded OCSP staple.
264.Pp
265.Fn tls_config_set_keypair_ocsp_mem
266directly sets the public certificate, private key, and DER-encoded OCSP staple
267from memory.
268.Pp
269.Fn tls_config_add_keypair_file
270adds an additional public certificate and private key from the specified files,
271used as an alternative certificate for Server Name Indication (server only).
272.Pp
273.Fn tls_config_add_keypair_mem
274adds an additional public certificate and private key from memory, used as an
275alternative certificate for Server Name Indication (server only).
276.Pp
277.Fn tls_config_add_keypair_ocsp_file
278adds an additional public certificate, private key, and DER-encoded OCSP staple
279from the specified files, used as an alternative certificate for Server Name
280Indication (server only).
281.Pp
282.Fn tls_config_add_keypair_ocsp_mem
283adds an additional public certificate, private key, and DER-encoded OCSP staple
284from memory, used as an alternative certificate for Server Name Indication
285(server only).
286.Pp
287.Fn tls_config_clear_keys
288clears any secret keys from memory.
289.Pp
290.Fn tls_config_set_verify_depth
291limits the number of intermediate certificates that will be followed during
292certificate validation.
293.Pp
294.Fn tls_config_verify_client
295enables client certificate verification, requiring the client to send
296a certificate (server only).
297.Pp
298.Fn tls_config_verify_client_optional
299enables client certificate verification, without requiring the client
300to send a certificate (server only).
301.Sh RETURN VALUES
302.Fn tls_load_file
303returns
304.Dv NULL
305on error or an out of memory condition.
306.Pp
307The other functions return 0 on success or -1 on error.
308.Sh SEE ALSO
309.Xr tls_config_ocsp_require_stapling 3 ,
310.Xr tls_config_set_protocols 3 ,
311.Xr tls_config_set_session_id 3 ,
312.Xr tls_configure 3 ,
313.Xr tls_init 3
314.Sh HISTORY
315.Fn tls_config_set_ca_file ,
316.Fn tls_config_set_ca_path ,
317.Fn tls_config_set_cert_file ,
318.Fn tls_config_set_cert_mem ,
319.Fn tls_config_set_key_file ,
320.Fn tls_config_set_key_mem ,
321and
322.Fn tls_config_set_verify_depth
323appeared in
324.Ox 5.6
325and got their final names in
326.Ox 5.7 .
327.Pp
328.Fn tls_load_file ,
329.Fn tls_config_set_ca_mem ,
330and
331.Fn tls_config_clear_keys
332appeared in
333.Ox 5.7 .
334.Pp
335.Fn tls_config_verify_client
336and
337.Fn tls_config_verify_client_optional
338appeared in
339.Ox 5.9 .
340.Pp
341.Fn tls_config_set_keypair_file
342and
343.Fn tls_config_set_keypair_mem
344appeared in
345.Ox 6.0 ,
346and
347.Fn tls_config_add_keypair_file
348and
349.Fn tls_config_add_keypair_mem
350in
351.Ox 6.1 .
352.Pp
353.Fn tls_config_set_crl_file
354and
355.Fn tls_config_set_crl_mem
356appeared in
357.Ox 6.2 .
358.Sh AUTHORS
359.An Joel Sing Aq Mt jsing@openbsd.org
360with contributions from
361.An Ted Unangst Aq Mt tedu@openbsd.org
362and
363.An Bob Beck Aq Mt beck@openbsd.org .
364.Pp
365.Fn tls_load_file
366and
367.Fn tls_config_set_ca_mem
368were written by
369.An Reyk Floeter Aq Mt reyk@openbsd.org .
diff --git a/src/lib/libtls/man/tls_ocsp_process_response.3 b/src/lib/libtls/man/tls_ocsp_process_response.3
deleted file mode 100644
index 6e3aa4aecc..0000000000
--- a/src/lib/libtls/man/tls_ocsp_process_response.3
+++ /dev/null
@@ -1,167 +0,0 @@
1.\" $OpenBSD: tls_ocsp_process_response.3,v 1.6 2018/07/24 02:01:34 tb Exp $
2.\"
3.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd $Mdocdate: July 24 2018 $
18.Dt TLS_OCSP_PROCESS_RESPONSE 3
19.Os
20.Sh NAME
21.Nm tls_ocsp_process_response ,
22.Nm tls_peer_ocsp_url ,
23.Nm tls_peer_ocsp_response_status ,
24.Nm tls_peer_ocsp_cert_status ,
25.Nm tls_peer_ocsp_crl_reason ,
26.Nm tls_peer_ocsp_result ,
27.Nm tls_peer_ocsp_revocation_time ,
28.Nm tls_peer_ocsp_this_update ,
29.Nm tls_peer_ocsp_next_update
30.Nd inspect an OCSP response
31.Sh SYNOPSIS
32.In tls.h
33.Ft int
34.Fo tls_ocsp_process_response
35.Fa "struct tls *ctx"
36.Fa "const unsigned char *response"
37.Fa "size_t size"
38.Fc
39.Ft const char *
40.Fn tls_peer_ocsp_url "struct tls *ctx"
41.Ft int
42.Fn tls_peer_ocsp_response_status "struct tls *ctx"
43.Ft int
44.Fn tls_peer_ocsp_cert_status "struct tls *ctx"
45.Ft int
46.Fn tls_peer_ocsp_crl_reason "struct tls *ctx"
47.Ft const char *
48.Fn tls_peer_ocsp_result "struct tls *ctx"
49.Ft time_t
50.Fn tls_peer_ocsp_revocation_time "struct tls *ctx"
51.Ft time_t
52.Fn tls_peer_ocsp_this_update "struct tls *ctx"
53.Ft time_t
54.Fn tls_peer_ocsp_next_update "struct tls *ctx"
55.Sh DESCRIPTION
56.Fn tls_ocsp_process_response
57processes a raw OCSP response in
58.Ar response
59of size
60.Ar size
61to check the revocation status of the peer certificate from
62.Ar ctx .
63A successful return code of 0 indicates that the certificate
64has not been revoked.
65.Pp
66.Fn tls_peer_ocsp_url
67returns the URL for OCSP validation of the peer certificate from
68.Ar ctx .
69.Pp
70The following functions return information about the peer certificate from
71.Ar ctx
72that was obtained by validating a stapled OCSP response during the handshake,
73or via a previous call to
74.Fn tls_ocsp_process_response .
75.Pp
76.Fn tls_peer_ocsp_response_status
77returns the OCSP response status as per RFC 6960 section 2.3.
78.Pp
79.Fn tls_peer_ocsp_cert_status
80returns the OCSP certificate status code as per RFC 6960 section 2.2.
81.Pp
82.Fn tls_peer_ocsp_crl_reason
83returns the OCSP certificate revocation reason status code as per RFC 5280
84section 5.3.1.
85.Pp
86.Fn tls_peer_ocsp_result
87returns a textual representation of the OCSP status code
88returned by one of the previous three functions.
89If the OCSP response was valid and the certificate was not
90revoked, the string indicates the OCSP certificate status.
91Otherwise, the string indicates
92the OCSP certificate revocation reason or the OCSP error.
93.Pp
94.Fn tls_peer_ocsp_revocation_time
95returns the OCSP revocation time.
96.Pp
97.Fn tls_peer_ocsp_this_update
98returns the OCSP this update time.
99.Pp
100.Fn tls_peer_ocsp_next_update
101returns the OCSP next update time.
102.Sh RETURN VALUES
103.Fn tls_ocsp_process_response
104returns 0 on success or -1 on error.
105.Pp
106.Fn tls_peer_ocsp_url
107and
108.Fn tls_peer_ocsp_result
109return
110.Dv NULL
111on error or an out of memory condition.
112.Pp
113The
114.Fn tls_peer_ocsp_response_status
115function returns one of
116.Dv TLS_OCSP_RESPONSE_SUCCESSFUL ,
117.Dv TLS_OCSP_RESPONSE_MALFORMED ,
118.Dv TLS_OCSP_RESPONSE_INTERNALERROR ,
119.Dv TLS_OCSP_RESPONSE_TRYLATER ,
120.Dv TLS_OCSP_RESPONSE_SIGREQUIRED ,
121or
122.Dv TLS_OCSP_RESPONSE_UNAUTHORIZED
123on success or -1 on error.
124.Pp
125The
126.Fn tls_peer_ocsp_cert_status
127function returns one of
128.Dv TLS_OCSP_CERT_GOOD ,
129.Dv TLS_OCSP_CERT_REVOKED ,
130or
131.Dv TLS_OCSP_CERT_UNKNOWN
132on success, and -1 on error.
133.Pp
134The
135.Fn tls_peer_ocsp_crl_reason
136function returns one of
137.Dv TLS_CRL_REASON_UNSPECIFIED ,
138.Dv TLS_CRL_REASON_KEY_COMPROMISE ,
139.Dv TLS_CRL_REASON_CA_COMPROMISE ,
140.Dv TLS_CRL_REASON_AFFILIATION_CHANGED ,
141.Dv TLS_CRL_REASON_SUPERSEDED ,
142.Dv TLS_CRL_REASON_CESSATION_OF_OPERATION ,
143.Dv TLS_CRL_REASON_CERTIFICATE_HOLD ,
144.Dv TLS_CRL_REASON_REMOVE_FROM_CRL ,
145.Dv TLS_CRL_REASON_PRIVILEGE_WITHDRAWN ,
146or
147.Dv TLS_CRL_REASON_AA_COMPROMISE
148on success or -1 on error.
149.Pp
150.Fn tls_peer_ocsp_revocation_time ,
151.Fn tls_peer_ocsp_this_update ,
152and
153.Fn tls_peer_ocsp_next_update
154return a time in epoch-seconds on success or -1 on error.
155.Sh SEE ALSO
156.Xr tls_client 3 ,
157.Xr tls_config_ocsp_require_stapling 3 ,
158.Xr tls_conn_version 3 ,
159.Xr tls_connect 3 ,
160.Xr tls_handshake 3 ,
161.Xr tls_init 3
162.Sh HISTORY
163These functions appeared in
164.Ox 6.1 .
165.Sh AUTHORS
166.An Bob Beck Aq Mt beck@openbsd.org
167.An Marko Kreen Aq Mt markokr@gmail.com
diff --git a/src/lib/libtls/man/tls_read.3 b/src/lib/libtls/man/tls_read.3
deleted file mode 100644
index f9d949eef5..0000000000
--- a/src/lib/libtls/man/tls_read.3
+++ /dev/null
@@ -1,240 +0,0 @@
1.\" $OpenBSD: tls_read.3,v 1.8 2023/09/18 17:25:15 schwarze Exp $
2.\"
3.\" Copyright (c) 2014, 2015 Ted Unangst <tedu@openbsd.org>
4.\" Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
5.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
6.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
7.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
8.\"
9.\" Permission to use, copy, modify, and distribute this software for any
10.\" purpose with or without fee is hereby granted, provided that the above
11.\" copyright notice and this permission notice appear in all copies.
12.\"
13.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20.\"
21.Dd $Mdocdate: September 18 2023 $
22.Dt TLS_READ 3
23.Os
24.Sh NAME
25.Nm tls_read ,
26.Nm tls_write ,
27.Nm tls_handshake ,
28.Nm tls_error ,
29.Nm tls_close
30.Nd use a TLS connection
31.Sh SYNOPSIS
32.In tls.h
33.Ft ssize_t
34.Fo tls_read
35.Fa "struct tls *ctx"
36.Fa "void *buf"
37.Fa "size_t buflen"
38.Fc
39.Ft ssize_t
40.Fo tls_write
41.Fa "struct tls *ctx"
42.Fa "const void *buf"
43.Fa "size_t buflen"
44.Fc
45.Ft int
46.Fn tls_handshake "struct tls *ctx"
47.Ft const char *
48.Fn tls_error "struct tls *ctx"
49.Ft int
50.Fn tls_close "struct tls *ctx"
51.Sh DESCRIPTION
52.Fn tls_read
53reads
54.Fa buflen
55bytes of data from the socket into
56.Fa buf .
57It returns the amount of data read.
58.Pp
59.Fn tls_write
60writes
61.Fa buflen
62bytes of data from
63.Fa buf
64to the socket.
65It returns the amount of data written.
66.Pp
67.Fn tls_handshake
68explicitly performs the TLS handshake.
69It is only necessary to call this function if you need to guarantee that the
70handshake has completed, as both
71.Fn tls_read
72and
73.Fn tls_write
74automatically perform the TLS handshake when necessary.
75.Pp
76The
77.Fn tls_error
78function may be used to retrieve a string containing more information
79about the most recent error relating to a context.
80.Pp
81.Fn tls_close
82closes a connection after use.
83Only the TLS layer will be shut down and the caller is responsible for closing
84the file descriptors, unless the connection was established using
85.Xr tls_connect 3
86or
87.Xr tls_connect_servername 3 .
88After closing the connection,
89.Fa ctx
90can be passed to
91.Xr tls_free 3 .
92.Sh RETURN VALUES
93.Fn tls_read
94and
95.Fn tls_write
96return a size on success or -1 on error.
97.Pp
98.Fn tls_handshake
99and
100.Fn tls_close
101return 0 on success or -1 on error.
102.Pp
103The
104.Fn tls_read ,
105.Fn tls_write ,
106.Fn tls_handshake ,
107and
108.Fn tls_close
109functions also have two special return values:
110.Pp
111.Bl -tag -width "TLS_WANT_POLLOUT" -offset indent -compact
112.It Dv TLS_WANT_POLLIN
113The underlying read file descriptor needs to be readable in order to continue.
114.It Dv TLS_WANT_POLLOUT
115The underlying write file descriptor needs to be writeable in order to continue.
116.El
117.Pp
118In the case of blocking file descriptors, the same function call should be
119repeated immediately.
120In the case of non-blocking file descriptors, the same function call should be
121repeated when the required condition has been met.
122.Pp
123Callers of these functions cannot rely on the value of the global
124.Ar errno .
125To prevent mishandling of error conditions,
126.Fn tls_read ,
127.Fn tls_write ,
128.Fn tls_handshake ,
129and
130.Fn tls_close
131all explicitly clear
132.Ar errno .
133.Pp
134.Fn tls_error
135returns
136.Dv NULL
137if no error occurred with
138.Fa ctx
139during or since the last call to
140.Fn tls_handshake ,
141.Fn tls_read ,
142.Fn tls_write ,
143.Fn tls_close ,
144or
145.Xr tls_reset 3
146involving
147.Fa ctx ,
148or if memory allocation failed while trying to assemble the string
149describing the most recent error related to
150.Fa ctx .
151.Sh EXAMPLES
152The following example demonstrates how to handle TLS writes on a blocking
153file descriptor:
154.Bd -literal -offset indent
155\&...
156while (len > 0) {
157 ssize_t ret;
158
159 ret = tls_write(ctx, buf, len);
160 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
161 continue;
162 if (ret == -1)
163 errx(1, "tls_write: %s", tls_error(ctx));
164 buf += ret;
165 len -= ret;
166}
167\&...
168.Ed
169.Pp
170The following example demonstrates how to handle TLS writes on a
171non-blocking file descriptor using
172.Xr poll 2 :
173.Bd -literal -offset indent
174\&...
175pfd[0].fd = fd;
176pfd[0].events = POLLIN|POLLOUT;
177while (len > 0) {
178 nready = poll(pfd, 1, 0);
179 if (nready == -1)
180 err(1, "poll");
181 if ((pfd[0].revents & (POLLERR|POLLNVAL)))
182 errx(1, "bad fd %d", pfd[0].fd);
183 if ((pfd[0].revents & (pfd[0].events|POLLHUP))) {
184 ssize_t ret;
185
186 ret = tls_write(ctx, buf, len);
187 if (ret == TLS_WANT_POLLIN)
188 pfd[0].events = POLLIN;
189 else if (ret == TLS_WANT_POLLOUT)
190 pfd[0].events = POLLOUT;
191 else if (ret == -1)
192 errx(1, "tls_write: %s", tls_error(ctx));
193 else {
194 buf += ret;
195 len -= ret;
196 }
197 }
198}
199\&...
200.Ed
201.Sh SEE ALSO
202.Xr tls_accept_socket 3 ,
203.Xr tls_configure 3 ,
204.Xr tls_conn_version 3 ,
205.Xr tls_connect 3 ,
206.Xr tls_init 3 ,
207.Xr tls_ocsp_process_response 3
208.Sh HISTORY
209.Fn tls_read ,
210.Fn tls_write ,
211.Fn tls_error ,
212and
213.Fn tls_close
214appeared in
215.Ox 5.6
216and got their final names in
217.Ox 5.7 .
218.Pp
219.Fn tls_handshake
220appeared in
221.Ox 5.9 .
222.Sh AUTHORS
223.An Joel Sing Aq Mt jsing@openbsd.org
224with contributions from
225.An Bob Beck Aq Mt beck@openbsd.org
226.Sh CAVEATS
227The function
228.Fn tls_error
229returns an internal pointer.
230It must not be freed by the application, or a double free error
231will occur.
232The pointer will become invalid when the next error occurs with
233.Fa ctx .
234Consequently, if the application may need the message at a later
235time, it has to copy the string before calling the next
236.Sy libtls
237function involving
238.Fa ctx ,
239or a segmentation fault or read access to unintended data is the
240likely result.
diff --git a/src/lib/libtls/shlib_version b/src/lib/libtls/shlib_version
deleted file mode 100644
index 3040494c17..0000000000
--- a/src/lib/libtls/shlib_version
+++ /dev/null
@@ -1,2 +0,0 @@
1major=32
2minor=1
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
deleted file mode 100644
index 41bb06d857..0000000000
--- a/src/lib/libtls/tls.c
+++ /dev/null
@@ -1,973 +0,0 @@
1/* $OpenBSD: tls.c,v 1.104 2024/04/08 20:47:32 tb Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/socket.h>
19
20#include <errno.h>
21#include <limits.h>
22#include <pthread.h>
23#include <stdlib.h>
24#include <string.h>
25#include <unistd.h>
26
27#include <openssl/bio.h>
28#include <openssl/err.h>
29#include <openssl/evp.h>
30#include <openssl/pem.h>
31#include <openssl/safestack.h>
32#include <openssl/ssl.h>
33#include <openssl/x509.h>
34
35#include <tls.h>
36#include "tls_internal.h"
37
38static struct tls_config *tls_config_default;
39
40static int tls_init_rv = -1;
41
42static void
43tls_do_init(void)
44{
45 OPENSSL_init_ssl(OPENSSL_INIT_NO_LOAD_CONFIG, NULL);
46
47 if (BIO_sock_init() != 1)
48 return;
49
50 if ((tls_config_default = tls_config_new_internal()) == NULL)
51 return;
52
53 tls_config_default->refcount++;
54
55 tls_init_rv = 0;
56}
57
58int
59tls_init(void)
60{
61 static pthread_once_t once = PTHREAD_ONCE_INIT;
62
63 if (pthread_once(&once, tls_do_init) != 0)
64 return -1;
65
66 return tls_init_rv;
67}
68
69const char *
70tls_error(struct tls *ctx)
71{
72 return ctx->error.msg;
73}
74
75int
76tls_error_code(struct tls *ctx)
77{
78 return ctx->error.code;
79}
80
81void
82tls_error_clear(struct tls_error *error)
83{
84 free(error->msg);
85 error->msg = NULL;
86 error->code = TLS_ERROR_UNKNOWN;
87 error->errno_value = 0;
88 error->tls = 0;
89}
90
91static int
92tls_error_vset(struct tls_error *error, int code, int errno_value,
93 const char *fmt, va_list ap)
94{
95 char *errmsg = NULL;
96 int rv = -1;
97
98 tls_error_clear(error);
99
100 error->code = code;
101 error->errno_value = errno_value;
102 error->tls = 1;
103
104 if (vasprintf(&errmsg, fmt, ap) == -1) {
105 errmsg = NULL;
106 goto err;
107 }
108
109 if (errno_value == -1) {
110 error->msg = errmsg;
111 return (0);
112 }
113
114 if (asprintf(&error->msg, "%s: %s", errmsg, strerror(errno_value)) == -1) {
115 error->msg = NULL;
116 goto err;
117 }
118 rv = 0;
119
120 err:
121 free(errmsg);
122
123 return (rv);
124}
125
126int
127tls_error_set(struct tls_error *error, int code, const char *fmt, ...)
128{
129 va_list ap;
130 int errno_value, rv;
131
132 errno_value = errno;
133
134 va_start(ap, fmt);
135 rv = tls_error_vset(error, code, errno_value, fmt, ap);
136 va_end(ap);
137
138 return (rv);
139}
140
141int
142tls_error_setx(struct tls_error *error, int code, const char *fmt, ...)
143{
144 va_list ap;
145 int rv;
146
147 va_start(ap, fmt);
148 rv = tls_error_vset(error, code, -1, fmt, ap);
149 va_end(ap);
150
151 return (rv);
152}
153
154int
155tls_config_set_error(struct tls_config *config, int code, const char *fmt, ...)
156{
157 va_list ap;
158 int errno_value, rv;
159
160 errno_value = errno;
161
162 va_start(ap, fmt);
163 rv = tls_error_vset(&config->error, code, errno_value, fmt, ap);
164 va_end(ap);
165
166 return (rv);
167}
168
169int
170tls_config_set_errorx(struct tls_config *config, int code, const char *fmt, ...)
171{
172 va_list ap;
173 int rv;
174
175 va_start(ap, fmt);
176 rv = tls_error_vset(&config->error, code, -1, fmt, ap);
177 va_end(ap);
178
179 return (rv);
180}
181
182int
183tls_set_error(struct tls *ctx, int code, const char *fmt, ...)
184{
185 va_list ap;
186 int errno_value, rv;
187
188 errno_value = errno;
189
190 va_start(ap, fmt);
191 rv = tls_error_vset(&ctx->error, code, errno_value, fmt, ap);
192 va_end(ap);
193
194 return (rv);
195}
196
197int
198tls_set_errorx(struct tls *ctx, int code, const char *fmt, ...)
199{
200 va_list ap;
201 int rv;
202
203 va_start(ap, fmt);
204 rv = tls_error_vset(&ctx->error, code, -1, fmt, ap);
205 va_end(ap);
206
207 return (rv);
208}
209
210int
211tls_set_ssl_errorx(struct tls *ctx, int code, const char *fmt, ...)
212{
213 va_list ap;
214 int rv;
215
216 /* Only set an error if a more specific one does not already exist. */
217 if (ctx->error.tls != 0)
218 return (0);
219
220 va_start(ap, fmt);
221 rv = tls_error_vset(&ctx->error, code, -1, fmt, ap);
222 va_end(ap);
223
224 return (rv);
225}
226
227struct tls_sni_ctx *
228tls_sni_ctx_new(void)
229{
230 return (calloc(1, sizeof(struct tls_sni_ctx)));
231}
232
233void
234tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx)
235{
236 if (sni_ctx == NULL)
237 return;
238
239 SSL_CTX_free(sni_ctx->ssl_ctx);
240 X509_free(sni_ctx->ssl_cert);
241
242 free(sni_ctx);
243}
244
245struct tls *
246tls_new(void)
247{
248 struct tls *ctx;
249
250 if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
251 return (NULL);
252
253 tls_reset(ctx);
254
255 if (tls_configure(ctx, tls_config_default) == -1) {
256 free(ctx);
257 return NULL;
258 }
259
260 return (ctx);
261}
262
263int
264tls_configure(struct tls *ctx, struct tls_config *config)
265{
266 if (config == NULL)
267 config = tls_config_default;
268
269 pthread_mutex_lock(&config->mutex);
270 config->refcount++;
271 pthread_mutex_unlock(&config->mutex);
272
273 tls_config_free(ctx->config);
274
275 ctx->config = config;
276 ctx->keypair = config->keypair;
277
278 if ((ctx->flags & TLS_SERVER) != 0)
279 return (tls_configure_server(ctx));
280
281 return (0);
282}
283
284int
285tls_cert_hash(X509 *cert, char **hash)
286{
287 char d[EVP_MAX_MD_SIZE], *dhex = NULL;
288 int dlen, rv = -1;
289
290 free(*hash);
291 *hash = NULL;
292
293 if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1)
294 goto err;
295
296 if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
297 goto err;
298
299 if (asprintf(hash, "SHA256:%s", dhex) == -1) {
300 *hash = NULL;
301 goto err;
302 }
303
304 rv = 0;
305 err:
306 free(dhex);
307
308 return (rv);
309}
310
311int
312tls_cert_pubkey_hash(X509 *cert, char **hash)
313{
314 char d[EVP_MAX_MD_SIZE], *dhex = NULL;
315 int dlen, rv = -1;
316
317 free(*hash);
318 *hash = NULL;
319
320 if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
321 goto err;
322
323 if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
324 goto err;
325
326 if (asprintf(hash, "SHA256:%s", dhex) == -1) {
327 *hash = NULL;
328 goto err;
329 }
330
331 rv = 0;
332
333 err:
334 free(dhex);
335
336 return (rv);
337}
338
339static int
340tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pkey)
341{
342 BIO *bio = NULL;
343 X509 *x509 = NULL;
344 char *mem;
345 size_t len;
346 int ret = -1;
347
348 *pkey = NULL;
349
350 if (ctx->config->use_fake_private_key) {
351 mem = keypair->cert_mem;
352 len = keypair->cert_len;
353 } else {
354 mem = keypair->key_mem;
355 len = keypair->key_len;
356 }
357
358 if (mem == NULL)
359 return (0);
360
361 if (len > INT_MAX) {
362 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
363 ctx->config->use_fake_private_key ?
364 "certificate too long" : "key too long");
365 goto err;
366 }
367
368 if ((bio = BIO_new_mem_buf(mem, len)) == NULL) {
369 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "failed to create buffer");
370 goto err;
371 }
372
373 if (ctx->config->use_fake_private_key) {
374 if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb,
375 NULL)) == NULL) {
376 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
377 "failed to read X509 certificate");
378 goto err;
379 }
380 if ((*pkey = X509_get_pubkey(x509)) == NULL) {
381 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
382 "failed to retrieve pubkey");
383 goto err;
384 }
385 } else {
386 if ((*pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
387 NULL)) == NULL) {
388 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
389 "failed to read private key");
390 goto err;
391 }
392 }
393
394 ret = 0;
395 err:
396 BIO_free(bio);
397 X509_free(x509);
398 return (ret);
399}
400
401static int
402tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey)
403{
404 RSA_METHOD *rsa_method;
405 EC_KEY_METHOD *ecdsa_method;
406 RSA *rsa = NULL;
407 EC_KEY *eckey = NULL;
408 int ret = -1;
409
410 /* Only install the pubkey hash if fake private keys are used. */
411 if (!ctx->config->skip_private_key_check)
412 return (0);
413
414 if (keypair->pubkey_hash == NULL) {
415 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "public key hash not set");
416 goto err;
417 }
418
419 switch (EVP_PKEY_id(pkey)) {
420 case EVP_PKEY_RSA:
421 if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL ||
422 RSA_set_ex_data(rsa, 0, keypair->pubkey_hash) == 0) {
423 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
424 "RSA key setup failure");
425 goto err;
426 }
427 if (ctx->config->sign_cb != NULL) {
428 rsa_method = tls_signer_rsa_method();
429 if (rsa_method == NULL ||
430 RSA_set_ex_data(rsa, 1, ctx->config) == 0 ||
431 RSA_set_method(rsa, rsa_method) == 0) {
432 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
433 "failed to setup RSA key");
434 goto err;
435 }
436 }
437 /* Reset the key to work around caching in OpenSSL 3. */
438 if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) {
439 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
440 "failed to set RSA key");
441 goto err;
442 }
443 break;
444 case EVP_PKEY_EC:
445 if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL ||
446 EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
447 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
448 "EC key setup failure");
449 goto err;
450 }
451 if (ctx->config->sign_cb != NULL) {
452 ecdsa_method = tls_signer_ecdsa_method();
453 if (ecdsa_method == NULL ||
454 EC_KEY_set_ex_data(eckey, 1, ctx->config) == 0 ||
455 EC_KEY_set_method(eckey, ecdsa_method) == 0) {
456 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
457 "failed to setup EC key");
458 goto err;
459 }
460 }
461 /* Reset the key to work around caching in OpenSSL 3. */
462 if (EVP_PKEY_set1_EC_KEY(pkey, eckey) == 0) {
463 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
464 "failed to set EC key");
465 goto err;
466 }
467 break;
468 default:
469 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "incorrect key type");
470 goto err;
471 }
472
473 ret = 0;
474
475 err:
476 RSA_free(rsa);
477 EC_KEY_free(eckey);
478 return (ret);
479}
480
481int
482tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
483 struct tls_keypair *keypair, int required)
484{
485 EVP_PKEY *pkey = NULL;
486
487 if (!required &&
488 keypair->cert_mem == NULL &&
489 keypair->key_mem == NULL)
490 return(0);
491
492 if (keypair->cert_mem != NULL) {
493 if (keypair->cert_len > INT_MAX) {
494 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
495 "certificate too long");
496 goto err;
497 }
498
499 if (SSL_CTX_use_certificate_chain_mem(ssl_ctx,
500 keypair->cert_mem, keypair->cert_len) != 1) {
501 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
502 "failed to load certificate");
503 goto err;
504 }
505 }
506
507 if (tls_keypair_to_pkey(ctx, keypair, &pkey) == -1)
508 goto err;
509 if (pkey != NULL) {
510 if (tls_keypair_setup_pkey(ctx, keypair, pkey) == -1)
511 goto err;
512 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) {
513 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
514 "failed to load private key");
515 goto err;
516 }
517 EVP_PKEY_free(pkey);
518 pkey = NULL;
519 }
520
521 if (!ctx->config->skip_private_key_check &&
522 SSL_CTX_check_private_key(ssl_ctx) != 1) {
523 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
524 "private/public key mismatch");
525 goto err;
526 }
527
528 return (0);
529
530 err:
531 EVP_PKEY_free(pkey);
532
533 return (-1);
534}
535
536int
537tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx)
538{
539 SSL_CTX_clear_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
540
541 SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
542 SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
543
544 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
545 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
546 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
547 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
548
549 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
550 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
551
552 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
553 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
554 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_3) == 0)
555 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
556
557 if (ctx->config->alpn != NULL) {
558 if (SSL_CTX_set_alpn_protos(ssl_ctx, ctx->config->alpn,
559 ctx->config->alpn_len) != 0) {
560 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
561 "failed to set alpn");
562 goto err;
563 }
564 }
565
566 if (ctx->config->ciphers != NULL) {
567 if (SSL_CTX_set_cipher_list(ssl_ctx,
568 ctx->config->ciphers) != 1) {
569 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
570 "failed to set ciphers");
571 goto err;
572 }
573 }
574
575 if (ctx->config->verify_time == 0) {
576 X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(ssl_ctx),
577 X509_V_FLAG_NO_CHECK_TIME);
578 }
579
580 /* Disable any form of session caching by default */
581 SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF);
582 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
583
584 return (0);
585
586 err:
587 return (-1);
588}
589
590static int
591tls_ssl_cert_verify_cb(X509_STORE_CTX *x509_ctx, void *arg)
592{
593 struct tls *ctx = arg;
594 int x509_err;
595
596 if (ctx->config->verify_cert == 0)
597 return (1);
598
599 if ((X509_verify_cert(x509_ctx)) < 0) {
600 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
601 "X509 verify cert failed");
602 return (0);
603 }
604
605 x509_err = X509_STORE_CTX_get_error(x509_ctx);
606 if (x509_err == X509_V_OK)
607 return (1);
608
609 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
610 "certificate verification failed: %s",
611 X509_verify_cert_error_string(x509_err));
612
613 return (0);
614}
615
616int
617tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
618{
619 size_t ca_len = ctx->config->ca_len;
620 char *ca_mem = ctx->config->ca_mem;
621 char *crl_mem = ctx->config->crl_mem;
622 size_t crl_len = ctx->config->crl_len;
623 char *ca_free = NULL;
624 STACK_OF(X509_INFO) *xis = NULL;
625 X509_STORE *store;
626 X509_INFO *xi;
627 BIO *bio = NULL;
628 int rv = -1;
629 int i;
630
631 SSL_CTX_set_verify(ssl_ctx, verify, NULL);
632 SSL_CTX_set_cert_verify_callback(ssl_ctx, tls_ssl_cert_verify_cb, ctx);
633
634 if (ctx->config->verify_depth >= 0)
635 SSL_CTX_set_verify_depth(ssl_ctx, ctx->config->verify_depth);
636
637 if (ctx->config->verify_cert == 0)
638 goto done;
639
640 /* If no CA has been specified, attempt to load the default. */
641 if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
642 if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(),
643 &ca_mem, &ca_len) != 0)
644 goto err;
645 ca_free = ca_mem;
646 }
647
648 if (ca_mem != NULL) {
649 if (ca_len > INT_MAX) {
650 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
651 "ca too long");
652 goto err;
653 }
654 if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) {
655 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
656 "ssl verify memory setup failure");
657 goto err;
658 }
659 } else if (SSL_CTX_load_verify_locations(ssl_ctx, NULL,
660 ctx->config->ca_path) != 1) {
661 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
662 "ssl verify locations failure");
663 goto err;
664 }
665
666 if (crl_mem != NULL) {
667 if (crl_len > INT_MAX) {
668 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
669 "crl too long");
670 goto err;
671 }
672 if ((bio = BIO_new_mem_buf(crl_mem, crl_len)) == NULL) {
673 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
674 "failed to create buffer");
675 goto err;
676 }
677 if ((xis = PEM_X509_INFO_read_bio(bio, NULL, tls_password_cb,
678 NULL)) == NULL) {
679 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
680 "failed to parse crl");
681 goto err;
682 }
683 store = SSL_CTX_get_cert_store(ssl_ctx);
684 for (i = 0; i < sk_X509_INFO_num(xis); i++) {
685 xi = sk_X509_INFO_value(xis, i);
686 if (xi->crl == NULL)
687 continue;
688 if (!X509_STORE_add_crl(store, xi->crl)) {
689 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
690 "failed to add crl");
691 goto err;
692 }
693 }
694 X509_STORE_set_flags(store,
695 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
696 }
697
698 done:
699 rv = 0;
700
701 err:
702 sk_X509_INFO_pop_free(xis, X509_INFO_free);
703 BIO_free(bio);
704 free(ca_free);
705
706 return (rv);
707}
708
709void
710tls_free(struct tls *ctx)
711{
712 if (ctx == NULL)
713 return;
714
715 tls_reset(ctx);
716
717 free(ctx);
718}
719
720void
721tls_reset(struct tls *ctx)
722{
723 struct tls_sni_ctx *sni, *nsni;
724
725 tls_config_free(ctx->config);
726 ctx->config = NULL;
727
728 SSL_CTX_free(ctx->ssl_ctx);
729 SSL_free(ctx->ssl_conn);
730 X509_free(ctx->ssl_peer_cert);
731
732 ctx->ssl_conn = NULL;
733 ctx->ssl_ctx = NULL;
734 ctx->ssl_peer_cert = NULL;
735 /* X509 objects in chain are freed with the SSL */
736 ctx->ssl_peer_chain = NULL;
737
738 ctx->socket = -1;
739 ctx->state = 0;
740
741 free(ctx->servername);
742 ctx->servername = NULL;
743
744 free(ctx->error.msg);
745 ctx->error.msg = NULL;
746 ctx->error.errno_value = -1;
747
748 tls_conninfo_free(ctx->conninfo);
749 ctx->conninfo = NULL;
750
751 tls_ocsp_free(ctx->ocsp);
752 ctx->ocsp = NULL;
753
754 for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) {
755 nsni = sni->next;
756 tls_sni_ctx_free(sni);
757 }
758 ctx->sni_ctx = NULL;
759
760 ctx->read_cb = NULL;
761 ctx->write_cb = NULL;
762 ctx->cb_arg = NULL;
763}
764
765int
766tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
767{
768 const char *errstr = "unknown error";
769 unsigned long err;
770 int ssl_err;
771
772 ssl_err = SSL_get_error(ssl_conn, ssl_ret);
773 switch (ssl_err) {
774 case SSL_ERROR_NONE:
775 case SSL_ERROR_ZERO_RETURN:
776 return (0);
777
778 case SSL_ERROR_WANT_READ:
779 return (TLS_WANT_POLLIN);
780
781 case SSL_ERROR_WANT_WRITE:
782 return (TLS_WANT_POLLOUT);
783
784 case SSL_ERROR_SYSCALL:
785 if ((err = ERR_peek_error()) != 0) {
786 errstr = ERR_error_string(err, NULL);
787 } else if (ssl_ret == 0) {
788 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
789 ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
790 return (0);
791 }
792 errstr = "unexpected EOF";
793 } else if (ssl_ret == -1) {
794 errstr = strerror(errno);
795 }
796 tls_set_ssl_errorx(ctx, TLS_ERROR_UNKNOWN,
797 "%s failed: %s", prefix, errstr);
798 return (-1);
799
800 case SSL_ERROR_SSL:
801 if ((err = ERR_peek_error()) != 0) {
802 errstr = ERR_error_string(err, NULL);
803 }
804 tls_set_ssl_errorx(ctx, TLS_ERROR_UNKNOWN,
805 "%s failed: %s", prefix, errstr);
806 return (-1);
807
808 case SSL_ERROR_WANT_CONNECT:
809 case SSL_ERROR_WANT_ACCEPT:
810 case SSL_ERROR_WANT_X509_LOOKUP:
811 default:
812 tls_set_ssl_errorx(ctx, TLS_ERROR_UNKNOWN,
813 "%s failed (%d)", prefix, ssl_err);
814 return (-1);
815 }
816}
817
818int
819tls_handshake(struct tls *ctx)
820{
821 int rv = -1;
822
823 tls_error_clear(&ctx->error);
824
825 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
826 tls_set_errorx(ctx, TLS_ERROR_INVALID_CONTEXT,
827 "invalid operation for context");
828 goto out;
829 }
830
831 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
832 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
833 "handshake already completed");
834 goto out;
835 }
836
837 if ((ctx->flags & TLS_CLIENT) != 0)
838 rv = tls_handshake_client(ctx);
839 else if ((ctx->flags & TLS_SERVER_CONN) != 0)
840 rv = tls_handshake_server(ctx);
841
842 if (rv == 0) {
843 ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn);
844 ctx->ssl_peer_chain = SSL_get_peer_cert_chain(ctx->ssl_conn);
845 if (tls_conninfo_populate(ctx) == -1)
846 rv = -1;
847 if (ctx->ocsp == NULL)
848 ctx->ocsp = tls_ocsp_setup_from_peer(ctx);
849 }
850 out:
851 /* Prevent callers from performing incorrect error handling */
852 errno = 0;
853 return (rv);
854}
855
856ssize_t
857tls_read(struct tls *ctx, void *buf, size_t buflen)
858{
859 ssize_t rv = -1;
860 int ssl_ret;
861
862 tls_error_clear(&ctx->error);
863
864 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
865 if ((rv = tls_handshake(ctx)) != 0)
866 goto out;
867 }
868
869 if (buflen > INT_MAX) {
870 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
871 "buflen too long");
872 goto out;
873 }
874
875 ERR_clear_error();
876 if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) {
877 rv = (ssize_t)ssl_ret;
878 goto out;
879 }
880 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read");
881
882 out:
883 /* Prevent callers from performing incorrect error handling */
884 errno = 0;
885 return (rv);
886}
887
888ssize_t
889tls_write(struct tls *ctx, const void *buf, size_t buflen)
890{
891 ssize_t rv = -1;
892 int ssl_ret;
893
894 tls_error_clear(&ctx->error);
895
896 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
897 if ((rv = tls_handshake(ctx)) != 0)
898 goto out;
899 }
900
901 if (buflen > INT_MAX) {
902 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
903 "buflen too long");
904 goto out;
905 }
906
907 ERR_clear_error();
908 if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) {
909 rv = (ssize_t)ssl_ret;
910 goto out;
911 }
912 rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");
913
914 out:
915 /* Prevent callers from performing incorrect error handling */
916 errno = 0;
917 return (rv);
918}
919
920int
921tls_close(struct tls *ctx)
922{
923 int ssl_ret;
924 int rv = 0;
925
926 tls_error_clear(&ctx->error);
927
928 if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
929 tls_set_errorx(ctx, TLS_ERROR_INVALID_CONTEXT,
930 "invalid operation for context");
931 rv = -1;
932 goto out;
933 }
934
935 if (ctx->state & TLS_SSL_NEEDS_SHUTDOWN) {
936 ERR_clear_error();
937 ssl_ret = SSL_shutdown(ctx->ssl_conn);
938 if (ssl_ret < 0) {
939 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret,
940 "shutdown");
941 if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT)
942 goto out;
943 }
944 ctx->state &= ~TLS_SSL_NEEDS_SHUTDOWN;
945 }
946
947 if (ctx->socket != -1) {
948 if (shutdown(ctx->socket, SHUT_RDWR) != 0) {
949 if (rv == 0 &&
950 errno != ENOTCONN && errno != ECONNRESET) {
951 tls_set_error(ctx, TLS_ERROR_UNKNOWN, "shutdown");
952 rv = -1;
953 }
954 }
955 if (close(ctx->socket) != 0) {
956 if (rv == 0) {
957 tls_set_error(ctx, TLS_ERROR_UNKNOWN, "close");
958 rv = -1;
959 }
960 }
961 ctx->socket = -1;
962 }
963
964 if ((ctx->state & TLS_EOF_NO_CLOSE_NOTIFY) != 0) {
965 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "EOF without close notify");
966 rv = -1;
967 }
968
969 out:
970 /* Prevent callers from performing incorrect error handling */
971 errno = 0;
972 return (rv);
973}
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
deleted file mode 100644
index 5a3a6254ab..0000000000
--- a/src/lib/libtls/tls.h
+++ /dev/null
@@ -1,236 +0,0 @@
1/* $OpenBSD: tls.h,v 1.68 2024/12/10 08:40:30 tb Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef HEADER_TLS_H
19#define HEADER_TLS_H
20
21#ifdef __cplusplus
22extern "C" {
23#endif
24
25#include <sys/types.h>
26
27#include <stddef.h>
28#include <stdint.h>
29
30#define TLS_API 20200120
31
32/*
33 * Deprecated versions of TLS. Using these effectively selects
34 * the minimum supported version.
35 */
36#define TLS_PROTOCOL_TLSv1_0 (1 << 1)
37#define TLS_PROTOCOL_TLSv1_1 (1 << 2)
38/* Supported versions of TLS */
39#define TLS_PROTOCOL_TLSv1_2 (1 << 3)
40#define TLS_PROTOCOL_TLSv1_3 (1 << 4)
41
42#define TLS_PROTOCOL_TLSv1 \
43 (TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3)
44
45#define TLS_PROTOCOLS_ALL TLS_PROTOCOL_TLSv1
46#define TLS_PROTOCOLS_DEFAULT (TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3)
47
48#define TLS_WANT_POLLIN -2
49#define TLS_WANT_POLLOUT -3
50
51/* RFC 6960 Section 2.3 */
52#define TLS_OCSP_RESPONSE_SUCCESSFUL 0
53#define TLS_OCSP_RESPONSE_MALFORMED 1
54#define TLS_OCSP_RESPONSE_INTERNALERROR 2
55#define TLS_OCSP_RESPONSE_TRYLATER 3
56#define TLS_OCSP_RESPONSE_SIGREQUIRED 4
57#define TLS_OCSP_RESPONSE_UNAUTHORIZED 5
58
59/* RFC 6960 Section 2.2 */
60#define TLS_OCSP_CERT_GOOD 0
61#define TLS_OCSP_CERT_REVOKED 1
62#define TLS_OCSP_CERT_UNKNOWN 2
63
64/* RFC 5280 Section 5.3.1 */
65#define TLS_CRL_REASON_UNSPECIFIED 0
66#define TLS_CRL_REASON_KEY_COMPROMISE 1
67#define TLS_CRL_REASON_CA_COMPROMISE 2
68#define TLS_CRL_REASON_AFFILIATION_CHANGED 3
69#define TLS_CRL_REASON_SUPERSEDED 4
70#define TLS_CRL_REASON_CESSATION_OF_OPERATION 5
71#define TLS_CRL_REASON_CERTIFICATE_HOLD 6
72#define TLS_CRL_REASON_REMOVE_FROM_CRL 8
73#define TLS_CRL_REASON_PRIVILEGE_WITHDRAWN 9
74#define TLS_CRL_REASON_AA_COMPROMISE 10
75
76#define TLS_MAX_SESSION_ID_LENGTH 32
77#define TLS_TICKET_KEY_SIZE 48
78
79/* Error codes */
80#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
81#define TLS_ERROR_UNKNOWN 0x0000
82#define TLS_ERROR_OUT_OF_MEMORY 0x1000
83#define TLS_ERROR_INVALID_CONTEXT 0x2000
84#define TLS_ERROR_INVALID_ARGUMENT 0x2001
85#endif
86
87struct tls;
88struct tls_config;
89
90typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen,
91 void *_cb_arg);
92typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf,
93 size_t _buflen, void *_cb_arg);
94
95int tls_init(void);
96
97const char *tls_config_error(struct tls_config *_config);
98const char *tls_error(struct tls *_ctx);
99#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
100int tls_config_error_code(struct tls_config *_config);
101int tls_error_code(struct tls *_ctx);
102#endif
103
104struct tls_config *tls_config_new(void);
105void tls_config_free(struct tls_config *_config);
106
107const char *tls_default_ca_cert_file(void);
108
109int tls_config_add_keypair_file(struct tls_config *_config,
110 const char *_cert_file, const char *_key_file);
111int tls_config_add_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
112 size_t _cert_len, const uint8_t *_key, size_t _key_len);
113int tls_config_add_keypair_ocsp_file(struct tls_config *_config,
114 const char *_cert_file, const char *_key_file,
115 const char *_ocsp_staple_file);
116int tls_config_add_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
117 size_t _cert_len, const uint8_t *_key, size_t _key_len,
118 const uint8_t *_staple, size_t _staple_len);
119int tls_config_set_alpn(struct tls_config *_config, const char *_alpn);
120int tls_config_set_ca_file(struct tls_config *_config, const char *_ca_file);
121int tls_config_set_ca_path(struct tls_config *_config, const char *_ca_path);
122int tls_config_set_ca_mem(struct tls_config *_config, const uint8_t *_ca,
123 size_t _len);
124int tls_config_set_cert_file(struct tls_config *_config,
125 const char *_cert_file);
126int tls_config_set_cert_mem(struct tls_config *_config, const uint8_t *_cert,
127 size_t _len);
128int tls_config_set_ciphers(struct tls_config *_config, const char *_ciphers);
129int tls_config_set_crl_file(struct tls_config *_config, const char *_crl_file);
130int tls_config_set_crl_mem(struct tls_config *_config, const uint8_t *_crl,
131 size_t _len);
132int tls_config_set_dheparams(struct tls_config *_config, const char *_params);
133int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_curve);
134int tls_config_set_ecdhecurves(struct tls_config *_config, const char *_curves);
135int tls_config_set_key_file(struct tls_config *_config, const char *_key_file);
136int tls_config_set_key_mem(struct tls_config *_config, const uint8_t *_key,
137 size_t _len);
138int tls_config_set_keypair_file(struct tls_config *_config,
139 const char *_cert_file, const char *_key_file);
140int tls_config_set_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
141 size_t _cert_len, const uint8_t *_key, size_t _key_len);
142int tls_config_set_keypair_ocsp_file(struct tls_config *_config,
143 const char *_cert_file, const char *_key_file, const char *_staple_file);
144int tls_config_set_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
145 size_t _cert_len, const uint8_t *_key, size_t _key_len,
146 const uint8_t *_staple, size_t staple_len);
147int tls_config_set_ocsp_staple_mem(struct tls_config *_config,
148 const uint8_t *_staple, size_t _len);
149int tls_config_set_ocsp_staple_file(struct tls_config *_config,
150 const char *_staple_file);
151int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
152int tls_config_set_session_fd(struct tls_config *_config, int _session_fd);
153int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
154
155void tls_config_prefer_ciphers_client(struct tls_config *_config);
156void tls_config_prefer_ciphers_server(struct tls_config *_config);
157
158void tls_config_insecure_noverifycert(struct tls_config *_config);
159void tls_config_insecure_noverifyname(struct tls_config *_config);
160void tls_config_insecure_noverifytime(struct tls_config *_config);
161void tls_config_verify(struct tls_config *_config);
162
163void tls_config_ocsp_require_stapling(struct tls_config *_config);
164void tls_config_verify_client(struct tls_config *_config);
165void tls_config_verify_client_optional(struct tls_config *_config);
166
167void tls_config_clear_keys(struct tls_config *_config);
168int tls_config_parse_protocols(uint32_t *_protocols, const char *_protostr);
169
170int tls_config_set_session_id(struct tls_config *_config,
171 const unsigned char *_session_id, size_t _len);
172int tls_config_set_session_lifetime(struct tls_config *_config, int _lifetime);
173int tls_config_add_ticket_key(struct tls_config *_config, uint32_t _keyrev,
174 unsigned char *_key, size_t _keylen);
175
176struct tls *tls_client(void);
177struct tls *tls_server(void);
178int tls_configure(struct tls *_ctx, struct tls_config *_config);
179void tls_reset(struct tls *_ctx);
180void tls_free(struct tls *_ctx);
181
182int tls_accept_fds(struct tls *_ctx, struct tls **_cctx, int _fd_read,
183 int _fd_write);
184int tls_accept_socket(struct tls *_ctx, struct tls **_cctx, int _socket);
185int tls_accept_cbs(struct tls *_ctx, struct tls **_cctx,
186 tls_read_cb _read_cb, tls_write_cb _write_cb, void *_cb_arg);
187int tls_connect(struct tls *_ctx, const char *_host, const char *_port);
188int tls_connect_fds(struct tls *_ctx, int _fd_read, int _fd_write,
189 const char *_servername);
190int tls_connect_servername(struct tls *_ctx, const char *_host,
191 const char *_port, const char *_servername);
192int tls_connect_socket(struct tls *_ctx, int _s, const char *_servername);
193int tls_connect_cbs(struct tls *_ctx, tls_read_cb _read_cb,
194 tls_write_cb _write_cb, void *_cb_arg, const char *_servername);
195int tls_handshake(struct tls *_ctx);
196ssize_t tls_read(struct tls *_ctx, void *_buf, size_t _buflen);
197ssize_t tls_write(struct tls *_ctx, const void *_buf, size_t _buflen);
198int tls_close(struct tls *_ctx);
199
200int tls_peer_cert_provided(struct tls *_ctx);
201int tls_peer_cert_contains_name(struct tls *_ctx, const char *_name);
202
203const char *tls_peer_cert_common_name(struct tls *_ctx);
204const char *tls_peer_cert_hash(struct tls *_ctx);
205const char *tls_peer_cert_issuer(struct tls *_ctx);
206const char *tls_peer_cert_subject(struct tls *_ctx);
207time_t tls_peer_cert_notbefore(struct tls *_ctx);
208time_t tls_peer_cert_notafter(struct tls *_ctx);
209const uint8_t *tls_peer_cert_chain_pem(struct tls *_ctx, size_t *_len);
210
211const char *tls_conn_alpn_selected(struct tls *_ctx);
212const char *tls_conn_cipher(struct tls *_ctx);
213int tls_conn_cipher_strength(struct tls *_ctx);
214const char *tls_conn_servername(struct tls *_ctx);
215int tls_conn_session_resumed(struct tls *_ctx);
216const char *tls_conn_version(struct tls *_ctx);
217
218uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);
219void tls_unload_file(uint8_t *_buf, size_t len);
220
221int tls_ocsp_process_response(struct tls *_ctx, const unsigned char *_response,
222 size_t _size);
223int tls_peer_ocsp_cert_status(struct tls *_ctx);
224int tls_peer_ocsp_crl_reason(struct tls *_ctx);
225time_t tls_peer_ocsp_next_update(struct tls *_ctx);
226int tls_peer_ocsp_response_status(struct tls *_ctx);
227const char *tls_peer_ocsp_result(struct tls *_ctx);
228time_t tls_peer_ocsp_revocation_time(struct tls *_ctx);
229time_t tls_peer_ocsp_this_update(struct tls *_ctx);
230const char *tls_peer_ocsp_url(struct tls *_ctx);
231
232#ifdef __cplusplus
233}
234#endif
235
236#endif /* HEADER_TLS_H */
diff --git a/src/lib/libtls/tls_bio_cb.c b/src/lib/libtls/tls_bio_cb.c
deleted file mode 100644
index 56b9e12a71..0000000000
--- a/src/lib/libtls/tls_bio_cb.c
+++ /dev/null
@@ -1,173 +0,0 @@
1/* $OpenBSD: tls_bio_cb.c,v 1.22 2024/03/26 06:24:52 joshua Exp $ */
2/*
3 * Copyright (c) 2016 Tobias Pape <tobias@netshed.de>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <fcntl.h>
19#include <stdlib.h>
20#include <string.h>
21#include <unistd.h>
22
23#include <openssl/bio.h>
24
25#include <tls.h>
26#include "tls_internal.h"
27
28static int bio_cb_write(BIO *bio, const char *buf, int num);
29static int bio_cb_read(BIO *bio, char *buf, int size);
30static int bio_cb_puts(BIO *bio, const char *str);
31static long bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr);
32
33static BIO_METHOD *bio_cb_method;
34
35static pthread_mutex_t bio_cb_method_lock = PTHREAD_MUTEX_INITIALIZER;
36
37static void
38bio_cb_method_init(void)
39{
40 BIO_METHOD *bio_method;
41
42 if (bio_cb_method != NULL)
43 return;
44
45 bio_method = BIO_meth_new(BIO_TYPE_MEM, "libtls_callbacks");
46 if (bio_method == NULL)
47 return;
48
49 BIO_meth_set_write(bio_method, bio_cb_write);
50 BIO_meth_set_read(bio_method, bio_cb_read);
51 BIO_meth_set_puts(bio_method, bio_cb_puts);
52 BIO_meth_set_ctrl(bio_method, bio_cb_ctrl);
53
54 bio_cb_method = bio_method;
55}
56
57static BIO_METHOD *
58bio_s_cb(void)
59{
60 if (bio_cb_method != NULL)
61 return (bio_cb_method);
62
63 pthread_mutex_lock(&bio_cb_method_lock);
64 bio_cb_method_init();
65 pthread_mutex_unlock(&bio_cb_method_lock);
66
67 return (bio_cb_method);
68}
69
70static int
71bio_cb_puts(BIO *bio, const char *str)
72{
73 return (bio_cb_write(bio, str, strlen(str)));
74}
75
76static long
77bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr)
78{
79 long ret = 1;
80
81 switch (cmd) {
82 case BIO_CTRL_GET_CLOSE:
83 ret = (long)BIO_get_shutdown(bio);
84 break;
85 case BIO_CTRL_SET_CLOSE:
86 BIO_set_shutdown(bio, (int)num);
87 break;
88 case BIO_CTRL_DUP:
89 case BIO_CTRL_FLUSH:
90 break;
91 case BIO_CTRL_INFO:
92 case BIO_CTRL_GET:
93 case BIO_CTRL_SET:
94 default:
95 ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
96 }
97
98 return (ret);
99}
100
101static int
102bio_cb_write(BIO *bio, const char *buf, int num)
103{
104 struct tls *ctx = BIO_get_data(bio);
105 int rv;
106
107 BIO_clear_retry_flags(bio);
108 rv = (ctx->write_cb)(ctx, buf, num, ctx->cb_arg);
109 if (rv == TLS_WANT_POLLIN) {
110 BIO_set_retry_read(bio);
111 rv = -1;
112 } else if (rv == TLS_WANT_POLLOUT) {
113 BIO_set_retry_write(bio);
114 rv = -1;
115 }
116 return (rv);
117}
118
119static int
120bio_cb_read(BIO *bio, char *buf, int size)
121{
122 struct tls *ctx = BIO_get_data(bio);
123 int rv;
124
125 BIO_clear_retry_flags(bio);
126 rv = (ctx->read_cb)(ctx, buf, size, ctx->cb_arg);
127 if (rv == TLS_WANT_POLLIN) {
128 BIO_set_retry_read(bio);
129 rv = -1;
130 } else if (rv == TLS_WANT_POLLOUT) {
131 BIO_set_retry_write(bio);
132 rv = -1;
133 }
134 return (rv);
135}
136
137int
138tls_set_cbs(struct tls *ctx, tls_read_cb read_cb, tls_write_cb write_cb,
139 void *cb_arg)
140{
141 const BIO_METHOD *bio_cb;
142 BIO *bio;
143 int rv = -1;
144
145 if (read_cb == NULL || write_cb == NULL) {
146 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "no callbacks provided");
147 goto err;
148 }
149
150 ctx->read_cb = read_cb;
151 ctx->write_cb = write_cb;
152 ctx->cb_arg = cb_arg;
153
154 if ((bio_cb = bio_s_cb()) == NULL) {
155 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
156 "failed to create callback method");
157 goto err;
158 }
159 if ((bio = BIO_new(bio_cb)) == NULL) {
160 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
161 "failed to create callback i/o");
162 goto err;
163 }
164 BIO_set_data(bio, ctx);
165 BIO_set_init(bio, 1);
166
167 SSL_set_bio(ctx->ssl_conn, bio, bio);
168
169 rv = 0;
170
171 err:
172 return (rv);
173}
diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
deleted file mode 100644
index 97e1d40210..0000000000
--- a/src/lib/libtls/tls_client.c
+++ /dev/null
@@ -1,509 +0,0 @@
1/* $OpenBSD: tls_client.c,v 1.51 2024/03/26 08:54:48 joshua Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20#include <sys/stat.h>
21
22#include <arpa/inet.h>
23#include <netinet/in.h>
24
25#include <limits.h>
26#include <netdb.h>
27#include <stdlib.h>
28#include <string.h>
29#include <unistd.h>
30
31#include <openssl/err.h>
32#include <openssl/x509.h>
33
34#include <tls.h>
35#include "tls_internal.h"
36
37struct tls *
38tls_client(void)
39{
40 struct tls *ctx;
41
42 if (tls_init() == -1)
43 return (NULL);
44
45 if ((ctx = tls_new()) == NULL)
46 return (NULL);
47
48 ctx->flags |= TLS_CLIENT;
49
50 return (ctx);
51}
52
53int
54tls_connect(struct tls *ctx, const char *host, const char *port)
55{
56 return tls_connect_servername(ctx, host, port, NULL);
57}
58
59int
60tls_connect_servername(struct tls *ctx, const char *host, const char *port,
61 const char *servername)
62{
63 struct addrinfo hints, *res, *res0;
64 const char *h = NULL, *p = NULL;
65 char *hs = NULL, *ps = NULL;
66 int rv = -1, s = -1, ret;
67
68 if ((ctx->flags & TLS_CLIENT) == 0) {
69 tls_set_errorx(ctx, TLS_ERROR_INVALID_CONTEXT,
70 "not a client context");
71 goto err;
72 }
73
74 if (host == NULL) {
75 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "host not specified");
76 goto err;
77 }
78
79 /* If port is NULL, try to extract a port from the specified host. */
80 if (port == NULL) {
81 ret = tls_host_port(host, &hs, &ps);
82 if (ret == -1) {
83 tls_set_errorx(ctx, TLS_ERROR_OUT_OF_MEMORY, "out of memory");
84 goto err;
85 }
86 if (ret != 0) {
87 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "no port provided");
88 goto err;
89 }
90 }
91
92 h = (hs != NULL) ? hs : host;
93 p = (ps != NULL) ? ps : port;
94
95 /*
96 * First check if the host is specified as a numeric IP address,
97 * either IPv4 or IPv6, before trying to resolve the host.
98 * The AI_ADDRCONFIG resolver option will not return IPv4 or IPv6
99 * records if it is not configured on an interface; not considering
100 * loopback addresses. Checking the numeric addresses first makes
101 * sure that connection attempts to numeric addresses and especially
102 * 127.0.0.1 or ::1 loopback addresses are always possible.
103 */
104 memset(&hints, 0, sizeof(hints));
105 hints.ai_socktype = SOCK_STREAM;
106
107 /* try as an IPv4 literal */
108 hints.ai_family = AF_INET;
109 hints.ai_flags = AI_NUMERICHOST;
110 if (getaddrinfo(h, p, &hints, &res0) != 0) {
111 /* try again as an IPv6 literal */
112 hints.ai_family = AF_INET6;
113 if (getaddrinfo(h, p, &hints, &res0) != 0) {
114 /* last try, with name resolution and save the error */
115 hints.ai_family = AF_UNSPEC;
116 hints.ai_flags = AI_ADDRCONFIG;
117 if ((s = getaddrinfo(h, p, &hints, &res0)) != 0) {
118 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
119 "%s", gai_strerror(s));
120 goto err;
121 }
122 }
123 }
124
125 /* It was resolved somehow; now try connecting to what we got */
126 s = -1;
127 for (res = res0; res; res = res->ai_next) {
128 s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
129 if (s == -1) {
130 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
131 "socket");
132 continue;
133 }
134 if (connect(s, res->ai_addr, res->ai_addrlen) == -1) {
135 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
136 "connect");
137 close(s);
138 s = -1;
139 continue;
140 }
141
142 break; /* Connected. */
143 }
144 freeaddrinfo(res0);
145
146 if (s == -1)
147 goto err;
148
149 if (servername == NULL)
150 servername = h;
151
152 if (tls_connect_socket(ctx, s, servername) != 0) {
153 close(s);
154 goto err;
155 }
156
157 ctx->socket = s;
158
159 rv = 0;
160
161 err:
162 free(hs);
163 free(ps);
164
165 return (rv);
166}
167
168static int
169tls_client_read_session(struct tls *ctx)
170{
171 int sfd = ctx->config->session_fd;
172 uint8_t *session = NULL;
173 size_t session_len = 0;
174 SSL_SESSION *ss = NULL;
175 BIO *bio = NULL;
176 struct stat sb;
177 ssize_t n;
178 int rv = -1;
179
180 if (fstat(sfd, &sb) == -1) {
181 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
182 "failed to stat session file");
183 goto err;
184 }
185 if (sb.st_size < 0 || sb.st_size > INT_MAX) {
186 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
187 "invalid session file size");
188 goto err;
189 }
190 session_len = (size_t)sb.st_size;
191
192 /* A zero size file means that we do not yet have a valid session. */
193 if (session_len == 0)
194 goto done;
195
196 if ((session = malloc(session_len)) == NULL)
197 goto err;
198
199 n = pread(sfd, session, session_len, 0);
200 if (n < 0 || (size_t)n != session_len) {
201 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
202 "failed to read session file");
203 goto err;
204 }
205 if ((bio = BIO_new_mem_buf(session, session_len)) == NULL)
206 goto err;
207 if ((ss = PEM_read_bio_SSL_SESSION(bio, NULL, tls_password_cb,
208 NULL)) == NULL) {
209 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
210 "failed to parse session");
211 goto err;
212 }
213
214 if (SSL_set_session(ctx->ssl_conn, ss) != 1) {
215 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
216 "failed to set session");
217 goto err;
218 }
219
220 done:
221 rv = 0;
222
223 err:
224 freezero(session, session_len);
225 SSL_SESSION_free(ss);
226 BIO_free(bio);
227
228 return rv;
229}
230
231static int
232tls_client_write_session(struct tls *ctx)
233{
234 int sfd = ctx->config->session_fd;
235 SSL_SESSION *ss = NULL;
236 BIO *bio = NULL;
237 long data_len;
238 char *data;
239 off_t offset;
240 size_t len;
241 ssize_t n;
242 int rv = -1;
243
244 if ((ss = SSL_get1_session(ctx->ssl_conn)) == NULL) {
245 if (ftruncate(sfd, 0) == -1) {
246 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
247 "failed to truncate session file");
248 goto err;
249 }
250 goto done;
251 }
252
253 if ((bio = BIO_new(BIO_s_mem())) == NULL)
254 goto err;
255 if (PEM_write_bio_SSL_SESSION(bio, ss) == 0)
256 goto err;
257 if ((data_len = BIO_get_mem_data(bio, &data)) <= 0)
258 goto err;
259
260 len = (size_t)data_len;
261 offset = 0;
262
263 if (ftruncate(sfd, len) == -1) {
264 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
265 "failed to truncate session file");
266 goto err;
267 }
268 while (len > 0) {
269 if ((n = pwrite(sfd, data + offset, len, offset)) == -1) {
270 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
271 "failed to write session file");
272 goto err;
273 }
274 offset += n;
275 len -= n;
276 }
277
278 done:
279 rv = 0;
280
281 err:
282 SSL_SESSION_free(ss);
283 BIO_free_all(bio);
284
285 return (rv);
286}
287
288static int
289tls_connect_common(struct tls *ctx, const char *servername)
290{
291 union tls_addr addrbuf;
292 size_t servername_len;
293 int rv = -1;
294
295 if ((ctx->flags & TLS_CLIENT) == 0) {
296 tls_set_errorx(ctx, TLS_ERROR_INVALID_CONTEXT,
297 "not a client context");
298 goto err;
299 }
300
301 if (servername != NULL) {
302 if ((ctx->servername = strdup(servername)) == NULL) {
303 tls_set_errorx(ctx, TLS_ERROR_OUT_OF_MEMORY,
304 "out of memory");
305 goto err;
306 }
307
308 /*
309 * If there's a trailing dot, remove it. While an FQDN includes
310 * the terminating dot representing the zero-length label of
311 * the root (RFC 8499, section 2), the SNI explicitly does not
312 * include it (RFC 6066, section 3).
313 */
314 servername_len = strlen(ctx->servername);
315 if (servername_len > 0 &&
316 ctx->servername[servername_len - 1] == '.')
317 ctx->servername[servername_len - 1] = '\0';
318 }
319
320 if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
321 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "ssl context failure");
322 goto err;
323 }
324
325 if (tls_configure_ssl(ctx, ctx->ssl_ctx) != 0)
326 goto err;
327
328 if (tls_configure_ssl_keypair(ctx, ctx->ssl_ctx,
329 ctx->config->keypair, 0) != 0)
330 goto err;
331
332 if (ctx->config->verify_name) {
333 if (ctx->servername == NULL) {
334 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
335 "server name not specified");
336 goto err;
337 }
338 }
339
340 if (tls_configure_ssl_verify(ctx, ctx->ssl_ctx, SSL_VERIFY_PEER) == -1)
341 goto err;
342
343 if (ctx->config->ecdhecurves != NULL) {
344 if (SSL_CTX_set1_groups(ctx->ssl_ctx, ctx->config->ecdhecurves,
345 ctx->config->ecdhecurves_len) != 1) {
346 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
347 "failed to set ecdhe curves");
348 goto err;
349 }
350 }
351
352 if (SSL_CTX_set_tlsext_status_cb(ctx->ssl_ctx, tls_ocsp_verify_cb) != 1) {
353 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
354 "ssl OCSP verification setup failure");
355 goto err;
356 }
357
358 if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
359 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "ssl connection failure");
360 goto err;
361 }
362
363 if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {
364 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
365 "ssl application data failure");
366 goto err;
367 }
368
369 if (ctx->config->session_fd != -1) {
370 SSL_clear_options(ctx->ssl_conn, SSL_OP_NO_TICKET);
371 if (tls_client_read_session(ctx) == -1)
372 goto err;
373 }
374
375 if (SSL_set_tlsext_status_type(ctx->ssl_conn, TLSEXT_STATUSTYPE_ocsp) != 1) {
376 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
377 "ssl OCSP extension setup failure");
378 goto err;
379 }
380
381 /*
382 * RFC 6066 (SNI): Literal IPv4 and IPv6 addresses are not
383 * permitted in "HostName".
384 */
385 if (ctx->servername != NULL &&
386 inet_pton(AF_INET, ctx->servername, &addrbuf) != 1 &&
387 inet_pton(AF_INET6, ctx->servername, &addrbuf) != 1) {
388 if (SSL_set_tlsext_host_name(ctx->ssl_conn,
389 ctx->servername) == 0) {
390 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
391 "server name indication failure");
392 goto err;
393 }
394 }
395
396 ctx->state |= TLS_CONNECTED;
397 rv = 0;
398
399 err:
400 return (rv);
401}
402
403int
404tls_connect_socket(struct tls *ctx, int s, const char *servername)
405{
406 return tls_connect_fds(ctx, s, s, servername);
407}
408
409int
410tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
411 const char *servername)
412{
413 int rv = -1;
414
415 if (fd_read < 0 || fd_write < 0) {
416 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "invalid file descriptors");
417 goto err;
418 }
419
420 if (tls_connect_common(ctx, servername) != 0)
421 goto err;
422
423 if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 ||
424 SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {
425 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
426 "ssl file descriptor failure");
427 goto err;
428 }
429
430 rv = 0;
431 err:
432 return (rv);
433}
434
435int
436tls_connect_cbs(struct tls *ctx, tls_read_cb read_cb,
437 tls_write_cb write_cb, void *cb_arg, const char *servername)
438{
439 int rv = -1;
440
441 if (tls_connect_common(ctx, servername) != 0)
442 goto err;
443
444 if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0)
445 goto err;
446
447 rv = 0;
448
449 err:
450 return (rv);
451}
452
453int
454tls_handshake_client(struct tls *ctx)
455{
456 X509 *cert = NULL;
457 int match, ssl_ret;
458 int rv = -1;
459
460 if ((ctx->flags & TLS_CLIENT) == 0) {
461 tls_set_errorx(ctx, TLS_ERROR_INVALID_CONTEXT,
462 "not a client context");
463 goto err;
464 }
465
466 if ((ctx->state & TLS_CONNECTED) == 0) {
467 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "context not connected");
468 goto err;
469 }
470
471 ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;
472
473 ERR_clear_error();
474 if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) {
475 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
476 goto err;
477 }
478
479 if (ctx->config->verify_name) {
480 cert = SSL_get_peer_certificate(ctx->ssl_conn);
481 if (cert == NULL) {
482 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
483 "no server certificate");
484 goto err;
485 }
486 if (tls_check_name(ctx, cert, ctx->servername, &match) == -1)
487 goto err;
488 if (!match) {
489 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
490 "name `%s' not present in server certificate",
491 ctx->servername);
492 goto err;
493 }
494 }
495
496 ctx->state |= TLS_HANDSHAKE_COMPLETE;
497
498 if (ctx->config->session_fd != -1) {
499 if (tls_client_write_session(ctx) == -1)
500 goto err;
501 }
502
503 rv = 0;
504
505 err:
506 X509_free(cert);
507
508 return (rv);
509}
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
deleted file mode 100644
index 22fa8455a1..0000000000
--- a/src/lib/libtls/tls_config.c
+++ /dev/null
@@ -1,954 +0,0 @@
1/* $OpenBSD: tls_config.c,v 1.71 2024/08/02 15:00:01 tb Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/stat.h>
19
20#include <ctype.h>
21#include <errno.h>
22#include <fcntl.h>
23#include <pthread.h>
24#include <stdlib.h>
25#include <string.h>
26#include <unistd.h>
27
28#include <tls.h>
29
30#include "tls_internal.h"
31
32static const char default_ca_file[] = TLS_DEFAULT_CA_FILE;
33
34const char *
35tls_default_ca_cert_file(void)
36{
37 return default_ca_file;
38}
39
40int
41tls_config_load_file(struct tls_error *error, const char *filetype,
42 const char *filename, char **buf, size_t *len)
43{
44 struct stat st;
45 int fd = -1;
46 ssize_t n;
47
48 free(*buf);
49 *buf = NULL;
50 *len = 0;
51
52 if ((fd = open(filename, O_RDONLY)) == -1) {
53 tls_error_set(error, TLS_ERROR_UNKNOWN,
54 "failed to open %s file '%s'",
55 filetype, filename);
56 goto err;
57 }
58 if (fstat(fd, &st) != 0) {
59 tls_error_set(error, TLS_ERROR_UNKNOWN,
60 "failed to stat %s file '%s'",
61 filetype, filename);
62 goto err;
63 }
64 if (st.st_size < 0)
65 goto err;
66 *len = (size_t)st.st_size;
67 if ((*buf = malloc(*len)) == NULL) {
68 tls_error_set(error, TLS_ERROR_UNKNOWN,
69 "failed to allocate buffer for %s file",
70 filetype);
71 goto err;
72 }
73 n = read(fd, *buf, *len);
74 if (n < 0 || (size_t)n != *len) {
75 tls_error_set(error, TLS_ERROR_UNKNOWN,
76 "failed to read %s file '%s'",
77 filetype, filename);
78 goto err;
79 }
80 close(fd);
81 return 0;
82
83 err:
84 if (fd != -1)
85 close(fd);
86 freezero(*buf, *len);
87 *buf = NULL;
88 *len = 0;
89
90 return -1;
91}
92
93struct tls_config *
94tls_config_new_internal(void)
95{
96 struct tls_config *config;
97 unsigned char sid[TLS_MAX_SESSION_ID_LENGTH];
98
99 if ((config = calloc(1, sizeof(*config))) == NULL)
100 return (NULL);
101
102 if (pthread_mutex_init(&config->mutex, NULL) != 0)
103 goto err;
104
105 config->refcount = 1;
106 config->session_fd = -1;
107
108 if ((config->keypair = tls_keypair_new()) == NULL)
109 goto err;
110
111 /*
112 * Default configuration.
113 */
114 if (tls_config_set_dheparams(config, "none") != 0)
115 goto err;
116 if (tls_config_set_ecdhecurves(config, "default") != 0)
117 goto err;
118 if (tls_config_set_ciphers(config, "secure") != 0)
119 goto err;
120
121 if (tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT) != 0)
122 goto err;
123 if (tls_config_set_verify_depth(config, 6) != 0)
124 goto err;
125
126 /*
127 * Set session ID context to a random value. For the simple case
128 * of a single process server this is good enough. For multiprocess
129 * servers the session ID needs to be set by the caller.
130 */
131 arc4random_buf(sid, sizeof(sid));
132 if (tls_config_set_session_id(config, sid, sizeof(sid)) != 0)
133 goto err;
134 config->ticket_keyrev = arc4random();
135 config->ticket_autorekey = 1;
136
137 tls_config_prefer_ciphers_server(config);
138
139 tls_config_verify(config);
140
141 return (config);
142
143 err:
144 tls_config_free(config);
145 return (NULL);
146}
147
148struct tls_config *
149tls_config_new(void)
150{
151 if (tls_init() == -1)
152 return (NULL);
153
154 return tls_config_new_internal();
155}
156
157void
158tls_config_free(struct tls_config *config)
159{
160 struct tls_keypair *kp, *nkp;
161 int refcount;
162
163 if (config == NULL)
164 return;
165
166 pthread_mutex_lock(&config->mutex);
167 refcount = --config->refcount;
168 pthread_mutex_unlock(&config->mutex);
169
170 if (refcount > 0)
171 return;
172
173 for (kp = config->keypair; kp != NULL; kp = nkp) {
174 nkp = kp->next;
175 tls_keypair_free(kp);
176 }
177
178 free(config->error.msg);
179
180 free(config->alpn);
181 free((char *)config->ca_mem);
182 free((char *)config->ca_path);
183 free((char *)config->ciphers);
184 free((char *)config->crl_mem);
185 free(config->ecdhecurves);
186
187 pthread_mutex_destroy(&config->mutex);
188
189 free(config);
190}
191
192static void
193tls_config_keypair_add(struct tls_config *config, struct tls_keypair *keypair)
194{
195 struct tls_keypair *kp;
196
197 kp = config->keypair;
198 while (kp->next != NULL)
199 kp = kp->next;
200
201 kp->next = keypair;
202}
203
204const char *
205tls_config_error(struct tls_config *config)
206{
207 return config->error.msg;
208}
209
210int
211tls_config_error_code(struct tls_config *config)
212{
213 return config->error.code;
214}
215
216void
217tls_config_clear_keys(struct tls_config *config)
218{
219 struct tls_keypair *kp;
220
221 for (kp = config->keypair; kp != NULL; kp = kp->next)
222 tls_keypair_clear_key(kp);
223}
224
225int
226tls_config_parse_protocols(uint32_t *protocols, const char *protostr)
227{
228 uint32_t proto, protos = 0;
229 char *s, *p, *q;
230 int negate;
231
232 if (protostr == NULL) {
233 *protocols = TLS_PROTOCOLS_DEFAULT;
234 return (0);
235 }
236
237 if ((s = strdup(protostr)) == NULL)
238 return (-1);
239
240 q = s;
241 while ((p = strsep(&q, ",:")) != NULL) {
242 while (*p == ' ' || *p == '\t')
243 p++;
244
245 negate = 0;
246 if (*p == '!') {
247 negate = 1;
248 p++;
249 }
250
251 if (negate && protos == 0)
252 protos = TLS_PROTOCOLS_ALL;
253
254 proto = 0;
255 if (strcasecmp(p, "all") == 0 ||
256 strcasecmp(p, "legacy") == 0)
257 proto = TLS_PROTOCOLS_ALL;
258 else if (strcasecmp(p, "default") == 0 ||
259 strcasecmp(p, "secure") == 0)
260 proto = TLS_PROTOCOLS_DEFAULT;
261 if (strcasecmp(p, "tlsv1") == 0)
262 proto = TLS_PROTOCOL_TLSv1;
263 else if (strcasecmp(p, "tlsv1.0") == 0)
264 proto = TLS_PROTOCOL_TLSv1_0;
265 else if (strcasecmp(p, "tlsv1.1") == 0)
266 proto = TLS_PROTOCOL_TLSv1_1;
267 else if (strcasecmp(p, "tlsv1.2") == 0)
268 proto = TLS_PROTOCOL_TLSv1_2;
269 else if (strcasecmp(p, "tlsv1.3") == 0)
270 proto = TLS_PROTOCOL_TLSv1_3;
271
272 if (proto == 0) {
273 free(s);
274 return (-1);
275 }
276
277 if (negate)
278 protos &= ~proto;
279 else
280 protos |= proto;
281 }
282
283 *protocols = protos;
284
285 free(s);
286
287 return (0);
288}
289
290static int
291tls_config_parse_alpn(struct tls_config *config, const char *alpn,
292 char **alpn_data, size_t *alpn_len)
293{
294 size_t buf_len, i, len;
295 char *buf = NULL;
296 char *s = NULL;
297 char *p, *q;
298
299 free(*alpn_data);
300 *alpn_data = NULL;
301 *alpn_len = 0;
302
303 if ((buf_len = strlen(alpn) + 1) > 65535) {
304 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
305 "alpn too large");
306 goto err;
307 }
308
309 if ((buf = malloc(buf_len)) == NULL) {
310 tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,
311 "out of memory");
312 goto err;
313 }
314
315 if ((s = strdup(alpn)) == NULL) {
316 tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,
317 "out of memory");
318 goto err;
319 }
320
321 i = 0;
322 q = s;
323 while ((p = strsep(&q, ",")) != NULL) {
324 if ((len = strlen(p)) == 0) {
325 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
326 "alpn protocol with zero length");
327 goto err;
328 }
329 if (len > 255) {
330 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
331 "alpn protocol too long");
332 goto err;
333 }
334 buf[i++] = len & 0xff;
335 memcpy(&buf[i], p, len);
336 i += len;
337 }
338
339 free(s);
340
341 *alpn_data = buf;
342 *alpn_len = buf_len;
343
344 return (0);
345
346 err:
347 free(buf);
348 free(s);
349
350 return (-1);
351}
352
353int
354tls_config_set_alpn(struct tls_config *config, const char *alpn)
355{
356 return tls_config_parse_alpn(config, alpn, &config->alpn,
357 &config->alpn_len);
358}
359
360static int
361tls_config_add_keypair_file_internal(struct tls_config *config,
362 const char *cert_file, const char *key_file, const char *ocsp_file)
363{
364 struct tls_keypair *keypair;
365
366 if ((keypair = tls_keypair_new()) == NULL)
367 return (-1);
368 if (tls_keypair_set_cert_file(keypair, &config->error, cert_file) != 0)
369 goto err;
370 if (key_file != NULL &&
371 tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)
372 goto err;
373 if (ocsp_file != NULL &&
374 tls_keypair_set_ocsp_staple_file(keypair, &config->error,
375 ocsp_file) != 0)
376 goto err;
377
378 tls_config_keypair_add(config, keypair);
379
380 return (0);
381
382 err:
383 tls_keypair_free(keypair);
384 return (-1);
385}
386
387static int
388tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
389 size_t cert_len, const uint8_t *key, size_t key_len,
390 const uint8_t *staple, size_t staple_len)
391{
392 struct tls_keypair *keypair;
393
394 if ((keypair = tls_keypair_new()) == NULL)
395 return (-1);
396 if (tls_keypair_set_cert_mem(keypair, &config->error, cert, cert_len) != 0)
397 goto err;
398 if (key != NULL &&
399 tls_keypair_set_key_mem(keypair, &config->error, key, key_len) != 0)
400 goto err;
401 if (staple != NULL &&
402 tls_keypair_set_ocsp_staple_mem(keypair, &config->error, staple,
403 staple_len) != 0)
404 goto err;
405
406 tls_config_keypair_add(config, keypair);
407
408 return (0);
409
410 err:
411 tls_keypair_free(keypair);
412 return (-1);
413}
414
415int
416tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
417 size_t cert_len, const uint8_t *key, size_t key_len)
418{
419 return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
420 key_len, NULL, 0);
421}
422
423int
424tls_config_add_keypair_file(struct tls_config *config,
425 const char *cert_file, const char *key_file)
426{
427 return tls_config_add_keypair_file_internal(config, cert_file,
428 key_file, NULL);
429}
430
431int
432tls_config_add_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
433 size_t cert_len, const uint8_t *key, size_t key_len, const uint8_t *staple,
434 size_t staple_len)
435{
436 return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
437 key_len, staple, staple_len);
438}
439
440int
441tls_config_add_keypair_ocsp_file(struct tls_config *config,
442 const char *cert_file, const char *key_file, const char *ocsp_file)
443{
444 return tls_config_add_keypair_file_internal(config, cert_file,
445 key_file, ocsp_file);
446}
447
448int
449tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
450{
451 return tls_config_load_file(&config->error, "CA", ca_file,
452 &config->ca_mem, &config->ca_len);
453}
454
455int
456tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
457{
458 return tls_set_string(&config->ca_path, ca_path);
459}
460
461int
462tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
463{
464 return tls_set_mem(&config->ca_mem, &config->ca_len, ca, len);
465}
466
467int
468tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
469{
470 return tls_keypair_set_cert_file(config->keypair, &config->error,
471 cert_file);
472}
473
474int
475tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
476 size_t len)
477{
478 return tls_keypair_set_cert_mem(config->keypair, &config->error,
479 cert, len);
480}
481
482int
483tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
484{
485 SSL_CTX *ssl_ctx = NULL;
486
487 if (ciphers == NULL ||
488 strcasecmp(ciphers, "default") == 0 ||
489 strcasecmp(ciphers, "secure") == 0)
490 ciphers = TLS_CIPHERS_DEFAULT;
491 else if (strcasecmp(ciphers, "compat") == 0)
492 ciphers = TLS_CIPHERS_COMPAT;
493 else if (strcasecmp(ciphers, "legacy") == 0)
494 ciphers = TLS_CIPHERS_LEGACY;
495 else if (strcasecmp(ciphers, "all") == 0 ||
496 strcasecmp(ciphers, "insecure") == 0)
497 ciphers = TLS_CIPHERS_ALL;
498
499 if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
500 tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,
501 "out of memory");
502 goto err;
503 }
504 if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) != 1) {
505 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
506 "no ciphers for '%s'", ciphers);
507 goto err;
508 }
509
510 SSL_CTX_free(ssl_ctx);
511 return tls_set_string(&config->ciphers, ciphers);
512
513 err:
514 SSL_CTX_free(ssl_ctx);
515 return -1;
516}
517
518int
519tls_config_set_crl_file(struct tls_config *config, const char *crl_file)
520{
521 return tls_config_load_file(&config->error, "CRL", crl_file,
522 &config->crl_mem, &config->crl_len);
523}
524
525int
526tls_config_set_crl_mem(struct tls_config *config, const uint8_t *crl,
527 size_t len)
528{
529 return tls_set_mem(&config->crl_mem, &config->crl_len, crl, len);
530}
531
532int
533tls_config_set_dheparams(struct tls_config *config, const char *params)
534{
535 int keylen;
536
537 if (params == NULL || strcasecmp(params, "none") == 0)
538 keylen = 0;
539 else if (strcasecmp(params, "auto") == 0)
540 keylen = -1;
541 else if (strcasecmp(params, "legacy") == 0)
542 keylen = 1024;
543 else {
544 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
545 "invalid dhe param '%s'", params);
546 return (-1);
547 }
548
549 config->dheparams = keylen;
550
551 return (0);
552}
553
554int
555tls_config_set_ecdhecurve(struct tls_config *config, const char *curve)
556{
557 if (curve == NULL ||
558 strcasecmp(curve, "none") == 0 ||
559 strcasecmp(curve, "auto") == 0) {
560 curve = TLS_ECDHE_CURVES;
561 } else if (strchr(curve, ',') != NULL || strchr(curve, ':') != NULL) {
562 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
563 "invalid ecdhe curve '%s'", curve);
564 return (-1);
565 }
566
567 return tls_config_set_ecdhecurves(config, curve);
568}
569
570int
571tls_config_set_ecdhecurves(struct tls_config *config, const char *curves)
572{
573 int *curves_list = NULL, *curves_new;
574 size_t curves_num = 0;
575 char *cs = NULL;
576 char *p, *q;
577 int rv = -1;
578 int nid;
579
580 free(config->ecdhecurves);
581 config->ecdhecurves = NULL;
582 config->ecdhecurves_len = 0;
583
584 if (curves == NULL || strcasecmp(curves, "default") == 0)
585 curves = TLS_ECDHE_CURVES;
586
587 if ((cs = strdup(curves)) == NULL) {
588 tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,
589 "out of memory");
590 goto err;
591 }
592
593 q = cs;
594 while ((p = strsep(&q, ",:")) != NULL) {
595 while (*p == ' ' || *p == '\t')
596 p++;
597
598 nid = OBJ_sn2nid(p);
599 if (nid == NID_undef)
600 nid = OBJ_ln2nid(p);
601 if (nid == NID_undef)
602 nid = EC_curve_nist2nid(p);
603 if (nid == NID_undef) {
604 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
605 "invalid ecdhe curve '%s'", p);
606 goto err;
607 }
608
609 if ((curves_new = reallocarray(curves_list, curves_num + 1,
610 sizeof(int))) == NULL) {
611 tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,
612 "out of memory");
613 goto err;
614 }
615 curves_list = curves_new;
616 curves_list[curves_num] = nid;
617 curves_num++;
618 }
619
620 config->ecdhecurves = curves_list;
621 config->ecdhecurves_len = curves_num;
622 curves_list = NULL;
623
624 rv = 0;
625
626 err:
627 free(cs);
628 free(curves_list);
629
630 return (rv);
631}
632
633int
634tls_config_set_key_file(struct tls_config *config, const char *key_file)
635{
636 return tls_keypair_set_key_file(config->keypair, &config->error,
637 key_file);
638}
639
640int
641tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
642 size_t len)
643{
644 return tls_keypair_set_key_mem(config->keypair, &config->error,
645 key, len);
646}
647
648static int
649tls_config_set_keypair_file_internal(struct tls_config *config,
650 const char *cert_file, const char *key_file, const char *ocsp_file)
651{
652 if (tls_config_set_cert_file(config, cert_file) != 0)
653 return (-1);
654 if (tls_config_set_key_file(config, key_file) != 0)
655 return (-1);
656 if (ocsp_file != NULL &&
657 tls_config_set_ocsp_staple_file(config, ocsp_file) != 0)
658 return (-1);
659
660 return (0);
661}
662
663static int
664tls_config_set_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
665 size_t cert_len, const uint8_t *key, size_t key_len,
666 const uint8_t *staple, size_t staple_len)
667{
668 if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
669 return (-1);
670 if (tls_config_set_key_mem(config, key, key_len) != 0)
671 return (-1);
672 if ((staple != NULL) &&
673 (tls_config_set_ocsp_staple_mem(config, staple, staple_len) != 0))
674 return (-1);
675
676 return (0);
677}
678
679int
680tls_config_set_keypair_file(struct tls_config *config,
681 const char *cert_file, const char *key_file)
682{
683 return tls_config_set_keypair_file_internal(config, cert_file, key_file,
684 NULL);
685}
686
687int
688tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
689 size_t cert_len, const uint8_t *key, size_t key_len)
690{
691 return tls_config_set_keypair_mem_internal(config, cert, cert_len,
692 key, key_len, NULL, 0);
693}
694
695int
696tls_config_set_keypair_ocsp_file(struct tls_config *config,
697 const char *cert_file, const char *key_file, const char *ocsp_file)
698{
699 return tls_config_set_keypair_file_internal(config, cert_file, key_file,
700 ocsp_file);
701}
702
703int
704tls_config_set_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
705 size_t cert_len, const uint8_t *key, size_t key_len,
706 const uint8_t *staple, size_t staple_len)
707{
708 return tls_config_set_keypair_mem_internal(config, cert, cert_len,
709 key, key_len, staple, staple_len);
710}
711
712
713int
714tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
715{
716 config->protocols = protocols;
717
718 return (0);
719}
720
721int
722tls_config_set_session_fd(struct tls_config *config, int session_fd)
723{
724 struct stat sb;
725 mode_t mugo;
726
727 if (session_fd == -1) {
728 config->session_fd = session_fd;
729 return (0);
730 }
731
732 if (fstat(session_fd, &sb) == -1) {
733 tls_config_set_error(config, TLS_ERROR_UNKNOWN,
734 "failed to stat session file");
735 return (-1);
736 }
737 if (!S_ISREG(sb.st_mode)) {
738 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
739 "session file is not a regular file");
740 return (-1);
741 }
742
743 if (sb.st_uid != getuid()) {
744 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
745 "session file has incorrect owner (uid %u != %u)",
746 sb.st_uid, getuid());
747 return (-1);
748 }
749 mugo = sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO);
750 if (mugo != (S_IRUSR|S_IWUSR)) {
751 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
752 "session file has incorrect permissions (%o != 600)", mugo);
753 return (-1);
754 }
755
756 config->session_fd = session_fd;
757
758 return (0);
759}
760
761int
762tls_config_set_sign_cb(struct tls_config *config, tls_sign_cb cb, void *cb_arg)
763{
764 config->use_fake_private_key = 1;
765 config->skip_private_key_check = 1;
766 config->sign_cb = cb;
767 config->sign_cb_arg = cb_arg;
768
769 return (0);
770}
771
772int
773tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
774{
775 config->verify_depth = verify_depth;
776
777 return (0);
778}
779
780void
781tls_config_prefer_ciphers_client(struct tls_config *config)
782{
783 config->ciphers_server = 0;
784}
785
786void
787tls_config_prefer_ciphers_server(struct tls_config *config)
788{
789 config->ciphers_server = 1;
790}
791
792void
793tls_config_insecure_noverifycert(struct tls_config *config)
794{
795 config->verify_cert = 0;
796}
797
798void
799tls_config_insecure_noverifyname(struct tls_config *config)
800{
801 config->verify_name = 0;
802}
803
804void
805tls_config_insecure_noverifytime(struct tls_config *config)
806{
807 config->verify_time = 0;
808}
809
810void
811tls_config_verify(struct tls_config *config)
812{
813 config->verify_cert = 1;
814 config->verify_name = 1;
815 config->verify_time = 1;
816}
817
818void
819tls_config_ocsp_require_stapling(struct tls_config *config)
820{
821 config->ocsp_require_stapling = 1;
822}
823
824void
825tls_config_verify_client(struct tls_config *config)
826{
827 config->verify_client = 1;
828}
829
830void
831tls_config_verify_client_optional(struct tls_config *config)
832{
833 config->verify_client = 2;
834}
835
836void
837tls_config_skip_private_key_check(struct tls_config *config)
838{
839 config->skip_private_key_check = 1;
840}
841
842void
843tls_config_use_fake_private_key(struct tls_config *config)
844{
845 config->use_fake_private_key = 1;
846 config->skip_private_key_check = 1;
847}
848
849int
850tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file)
851{
852 return tls_keypair_set_ocsp_staple_file(config->keypair, &config->error,
853 staple_file);
854}
855
856int
857tls_config_set_ocsp_staple_mem(struct tls_config *config, const uint8_t *staple,
858 size_t len)
859{
860 return tls_keypair_set_ocsp_staple_mem(config->keypair, &config->error,
861 staple, len);
862}
863
864int
865tls_config_set_session_id(struct tls_config *config,
866 const unsigned char *session_id, size_t len)
867{
868 if (len > TLS_MAX_SESSION_ID_LENGTH) {
869 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
870 "session ID too large");
871 return (-1);
872 }
873 memset(config->session_id, 0, sizeof(config->session_id));
874 memcpy(config->session_id, session_id, len);
875 return (0);
876}
877
878int
879tls_config_set_session_lifetime(struct tls_config *config, int lifetime)
880{
881 if (lifetime > TLS_MAX_SESSION_TIMEOUT) {
882 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
883 "session lifetime too large");
884 return (-1);
885 }
886 if (lifetime != 0 && lifetime < TLS_MIN_SESSION_TIMEOUT) {
887 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
888 "session lifetime too small");
889 return (-1);
890 }
891
892 config->session_lifetime = lifetime;
893 return (0);
894}
895
896int
897tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev,
898 unsigned char *key, size_t keylen)
899{
900 struct tls_ticket_key newkey;
901 int i;
902
903 if (TLS_TICKET_KEY_SIZE != keylen ||
904 sizeof(newkey.aes_key) + sizeof(newkey.hmac_key) > keylen) {
905 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
906 "wrong amount of ticket key data");
907 return (-1);
908 }
909
910 keyrev = htonl(keyrev);
911 memset(&newkey, 0, sizeof(newkey));
912 memcpy(newkey.key_name, &keyrev, sizeof(keyrev));
913 memcpy(newkey.aes_key, key, sizeof(newkey.aes_key));
914 memcpy(newkey.hmac_key, key + sizeof(newkey.aes_key),
915 sizeof(newkey.hmac_key));
916 newkey.time = time(NULL);
917
918 for (i = 0; i < TLS_NUM_TICKETS; i++) {
919 struct tls_ticket_key *tk = &config->ticket_keys[i];
920 if (memcmp(newkey.key_name, tk->key_name,
921 sizeof(tk->key_name)) != 0)
922 continue;
923
924 /* allow re-entry of most recent key */
925 if (i == 0 && memcmp(newkey.aes_key, tk->aes_key,
926 sizeof(tk->aes_key)) == 0 && memcmp(newkey.hmac_key,
927 tk->hmac_key, sizeof(tk->hmac_key)) == 0)
928 return (0);
929 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
930 "ticket key already present");
931 return (-1);
932 }
933
934 memmove(&config->ticket_keys[1], &config->ticket_keys[0],
935 sizeof(config->ticket_keys) - sizeof(config->ticket_keys[0]));
936 config->ticket_keys[0] = newkey;
937
938 config->ticket_autorekey = 0;
939
940 return (0);
941}
942
943int
944tls_config_ticket_autorekey(struct tls_config *config)
945{
946 unsigned char key[TLS_TICKET_KEY_SIZE];
947 int rv;
948
949 arc4random_buf(key, sizeof(key));
950 rv = tls_config_add_ticket_key(config, config->ticket_keyrev++, key,
951 sizeof(key));
952 config->ticket_autorekey = 1;
953 return (rv);
954}
diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
deleted file mode 100644
index 8fb56c92b7..0000000000
--- a/src/lib/libtls/tls_conninfo.c
+++ /dev/null
@@ -1,368 +0,0 @@
1/* $OpenBSD: tls_conninfo.c,v 1.28 2024/12/10 08:40:30 tb Exp $ */
2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <stdio.h>
20#include <string.h>
21
22#include <openssl/posix_time.h>
23#include <openssl/x509.h>
24
25#include <tls.h>
26#include "tls_internal.h"
27
28static int
29tls_convert_notafter(struct tm *tm, time_t *out_time)
30{
31 int64_t posix_time;
32
33 /* OPENSSL_timegm() fails if tm is not representable in a time_t */
34 if (OPENSSL_timegm(tm, out_time))
35 return 1;
36 if (!OPENSSL_tm_to_posix(tm, &posix_time))
37 return 0;
38 if (posix_time < INT32_MIN)
39 return 0;
40 *out_time = (posix_time > INT32_MAX) ? INT32_MAX : posix_time;
41 return 1;
42}
43
44int
45tls_hex_string(const unsigned char *in, size_t inlen, char **out,
46 size_t *outlen)
47{
48 static const char hex[] = "0123456789abcdef";
49 size_t i, len;
50 char *p;
51
52 if (outlen != NULL)
53 *outlen = 0;
54
55 if (inlen >= SIZE_MAX)
56 return (-1);
57 if ((*out = reallocarray(NULL, inlen + 1, 2)) == NULL)
58 return (-1);
59
60 p = *out;
61 len = 0;
62 for (i = 0; i < inlen; i++) {
63 p[len++] = hex[(in[i] >> 4) & 0x0f];
64 p[len++] = hex[in[i] & 0x0f];
65 }
66 p[len++] = 0;
67
68 if (outlen != NULL)
69 *outlen = len;
70
71 return (0);
72}
73
74static int
75tls_get_peer_cert_hash(struct tls *ctx, char **hash)
76{
77 *hash = NULL;
78 if (ctx->ssl_peer_cert == NULL)
79 return (0);
80
81 if (tls_cert_hash(ctx->ssl_peer_cert, hash) == -1) {
82 tls_set_errorx(ctx, TLS_ERROR_OUT_OF_MEMORY, "out of memory");
83 *hash = NULL;
84 return -1;
85 }
86 return 0;
87}
88
89static int
90tls_get_peer_cert_issuer(struct tls *ctx, char **issuer)
91{
92 X509_NAME *name = NULL;
93
94 *issuer = NULL;
95 if (ctx->ssl_peer_cert == NULL)
96 return (-1);
97 if ((name = X509_get_issuer_name(ctx->ssl_peer_cert)) == NULL)
98 return (-1);
99 *issuer = X509_NAME_oneline(name, 0, 0);
100 if (*issuer == NULL)
101 return (-1);
102 return (0);
103}
104
105static int
106tls_get_peer_cert_subject(struct tls *ctx, char **subject)
107{
108 X509_NAME *name = NULL;
109
110 *subject = NULL;
111 if (ctx->ssl_peer_cert == NULL)
112 return (-1);
113 if ((name = X509_get_subject_name(ctx->ssl_peer_cert)) == NULL)
114 return (-1);
115 *subject = X509_NAME_oneline(name, 0, 0);
116 if (*subject == NULL)
117 return (-1);
118 return (0);
119}
120
121static int
122tls_get_peer_cert_common_name(struct tls *ctx, char **common_name)
123{
124 if (ctx->ssl_peer_cert == NULL)
125 return (-1);
126 return tls_get_common_name(ctx, ctx->ssl_peer_cert, NULL, common_name);
127}
128
129static int
130tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
131 time_t *notafter)
132{
133 struct tm before_tm, after_tm;
134 ASN1_TIME *before, *after;
135
136 if (ctx->ssl_peer_cert == NULL)
137 return (-1);
138
139 if ((before = X509_get_notBefore(ctx->ssl_peer_cert)) == NULL)
140 goto err;
141 if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL)
142 goto err;
143 if (!ASN1_TIME_to_tm(before, &before_tm))
144 goto err;
145 if (!ASN1_TIME_to_tm(after, &after_tm))
146 goto err;
147 if (!tls_convert_notafter(&after_tm, notafter))
148 goto err;
149 if (!OPENSSL_timegm(&before_tm, notbefore))
150 goto err;
151 return (0);
152
153 err:
154 return (-1);
155}
156
157static int
158tls_get_peer_cert_info(struct tls *ctx)
159{
160 if (ctx->ssl_peer_cert == NULL)
161 return (0);
162
163 if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1)
164 goto err;
165 if (tls_get_peer_cert_subject(ctx, &ctx->conninfo->subject) == -1)
166 goto err;
167 if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1)
168 goto err;
169 if (tls_get_peer_cert_common_name(ctx,
170 &ctx->conninfo->common_name) == -1)
171 goto err;
172 if (tls_get_peer_cert_times(ctx, &ctx->conninfo->notbefore,
173 &ctx->conninfo->notafter) == -1)
174 goto err;
175
176 return (0);
177
178 err:
179 return (-1);
180}
181
182static int
183tls_conninfo_alpn_proto(struct tls *ctx)
184{
185 const unsigned char *p;
186 unsigned int len;
187
188 free(ctx->conninfo->alpn);
189 ctx->conninfo->alpn = NULL;
190
191 SSL_get0_alpn_selected(ctx->ssl_conn, &p, &len);
192 if (len > 0) {
193 if ((ctx->conninfo->alpn = malloc(len + 1)) == NULL)
194 return (-1);
195 memcpy(ctx->conninfo->alpn, p, len);
196 ctx->conninfo->alpn[len] = '\0';
197 }
198
199 return (0);
200}
201
202static int
203tls_conninfo_cert_pem(struct tls *ctx)
204{
205 int i, rv = -1;
206 BIO *membio = NULL;
207 BUF_MEM *bptr = NULL;
208
209 if (ctx->ssl_peer_cert == NULL)
210 return 0;
211 if ((membio = BIO_new(BIO_s_mem()))== NULL)
212 goto err;
213
214 /*
215 * We have to write the peer cert out separately, because
216 * the certificate chain may or may not contain it.
217 */
218 if (!PEM_write_bio_X509(membio, ctx->ssl_peer_cert))
219 goto err;
220 for (i = 0; i < sk_X509_num(ctx->ssl_peer_chain); i++) {
221 X509 *chaincert = sk_X509_value(ctx->ssl_peer_chain, i);
222 if (chaincert != ctx->ssl_peer_cert &&
223 !PEM_write_bio_X509(membio, chaincert))
224 goto err;
225 }
226
227 BIO_get_mem_ptr(membio, &bptr);
228 free(ctx->conninfo->peer_cert);
229 ctx->conninfo->peer_cert_len = 0;
230 if ((ctx->conninfo->peer_cert = malloc(bptr->length)) == NULL)
231 goto err;
232 ctx->conninfo->peer_cert_len = bptr->length;
233 memcpy(ctx->conninfo->peer_cert, bptr->data,
234 ctx->conninfo->peer_cert_len);
235
236 /* BIO_free() will kill BUF_MEM - because we have not set BIO_NOCLOSE */
237 rv = 0;
238 err:
239 BIO_free(membio);
240 return rv;
241}
242
243static int
244tls_conninfo_session(struct tls *ctx)
245{
246 ctx->conninfo->session_resumed = SSL_session_reused(ctx->ssl_conn);
247
248 return 0;
249}
250
251int
252tls_conninfo_populate(struct tls *ctx)
253{
254 const char *tmp;
255
256 tls_conninfo_free(ctx->conninfo);
257
258 if ((ctx->conninfo = calloc(1, sizeof(struct tls_conninfo))) == NULL) {
259 tls_set_errorx(ctx, TLS_ERROR_OUT_OF_MEMORY, "out of memory");
260 goto err;
261 }
262
263 if (tls_conninfo_alpn_proto(ctx) == -1)
264 goto err;
265
266 if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL)
267 goto err;
268 if ((ctx->conninfo->cipher = strdup(tmp)) == NULL)
269 goto err;
270 ctx->conninfo->cipher_strength = SSL_get_cipher_bits(ctx->ssl_conn, NULL);
271
272 if (ctx->servername != NULL) {
273 if ((ctx->conninfo->servername =
274 strdup(ctx->servername)) == NULL)
275 goto err;
276 }
277
278 if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL)
279 goto err;
280 if ((ctx->conninfo->version = strdup(tmp)) == NULL)
281 goto err;
282
283 if (tls_get_peer_cert_info(ctx) == -1)
284 goto err;
285
286 if (tls_conninfo_cert_pem(ctx) == -1)
287 goto err;
288
289 if (tls_conninfo_session(ctx) == -1)
290 goto err;
291
292 return (0);
293
294 err:
295 tls_conninfo_free(ctx->conninfo);
296 ctx->conninfo = NULL;
297
298 return (-1);
299}
300
301void
302tls_conninfo_free(struct tls_conninfo *conninfo)
303{
304 if (conninfo == NULL)
305 return;
306
307 free(conninfo->alpn);
308 free(conninfo->cipher);
309 free(conninfo->servername);
310 free(conninfo->version);
311
312 free(conninfo->common_name);
313 free(conninfo->hash);
314 free(conninfo->issuer);
315 free(conninfo->subject);
316
317 free(conninfo->peer_cert);
318
319 free(conninfo);
320}
321
322const char *
323tls_conn_alpn_selected(struct tls *ctx)
324{
325 if (ctx->conninfo == NULL)
326 return (NULL);
327 return (ctx->conninfo->alpn);
328}
329
330const char *
331tls_conn_cipher(struct tls *ctx)
332{
333 if (ctx->conninfo == NULL)
334 return (NULL);
335 return (ctx->conninfo->cipher);
336}
337
338int
339tls_conn_cipher_strength(struct tls *ctx)
340{
341 if (ctx->conninfo == NULL)
342 return (0);
343 return (ctx->conninfo->cipher_strength);
344}
345
346const char *
347tls_conn_servername(struct tls *ctx)
348{
349 if (ctx->conninfo == NULL)
350 return (NULL);
351 return (ctx->conninfo->servername);
352}
353
354int
355tls_conn_session_resumed(struct tls *ctx)
356{
357 if (ctx->conninfo == NULL)
358 return (0);
359 return (ctx->conninfo->session_resumed);
360}
361
362const char *
363tls_conn_version(struct tls *ctx)
364{
365 if (ctx->conninfo == NULL)
366 return (NULL);
367 return (ctx->conninfo->version);
368}
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
deleted file mode 100644
index 8e566a34e0..0000000000
--- a/src/lib/libtls/tls_internal.h
+++ /dev/null
@@ -1,330 +0,0 @@
1/* $OpenBSD: tls_internal.h,v 1.86 2024/12/10 08:40:30 tb Exp $ */
2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#ifndef HEADER_TLS_INTERNAL_H
20#define HEADER_TLS_INTERNAL_H
21
22#include <pthread.h>
23
24#include <arpa/inet.h>
25#include <netinet/in.h>
26
27#include <openssl/ssl.h>
28
29__BEGIN_HIDDEN_DECLS
30
31#ifndef TLS_DEFAULT_CA_FILE
32#define TLS_DEFAULT_CA_FILE "/etc/ssl/cert.pem"
33#endif
34
35#define TLS_CIPHERS_DEFAULT "TLSv1.3:TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
36#define TLS_CIPHERS_COMPAT "HIGH:!aNULL"
37#define TLS_CIPHERS_LEGACY "HIGH:MEDIUM:!aNULL"
38#define TLS_CIPHERS_ALL "ALL:!aNULL:!eNULL"
39
40#define TLS_ECDHE_CURVES "X25519,P-256,P-384"
41
42union tls_addr {
43 struct in_addr ip4;
44 struct in6_addr ip6;
45};
46
47struct tls_error {
48 char *msg;
49 int code;
50 int errno_value;
51 int tls;
52};
53
54struct tls_keypair {
55 struct tls_keypair *next;
56
57 char *cert_mem;
58 size_t cert_len;
59 char *key_mem;
60 size_t key_len;
61 char *ocsp_staple;
62 size_t ocsp_staple_len;
63 char *pubkey_hash;
64};
65
66#define TLS_MIN_SESSION_TIMEOUT (4)
67#define TLS_MAX_SESSION_TIMEOUT (24 * 60 * 60)
68
69#define TLS_NUM_TICKETS 4
70#define TLS_TICKET_NAME_SIZE 16
71#define TLS_TICKET_AES_SIZE 32
72#define TLS_TICKET_HMAC_SIZE 16
73
74struct tls_ticket_key {
75 /* The key_name must be 16 bytes according to -lssl */
76 unsigned char key_name[TLS_TICKET_NAME_SIZE];
77 unsigned char aes_key[TLS_TICKET_AES_SIZE];
78 unsigned char hmac_key[TLS_TICKET_HMAC_SIZE];
79 time_t time;
80};
81
82typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash,
83 const uint8_t *_input, size_t _input_len, int _padding_type,
84 uint8_t **_out_signature, size_t *_out_signature_len);
85
86struct tls_config {
87 struct tls_error error;
88
89 pthread_mutex_t mutex;
90 int refcount;
91
92 char *alpn;
93 size_t alpn_len;
94 const char *ca_path;
95 char *ca_mem;
96 size_t ca_len;
97 const char *ciphers;
98 int ciphers_server;
99 char *crl_mem;
100 size_t crl_len;
101 int dheparams;
102 int *ecdhecurves;
103 size_t ecdhecurves_len;
104 struct tls_keypair *keypair;
105 int ocsp_require_stapling;
106 uint32_t protocols;
107 unsigned char session_id[TLS_MAX_SESSION_ID_LENGTH];
108 int session_fd;
109 int session_lifetime;
110 struct tls_ticket_key ticket_keys[TLS_NUM_TICKETS];
111 uint32_t ticket_keyrev;
112 int ticket_autorekey;
113 int verify_cert;
114 int verify_client;
115 int verify_depth;
116 int verify_name;
117 int verify_time;
118 int skip_private_key_check;
119 int use_fake_private_key;
120 tls_sign_cb sign_cb;
121 void *sign_cb_arg;
122};
123
124struct tls_conninfo {
125 char *alpn;
126 char *cipher;
127 int cipher_strength;
128 char *servername;
129 int session_resumed;
130 char *version;
131
132 char *common_name;
133 char *hash;
134 char *issuer;
135 char *subject;
136
137 uint8_t *peer_cert;
138 size_t peer_cert_len;
139
140 time_t notbefore;
141 time_t notafter;
142};
143
144#define TLS_CLIENT (1 << 0)
145#define TLS_SERVER (1 << 1)
146#define TLS_SERVER_CONN (1 << 2)
147
148#define TLS_EOF_NO_CLOSE_NOTIFY (1 << 0)
149#define TLS_CONNECTED (1 << 1)
150#define TLS_HANDSHAKE_COMPLETE (1 << 2)
151#define TLS_SSL_NEEDS_SHUTDOWN (1 << 3)
152
153struct tls_ocsp_result {
154 const char *result_msg;
155 int response_status;
156 int cert_status;
157 int crl_reason;
158 time_t this_update;
159 time_t next_update;
160 time_t revocation_time;
161};
162
163struct tls_ocsp {
164 /* responder location */
165 char *ocsp_url;
166
167 /* cert data, this struct does not own these */
168 X509 *main_cert;
169 STACK_OF(X509) *extra_certs;
170
171 struct tls_ocsp_result *ocsp_result;
172};
173
174struct tls_sni_ctx {
175 struct tls_sni_ctx *next;
176
177 struct tls_keypair *keypair;
178
179 SSL_CTX *ssl_ctx;
180 X509 *ssl_cert;
181};
182
183struct tls {
184 struct tls_config *config;
185 struct tls_keypair *keypair;
186
187 struct tls_error error;
188
189 uint32_t flags;
190 uint32_t state;
191
192 char *servername;
193 int socket;
194
195 SSL *ssl_conn;
196 SSL_CTX *ssl_ctx;
197
198 struct tls_sni_ctx *sni_ctx;
199
200 X509 *ssl_peer_cert;
201 STACK_OF(X509) *ssl_peer_chain;
202
203 struct tls_conninfo *conninfo;
204
205 struct tls_ocsp *ocsp;
206
207 tls_read_cb read_cb;
208 tls_write_cb write_cb;
209 void *cb_arg;
210};
211
212int tls_set_mem(char **_dest, size_t *_destlen, const void *_src,
213 size_t _srclen);
214int tls_set_string(const char **_dest, const char *_src);
215
216struct tls_keypair *tls_keypair_new(void);
217void tls_keypair_clear_key(struct tls_keypair *_keypair);
218void tls_keypair_free(struct tls_keypair *_keypair);
219int tls_keypair_set_cert_file(struct tls_keypair *_keypair,
220 struct tls_error *_error, const char *_cert_file);
221int tls_keypair_set_cert_mem(struct tls_keypair *_keypair,
222 struct tls_error *_error, const uint8_t *_cert, size_t _len);
223int tls_keypair_set_key_file(struct tls_keypair *_keypair,
224 struct tls_error *_error, const char *_key_file);
225int tls_keypair_set_key_mem(struct tls_keypair *_keypair,
226 struct tls_error *_error, const uint8_t *_key, size_t _len);
227int tls_keypair_set_ocsp_staple_file(struct tls_keypair *_keypair,
228 struct tls_error *_error, const char *_ocsp_file);
229int tls_keypair_set_ocsp_staple_mem(struct tls_keypair *_keypair,
230 struct tls_error *_error, const uint8_t *_staple, size_t _len);
231int tls_keypair_load_cert(struct tls_keypair *_keypair,
232 struct tls_error *_error, X509 **_cert);
233
234struct tls_sni_ctx *tls_sni_ctx_new(void);
235void tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx);
236
237struct tls_config *tls_config_new_internal(void);
238
239struct tls *tls_new(void);
240struct tls *tls_server_conn(struct tls *ctx);
241
242int tls_get_common_name(struct tls *_ctx, X509 *_cert, const char *_in_name,
243 char **_out_common_name);
244int tls_check_name(struct tls *ctx, X509 *cert, const char *servername,
245 int *match);
246int tls_configure_server(struct tls *ctx);
247
248int tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx);
249int tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
250 struct tls_keypair *keypair, int required);
251int tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify);
252
253int tls_handshake_client(struct tls *ctx);
254int tls_handshake_server(struct tls *ctx);
255
256int tls_config_load_file(struct tls_error *error, const char *filetype,
257 const char *filename, char **buf, size_t *len);
258int tls_config_ticket_autorekey(struct tls_config *config);
259int tls_host_port(const char *hostport, char **host, char **port);
260
261int tls_set_cbs(struct tls *ctx,
262 tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg);
263
264void tls_error_clear(struct tls_error *error);
265int tls_error_set(struct tls_error *error, int code, const char *fmt, ...)
266 __attribute__((__format__ (printf, 3, 4)))
267 __attribute__((__nonnull__ (3)));
268int tls_error_setx(struct tls_error *error, int code, const char *fmt, ...)
269 __attribute__((__format__ (printf, 3, 4)))
270 __attribute__((__nonnull__ (3)));
271int tls_config_set_error(struct tls_config *cfg, int code, const char *fmt, ...)
272 __attribute__((__format__ (printf, 3, 4)))
273 __attribute__((__nonnull__ (3)));
274int tls_config_set_errorx(struct tls_config *cfg, int code, const char *fmt, ...)
275 __attribute__((__format__ (printf, 3, 4)))
276 __attribute__((__nonnull__ (3)));
277int tls_set_error(struct tls *ctx, int code, const char *fmt, ...)
278 __attribute__((__format__ (printf, 3, 4)))
279 __attribute__((__nonnull__ (3)));
280int tls_set_errorx(struct tls *ctx, int code, const char *fmt, ...)
281 __attribute__((__format__ (printf, 3, 4)))
282 __attribute__((__nonnull__ (3)));
283int tls_set_ssl_errorx(struct tls *ctx, int code, const char *fmt, ...)
284 __attribute__((__format__ (printf, 3, 4)))
285 __attribute__((__nonnull__ (3)));
286
287int tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret,
288 const char *prefix);
289
290int tls_conninfo_populate(struct tls *ctx);
291void tls_conninfo_free(struct tls_conninfo *conninfo);
292
293int tls_ocsp_verify_cb(SSL *ssl, void *arg);
294int tls_ocsp_stapling_cb(SSL *ssl, void *arg);
295void tls_ocsp_free(struct tls_ocsp *ctx);
296struct tls_ocsp *tls_ocsp_setup_from_peer(struct tls *ctx);
297int tls_hex_string(const unsigned char *_in, size_t _inlen, char **_out,
298 size_t *_outlen);
299int tls_cert_hash(X509 *_cert, char **_hash);
300int tls_cert_pubkey_hash(X509 *_cert, char **_hash);
301
302int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);
303
304RSA_METHOD *tls_signer_rsa_method(void);
305EC_KEY_METHOD *tls_signer_ecdsa_method(void);
306
307#define TLS_PADDING_NONE 0
308#define TLS_PADDING_RSA_PKCS1 1
309
310int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
311 void *_cb_arg);
312
313struct tls_signer* tls_signer_new(void);
314void tls_signer_free(struct tls_signer * _signer);
315const char *tls_signer_error(struct tls_signer * _signer);
316int tls_signer_add_keypair_file(struct tls_signer *_signer,
317 const char *_cert_file, const char *_key_file);
318int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert,
319 size_t _cert_len, const uint8_t *_key, size_t _key_len);
320int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash,
321 const uint8_t *_input, size_t _input_len, int _padding_type,
322 uint8_t **_out_signature, size_t *_out_signature_len);
323
324__END_HIDDEN_DECLS
325
326/* XXX this function is not fully hidden so relayd can use it */
327void tls_config_skip_private_key_check(struct tls_config *config);
328void tls_config_use_fake_private_key(struct tls_config *config);
329
330#endif /* HEADER_TLS_INTERNAL_H */
diff --git a/src/lib/libtls/tls_keypair.c b/src/lib/libtls/tls_keypair.c
deleted file mode 100644
index ffda91df8e..0000000000
--- a/src/lib/libtls/tls_keypair.c
+++ /dev/null
@@ -1,172 +0,0 @@
1/* $OpenBSD: tls_keypair.c,v 1.9 2024/03/26 06:24:52 joshua Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/bio.h>
19#include <openssl/err.h>
20#include <openssl/pem.h>
21
22#include <tls.h>
23
24#include "tls_internal.h"
25
26struct tls_keypair *
27tls_keypair_new(void)
28{
29 return calloc(1, sizeof(struct tls_keypair));
30}
31
32static int
33tls_keypair_pubkey_hash(struct tls_keypair *keypair, struct tls_error *error)
34{
35 X509 *cert = NULL;
36 int rv = -1;
37
38 free(keypair->pubkey_hash);
39 keypair->pubkey_hash = NULL;
40
41 if (keypair->cert_mem == NULL) {
42 rv = 0;
43 goto done;
44 }
45
46 if (tls_keypair_load_cert(keypair, error, &cert) == -1)
47 goto err;
48 if (tls_cert_pubkey_hash(cert, &keypair->pubkey_hash) == -1)
49 goto err;
50
51 rv = 0;
52
53 err:
54 X509_free(cert);
55 done:
56 return (rv);
57}
58
59void
60tls_keypair_clear_key(struct tls_keypair *keypair)
61{
62 freezero(keypair->key_mem, keypair->key_len);
63 keypair->key_mem = NULL;
64 keypair->key_len = 0;
65}
66
67int
68tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error,
69 const char *cert_file)
70{
71 if (tls_config_load_file(error, "certificate", cert_file,
72 &keypair->cert_mem, &keypair->cert_len) == -1)
73 return -1;
74 return tls_keypair_pubkey_hash(keypair, error);
75}
76
77int
78tls_keypair_set_cert_mem(struct tls_keypair *keypair, struct tls_error *error,
79 const uint8_t *cert, size_t len)
80{
81 if (tls_set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len) == -1)
82 return -1;
83 return tls_keypair_pubkey_hash(keypair, error);
84}
85
86int
87tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error,
88 const char *key_file)
89{
90 tls_keypair_clear_key(keypair);
91 return tls_config_load_file(error, "key", key_file,
92 &keypair->key_mem, &keypair->key_len);
93}
94
95int
96tls_keypair_set_key_mem(struct tls_keypair *keypair, struct tls_error *error,
97 const uint8_t *key, size_t len)
98{
99 tls_keypair_clear_key(keypair);
100 return tls_set_mem(&keypair->key_mem, &keypair->key_len, key, len);
101}
102
103int
104tls_keypair_set_ocsp_staple_file(struct tls_keypair *keypair,
105 struct tls_error *error, const char *ocsp_file)
106{
107 return tls_config_load_file(error, "ocsp", ocsp_file,
108 &keypair->ocsp_staple, &keypair->ocsp_staple_len);
109}
110
111int
112tls_keypair_set_ocsp_staple_mem(struct tls_keypair *keypair,
113 struct tls_error *error, const uint8_t *staple, size_t len)
114{
115 return tls_set_mem(&keypair->ocsp_staple, &keypair->ocsp_staple_len,
116 staple, len);
117}
118
119void
120tls_keypair_free(struct tls_keypair *keypair)
121{
122 if (keypair == NULL)
123 return;
124
125 tls_keypair_clear_key(keypair);
126
127 free(keypair->cert_mem);
128 free(keypair->ocsp_staple);
129 free(keypair->pubkey_hash);
130
131 free(keypair);
132}
133
134int
135tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
136 X509 **cert)
137{
138 char *errstr = "unknown";
139 BIO *cert_bio = NULL;
140 unsigned long ssl_err;
141 int rv = -1;
142
143 X509_free(*cert);
144 *cert = NULL;
145
146 if (keypair->cert_mem == NULL) {
147 tls_error_set(error, TLS_ERROR_UNKNOWN,
148 "keypair has no certificate");
149 goto err;
150 }
151 if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
152 keypair->cert_len)) == NULL) {
153 tls_error_set(error, TLS_ERROR_UNKNOWN,
154 "failed to create certificate bio");
155 goto err;
156 }
157 if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
158 NULL)) == NULL) {
159 if ((ssl_err = ERR_peek_error()) != 0)
160 errstr = ERR_error_string(ssl_err, NULL);
161 tls_error_set(error, TLS_ERROR_UNKNOWN,
162 "failed to load certificate: %s", errstr);
163 goto err;
164 }
165
166 rv = 0;
167
168 err:
169 BIO_free(cert_bio);
170
171 return (rv);
172}
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c
deleted file mode 100644
index bfd06e3c6a..0000000000
--- a/src/lib/libtls/tls_ocsp.c
+++ /dev/null
@@ -1,473 +0,0 @@
1/* $OpenBSD: tls_ocsp.c,v 1.26 2024/03/26 06:24:52 joshua Exp $ */
2/*
3 * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
4 * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <sys/types.h>
20
21#include <arpa/inet.h>
22#include <netinet/in.h>
23
24#include <string.h>
25
26#include <openssl/err.h>
27#include <openssl/ocsp.h>
28#include <openssl/posix_time.h>
29#include <openssl/x509.h>
30
31#include <tls.h>
32#include "tls_internal.h"
33
34#define MAXAGE_SEC (14*24*60*60)
35#define JITTER_SEC (60)
36
37/*
38 * State for request.
39 */
40
41static struct tls_ocsp *
42tls_ocsp_new(void)
43{
44 return (calloc(1, sizeof(struct tls_ocsp)));
45}
46
47void
48tls_ocsp_free(struct tls_ocsp *ocsp)
49{
50 if (ocsp == NULL)
51 return;
52
53 X509_free(ocsp->main_cert);
54 free(ocsp->ocsp_result);
55 free(ocsp->ocsp_url);
56
57 free(ocsp);
58}
59
60static int
61tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_time)
62{
63 struct tm tm;
64
65 if (gt == NULL)
66 return -1;
67 /* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */
68 if (!ASN1_GENERALIZEDTIME_check(gt))
69 return -1;
70 if (!ASN1_TIME_to_tm(gt, &tm))
71 return -1;
72 if (!OPENSSL_timegm(&tm, gt_time))
73 return -1;
74 return 0;
75}
76
77static int
78tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status,
79 int crl_reason, ASN1_GENERALIZEDTIME *revtime,
80 ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd)
81{
82 struct tls_ocsp_result *info = NULL;
83
84 free(ctx->ocsp->ocsp_result);
85 ctx->ocsp->ocsp_result = NULL;
86
87 if ((info = calloc(1, sizeof (struct tls_ocsp_result))) == NULL) {
88 tls_set_error(ctx, TLS_ERROR_OUT_OF_MEMORY, "out of memory");
89 return -1;
90 }
91 info->response_status = response_status;
92 info->cert_status = cert_status;
93 info->crl_reason = crl_reason;
94 if (info->response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
95 info->result_msg =
96 OCSP_response_status_str(info->response_status);
97 } else if (info->cert_status != V_OCSP_CERTSTATUS_REVOKED) {
98 info->result_msg = OCSP_cert_status_str(info->cert_status);
99 } else {
100 info->result_msg = OCSP_crl_reason_str(info->crl_reason);
101 }
102 info->revocation_time = info->this_update = info->next_update = -1;
103 if (revtime != NULL &&
104 tls_ocsp_asn1_parse_time(ctx, revtime, &info->revocation_time) != 0) {
105 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
106 "unable to parse revocation time in OCSP reply");
107 goto err;
108 }
109 if (thisupd != NULL &&
110 tls_ocsp_asn1_parse_time(ctx, thisupd, &info->this_update) != 0) {
111 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
112 "unable to parse this update time in OCSP reply");
113 goto err;
114 }
115 if (nextupd != NULL &&
116 tls_ocsp_asn1_parse_time(ctx, nextupd, &info->next_update) != 0) {
117 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
118 "unable to parse next update time in OCSP reply");
119 goto err;
120 }
121 ctx->ocsp->ocsp_result = info;
122 return 0;
123
124 err:
125 free(info);
126 return -1;
127}
128
129static OCSP_CERTID *
130tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs,
131 SSL_CTX *ssl_ctx)
132{
133 X509_NAME *issuer_name;
134 X509 *issuer;
135 X509_STORE_CTX *storectx = NULL;
136 X509_OBJECT *obj = NULL;
137 OCSP_CERTID *cid = NULL;
138 X509_STORE *store;
139
140 if ((issuer_name = X509_get_issuer_name(main_cert)) == NULL)
141 goto out;
142
143 if (extra_certs != NULL) {
144 issuer = X509_find_by_subject(extra_certs, issuer_name);
145 if (issuer != NULL) {
146 cid = OCSP_cert_to_id(NULL, main_cert, issuer);
147 goto out;
148 }
149 }
150
151 if ((store = SSL_CTX_get_cert_store(ssl_ctx)) == NULL)
152 goto out;
153 if ((storectx = X509_STORE_CTX_new()) == NULL)
154 goto out;
155 if (X509_STORE_CTX_init(storectx, store, main_cert, extra_certs) != 1)
156 goto out;
157 if ((obj = X509_STORE_CTX_get_obj_by_subject(storectx, X509_LU_X509,
158 issuer_name)) == NULL)
159 goto out;
160
161 cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(obj));
162
163 out:
164 X509_STORE_CTX_free(storectx);
165 X509_OBJECT_free(obj);
166
167 return cid;
168}
169
170struct tls_ocsp *
171tls_ocsp_setup_from_peer(struct tls *ctx)
172{
173 struct tls_ocsp *ocsp = NULL;
174 STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL;
175
176 if ((ocsp = tls_ocsp_new()) == NULL)
177 goto err;
178
179 /* steal state from ctx struct */
180 ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn);
181 ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn);
182 if (ocsp->main_cert == NULL) {
183 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
184 "no peer certificate for OCSP");
185 goto err;
186 }
187
188 ocsp_urls = X509_get1_ocsp(ocsp->main_cert);
189 if (ocsp_urls == NULL) {
190 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
191 "no OCSP URLs in peer certificate");
192 goto err;
193 }
194
195 ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0));
196 if (ocsp->ocsp_url == NULL) {
197 tls_set_errorx(ctx, TLS_ERROR_OUT_OF_MEMORY, "out of memory");
198 goto err;
199 }
200
201 X509_email_free(ocsp_urls);
202 return ocsp;
203
204 err:
205 tls_ocsp_free(ocsp);
206 X509_email_free(ocsp_urls);
207 return NULL;
208}
209
210static int
211tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp)
212{
213 OCSP_BASICRESP *br = NULL;
214 ASN1_GENERALIZEDTIME *revtime = NULL, *thisupd = NULL, *nextupd = NULL;
215 OCSP_CERTID *cid = NULL;
216 STACK_OF(X509) *combined = NULL;
217 int response_status=0, cert_status=0, crl_reason=0;
218 int ret = -1;
219 unsigned long flags;
220
221 if ((br = OCSP_response_get1_basic(resp)) == NULL) {
222 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "cannot load ocsp reply");
223 goto err;
224 }
225
226 /*
227 * Skip validation of 'extra_certs' as this should be done
228 * already as part of main handshake.
229 */
230 flags = OCSP_TRUSTOTHER;
231
232 /* now verify */
233 if (OCSP_basic_verify(br, ctx->ocsp->extra_certs,
234 SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) {
235 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "ocsp verify failed");
236 goto err;
237 }
238
239 /* signature OK, look inside */
240 response_status = OCSP_response_status(resp);
241 if (response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
242 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
243 "ocsp verify failed: response - %s",
244 OCSP_response_status_str(response_status));
245 goto err;
246 }
247
248 cid = tls_ocsp_get_certid(ctx->ocsp->main_cert,
249 ctx->ocsp->extra_certs, ctx->ssl_ctx);
250 if (cid == NULL) {
251 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
252 "ocsp verify failed: no issuer cert");
253 goto err;
254 }
255
256 if (OCSP_resp_find_status(br, cid, &cert_status, &crl_reason,
257 &revtime, &thisupd, &nextupd) != 1) {
258 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
259 "ocsp verify failed: no result for cert");
260 goto err;
261 }
262
263 if (OCSP_check_validity(thisupd, nextupd, JITTER_SEC,
264 MAXAGE_SEC) != 1) {
265 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
266 "ocsp verify failed: ocsp response not current");
267 goto err;
268 }
269
270 if (tls_ocsp_fill_info(ctx, response_status, cert_status,
271 crl_reason, revtime, thisupd, nextupd) != 0)
272 goto err;
273
274 /* finally can look at status */
275 if (cert_status != V_OCSP_CERTSTATUS_GOOD && cert_status !=
276 V_OCSP_CERTSTATUS_UNKNOWN) {
277 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
278 "ocsp verify failed: revoked cert - %s",
279 OCSP_crl_reason_str(crl_reason));
280 goto err;
281 }
282 ret = 0;
283
284 err:
285 sk_X509_free(combined);
286 OCSP_CERTID_free(cid);
287 OCSP_BASICRESP_free(br);
288 return ret;
289}
290
291/*
292 * Process a raw OCSP response from an OCSP server request.
293 * OCSP details can then be retrieved with tls_peer_ocsp_* functions.
294 * returns 0 if certificate ok, -1 otherwise.
295 */
296static int
297tls_ocsp_process_response_internal(struct tls *ctx, const unsigned char *response,
298 size_t size)
299{
300 int ret;
301 OCSP_RESPONSE *resp;
302
303 resp = d2i_OCSP_RESPONSE(NULL, &response, size);
304 if (resp == NULL) {
305 tls_ocsp_free(ctx->ocsp);
306 ctx->ocsp = NULL;
307 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
308 "unable to parse OCSP response");
309 return -1;
310 }
311 ret = tls_ocsp_verify_response(ctx, resp);
312 OCSP_RESPONSE_free(resp);
313 return ret;
314}
315
316/* TLS handshake verification callback for stapled requests */
317int
318tls_ocsp_verify_cb(SSL *ssl, void *arg)
319{
320 const unsigned char *raw = NULL;
321 int size, res = -1;
322 struct tls *ctx;
323
324 if ((ctx = SSL_get_app_data(ssl)) == NULL)
325 return -1;
326
327 size = SSL_get_tlsext_status_ocsp_resp(ssl, &raw);
328 if (size <= 0) {
329 if (ctx->config->ocsp_require_stapling) {
330 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
331 "no stapled OCSP response provided");
332 return 0;
333 }
334 return 1;
335 }
336
337 tls_ocsp_free(ctx->ocsp);
338 if ((ctx->ocsp = tls_ocsp_setup_from_peer(ctx)) == NULL)
339 return 0;
340
341 if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0)
342 return 1;
343
344 res = tls_ocsp_process_response_internal(ctx, raw, size);
345
346 return (res == 0) ? 1 : 0;
347}
348
349
350/* Staple the OCSP information in ctx->ocsp to the server handshake. */
351int
352tls_ocsp_stapling_cb(SSL *ssl, void *arg)
353{
354 int ret = SSL_TLSEXT_ERR_ALERT_FATAL;
355 unsigned char *ocsp_staple = NULL;
356 struct tls *ctx;
357
358 if ((ctx = SSL_get_app_data(ssl)) == NULL)
359 goto err;
360
361 if (ctx->keypair == NULL || ctx->keypair->ocsp_staple == NULL ||
362 ctx->keypair->ocsp_staple_len == 0)
363 return SSL_TLSEXT_ERR_NOACK;
364
365 if ((ocsp_staple = malloc(ctx->keypair->ocsp_staple_len)) == NULL)
366 goto err;
367
368 memcpy(ocsp_staple, ctx->keypair->ocsp_staple,
369 ctx->keypair->ocsp_staple_len);
370
371 if (SSL_set_tlsext_status_ocsp_resp(ctx->ssl_conn, ocsp_staple,
372 ctx->keypair->ocsp_staple_len) != 1)
373 goto err;
374
375 ret = SSL_TLSEXT_ERR_OK;
376 err:
377 if (ret != SSL_TLSEXT_ERR_OK)
378 free(ocsp_staple);
379
380 return ret;
381}
382
383/*
384 * Public API
385 */
386
387/* Retrieve OCSP URL from peer certificate, if present. */
388const char *
389tls_peer_ocsp_url(struct tls *ctx)
390{
391 if (ctx->ocsp == NULL)
392 return NULL;
393 return ctx->ocsp->ocsp_url;
394}
395
396const char *
397tls_peer_ocsp_result(struct tls *ctx)
398{
399 if (ctx->ocsp == NULL)
400 return NULL;
401 if (ctx->ocsp->ocsp_result == NULL)
402 return NULL;
403 return ctx->ocsp->ocsp_result->result_msg;
404}
405
406int
407tls_peer_ocsp_response_status(struct tls *ctx)
408{
409 if (ctx->ocsp == NULL)
410 return -1;
411 if (ctx->ocsp->ocsp_result == NULL)
412 return -1;
413 return ctx->ocsp->ocsp_result->response_status;
414}
415
416int
417tls_peer_ocsp_cert_status(struct tls *ctx)
418{
419 if (ctx->ocsp == NULL)
420 return -1;
421 if (ctx->ocsp->ocsp_result == NULL)
422 return -1;
423 return ctx->ocsp->ocsp_result->cert_status;
424}
425
426int
427tls_peer_ocsp_crl_reason(struct tls *ctx)
428{
429 if (ctx->ocsp == NULL)
430 return -1;
431 if (ctx->ocsp->ocsp_result == NULL)
432 return -1;
433 return ctx->ocsp->ocsp_result->crl_reason;
434}
435
436time_t
437tls_peer_ocsp_this_update(struct tls *ctx)
438{
439 if (ctx->ocsp == NULL)
440 return -1;
441 if (ctx->ocsp->ocsp_result == NULL)
442 return -1;
443 return ctx->ocsp->ocsp_result->this_update;
444}
445
446time_t
447tls_peer_ocsp_next_update(struct tls *ctx)
448{
449 if (ctx->ocsp == NULL)
450 return -1;
451 if (ctx->ocsp->ocsp_result == NULL)
452 return -1;
453 return ctx->ocsp->ocsp_result->next_update;
454}
455
456time_t
457tls_peer_ocsp_revocation_time(struct tls *ctx)
458{
459 if (ctx->ocsp == NULL)
460 return -1;
461 if (ctx->ocsp->ocsp_result == NULL)
462 return -1;
463 return ctx->ocsp->ocsp_result->revocation_time;
464}
465
466int
467tls_ocsp_process_response(struct tls *ctx, const unsigned char *response,
468 size_t size)
469{
470 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0)
471 return -1;
472 return tls_ocsp_process_response_internal(ctx, response, size);
473}
diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c
deleted file mode 100644
index 6d63a529f2..0000000000
--- a/src/lib/libtls/tls_peer.c
+++ /dev/null
@@ -1,107 +0,0 @@
1/* $OpenBSD: tls_peer.c,v 1.9 2024/12/10 08:40:30 tb Exp $ */
2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <stdio.h>
20
21#include <openssl/x509.h>
22
23#include <tls.h>
24#include "tls_internal.h"
25
26const char *
27tls_peer_cert_common_name(struct tls *ctx)
28{
29 if (ctx->conninfo == NULL)
30 return (NULL);
31 return (ctx->conninfo->common_name);
32}
33
34const char *
35tls_peer_cert_hash(struct tls *ctx)
36{
37 if (ctx->conninfo == NULL)
38 return (NULL);
39 return (ctx->conninfo->hash);
40}
41const char *
42tls_peer_cert_issuer(struct tls *ctx)
43{
44 if (ctx->conninfo == NULL)
45 return (NULL);
46 return (ctx->conninfo->issuer);
47}
48
49const char *
50tls_peer_cert_subject(struct tls *ctx)
51{
52 if (ctx->conninfo == NULL)
53 return (NULL);
54 return (ctx->conninfo->subject);
55}
56
57int
58tls_peer_cert_provided(struct tls *ctx)
59{
60 return (ctx->ssl_peer_cert != NULL);
61}
62
63int
64tls_peer_cert_contains_name(struct tls *ctx, const char *name)
65{
66 int match;
67
68 if (ctx->ssl_peer_cert == NULL)
69 return (0);
70
71 if (tls_check_name(ctx, ctx->ssl_peer_cert, name, &match) == -1)
72 return (0);
73
74 return (match);
75}
76
77time_t
78tls_peer_cert_notbefore(struct tls *ctx)
79{
80 if (ctx->ssl_peer_cert == NULL)
81 return (-1);
82 if (ctx->conninfo == NULL)
83 return (-1);
84 return (ctx->conninfo->notbefore);
85}
86
87time_t
88tls_peer_cert_notafter(struct tls *ctx)
89{
90 if (ctx->ssl_peer_cert == NULL)
91 return (-1);
92 if (ctx->conninfo == NULL)
93 return (-1);
94 return (ctx->conninfo->notafter);
95}
96
97const uint8_t *
98tls_peer_cert_chain_pem(struct tls *ctx, size_t *size)
99{
100 if (ctx->ssl_peer_cert == NULL)
101 return (NULL);
102 if (ctx->conninfo == NULL)
103 return (NULL);
104 *size = ctx->conninfo->peer_cert_len;
105 return (ctx->conninfo->peer_cert);
106}
107
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
deleted file mode 100644
index a94b4221ed..0000000000
--- a/src/lib/libtls/tls_server.c
+++ /dev/null
@@ -1,483 +0,0 @@
1/* $OpenBSD: tls_server.c,v 1.51 2024/03/26 08:54:48 joshua Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/socket.h>
19
20#include <arpa/inet.h>
21
22#include <string.h>
23
24#include <openssl/ec.h>
25#include <openssl/err.h>
26#include <openssl/ssl.h>
27
28#include <tls.h>
29#include "tls_internal.h"
30
31struct tls *
32tls_server(void)
33{
34 struct tls *ctx;
35
36 if (tls_init() == -1)
37 return (NULL);
38
39 if ((ctx = tls_new()) == NULL)
40 return (NULL);
41
42 ctx->flags |= TLS_SERVER;
43
44 return (ctx);
45}
46
47struct tls *
48tls_server_conn(struct tls *ctx)
49{
50 struct tls *conn_ctx;
51
52 if ((conn_ctx = tls_new()) == NULL)
53 return (NULL);
54
55 conn_ctx->flags |= TLS_SERVER_CONN;
56
57 pthread_mutex_lock(&ctx->config->mutex);
58 ctx->config->refcount++;
59 pthread_mutex_unlock(&ctx->config->mutex);
60
61 conn_ctx->config = ctx->config;
62 conn_ctx->keypair = ctx->config->keypair;
63
64 return (conn_ctx);
65}
66
67static int
68tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen,
69 const unsigned char *in, unsigned int inlen, void *arg)
70{
71 struct tls *ctx = arg;
72
73 if (SSL_select_next_proto((unsigned char**)out, outlen,
74 ctx->config->alpn, ctx->config->alpn_len, in, inlen) ==
75 OPENSSL_NPN_NEGOTIATED)
76 return (SSL_TLSEXT_ERR_OK);
77
78 return (SSL_TLSEXT_ERR_NOACK);
79}
80
81static int
82tls_servername_cb(SSL *ssl, int *al, void *arg)
83{
84 struct tls *ctx = (struct tls *)arg;
85 struct tls_sni_ctx *sni_ctx;
86 union tls_addr addrbuf;
87 struct tls *conn_ctx;
88 const char *name;
89 int match;
90
91 if ((conn_ctx = SSL_get_app_data(ssl)) == NULL)
92 goto err;
93
94 if ((name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) ==
95 NULL) {
96 /*
97 * The servername callback gets called even when there is no
98 * TLS servername extension provided by the client. Sigh!
99 */
100 return (SSL_TLSEXT_ERR_NOACK);
101 }
102
103 /*
104 * Per RFC 6066 section 3: ensure that name is not an IP literal.
105 *
106 * While we should treat this as an error, a number of clients
107 * (Python, Ruby and Safari) are not RFC compliant. To avoid handshake
108 * failures, pretend that we did not receive the extension.
109 */
110 if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
111 inet_pton(AF_INET6, name, &addrbuf) == 1)
112 return (SSL_TLSEXT_ERR_NOACK);
113
114 free(conn_ctx->servername);
115 if ((conn_ctx->servername = strdup(name)) == NULL)
116 goto err;
117
118 /* Find appropriate SSL context for requested servername. */
119 for (sni_ctx = ctx->sni_ctx; sni_ctx != NULL; sni_ctx = sni_ctx->next) {
120 if (tls_check_name(ctx, sni_ctx->ssl_cert, name,
121 &match) == -1)
122 goto err;
123 if (match) {
124 conn_ctx->keypair = sni_ctx->keypair;
125 SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx);
126 return (SSL_TLSEXT_ERR_OK);
127 }
128 }
129
130 /* No match, use the existing context/certificate. */
131 return (SSL_TLSEXT_ERR_OK);
132
133 err:
134 /*
135 * There is no way to tell libssl that an internal failure occurred.
136 * The only option we have is to return a fatal alert.
137 */
138 *al = SSL_AD_INTERNAL_ERROR;
139 return (SSL_TLSEXT_ERR_ALERT_FATAL);
140}
141
142static struct tls_ticket_key *
143tls_server_ticket_key(struct tls_config *config, unsigned char *keyname)
144{
145 struct tls_ticket_key *key = NULL;
146 time_t now;
147 int i;
148
149 now = time(NULL);
150 if (config->ticket_autorekey == 1) {
151 if (now - 3 * (config->session_lifetime / 4) >
152 config->ticket_keys[0].time) {
153 if (tls_config_ticket_autorekey(config) == -1)
154 return (NULL);
155 }
156 }
157 for (i = 0; i < TLS_NUM_TICKETS; i++) {
158 struct tls_ticket_key *tk = &config->ticket_keys[i];
159 if (now - config->session_lifetime > tk->time)
160 continue;
161 if (keyname == NULL || timingsafe_memcmp(keyname,
162 tk->key_name, sizeof(tk->key_name)) == 0) {
163 key = tk;
164 break;
165 }
166 }
167 return (key);
168}
169
170static int
171tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv,
172 EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int mode)
173{
174 struct tls_ticket_key *key;
175 struct tls *tls_ctx;
176
177 if ((tls_ctx = SSL_get_app_data(ssl)) == NULL)
178 return (-1);
179
180 if (mode == 1) {
181 /* create new session */
182 key = tls_server_ticket_key(tls_ctx->config, NULL);
183 if (key == NULL) {
184 tls_set_errorx(tls_ctx, TLS_ERROR_UNKNOWN,
185 "no valid ticket key found");
186 return (-1);
187 }
188
189 memcpy(keyname, key->key_name, sizeof(key->key_name));
190 arc4random_buf(iv, EVP_MAX_IV_LENGTH);
191 if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
192 key->aes_key, iv)) {
193 tls_set_errorx(tls_ctx, TLS_ERROR_UNKNOWN,
194 "failed to init encrypt");
195 return (-1);
196 }
197 if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
198 EVP_sha256(), NULL)) {
199 tls_set_errorx(tls_ctx, TLS_ERROR_UNKNOWN,
200 "failed to init hmac");
201 return (-1);
202 }
203 return (0);
204 } else {
205 /* get key by name */
206 key = tls_server_ticket_key(tls_ctx->config, keyname);
207 if (key == NULL)
208 return (0);
209
210 if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
211 key->aes_key, iv)) {
212 tls_set_errorx(tls_ctx, TLS_ERROR_UNKNOWN,
213 "failed to init decrypt");
214 return (-1);
215 }
216 if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
217 EVP_sha256(), NULL)) {
218 tls_set_errorx(tls_ctx, TLS_ERROR_UNKNOWN,
219 "failed to init hmac");
220 return (-1);
221 }
222
223 /* time to renew the ticket? is it the primary key? */
224 if (key != &tls_ctx->config->ticket_keys[0])
225 return (2);
226 return (1);
227 }
228}
229
230static int
231tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
232 struct tls_keypair *keypair)
233{
234 SSL_CTX_free(*ssl_ctx);
235
236 if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
237 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "ssl context failure");
238 goto err;
239 }
240
241 SSL_CTX_set_options(*ssl_ctx, SSL_OP_NO_CLIENT_RENEGOTIATION);
242
243 if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx,
244 tls_servername_cb) != 1) {
245 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
246 "failed to set servername callback");
247 goto err;
248 }
249 if (SSL_CTX_set_tlsext_servername_arg(*ssl_ctx, ctx) != 1) {
250 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
251 "failed to set servername callback arg");
252 goto err;
253 }
254
255 if (tls_configure_ssl(ctx, *ssl_ctx) != 0)
256 goto err;
257 if (tls_configure_ssl_keypair(ctx, *ssl_ctx, keypair, 1) != 0)
258 goto err;
259 if (ctx->config->verify_client != 0) {
260 int verify = SSL_VERIFY_PEER;
261 if (ctx->config->verify_client == 1)
262 verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
263 if (tls_configure_ssl_verify(ctx, *ssl_ctx, verify) == -1)
264 goto err;
265 }
266
267 if (ctx->config->alpn != NULL)
268 SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb,
269 ctx);
270
271 if (ctx->config->dheparams == -1)
272 SSL_CTX_set_dh_auto(*ssl_ctx, 1);
273 else if (ctx->config->dheparams == 1024)
274 SSL_CTX_set_dh_auto(*ssl_ctx, 2);
275
276 if (ctx->config->ecdhecurves != NULL) {
277 SSL_CTX_set_ecdh_auto(*ssl_ctx, 1);
278 if (SSL_CTX_set1_groups(*ssl_ctx, ctx->config->ecdhecurves,
279 ctx->config->ecdhecurves_len) != 1) {
280 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
281 "failed to set ecdhe curves");
282 goto err;
283 }
284 }
285
286 if (ctx->config->ciphers_server == 1)
287 SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
288
289 if (SSL_CTX_set_tlsext_status_cb(*ssl_ctx, tls_ocsp_stapling_cb) != 1) {
290 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
291 "failed to add OCSP stapling callback");
292 goto err;
293 }
294
295 if (ctx->config->session_lifetime > 0) {
296 /* set the session lifetime and enable tickets */
297 SSL_CTX_set_timeout(*ssl_ctx, ctx->config->session_lifetime);
298 SSL_CTX_clear_options(*ssl_ctx, SSL_OP_NO_TICKET);
299 if (!SSL_CTX_set_tlsext_ticket_key_cb(*ssl_ctx,
300 tls_server_ticket_cb)) {
301 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
302 "failed to set the TLS ticket callback");
303 goto err;
304 }
305 }
306
307 if (SSL_CTX_set_session_id_context(*ssl_ctx, ctx->config->session_id,
308 sizeof(ctx->config->session_id)) != 1) {
309 tls_set_error(ctx, TLS_ERROR_UNKNOWN,
310 "failed to set session id context");
311 goto err;
312 }
313
314 return (0);
315
316 err:
317 SSL_CTX_free(*ssl_ctx);
318 *ssl_ctx = NULL;
319
320 return (-1);
321}
322
323static int
324tls_configure_server_sni(struct tls *ctx)
325{
326 struct tls_sni_ctx **sni_ctx;
327 struct tls_keypair *kp;
328
329 if (ctx->config->keypair->next == NULL)
330 return (0);
331
332 /* Set up additional SSL contexts for SNI. */
333 sni_ctx = &ctx->sni_ctx;
334 for (kp = ctx->config->keypair->next; kp != NULL; kp = kp->next) {
335 if ((*sni_ctx = tls_sni_ctx_new()) == NULL) {
336 tls_set_errorx(ctx, TLS_ERROR_OUT_OF_MEMORY, "out of memory");
337 goto err;
338 }
339 (*sni_ctx)->keypair = kp;
340 if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1)
341 goto err;
342 if (tls_keypair_load_cert(kp, &ctx->error,
343 &(*sni_ctx)->ssl_cert) == -1)
344 goto err;
345 sni_ctx = &(*sni_ctx)->next;
346 }
347
348 return (0);
349
350 err:
351 return (-1);
352}
353
354int
355tls_configure_server(struct tls *ctx)
356{
357 if (tls_configure_server_ssl(ctx, &ctx->ssl_ctx,
358 ctx->config->keypair) == -1)
359 goto err;
360 if (tls_configure_server_sni(ctx) == -1)
361 goto err;
362
363 return (0);
364
365 err:
366 return (-1);
367}
368
369static struct tls *
370tls_accept_common(struct tls *ctx)
371{
372 struct tls *conn_ctx = NULL;
373
374 if ((ctx->flags & TLS_SERVER) == 0) {
375 tls_set_errorx(ctx, TLS_ERROR_INVALID_CONTEXT,
376 "not a server context");
377 goto err;
378 }
379
380 if ((conn_ctx = tls_server_conn(ctx)) == NULL) {
381 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
382 "connection context failure");
383 goto err;
384 }
385
386 if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
387 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "ssl failure");
388 goto err;
389 }
390
391 if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
392 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
393 "ssl application data failure");
394 goto err;
395 }
396
397 return conn_ctx;
398
399 err:
400 tls_free(conn_ctx);
401
402 return (NULL);
403}
404
405int
406tls_accept_socket(struct tls *ctx, struct tls **cctx, int s)
407{
408 return (tls_accept_fds(ctx, cctx, s, s));
409}
410
411int
412tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
413{
414 struct tls *conn_ctx;
415
416 if ((conn_ctx = tls_accept_common(ctx)) == NULL)
417 goto err;
418
419 if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
420 SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
421 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
422 "ssl file descriptor failure");
423 goto err;
424 }
425
426 *cctx = conn_ctx;
427
428 return (0);
429 err:
430 tls_free(conn_ctx);
431 *cctx = NULL;
432
433 return (-1);
434}
435
436int
437tls_accept_cbs(struct tls *ctx, struct tls **cctx,
438 tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)
439{
440 struct tls *conn_ctx;
441
442 if ((conn_ctx = tls_accept_common(ctx)) == NULL)
443 goto err;
444
445 if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0)
446 goto err;
447
448 *cctx = conn_ctx;
449
450 return (0);
451 err:
452 tls_free(conn_ctx);
453 *cctx = NULL;
454
455 return (-1);
456}
457
458int
459tls_handshake_server(struct tls *ctx)
460{
461 int ssl_ret;
462 int rv = -1;
463
464 if ((ctx->flags & TLS_SERVER_CONN) == 0) {
465 tls_set_errorx(ctx, TLS_ERROR_INVALID_CONTEXT,
466 "not a server connection context");
467 goto err;
468 }
469
470 ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;
471
472 ERR_clear_error();
473 if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) {
474 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
475 goto err;
476 }
477
478 ctx->state |= TLS_HANDSHAKE_COMPLETE;
479 rv = 0;
480
481 err:
482 return (rv);
483}
diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c
deleted file mode 100644
index 2573803ec1..0000000000
--- a/src/lib/libtls/tls_signer.c
+++ /dev/null
@@ -1,471 +0,0 @@
1/* $OpenBSD: tls_signer.c,v 1.13 2024/06/11 16:35:24 op Exp $ */
2/*
3 * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <limits.h>
19#include <pthread.h>
20#include <stdint.h>
21#include <stdio.h>
22#include <stdlib.h>
23#include <string.h>
24
25#include <openssl/bio.h>
26#include <openssl/ec.h>
27#include <openssl/err.h>
28#include <openssl/evp.h>
29#include <openssl/pem.h>
30#include <openssl/rsa.h>
31#include <openssl/x509.h>
32
33#include "tls.h"
34#include "tls_internal.h"
35
36struct tls_signer_key {
37 char *hash;
38 RSA *rsa;
39 EC_KEY *ecdsa;
40 struct tls_signer_key *next;
41};
42
43struct tls_signer {
44 struct tls_error error;
45 struct tls_signer_key *keys;
46};
47
48static pthread_mutex_t signer_method_lock = PTHREAD_MUTEX_INITIALIZER;
49
50struct tls_signer *
51tls_signer_new(void)
52{
53 struct tls_signer *signer;
54
55 if ((signer = calloc(1, sizeof(*signer))) == NULL)
56 return (NULL);
57
58 return (signer);
59}
60
61void
62tls_signer_free(struct tls_signer *signer)
63{
64 struct tls_signer_key *skey;
65
66 if (signer == NULL)
67 return;
68
69 tls_error_clear(&signer->error);
70
71 while (signer->keys) {
72 skey = signer->keys;
73 signer->keys = skey->next;
74 RSA_free(skey->rsa);
75 EC_KEY_free(skey->ecdsa);
76 free(skey->hash);
77 free(skey);
78 }
79
80 free(signer);
81}
82
83const char *
84tls_signer_error(struct tls_signer *signer)
85{
86 return (signer->error.msg);
87}
88
89int
90tls_signer_add_keypair_mem(struct tls_signer *signer, const uint8_t *cert,
91 size_t cert_len, const uint8_t *key, size_t key_len)
92{
93 struct tls_signer_key *skey = NULL;
94 char *errstr = "unknown";
95 int ssl_err;
96 EVP_PKEY *pkey = NULL;
97 X509 *x509 = NULL;
98 BIO *bio = NULL;
99 char *hash = NULL;
100
101 /* Compute certificate hash */
102 if ((bio = BIO_new_mem_buf(cert, cert_len)) == NULL) {
103 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
104 "failed to create certificate bio");
105 goto err;
106 }
107 if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb,
108 NULL)) == NULL) {
109 if ((ssl_err = ERR_peek_error()) != 0)
110 errstr = ERR_error_string(ssl_err, NULL);
111 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
112 "failed to load certificate: %s", errstr);
113 goto err;
114 }
115 if (tls_cert_pubkey_hash(x509, &hash) == -1) {
116 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
117 "failed to get certificate hash");
118 goto err;
119 }
120
121 X509_free(x509);
122 x509 = NULL;
123 BIO_free(bio);
124 bio = NULL;
125
126 /* Read private key */
127 if ((bio = BIO_new_mem_buf(key, key_len)) == NULL) {
128 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
129 "failed to create key bio");
130 goto err;
131 }
132 if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
133 NULL)) == NULL) {
134 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
135 "failed to read private key");
136 goto err;
137 }
138
139 if ((skey = calloc(1, sizeof(*skey))) == NULL) {
140 tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
141 "out of memory");
142 goto err;
143 }
144 skey->hash = hash;
145 if ((skey->rsa = EVP_PKEY_get1_RSA(pkey)) == NULL &&
146 (skey->ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {
147 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
148 "unknown key type");
149 goto err;
150 }
151
152 skey->next = signer->keys;
153 signer->keys = skey;
154 EVP_PKEY_free(pkey);
155 BIO_free(bio);
156
157 return (0);
158
159 err:
160 EVP_PKEY_free(pkey);
161 X509_free(x509);
162 BIO_free(bio);
163 free(hash);
164 free(skey);
165
166 return (-1);
167}
168
169int
170tls_signer_add_keypair_file(struct tls_signer *signer, const char *cert_file,
171 const char *key_file)
172{
173 char *cert = NULL, *key = NULL;
174 size_t cert_len, key_len;
175 int rv = -1;
176
177 if (tls_config_load_file(&signer->error, "certificate", cert_file,
178 &cert, &cert_len) == -1)
179 goto err;
180
181 if (tls_config_load_file(&signer->error, "key", key_file, &key,
182 &key_len) == -1)
183 goto err;
184
185 rv = tls_signer_add_keypair_mem(signer, cert, cert_len, key, key_len);
186
187 err:
188 free(cert);
189 free(key);
190
191 return (rv);
192}
193
194static int
195tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey,
196 const uint8_t *input, size_t input_len, int padding_type,
197 uint8_t **out_signature, size_t *out_signature_len)
198{
199 int rsa_padding, rsa_size, signature_len;
200 char *signature = NULL;
201
202 *out_signature = NULL;
203 *out_signature_len = 0;
204
205 if (padding_type == TLS_PADDING_NONE) {
206 rsa_padding = RSA_NO_PADDING;
207 } else if (padding_type == TLS_PADDING_RSA_PKCS1) {
208 rsa_padding = RSA_PKCS1_PADDING;
209 } else {
210 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
211 "invalid RSA padding type (%d)", padding_type);
212 return (-1);
213 }
214
215 if (input_len > INT_MAX) {
216 tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
217 "input too large");
218 return (-1);
219 }
220 if ((rsa_size = RSA_size(skey->rsa)) <= 0) {
221 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
222 "invalid RSA size: %d", rsa_size);
223 return (-1);
224 }
225 if ((signature = calloc(1, rsa_size)) == NULL) {
226 tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
227 "out of memory");
228 return (-1);
229 }
230
231 if ((signature_len = RSA_private_encrypt((int)input_len, input,
232 signature, skey->rsa, rsa_padding)) <= 0) {
233 /* XXX - include further details from libcrypto. */
234 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
235 "RSA signing failed");
236 free(signature);
237 return (-1);
238 }
239
240 *out_signature = signature;
241 *out_signature_len = (size_t)signature_len;
242
243 return (0);
244}
245
246static int
247tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey,
248 const uint8_t *input, size_t input_len, int padding_type,
249 uint8_t **out_signature, size_t *out_signature_len)
250{
251 unsigned char *signature;
252 int signature_len;
253
254 *out_signature = NULL;
255 *out_signature_len = 0;
256
257 if (padding_type != TLS_PADDING_NONE) {
258 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
259 "invalid ECDSA padding");
260 return (-1);
261 }
262
263 if (input_len > INT_MAX) {
264 tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
265 "digest too large");
266 return (-1);
267 }
268 if ((signature_len = ECDSA_size(skey->ecdsa)) <= 0) {
269 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
270 "invalid ECDSA size: %d", signature_len);
271 return (-1);
272 }
273 if ((signature = calloc(1, signature_len)) == NULL) {
274 tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
275 "out of memory");
276 return (-1);
277 }
278
279 if (!ECDSA_sign(0, input, input_len, signature, &signature_len,
280 skey->ecdsa)) {
281 /* XXX - include further details from libcrypto. */
282 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
283 "ECDSA signing failed");
284 free(signature);
285 return (-1);
286 }
287
288 *out_signature = signature;
289 *out_signature_len = signature_len;
290
291 return (0);
292}
293
294int
295tls_signer_sign(struct tls_signer *signer, const char *pubkey_hash,
296 const uint8_t *input, size_t input_len, int padding_type,
297 uint8_t **out_signature, size_t *out_signature_len)
298{
299 struct tls_signer_key *skey;
300
301 *out_signature = NULL;
302 *out_signature_len = 0;
303
304 for (skey = signer->keys; skey; skey = skey->next)
305 if (!strcmp(pubkey_hash, skey->hash))
306 break;
307
308 if (skey == NULL) {
309 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN, "key not found");
310 return (-1);
311 }
312
313 if (skey->rsa != NULL)
314 return tls_sign_rsa(signer, skey, input, input_len,
315 padding_type, out_signature, out_signature_len);
316
317 if (skey->ecdsa != NULL)
318 return tls_sign_ecdsa(signer, skey, input, input_len,
319 padding_type, out_signature, out_signature_len);
320
321 tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN, "unknown key type");
322
323 return (-1);
324}
325
326static int
327tls_rsa_priv_enc(int from_len, const unsigned char *from, unsigned char *to,
328 RSA *rsa, int rsa_padding)
329{
330 struct tls_config *config;
331 uint8_t *signature = NULL;
332 size_t signature_len = 0;
333 const char *pubkey_hash;
334 int padding_type;
335
336 /*
337 * This function is called via RSA_private_encrypt() and has to conform
338 * to its calling convention/signature. The caller is required to
339 * provide a 'to' buffer of at least RSA_size() bytes.
340 */
341
342 pubkey_hash = RSA_get_ex_data(rsa, 0);
343 config = RSA_get_ex_data(rsa, 1);
344
345 if (pubkey_hash == NULL || config == NULL)
346 goto err;
347
348 if (rsa_padding == RSA_NO_PADDING) {
349 padding_type = TLS_PADDING_NONE;
350 } else if (rsa_padding == RSA_PKCS1_PADDING) {
351 padding_type = TLS_PADDING_RSA_PKCS1;
352 } else {
353 goto err;
354 }
355
356 if (from_len < 0)
357 goto err;
358
359 if (config->sign_cb(config->sign_cb_arg, pubkey_hash, from, from_len,
360 padding_type, &signature, &signature_len) == -1)
361 goto err;
362
363 if (signature_len > INT_MAX || (int)signature_len > RSA_size(rsa))
364 goto err;
365
366 memcpy(to, signature, signature_len);
367 free(signature);
368
369 return ((int)signature_len);
370
371 err:
372 free(signature);
373
374 return (-1);
375}
376
377RSA_METHOD *
378tls_signer_rsa_method(void)
379{
380 static RSA_METHOD *rsa_method = NULL;
381
382 pthread_mutex_lock(&signer_method_lock);
383
384 if (rsa_method != NULL)
385 goto out;
386
387 rsa_method = RSA_meth_new("libtls RSA method", 0);
388 if (rsa_method == NULL)
389 goto out;
390
391 RSA_meth_set_priv_enc(rsa_method, tls_rsa_priv_enc);
392
393 out:
394 pthread_mutex_unlock(&signer_method_lock);
395
396 return (rsa_method);
397}
398
399static ECDSA_SIG *
400tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
401 const BIGNUM *rp, EC_KEY *eckey)
402{
403 struct tls_config *config;
404 ECDSA_SIG *ecdsa_sig = NULL;
405 uint8_t *signature = NULL;
406 size_t signature_len = 0;
407 const unsigned char *p;
408 const char *pubkey_hash;
409
410 /*
411 * This function is called via ECDSA_do_sign_ex() and has to conform
412 * to its calling convention/signature.
413 */
414
415 pubkey_hash = EC_KEY_get_ex_data(eckey, 0);
416 config = EC_KEY_get_ex_data(eckey, 1);
417
418 if (pubkey_hash == NULL || config == NULL)
419 goto err;
420
421 if (dgst_len < 0)
422 goto err;
423
424 if (config->sign_cb(config->sign_cb_arg, pubkey_hash, dgst, dgst_len,
425 TLS_PADDING_NONE, &signature, &signature_len) == -1)
426 goto err;
427
428 p = signature;
429 if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &p, signature_len)) == NULL)
430 goto err;
431
432 free(signature);
433
434 return (ecdsa_sig);
435
436 err:
437 free(signature);
438
439 return (NULL);
440}
441
442EC_KEY_METHOD *
443tls_signer_ecdsa_method(void)
444{
445 static EC_KEY_METHOD *ecdsa_method = NULL;
446 const EC_KEY_METHOD *default_method;
447 int (*sign)(int type, const unsigned char *dgst, int dlen,
448 unsigned char *sig, unsigned int *siglen,
449 const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey);
450 int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
451 BIGNUM **kinvp, BIGNUM **rp);
452
453 pthread_mutex_lock(&signer_method_lock);
454
455 if (ecdsa_method != NULL)
456 goto out;
457
458 default_method = EC_KEY_get_default_method();
459 ecdsa_method = EC_KEY_METHOD_new(default_method);
460 if (ecdsa_method == NULL)
461 goto out;
462
463 EC_KEY_METHOD_get_sign(default_method, &sign, &sign_setup, NULL);
464 EC_KEY_METHOD_set_sign(ecdsa_method, sign, sign_setup,
465 tls_ecdsa_do_sign);
466
467 out:
468 pthread_mutex_unlock(&signer_method_lock);
469
470 return (ecdsa_method);
471}
diff --git a/src/lib/libtls/tls_util.c b/src/lib/libtls/tls_util.c
deleted file mode 100644
index b276d2cfa7..0000000000
--- a/src/lib/libtls/tls_util.c
+++ /dev/null
@@ -1,226 +0,0 @@
1/* $OpenBSD: tls_util.c,v 1.16 2023/05/14 07:26:25 op Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
5 * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20#include <sys/stat.h>
21
22#include <stdlib.h>
23#include <string.h>
24#include <unistd.h>
25#include <fcntl.h>
26
27#include "tls.h"
28#include "tls_internal.h"
29
30static void *
31memdup(const void *in, size_t len)
32{
33 void *out;
34
35 if ((out = malloc(len)) == NULL)
36 return NULL;
37 memcpy(out, in, len);
38 return out;
39}
40
41int
42tls_set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
43{
44 free(*dest);
45 *dest = NULL;
46 *destlen = 0;
47 if (src != NULL) {
48 if ((*dest = memdup(src, srclen)) == NULL)
49 return -1;
50 *destlen = srclen;
51 }
52 return 0;
53}
54
55int
56tls_set_string(const char **dest, const char *src)
57{
58 free((char *)*dest);
59 *dest = NULL;
60 if (src != NULL)
61 if ((*dest = strdup(src)) == NULL)
62 return -1;
63 return 0;
64}
65
66/*
67 * Extract the host and port from a colon separated value. For a literal IPv6
68 * address the address must be contained with square braces. If a host and
69 * port are successfully extracted, the function will return 0 and the
70 * caller is responsible for freeing the host and port. If no port is found
71 * then the function will return 1, with both host and port being NULL.
72 * On memory allocation failure -1 will be returned.
73 */
74int
75tls_host_port(const char *hostport, char **host, char **port)
76{
77 char *h, *p, *s;
78 int rv = 1;
79
80 *host = NULL;
81 *port = NULL;
82
83 if ((s = strdup(hostport)) == NULL)
84 goto err;
85
86 h = p = s;
87
88 /* See if this is an IPv6 literal with square braces. */
89 if (p[0] == '[') {
90 h++;
91 if ((p = strchr(s, ']')) == NULL)
92 goto done;
93 *p++ = '\0';
94 }
95
96 /* Find the port separator. */
97 if ((p = strchr(p, ':')) == NULL)
98 goto done;
99
100 /* If there is another separator then we have issues. */
101 if (strchr(p + 1, ':') != NULL)
102 goto done;
103
104 *p++ = '\0';
105
106 if (asprintf(host, "%s", h) == -1) {
107 *host = NULL;
108 goto err;
109 }
110 if (asprintf(port, "%s", p) == -1) {
111 *port = NULL;
112 goto err;
113 }
114
115 rv = 0;
116 goto done;
117
118 err:
119 free(*host);
120 *host = NULL;
121 free(*port);
122 *port = NULL;
123 rv = -1;
124
125 done:
126 free(s);
127
128 return (rv);
129}
130
131int
132tls_password_cb(char *buf, int size, int rwflag, void *u)
133{
134 size_t len;
135
136 if (size < 0)
137 return (0);
138
139 if (u == NULL) {
140 memset(buf, 0, size);
141 return (0);
142 }
143
144 if ((len = strlcpy(buf, u, size)) >= (size_t)size)
145 return (0);
146
147 return (len);
148}
149
150uint8_t *
151tls_load_file(const char *name, size_t *len, char *password)
152{
153 FILE *fp;
154 EVP_PKEY *key = NULL;
155 BIO *bio = NULL;
156 char *data;
157 uint8_t *buf = NULL;
158 struct stat st;
159 size_t size = 0;
160 int fd = -1;
161 ssize_t n;
162
163 *len = 0;
164
165 if ((fd = open(name, O_RDONLY)) == -1)
166 return (NULL);
167
168 /* Just load the file into memory without decryption */
169 if (password == NULL) {
170 if (fstat(fd, &st) != 0)
171 goto err;
172 if (st.st_size < 0)
173 goto err;
174 size = (size_t)st.st_size;
175 if ((buf = malloc(size)) == NULL)
176 goto err;
177 n = read(fd, buf, size);
178 if (n < 0 || (size_t)n != size)
179 goto err;
180 close(fd);
181 goto done;
182 }
183
184 /* Or read the (possibly) encrypted key from file */
185 if ((fp = fdopen(fd, "r")) == NULL)
186 goto err;
187 fd = -1;
188
189 key = PEM_read_PrivateKey(fp, NULL, tls_password_cb, password);
190 fclose(fp);
191 if (key == NULL)
192 goto err;
193
194 /* Write unencrypted key to memory buffer */
195 if ((bio = BIO_new(BIO_s_mem())) == NULL)
196 goto err;
197 if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL))
198 goto err;
199 if ((size = BIO_get_mem_data(bio, &data)) <= 0)
200 goto err;
201 if ((buf = malloc(size)) == NULL)
202 goto err;
203 memcpy(buf, data, size);
204
205 BIO_free_all(bio);
206 EVP_PKEY_free(key);
207
208 done:
209 *len = size;
210 return (buf);
211
212 err:
213 if (fd != -1)
214 close(fd);
215 freezero(buf, size);
216 BIO_free_all(bio);
217 EVP_PKEY_free(key);
218
219 return (NULL);
220}
221
222void
223tls_unload_file(uint8_t *buf, size_t len)
224{
225 freezero(buf, len);
226}
diff --git a/src/lib/libtls/tls_verify.c b/src/lib/libtls/tls_verify.c
deleted file mode 100644
index 2935278383..0000000000
--- a/src/lib/libtls/tls_verify.c
+++ /dev/null
@@ -1,394 +0,0 @@
1/* $OpenBSD: tls_verify.c,v 1.32 2024/12/10 08:40:30 tb Exp $ */
2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/socket.h>
19
20#include <arpa/inet.h>
21#include <netinet/in.h>
22
23#include <string.h>
24
25#include <openssl/x509v3.h>
26
27#include <tls.h>
28#include "tls_internal.h"
29
30static int
31tls_match_name(const char *cert_name, const char *name)
32{
33 const char *cert_domain, *domain, *next_dot;
34
35 if (strcasecmp(cert_name, name) == 0)
36 return 0;
37
38 /* Wildcard match? */
39 if (cert_name[0] == '*') {
40 /*
41 * Valid wildcards:
42 * - "*.domain.tld"
43 * - "*.sub.domain.tld"
44 * - etc.
45 * Reject "*.tld".
46 * No attempt to prevent the use of eg. "*.co.uk".
47 */
48 cert_domain = &cert_name[1];
49 /* Disallow "*" */
50 if (cert_domain[0] == '\0')
51 return -1;
52 /* Disallow "*foo" */
53 if (cert_domain[0] != '.')
54 return -1;
55 /* Disallow "*.." */
56 if (cert_domain[1] == '.')
57 return -1;
58 next_dot = strchr(&cert_domain[1], '.');
59 /* Disallow "*.bar" */
60 if (next_dot == NULL)
61 return -1;
62 /* Disallow "*.bar.." */
63 if (next_dot[1] == '.')
64 return -1;
65
66 domain = strchr(name, '.');
67
68 /* No wildcard match against a name with no host part. */
69 if (name[0] == '.')
70 return -1;
71 /* No wildcard match against a name with no domain part. */
72 if (domain == NULL || strlen(domain) == 1)
73 return -1;
74
75 if (strcasecmp(cert_domain, domain) == 0)
76 return 0;
77 }
78
79 return -1;
80}
81
82/*
83 * See RFC 5280 section 4.2.1.6 for SubjectAltName details.
84 * alt_match is set to 1 if a matching alternate name is found.
85 * alt_exists is set to 1 if any known alternate name exists in the certificate.
86 */
87static int
88tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
89 int *alt_match, int *alt_exists)
90{
91 STACK_OF(GENERAL_NAME) *altname_stack = NULL;
92 union tls_addr addrbuf;
93 int addrlen, type;
94 int count, i;
95 int critical = 0;
96 int rv = -1;
97
98 *alt_match = 0;
99 *alt_exists = 0;
100
101 altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name, &critical,
102 NULL);
103 if (altname_stack == NULL) {
104 if (critical != -1) {
105 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
106 "error decoding subjectAltName");
107 goto err;
108 }
109 goto done;
110 }
111
112 if (inet_pton(AF_INET, name, &addrbuf) == 1) {
113 type = GEN_IPADD;
114 addrlen = 4;
115 } else if (inet_pton(AF_INET6, name, &addrbuf) == 1) {
116 type = GEN_IPADD;
117 addrlen = 16;
118 } else {
119 type = GEN_DNS;
120 addrlen = 0;
121 }
122
123 count = sk_GENERAL_NAME_num(altname_stack);
124 for (i = 0; i < count; i++) {
125 GENERAL_NAME *altname;
126
127 altname = sk_GENERAL_NAME_value(altname_stack, i);
128
129 if (altname->type == GEN_DNS || altname->type == GEN_IPADD)
130 *alt_exists = 1;
131
132 if (altname->type != type)
133 continue;
134
135 if (type == GEN_DNS) {
136 const unsigned char *data;
137 int format, len;
138
139 format = ASN1_STRING_type(altname->d.dNSName);
140 if (format == V_ASN1_IA5STRING) {
141 data = ASN1_STRING_get0_data(altname->d.dNSName);
142 len = ASN1_STRING_length(altname->d.dNSName);
143
144 if (len < 0 || (size_t)len != strlen(data)) {
145 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
146 "error verifying name '%s': "
147 "NUL byte in subjectAltName, "
148 "probably a malicious certificate",
149 name);
150 goto err;
151 }
152
153 /*
154 * Per RFC 5280 section 4.2.1.6:
155 * " " is a legal domain name, but that
156 * dNSName must be rejected.
157 */
158 if (strcmp(data, " ") == 0) {
159 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
160 "error verifying name '%s': "
161 "a dNSName of \" \" must not be "
162 "used", name);
163 goto err;
164 }
165
166 if (tls_match_name(data, name) == 0) {
167 *alt_match = 1;
168 goto done;
169 }
170 } else {
171#ifdef DEBUG
172 fprintf(stdout, "%s: unhandled subjectAltName "
173 "dNSName encoding (%d)\n", getprogname(),
174 format);
175#endif
176 }
177
178 } else if (type == GEN_IPADD) {
179 const unsigned char *data;
180 int datalen;
181
182 datalen = ASN1_STRING_length(altname->d.iPAddress);
183 data = ASN1_STRING_get0_data(altname->d.iPAddress);
184
185 if (datalen < 0) {
186 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
187 "Unexpected negative length for an "
188 "IP address: %d", datalen);
189 goto err;
190 }
191
192 /*
193 * Per RFC 5280 section 4.2.1.6:
194 * IPv4 must use 4 octets and IPv6 must use 16 octets.
195 */
196 if (datalen == addrlen &&
197 memcmp(data, &addrbuf, addrlen) == 0) {
198 *alt_match = 1;
199 goto done;
200 }
201 }
202 }
203
204 done:
205 rv = 0;
206
207 err:
208 sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free);
209 return rv;
210}
211
212static int
213tls_get_common_name_internal(X509 *cert, char **out_common_name,
214 unsigned int *out_tlserr, const char **out_errstr)
215{
216 unsigned char *utf8_bytes = NULL;
217 X509_NAME *subject_name;
218 char *common_name = NULL;
219 int common_name_len;
220 ASN1_STRING *data;
221 int lastpos = -1;
222 int rv = -1;
223
224 *out_tlserr = TLS_ERROR_UNKNOWN;
225 *out_errstr = "unknown";
226
227 free(*out_common_name);
228 *out_common_name = NULL;
229
230 subject_name = X509_get_subject_name(cert);
231 if (subject_name == NULL)
232 goto err;
233
234 lastpos = X509_NAME_get_index_by_NID(subject_name,
235 NID_commonName, lastpos);
236 if (lastpos == -1)
237 goto done;
238 if (lastpos < 0)
239 goto err;
240 if (X509_NAME_get_index_by_NID(subject_name, NID_commonName, lastpos)
241 != -1) {
242 /*
243 * Having multiple CN's is possible, and even happened back in
244 * the glory days of mullets and Hammer pants. In anything like
245 * a modern TLS cert, CN is as close to deprecated as it gets,
246 * and having more than one is bad. We therefore fail if we have
247 * more than one CN fed to us in the subject, treating the
248 * certificate as hostile.
249 */
250 *out_tlserr = TLS_ERROR_UNKNOWN;
251 *out_errstr = "error getting common name: "
252 "Certificate subject contains multiple Common Name fields, "
253 "probably a malicious or malformed certificate";
254 goto err;
255 }
256
257 data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject_name,
258 lastpos));
259 /*
260 * Fail if we cannot encode the CN bytes as UTF-8.
261 */
262 if ((common_name_len = ASN1_STRING_to_UTF8(&utf8_bytes, data)) < 0) {
263 *out_tlserr = TLS_ERROR_UNKNOWN;
264 *out_errstr = "error getting common name: "
265 "Common Name field cannot be encoded as a UTF-8 string, "
266 "probably a malicious certificate";
267 goto err;
268 }
269 /*
270 * Fail if the CN is of invalid length. RFC 5280 specifies that a CN
271 * must be between 1 and 64 bytes long.
272 */
273 if (common_name_len < 1 || common_name_len > 64) {
274 *out_tlserr = TLS_ERROR_UNKNOWN;
275 *out_errstr = "error getting common name: "
276 "Common Name field has invalid length, "
277 "probably a malicious certificate";
278 goto err;
279 }
280 /*
281 * Fail if the resulting text contains a NUL byte.
282 */
283 if (memchr(utf8_bytes, 0, common_name_len) != NULL) {
284 *out_tlserr = TLS_ERROR_UNKNOWN;
285 *out_errstr = "error getting common name: "
286 "NUL byte in Common Name field, "
287 "probably a malicious certificate";
288 goto err;
289 }
290
291 common_name = strndup(utf8_bytes, common_name_len);
292 if (common_name == NULL) {
293 *out_tlserr = TLS_ERROR_OUT_OF_MEMORY;
294 *out_errstr = "out of memory";
295 goto err;
296 }
297
298 *out_common_name = common_name;
299 common_name = NULL;
300
301 done:
302 if (*out_common_name == NULL)
303 *out_common_name = strdup("");
304 if (*out_common_name == NULL) {
305 *out_tlserr = TLS_ERROR_OUT_OF_MEMORY;
306 *out_errstr = "out of memory";
307 goto err;
308 }
309
310 rv = 0;
311
312 err:
313 free(utf8_bytes);
314 free(common_name);
315 return rv;
316}
317
318int
319tls_get_common_name(struct tls *ctx, X509 *cert, const char *in_name,
320 char **out_common_name)
321{
322 unsigned int errcode = TLS_ERROR_UNKNOWN;
323 const char *errstr = "unknown";
324
325 if (tls_get_common_name_internal(cert, out_common_name, &errcode,
326 &errstr) == -1) {
327 const char *name = in_name;
328 const char *space = " ";
329
330 if (name == NULL)
331 name = space = "";
332
333 tls_set_errorx(ctx, errcode, "%s%s%s", name, space, errstr);
334 return -1;
335 }
336
337 return 0;
338}
339
340static int
341tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
342 int *cn_match)
343{
344 char *common_name = NULL;
345 union tls_addr addrbuf;
346 int rv = -1;
347
348 if (tls_get_common_name(ctx, cert, name, &common_name) == -1)
349 goto err;
350 if (strlen(common_name) == 0)
351 goto done;
352
353 /*
354 * We don't want to attempt wildcard matching against IP addresses,
355 * so perform a simple comparison here.
356 */
357 if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
358 inet_pton(AF_INET6, name, &addrbuf) == 1) {
359 if (strcmp(common_name, name) == 0)
360 *cn_match = 1;
361 goto done;
362 }
363
364 if (tls_match_name(common_name, name) == 0)
365 *cn_match = 1;
366
367 done:
368 rv = 0;
369
370 err:
371 free(common_name);
372 return rv;
373}
374
375int
376tls_check_name(struct tls *ctx, X509 *cert, const char *name, int *match)
377{
378 int alt_exists;
379
380 *match = 0;
381
382 if (tls_check_subject_altname(ctx, cert, name, match,
383 &alt_exists) == -1)
384 return -1;
385
386 /*
387 * As per RFC 6125 section 6.4.4, if any known alternate name existed
388 * in the certificate, we do not attempt to match on the CN.
389 */
390 if (*match || alt_exists)
391 return 0;
392
393 return tls_check_common_name(ctx, cert, name, match);
394}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-26 21:55:40 +0000