From 263609dd4f2b34a02f6d2e943f58b18b8eef887a Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 20 Sep 2017 17:05:17 +0000
Subject: Keep track of which keypair is in use by a TLS context.

This fixes a bug where by a TLS server with SNI would always only return
the OCSP staple for the default keypair, rather than returning the OCSP
staple associated with the keypair that was selected via SNI.

Issue reported by William Graeber and confirmed by Andreas Bartelt.

Fix tested by William Graeber and Andreas Bartelt - thanks!
---
 src/lib/libtls/tls.c          |  5 ++++-
 src/lib/libtls/tls_internal.h |  6 +++++-
 src/lib/libtls/tls_ocsp.c     | 22 +++++++++++-----------
 src/lib/libtls/tls_server.c   |  6 +++++-
 4 files changed, 25 insertions(+), 14 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index d4e8d0114f..f07c4c6deb 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.70 2017/08/28 13:58:02 beck Exp $ */
+/* $OpenBSD: tls.c,v 1.71 2017/09/20 17:05:17 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -235,6 +235,7 @@ tls_new(void)
 		return (NULL);
 
 	tls_reset(ctx);
+
 	if (tls_configure(ctx, tls_config_default) == -1) {
 		free(ctx);
 		return NULL;
@@ -252,7 +253,9 @@ tls_configure(struct tls *ctx, struct tls_config *config)
 	config->refcount++;
 
 	tls_config_free(ctx->config);
+
 	ctx->config = config;
+	ctx->keypair = config->keypair;
 
 	if ((ctx->flags & TLS_SERVER) != 0)
 		return (tls_configure_server(ctx));
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index 9e9443dbaf..f378ea5466 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.64 2017/08/10 18:18:30 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.65 2017/09/20 17:05:17 jsing Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -157,12 +157,16 @@ struct tls_ocsp {
 struct tls_sni_ctx {
 	struct tls_sni_ctx *next;
 
+	struct tls_keypair *keypair;
+
 	SSL_CTX *ssl_ctx;
 	X509 *ssl_cert;
 };
 
 struct tls {
 	struct tls_config *config;
+	struct tls_keypair *keypair;
+
 	struct tls_error error;
 
 	uint32_t flags;
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c
index 4e2dba3487..a8835edc8f 100644
--- a/src/lib/libtls/tls_ocsp.c
+++ b/src/lib/libtls/tls_ocsp.c
@@ -331,32 +331,32 @@ tls_ocsp_verify_cb(SSL *ssl, void *arg)
 int
 tls_ocsp_stapling_cb(SSL *ssl, void *arg)
 {
-	struct tls *ctx;
-	unsigned char *ocsp_staple = NULL;
 	int ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+	unsigned char *ocsp_staple = NULL;
+	struct tls *ctx;
 
 	if ((ctx = SSL_get_app_data(ssl)) == NULL)
 		goto err;
 
-	if (ctx->config->keypair == NULL ||
-	    ctx->config->keypair->ocsp_staple == NULL ||
-	    ctx->config->keypair->ocsp_staple_len == 0)
+	if (ctx->keypair == NULL || ctx->keypair->ocsp_staple == NULL ||
+	    ctx->keypair->ocsp_staple_len == 0)
 		return SSL_TLSEXT_ERR_NOACK;
 
-	if ((ocsp_staple = malloc(ctx->config->keypair->ocsp_staple_len)) ==
-	    NULL)
+	if ((ocsp_staple = malloc(ctx->keypair->ocsp_staple_len)) == NULL)
 		goto err;
 
-	memcpy(ocsp_staple, ctx->config->keypair->ocsp_staple,
-	    ctx->config->keypair->ocsp_staple_len);
+	memcpy(ocsp_staple, ctx->keypair->ocsp_staple,
+	    ctx->keypair->ocsp_staple_len);
+
 	if (SSL_set_tlsext_status_ocsp_resp(ctx->ssl_conn, ocsp_staple,
-	    ctx->config->keypair->ocsp_staple_len) != 1)
+	    ctx->keypair->ocsp_staple_len) != 1)
 		goto err;
 
 	ret = SSL_TLSEXT_ERR_OK;
  err:
 	if (ret != SSL_TLSEXT_ERR_OK)
 		free(ocsp_staple);
+
 	return ret;
 }
 
@@ -364,7 +364,7 @@ tls_ocsp_stapling_cb(SSL *ssl, void *arg)
  * Public API
  */
 
-/* Retrieve OCSP URL from peer certificate, if present */
+/* Retrieve OCSP URL from peer certificate, if present. */
 const char *
 tls_peer_ocsp_url(struct tls *ctx)
 {
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 2622e4464f..e1011769f6 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.41 2017/08/10 18:18:30 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.42 2017/09/20 17:05:17 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -50,7 +50,9 @@ tls_server_conn(struct tls *ctx)
 	conn_ctx->flags |= TLS_SERVER_CONN;
 
 	ctx->config->refcount++;
+
 	conn_ctx->config = ctx->config;
+	conn_ctx->keypair = ctx->config->keypair;
 
 	return (conn_ctx);
 }
@@ -112,6 +114,7 @@ tls_servername_cb(SSL *ssl, int *al, void *arg)
 		    &match) == -1)
 			goto err;
 		if (match) {
+			conn_ctx->keypair = sni_ctx->keypair;
 			SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx);
 			return (SSL_TLSEXT_ERR_OK);
 		}
@@ -341,6 +344,7 @@ tls_configure_server_sni(struct tls *ctx)
 			tls_set_errorx(ctx, "out of memory");
 			goto err;
 		}
+		(*sni_ctx)->keypair = kp;
 		if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1)
 			goto err;
 		if (tls_keypair_load_cert(kp, &ctx->error,
-- 
cgit v1.2.3-55-g6feb