1 /* $OpenBSD: tls_client.c,v 1.49 2023/05/14 07:26:25 op Exp $ */ 2 /* 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <sys/types.h> 19 #include <sys/socket.h> 20 #include <sys/stat.h> 21 22 #include <arpa/inet.h> 23 #include <netinet/in.h> 24 25 #include <limits.h> 26 #include <netdb.h> 27 #include <stdlib.h> 28 #include <string.h> 29 #include <unistd.h> 30 31 #include <openssl/err.h> 32 #include <openssl/x509.h> 33 34 #include <tls.h> 35 #include "tls_internal.h" 36 37 struct tls * 38 tls_client(void) 39 { 40 struct tls *ctx; 41 42 if (tls_init() == -1) 43 return (NULL); 44 45 if ((ctx = tls_new()) == NULL) 46 return (NULL); 47 48 ctx->flags |= TLS_CLIENT; 49 50 return (ctx); 51 } 52 53 int 54 tls_connect(struct tls *ctx, const char *host, const char *port) 55 { 56 return tls_connect_servername(ctx, host, port, NULL); 57 } 58 59 int 60 tls_connect_servername(struct tls *ctx, const char *host, const char *port, 61 const char *servername) 62 { 63 struct addrinfo hints, *res, *res0; 64 const char *h = NULL, *p = NULL; 65 char *hs = NULL, *ps = NULL; 66 int rv = -1, s = -1, ret; 67 68 if ((ctx->flags & TLS_CLIENT) == 0) { 69 tls_set_errorx(ctx, "not a client context"); 70 goto err; 71 } 72 73 if (host == NULL) { 74 tls_set_errorx(ctx, "host not specified"); 75 goto err; 76 } 77 78 /* If port is NULL, try to extract a port from the specified host. */ 79 if (port == NULL) { 80 ret = tls_host_port(host, &hs, &ps); 81 if (ret == -1) { 82 tls_set_errorx(ctx, "memory allocation failure"); 83 goto err; 84 } 85 if (ret != 0) { 86 tls_set_errorx(ctx, "no port provided"); 87 goto err; 88 } 89 } 90 91 h = (hs != NULL) ? hs : host; 92 p = (ps != NULL) ? ps : port; 93 94 /* 95 * First check if the host is specified as a numeric IP address, 96 * either IPv4 or IPv6, before trying to resolve the host. 97 * The AI_ADDRCONFIG resolver option will not return IPv4 or IPv6 98 * records if it is not configured on an interface; not considering 99 * loopback addresses. Checking the numeric addresses first makes 100 * sure that connection attempts to numeric addresses and especially 101 * 127.0.0.1 or ::1 loopback addresses are always possible. 102 */ 103 memset(&hints, 0, sizeof(hints)); 104 hints.ai_socktype = SOCK_STREAM; 105 106 /* try as an IPv4 literal */ 107 hints.ai_family = AF_INET; 108 hints.ai_flags = AI_NUMERICHOST; 109 if (getaddrinfo(h, p, &hints, &res0) != 0) { 110 /* try again as an IPv6 literal */ 111 hints.ai_family = AF_INET6; 112 if (getaddrinfo(h, p, &hints, &res0) != 0) { 113 /* last try, with name resolution and save the error */ 114 hints.ai_family = AF_UNSPEC; 115 hints.ai_flags = AI_ADDRCONFIG; 116 if ((s = getaddrinfo(h, p, &hints, &res0)) != 0) { 117 tls_set_error(ctx, "%s", gai_strerror(s)); 118 goto err; 119 } 120 } 121 } 122 123 /* It was resolved somehow; now try connecting to what we got */ 124 s = -1; 125 for (res = res0; res; res = res->ai_next) { 126 s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); 127 if (s == -1) { 128 tls_set_error(ctx, "socket"); 129 continue; 130 } 131 if (connect(s, res->ai_addr, res->ai_addrlen) == -1) { 132 tls_set_error(ctx, "connect"); 133 close(s); 134 s = -1; 135 continue; 136 } 137 138 break; /* Connected. */ 139 } 140 freeaddrinfo(res0); 141 142 if (s == -1) 143 goto err; 144 145 if (servername == NULL) 146 servername = h; 147 148 if (tls_connect_socket(ctx, s, servername) != 0) { 149 close(s); 150 goto err; 151 } 152 153 ctx->socket = s; 154 155 rv = 0; 156 157 err: 158 free(hs); 159 free(ps); 160 161 return (rv); 162 } 163 164 static int 165 tls_client_read_session(struct tls *ctx) 166 { 167 int sfd = ctx->config->session_fd; 168 uint8_t *session = NULL; 169 size_t session_len = 0; 170 SSL_SESSION *ss = NULL; 171 BIO *bio = NULL; 172 struct stat sb; 173 ssize_t n; 174 int rv = -1; 175 176 if (fstat(sfd, &sb) == -1) { 177 tls_set_error(ctx, "failed to stat session file"); 178 goto err; 179 } 180 if (sb.st_size < 0 || sb.st_size > INT_MAX) { 181 tls_set_errorx(ctx, "invalid session file size"); 182 goto err; 183 } 184 session_len = (size_t)sb.st_size; 185 186 /* A zero size file means that we do not yet have a valid session. */ 187 if (session_len == 0) 188 goto done; 189 190 if ((session = malloc(session_len)) == NULL) 191 goto err; 192 193 n = pread(sfd, session, session_len, 0); 194 if (n < 0 || (size_t)n != session_len) { 195 tls_set_error(ctx, "failed to read session file"); 196 goto err; 197 } 198 if ((bio = BIO_new_mem_buf(session, session_len)) == NULL) 199 goto err; 200 if ((ss = PEM_read_bio_SSL_SESSION(bio, NULL, tls_password_cb, 201 NULL)) == NULL) { 202 tls_set_errorx(ctx, "failed to parse session"); 203 goto err; 204 } 205 206 if (SSL_set_session(ctx->ssl_conn, ss) != 1) { 207 tls_set_errorx(ctx, "failed to set session"); 208 goto err; 209 } 210 211 done: 212 rv = 0; 213 214 err: 215 freezero(session, session_len); 216 SSL_SESSION_free(ss); 217 BIO_free(bio); 218 219 return rv; 220 } 221 222 static int 223 tls_client_write_session(struct tls *ctx) 224 { 225 int sfd = ctx->config->session_fd; 226 SSL_SESSION *ss = NULL; 227 BIO *bio = NULL; 228 long data_len; 229 char *data; 230 off_t offset; 231 size_t len; 232 ssize_t n; 233 int rv = -1; 234 235 if ((ss = SSL_get1_session(ctx->ssl_conn)) == NULL) { 236 if (ftruncate(sfd, 0) == -1) { 237 tls_set_error(ctx, "failed to truncate session file"); 238 goto err; 239 } 240 goto done; 241 } 242 243 if ((bio = BIO_new(BIO_s_mem())) == NULL) 244 goto err; 245 if (PEM_write_bio_SSL_SESSION(bio, ss) == 0) 246 goto err; 247 if ((data_len = BIO_get_mem_data(bio, &data)) <= 0) 248 goto err; 249 250 len = (size_t)data_len; 251 offset = 0; 252 253 if (ftruncate(sfd, len) == -1) { 254 tls_set_error(ctx, "failed to truncate session file"); 255 goto err; 256 } 257 while (len > 0) { 258 if ((n = pwrite(sfd, data + offset, len, offset)) == -1) { 259 tls_set_error(ctx, "failed to write session file"); 260 goto err; 261 } 262 offset += n; 263 len -= n; 264 } 265 266 done: 267 rv = 0; 268 269 err: 270 SSL_SESSION_free(ss); 271 BIO_free_all(bio); 272 273 return (rv); 274 } 275 276 static int 277 tls_connect_common(struct tls *ctx, const char *servername) 278 { 279 union tls_addr addrbuf; 280 size_t servername_len; 281 int rv = -1; 282 283 if ((ctx->flags & TLS_CLIENT) == 0) { 284 tls_set_errorx(ctx, "not a client context"); 285 goto err; 286 } 287 288 if (servername != NULL) { 289 if ((ctx->servername = strdup(servername)) == NULL) { 290 tls_set_errorx(ctx, "out of memory"); 291 goto err; 292 } 293 294 /* 295 * If there's a trailing dot, remove it. While an FQDN includes 296 * the terminating dot representing the zero-length label of 297 * the root (RFC 8499, section 2), the SNI explicitly does not 298 * include it (RFC 6066, section 3). 299 */ 300 servername_len = strlen(ctx->servername); 301 if (servername_len > 0 && 302 ctx->servername[servername_len - 1] == '.') 303 ctx->servername[servername_len - 1] = '\0'; 304 } 305 306 if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { 307 tls_set_errorx(ctx, "ssl context failure"); 308 goto err; 309 } 310 311 if (tls_configure_ssl(ctx, ctx->ssl_ctx) != 0) 312 goto err; 313 314 if (tls_configure_ssl_keypair(ctx, ctx->ssl_ctx, 315 ctx->config->keypair, 0) != 0) 316 goto err; 317 318 if (ctx->config->verify_name) { 319 if (ctx->servername == NULL) { 320 tls_set_errorx(ctx, "server name not specified"); 321 goto err; 322 } 323 } 324 325 if (tls_configure_ssl_verify(ctx, ctx->ssl_ctx, SSL_VERIFY_PEER) == -1) 326 goto err; 327 328 if (ctx->config->ecdhecurves != NULL) { 329 if (SSL_CTX_set1_groups(ctx->ssl_ctx, ctx->config->ecdhecurves, 330 ctx->config->ecdhecurves_len) != 1) { 331 tls_set_errorx(ctx, "failed to set ecdhe curves"); 332 goto err; 333 } 334 } 335 336 if (SSL_CTX_set_tlsext_status_cb(ctx->ssl_ctx, tls_ocsp_verify_cb) != 1) { 337 tls_set_errorx(ctx, "ssl OCSP verification setup failure"); 338 goto err; 339 } 340 341 if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) { 342 tls_set_errorx(ctx, "ssl connection failure"); 343 goto err; 344 } 345 346 if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) { 347 tls_set_errorx(ctx, "ssl application data failure"); 348 goto err; 349 } 350 351 if (ctx->config->session_fd != -1) { 352 SSL_clear_options(ctx->ssl_conn, SSL_OP_NO_TICKET); 353 if (tls_client_read_session(ctx) == -1) 354 goto err; 355 } 356 357 if (SSL_set_tlsext_status_type(ctx->ssl_conn, TLSEXT_STATUSTYPE_ocsp) != 1) { 358 tls_set_errorx(ctx, "ssl OCSP extension setup failure"); 359 goto err; 360 } 361 362 /* 363 * RFC 6066 (SNI): Literal IPv4 and IPv6 addresses are not 364 * permitted in "HostName". 365 */ 366 if (ctx->servername != NULL && 367 inet_pton(AF_INET, ctx->servername, &addrbuf) != 1 && 368 inet_pton(AF_INET6, ctx->servername, &addrbuf) != 1) { 369 if (SSL_set_tlsext_host_name(ctx->ssl_conn, 370 ctx->servername) == 0) { 371 tls_set_errorx(ctx, "server name indication failure"); 372 goto err; 373 } 374 } 375 376 ctx->state |= TLS_CONNECTED; 377 rv = 0; 378 379 err: 380 return (rv); 381 } 382 383 int 384 tls_connect_socket(struct tls *ctx, int s, const char *servername) 385 { 386 return tls_connect_fds(ctx, s, s, servername); 387 } 388 389 int 390 tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, 391 const char *servername) 392 { 393 int rv = -1; 394 395 if (fd_read < 0 || fd_write < 0) { 396 tls_set_errorx(ctx, "invalid file descriptors"); 397 goto err; 398 } 399 400 if (tls_connect_common(ctx, servername) != 0) 401 goto err; 402 403 if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 || 404 SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) { 405 tls_set_errorx(ctx, "ssl file descriptor failure"); 406 goto err; 407 } 408 409 rv = 0; 410 err: 411 return (rv); 412 } 413 414 int 415 tls_connect_cbs(struct tls *ctx, tls_read_cb read_cb, 416 tls_write_cb write_cb, void *cb_arg, const char *servername) 417 { 418 int rv = -1; 419 420 if (tls_connect_common(ctx, servername) != 0) 421 goto err; 422 423 if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0) 424 goto err; 425 426 rv = 0; 427 428 err: 429 return (rv); 430 } 431 432 int 433 tls_handshake_client(struct tls *ctx) 434 { 435 X509 *cert = NULL; 436 int match, ssl_ret; 437 int rv = -1; 438 439 if ((ctx->flags & TLS_CLIENT) == 0) { 440 tls_set_errorx(ctx, "not a client context"); 441 goto err; 442 } 443 444 if ((ctx->state & TLS_CONNECTED) == 0) { 445 tls_set_errorx(ctx, "context not connected"); 446 goto err; 447 } 448 449 ctx->state |= TLS_SSL_NEEDS_SHUTDOWN; 450 451 ERR_clear_error(); 452 if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) { 453 rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake"); 454 goto err; 455 } 456 457 if (ctx->config->verify_name) { 458 cert = SSL_get_peer_certificate(ctx->ssl_conn); 459 if (cert == NULL) { 460 tls_set_errorx(ctx, "no server certificate"); 461 goto err; 462 } 463 if (tls_check_name(ctx, cert, ctx->servername, &match) == -1) 464 goto err; 465 if (!match) { 466 tls_set_errorx(ctx, "name `%s' not present in" 467 " server certificate", ctx->servername); 468 goto err; 469 } 470 } 471 472 ctx->state |= TLS_HANDSHAKE_COMPLETE; 473 474 if (ctx->config->session_fd != -1) { 475 if (tls_client_write_session(ctx) == -1) 476 goto err; 477 } 478 479 rv = 0; 480 481 err: 482 X509_free(cert); 483 484 return (rv); 485 } 486