12 #include <openssl/conf.h>
13 #include <openssl/err.h>
14 #include <openssl/ocsp.h>
15 #include <openssl/rand.h>
16 #include <openssl/ssl.h>
20 #endif /* HAVE_LIBSODIUM */
22 #if (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090100fL)
23 /* OpenSSL < 1.1.0 needs support for threading/locking in the calling application. */
24 static pthread_mutex_t
*openssllocks
{nullptr};
27 static void openssl_pthreads_locking_callback(int mode
, int type
, const char *file
, int line
)
29 if (mode
& CRYPTO_LOCK
) {
30 pthread_mutex_lock(&(openssllocks
[type
]));
33 pthread_mutex_unlock(&(openssllocks
[type
]));
37 static unsigned long openssl_pthreads_id_callback()
39 return (unsigned long)pthread_self();
43 static void openssl_thread_setup()
45 openssllocks
= (pthread_mutex_t
*)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t
));
47 for (int i
= 0; i
< CRYPTO_num_locks(); i
++)
48 pthread_mutex_init(&(openssllocks
[i
]), NULL
);
50 CRYPTO_set_id_callback(openssl_pthreads_id_callback
);
51 CRYPTO_set_locking_callback(openssl_pthreads_locking_callback
);
54 static void openssl_thread_cleanup()
56 CRYPTO_set_locking_callback(NULL
);
58 for (int i
=0; i
<CRYPTO_num_locks(); i
++) {
59 pthread_mutex_destroy(&(openssllocks
[i
]));
62 OPENSSL_free(openssllocks
);
65 #endif /* (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090100fL) */
67 static std::atomic
<uint64_t> s_users
;
68 static int s_ticketsKeyIndex
{-1};
69 static int s_countersIndex
{-1};
70 static int s_keyLogIndex
{-1};
72 void registerOpenSSLUser()
74 if (s_users
.fetch_add(1) == 0) {
75 #ifdef HAVE_OPENSSL_INIT_CRYPTO
76 /* load the default configuration file (or one specified via OPENSSL_CONF),
77 which can then be used to load engines */
78 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG
, nullptr);
81 #if (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x2090100fL))
82 SSL_load_error_strings();
83 OpenSSL_add_ssl_algorithms();
84 openssl_thread_setup();
86 s_ticketsKeyIndex
= SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
88 if (s_ticketsKeyIndex
== -1) {
89 throw std::runtime_error("Error getting an index for tickets key");
92 s_countersIndex
= SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
94 if (s_countersIndex
== -1) {
95 throw std::runtime_error("Error getting an index for counters");
98 s_keyLogIndex
= SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
100 if (s_keyLogIndex
== -1) {
101 throw std::runtime_error("Error getting an index for TLS key logging");
106 void unregisterOpenSSLUser()
108 if (s_users
.fetch_sub(1) == 1) {
109 #if (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x2090100fL))
114 CONF_modules_finish();
116 CONF_modules_unload(1);
118 CRYPTO_cleanup_all_ex_data();
119 openssl_thread_cleanup();
124 void* libssl_get_ticket_key_callback_data(SSL
* s
)
126 SSL_CTX
* sslCtx
= SSL_get_SSL_CTX(s
);
127 if (sslCtx
== nullptr) {
131 return SSL_CTX_get_ex_data(sslCtx
, s_ticketsKeyIndex
);
134 void libssl_set_ticket_key_callback_data(SSL_CTX
* ctx
, void* data
)
136 SSL_CTX_set_ex_data(ctx
, s_ticketsKeyIndex
, data
);
139 int libssl_ticket_key_callback(SSL
*s
, OpenSSLTLSTicketKeysRing
& keyring
, unsigned char keyName
[TLS_TICKETS_KEY_NAME_SIZE
], unsigned char *iv
, EVP_CIPHER_CTX
*ectx
, HMAC_CTX
*hctx
, int enc
)
142 const auto key
= keyring
.getEncryptionKey();
143 if (key
== nullptr) {
147 return key
->encrypt(keyName
, iv
, ectx
, hctx
);
150 bool activeEncryptionKey
= false;
152 const auto key
= keyring
.getDecryptionKey(keyName
, activeEncryptionKey
);
153 if (key
== nullptr) {
154 /* we don't know this key, just create a new ticket */
158 if (key
->decrypt(iv
, ectx
, hctx
) == false) {
162 if (!activeEncryptionKey
) {
163 /* this key is not active, please encrypt the ticket content with the currently active one */
170 static void libssl_info_callback(const SSL
*ssl
, int where
, int ret
)
172 SSL_CTX
* sslCtx
= SSL_get_SSL_CTX(ssl
);
173 if (sslCtx
== nullptr) {
177 TLSErrorCounters
* counters
= reinterpret_cast<TLSErrorCounters
*>(SSL_CTX_get_ex_data(sslCtx
, s_countersIndex
));
178 if (counters
== nullptr) {
182 if (where
& SSL_CB_ALERT
) {
183 const long lastError
= ERR_peek_last_error();
184 switch (ERR_GET_REASON(lastError
)) {
185 #ifdef SSL_R_DH_KEY_TOO_SMALL
186 case SSL_R_DH_KEY_TOO_SMALL
:
187 ++counters
->d_dhKeyTooSmall
;
189 #endif /* SSL_R_DH_KEY_TOO_SMALL */
190 case SSL_R_NO_SHARED_CIPHER
:
191 ++counters
->d_noSharedCipher
;
193 case SSL_R_UNKNOWN_PROTOCOL
:
194 ++counters
->d_unknownProtocol
;
196 case SSL_R_UNSUPPORTED_PROTOCOL
:
197 #ifdef SSL_R_VERSION_TOO_LOW
198 case SSL_R_VERSION_TOO_LOW
:
199 #endif /* SSL_R_VERSION_TOO_LOW */
200 ++counters
->d_unsupportedProtocol
;
202 case SSL_R_INAPPROPRIATE_FALLBACK
:
203 ++counters
->d_inappropriateFallBack
;
205 case SSL_R_UNKNOWN_CIPHER_TYPE
:
206 ++counters
->d_unknownCipherType
;
208 case SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE
:
209 ++counters
->d_unknownKeyExchangeType
;
211 case SSL_R_UNSUPPORTED_ELLIPTIC_CURVE
:
212 ++counters
->d_unsupportedEC
;
220 void libssl_set_error_counters_callback(std::unique_ptr
<SSL_CTX
, void(*)(SSL_CTX
*)>& ctx
, TLSErrorCounters
* counters
)
222 SSL_CTX_set_ex_data(ctx
.get(), s_countersIndex
, counters
);
223 SSL_CTX_set_info_callback(ctx
.get(), libssl_info_callback
);
226 int libssl_ocsp_stapling_callback(SSL
* ssl
, const std::map
<int, std::string
>& ocspMap
)
228 auto pkey
= SSL_get_privatekey(ssl
);
229 if (pkey
== nullptr) {
230 return SSL_TLSEXT_ERR_NOACK
;
233 /* look for an OCSP response for the corresponding private key type (RSA, ECDSA..) */
234 const auto& data
= ocspMap
.find(EVP_PKEY_base_id(pkey
));
235 if (data
== ocspMap
.end()) {
236 return SSL_TLSEXT_ERR_NOACK
;
239 /* we need to allocate a copy because OpenSSL will free the pointer passed to SSL_set_tlsext_status_ocsp_resp() */
240 void* copy
= OPENSSL_malloc(data
->second
.size());
241 if (copy
== nullptr) {
242 return SSL_TLSEXT_ERR_NOACK
;
245 memcpy(copy
, data
->second
.data(), data
->second
.size());
246 SSL_set_tlsext_status_ocsp_resp(ssl
, copy
, data
->second
.size());
247 return SSL_TLSEXT_ERR_OK
;
250 static bool libssl_validate_ocsp_response(const std::string
& response
)
252 auto responsePtr
= reinterpret_cast<const unsigned char *>(response
.data());
253 std::unique_ptr
<OCSP_RESPONSE
, void(*)(OCSP_RESPONSE
*)> resp(d2i_OCSP_RESPONSE(nullptr, &responsePtr
, response
.size()), OCSP_RESPONSE_free
);
254 if (resp
== nullptr) {
255 throw std::runtime_error("Unable to parse OCSP response");
258 int status
= OCSP_response_status(resp
.get());
259 if (status
!= OCSP_RESPONSE_STATUS_SUCCESSFUL
) {
260 throw std::runtime_error("OCSP response status is not successful: " + std::to_string(status
));
263 std::unique_ptr
<OCSP_BASICRESP
, void(*)(OCSP_BASICRESP
*)> basic(OCSP_response_get1_basic(resp
.get()), OCSP_BASICRESP_free
);
264 if (basic
== nullptr) {
265 throw std::runtime_error("Error getting a basic OCSP response");
268 if (OCSP_resp_count(basic
.get()) != 1) {
269 throw std::runtime_error("More than one single response in an OCSP basic response");
272 auto singleResponse
= OCSP_resp_get0(basic
.get(), 0);
273 if (singleResponse
== nullptr) {
274 throw std::runtime_error("Error getting a single response from the basic OCSP response");
278 ASN1_GENERALIZEDTIME
* revTime
= nullptr;
279 ASN1_GENERALIZEDTIME
* thisUpdate
= nullptr;
280 ASN1_GENERALIZEDTIME
* nextUpdate
= nullptr;
282 auto singleResponseStatus
= OCSP_single_get0_status(singleResponse
, &reason
, &revTime
, &thisUpdate
, &nextUpdate
);
283 if (singleResponseStatus
!= V_OCSP_CERTSTATUS_GOOD
) {
284 throw std::runtime_error("Invalid status for OCSP single response (" + std::to_string(singleResponseStatus
) + ")");
286 if (thisUpdate
== nullptr || nextUpdate
== nullptr) {
287 throw std::runtime_error("Error getting validity of OCSP single response");
290 auto validityResult
= OCSP_check_validity(thisUpdate
, nextUpdate
, /* 5 minutes of leeway */ 5 * 60, -1);
291 if (validityResult
== 0) {
292 throw std::runtime_error("OCSP single response is not yet, or no longer, valid");
298 std::map
<int, std::string
> libssl_load_ocsp_responses(const std::vector
<std::string
>& ocspFiles
, std::vector
<int> keyTypes
)
300 std::map
<int, std::string
> ocspResponses
;
302 if (ocspFiles
.size() > keyTypes
.size()) {
303 throw std::runtime_error("More OCSP files than certificates and keys loaded!");
307 for (const auto& filename
: ocspFiles
) {
308 std::ifstream
file(filename
, std::ios::binary
);
312 file
.read(buffer
, sizeof(buffer
));
315 throw std::runtime_error("Unable to load OCSP response from '" + filename
+ "'");
317 content
.append(buffer
, file
.gcount());
322 libssl_validate_ocsp_response(content
);
323 ocspResponses
.insert({keyTypes
.at(count
), std::move(content
)});
325 catch (const std::exception
& e
) {
326 throw std::runtime_error("Error checking the validity of OCSP response from '" + filename
+ "': " + e
.what());
331 return ocspResponses
;
334 int libssl_get_last_key_type(std::unique_ptr
<SSL_CTX
, void(*)(SSL_CTX
*)>& ctx
)
336 #ifdef HAVE_SSL_CTX_GET0_PRIVATEKEY
337 auto pkey
= SSL_CTX_get0_privatekey(ctx
.get());
339 auto temp
= std::unique_ptr
<SSL
, void(*)(SSL
*)>(SSL_new(ctx
.get()), SSL_free
);
343 auto pkey
= SSL_get_privatekey(temp
.get());
350 return EVP_PKEY_base_id(pkey
);
353 #ifdef HAVE_OCSP_BASIC_SIGN
354 bool libssl_generate_ocsp_response(const std::string
& certFile
, const std::string
& caCert
, const std::string
& caKey
, const std::string
& outFile
, int ndays
, int nmin
)
356 const EVP_MD
* rmd
= EVP_sha256();
358 auto fp
= std::unique_ptr
<FILE, int(*)(FILE*)>(fopen(certFile
.c_str(), "r"), fclose
);
360 throw std::runtime_error("Unable to open '" + certFile
+ "' when loading the certificate to generate an OCSP response");
362 auto cert
= std::unique_ptr
<X509
, void(*)(X509
*)>(PEM_read_X509_AUX(fp
.get(), nullptr, nullptr, nullptr), X509_free
);
364 fp
= std::unique_ptr
<FILE, int(*)(FILE*)>(fopen(caCert
.c_str(), "r"), fclose
);
366 throw std::runtime_error("Unable to open '" + caCert
+ "' when loading the issuer certificate to generate an OCSP response");
368 auto issuer
= std::unique_ptr
<X509
, void(*)(X509
*)>(PEM_read_X509_AUX(fp
.get(), nullptr, nullptr, nullptr), X509_free
);
369 fp
= std::unique_ptr
<FILE, int(*)(FILE*)>(fopen(caKey
.c_str(), "r"), fclose
);
371 throw std::runtime_error("Unable to open '" + caKey
+ "' when loading the issuer key to generate an OCSP response");
373 auto issuerKey
= std::unique_ptr
<EVP_PKEY
, void(*)(EVP_PKEY
*)>(PEM_read_PrivateKey(fp
.get(), nullptr, nullptr, nullptr), EVP_PKEY_free
);
376 auto bs
= std::unique_ptr
<OCSP_BASICRESP
, void(*)(OCSP_BASICRESP
*)>(OCSP_BASICRESP_new(), OCSP_BASICRESP_free
);
377 auto thisupd
= std::unique_ptr
<ASN1_TIME
, void(*)(ASN1_TIME
*)>(X509_gmtime_adj(nullptr, 0), ASN1_TIME_free
);
378 auto nextupd
= std::unique_ptr
<ASN1_TIME
, void(*)(ASN1_TIME
*)>(X509_time_adj_ex(nullptr, ndays
, nmin
* 60, nullptr), ASN1_TIME_free
);
380 auto cid
= std::unique_ptr
<OCSP_CERTID
, void(*)(OCSP_CERTID
*)>(OCSP_cert_to_id(rmd
, cert
.get(), issuer
.get()), OCSP_CERTID_free
);
381 OCSP_basic_add1_status(bs
.get(), cid
.get(), V_OCSP_CERTSTATUS_GOOD
, 0, nullptr, thisupd
.get(), nextupd
.get());
383 if (OCSP_basic_sign(bs
.get(), issuer
.get(), issuerKey
.get(), rmd
, nullptr, OCSP_NOCERTS
) != 1) {
384 throw std::runtime_error("Error while signing the OCSP response");
387 auto resp
= std::unique_ptr
<OCSP_RESPONSE
, void(*)(OCSP_RESPONSE
*)>(OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL
, bs
.get()), OCSP_RESPONSE_free
);
388 auto bio
= std::unique_ptr
<BIO
, void(*)(BIO
*)>(BIO_new_file(outFile
.c_str(), "wb"), BIO_vfree
);
390 throw std::runtime_error("Error opening file for writing the OCSP response");
393 // i2d_OCSP_RESPONSE_bio(bio.get(), resp.get()) is unusable from C++ because of an invalid cast
394 ASN1_i2d_bio((i2d_of_void
*)i2d_OCSP_RESPONSE
, bio
.get(), (unsigned char*)resp
.get());
398 #endif /* HAVE_OCSP_BASIC_SIGN */
400 LibsslTLSVersion
libssl_tls_version_from_string(const std::string
& str
)
402 if (str
== "tls1.0") {
403 return LibsslTLSVersion::TLS10
;
405 if (str
== "tls1.1") {
406 return LibsslTLSVersion::TLS11
;
408 if (str
== "tls1.2") {
409 return LibsslTLSVersion::TLS12
;
411 if (str
== "tls1.3") {
412 return LibsslTLSVersion::TLS13
;
414 throw std::runtime_error("Unknown TLS version '" + str
);
417 const std::string
& libssl_tls_version_to_string(LibsslTLSVersion version
)
419 static const std::map
<LibsslTLSVersion
, std::string
> versions
= {
420 { LibsslTLSVersion::TLS10
, "tls1.0" },
421 { LibsslTLSVersion::TLS11
, "tls1.1" },
422 { LibsslTLSVersion::TLS12
, "tls1.2" },
423 { LibsslTLSVersion::TLS13
, "tls1.3" }
426 const auto& it
= versions
.find(version
);
427 if (it
== versions
.end()) {
428 throw std::runtime_error("Unknown TLS version (" + std::to_string((int)version
) + ")");
433 bool libssl_set_min_tls_version(std::unique_ptr
<SSL_CTX
, void(*)(SSL_CTX
*)>& ctx
, LibsslTLSVersion version
)
435 #if defined(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION) || defined(SSL_CTX_set_min_proto_version)
436 /* These functions have been introduced in 1.1.0, and the use of SSL_OP_NO_* is deprecated
437 Warning: SSL_CTX_set_min_proto_version is a function-like macro in OpenSSL */
440 case LibsslTLSVersion::TLS10
:
443 case LibsslTLSVersion::TLS11
:
444 vers
= TLS1_1_VERSION
;
446 case LibsslTLSVersion::TLS12
:
447 vers
= TLS1_2_VERSION
;
449 case LibsslTLSVersion::TLS13
:
450 #ifdef TLS1_3_VERSION
451 vers
= TLS1_3_VERSION
;
454 #endif /* TLS1_3_VERSION */
460 if (SSL_CTX_set_min_proto_version(ctx
.get(), vers
) != 1) {
465 long vers
= SSL_OP_NO_SSLv2
| SSL_OP_NO_SSLv3
;
467 case LibsslTLSVersion::TLS10
:
469 case LibsslTLSVersion::TLS11
:
470 vers
|= SSL_OP_NO_TLSv1
;
472 case LibsslTLSVersion::TLS12
:
473 vers
|= SSL_OP_NO_TLSv1
| SSL_OP_NO_TLSv1_1
;
475 case LibsslTLSVersion::TLS13
:
476 vers
|= SSL_OP_NO_TLSv1
| SSL_OP_NO_TLSv1_1
| SSL_OP_NO_TLSv1_2
;
482 long options
= SSL_CTX_get_options(ctx
.get());
483 SSL_CTX_set_options(ctx
.get(), options
| vers
);
488 OpenSSLTLSTicketKeysRing::OpenSSLTLSTicketKeysRing(size_t capacity
)
490 pthread_rwlock_init(&d_lock
, nullptr);
491 d_ticketKeys
.set_capacity(capacity
);
494 OpenSSLTLSTicketKeysRing::~OpenSSLTLSTicketKeysRing()
496 pthread_rwlock_destroy(&d_lock
);
499 void OpenSSLTLSTicketKeysRing::addKey(std::shared_ptr
<OpenSSLTLSTicketKey
> newKey
)
501 WriteLock
wl(&d_lock
);
502 d_ticketKeys
.push_front(newKey
);
505 std::shared_ptr
<OpenSSLTLSTicketKey
> OpenSSLTLSTicketKeysRing::getEncryptionKey()
507 ReadLock
rl(&d_lock
);
508 return d_ticketKeys
.front();
511 std::shared_ptr
<OpenSSLTLSTicketKey
> OpenSSLTLSTicketKeysRing::getDecryptionKey(unsigned char name
[TLS_TICKETS_KEY_NAME_SIZE
], bool& activeKey
)
513 ReadLock
rl(&d_lock
);
514 for (auto& key
: d_ticketKeys
) {
515 if (key
->nameMatches(name
)) {
516 activeKey
= (key
== d_ticketKeys
.front());
523 size_t OpenSSLTLSTicketKeysRing::getKeysCount()
525 ReadLock
rl(&d_lock
);
526 return d_ticketKeys
.size();
529 void OpenSSLTLSTicketKeysRing::loadTicketsKeys(const std::string
& keyFile
)
531 bool keyLoaded
= false;
532 std::ifstream
file(keyFile
);
535 auto newKey
= std::make_shared
<OpenSSLTLSTicketKey
>(file
);
539 while (!file
.fail());
541 catch (const std::exception
& e
) {
542 /* if we haven't been able to load at least one key, fail */
551 void OpenSSLTLSTicketKeysRing::rotateTicketsKey(time_t now
)
553 auto newKey
= std::make_shared
<OpenSSLTLSTicketKey
>();
557 OpenSSLTLSTicketKey::OpenSSLTLSTicketKey()
559 if (RAND_bytes(d_name
, sizeof(d_name
)) != 1) {
560 throw std::runtime_error("Error while generating the name of the OpenSSL TLS ticket key");
563 if (RAND_bytes(d_cipherKey
, sizeof(d_cipherKey
)) != 1) {
564 throw std::runtime_error("Error while generating the cipher key of the OpenSSL TLS ticket key");
567 if (RAND_bytes(d_hmacKey
, sizeof(d_hmacKey
)) != 1) {
568 throw std::runtime_error("Error while generating the HMAC key of the OpenSSL TLS ticket key");
570 #ifdef HAVE_LIBSODIUM
571 sodium_mlock(d_name
, sizeof(d_name
));
572 sodium_mlock(d_cipherKey
, sizeof(d_cipherKey
));
573 sodium_mlock(d_hmacKey
, sizeof(d_hmacKey
));
574 #endif /* HAVE_LIBSODIUM */
577 OpenSSLTLSTicketKey::OpenSSLTLSTicketKey(ifstream
& file
)
579 file
.read(reinterpret_cast<char*>(d_name
), sizeof(d_name
));
580 file
.read(reinterpret_cast<char*>(d_cipherKey
), sizeof(d_cipherKey
));
581 file
.read(reinterpret_cast<char*>(d_hmacKey
), sizeof(d_hmacKey
));
584 throw std::runtime_error("Unable to load a ticket key from the OpenSSL tickets key file");
586 #ifdef HAVE_LIBSODIUM
587 sodium_mlock(d_name
, sizeof(d_name
));
588 sodium_mlock(d_cipherKey
, sizeof(d_cipherKey
));
589 sodium_mlock(d_hmacKey
, sizeof(d_hmacKey
));
590 #endif /* HAVE_LIBSODIUM */
593 OpenSSLTLSTicketKey::~OpenSSLTLSTicketKey()
595 #ifdef HAVE_LIBSODIUM
596 sodium_munlock(d_name
, sizeof(d_name
));
597 sodium_munlock(d_cipherKey
, sizeof(d_cipherKey
));
598 sodium_munlock(d_hmacKey
, sizeof(d_hmacKey
));
600 OPENSSL_cleanse(d_name
, sizeof(d_name
));
601 OPENSSL_cleanse(d_cipherKey
, sizeof(d_cipherKey
));
602 OPENSSL_cleanse(d_hmacKey
, sizeof(d_hmacKey
));
603 #endif /* HAVE_LIBSODIUM */
606 bool OpenSSLTLSTicketKey::nameMatches(const unsigned char name
[TLS_TICKETS_KEY_NAME_SIZE
]) const
608 return (memcmp(d_name
, name
, sizeof(d_name
)) == 0);
611 int OpenSSLTLSTicketKey::encrypt(unsigned char keyName
[TLS_TICKETS_KEY_NAME_SIZE
], unsigned char *iv
, EVP_CIPHER_CTX
*ectx
, HMAC_CTX
*hctx
) const
613 memcpy(keyName
, d_name
, sizeof(d_name
));
615 if (RAND_bytes(iv
, EVP_MAX_IV_LENGTH
) != 1) {
619 if (EVP_EncryptInit_ex(ectx
, TLS_TICKETS_CIPHER_ALGO(), nullptr, d_cipherKey
, iv
) != 1) {
623 if (HMAC_Init_ex(hctx
, d_hmacKey
, sizeof(d_hmacKey
), TLS_TICKETS_MAC_ALGO(), nullptr) != 1) {
630 bool OpenSSLTLSTicketKey::decrypt(const unsigned char* iv
, EVP_CIPHER_CTX
*ectx
, HMAC_CTX
*hctx
) const
632 if (HMAC_Init_ex(hctx
, d_hmacKey
, sizeof(d_hmacKey
), TLS_TICKETS_MAC_ALGO(), nullptr) != 1) {
636 if (EVP_DecryptInit_ex(ectx
, TLS_TICKETS_CIPHER_ALGO(), nullptr, d_cipherKey
, iv
) != 1) {
643 std::unique_ptr
<SSL_CTX
, void(*)(SSL_CTX
*)> libssl_init_server_context(const TLSConfig
& config
,
644 std::map
<int, std::string
>& ocspResponses
)
646 auto ctx
= std::unique_ptr
<SSL_CTX
, void(*)(SSL_CTX
*)>(SSL_CTX_new(SSLv23_server_method()), SSL_CTX_free
);
651 SSL_OP_NO_COMPRESSION
|
652 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
|
653 SSL_OP_SINGLE_DH_USE
|
654 SSL_OP_SINGLE_ECDH_USE
;
656 if (!config
.d_enableTickets
|| config
.d_numberOfTicketsKeys
== 0) {
657 /* for TLS 1.3 this means no stateless tickets, but stateful tickets might still be issued,
658 which is something we don't want. */
659 sslOptions
|= SSL_OP_NO_TICKET
;
660 /* really disable all tickets */
661 #ifdef HAVE_SSL_CTX_SET_NUM_TICKETS
662 SSL_CTX_set_num_tickets(ctx
.get(), 0);
663 #endif /* HAVE_SSL_CTX_SET_NUM_TICKETS */
666 if (config
.d_sessionTimeout
> 0) {
667 SSL_CTX_set_timeout(ctx
.get(), config
.d_sessionTimeout
);
670 if (config
.d_preferServerCiphers
) {
671 sslOptions
|= SSL_OP_CIPHER_SERVER_PREFERENCE
;
674 SSL_CTX_set_options(ctx
.get(), sslOptions
);
675 if (!libssl_set_min_tls_version(ctx
, config
.d_minTLSVersion
)) {
676 throw std::runtime_error("Failed to set the minimum version to '" + libssl_tls_version_to_string(config
.d_minTLSVersion
));
679 #ifdef SSL_CTX_set_ecdh_auto
680 SSL_CTX_set_ecdh_auto(ctx
.get(), 1);
683 if (config
.d_maxStoredSessions
== 0) {
684 /* disable stored sessions entirely */
685 SSL_CTX_set_session_cache_mode(ctx
.get(), SSL_SESS_CACHE_OFF
);
688 /* use the internal built-in cache to store sessions */
689 SSL_CTX_set_session_cache_mode(ctx
.get(), SSL_SESS_CACHE_SERVER
);
690 SSL_CTX_sess_set_cache_size(ctx
.get(), config
.d_maxStoredSessions
);
693 std::vector
<int> keyTypes
;
694 /* load certificate and private key */
695 for (const auto& pair
: config
.d_certKeyPairs
) {
696 if (SSL_CTX_use_certificate_chain_file(ctx
.get(), pair
.first
.c_str()) != 1) {
697 ERR_print_errors_fp(stderr
);
698 throw std::runtime_error("An error occurred while trying to load the TLS server certificate file: " + pair
.first
);
700 if (SSL_CTX_use_PrivateKey_file(ctx
.get(), pair
.second
.c_str(), SSL_FILETYPE_PEM
) != 1) {
701 ERR_print_errors_fp(stderr
);
702 throw std::runtime_error("An error occurred while trying to load the TLS server private key file: " + pair
.second
);
704 if (SSL_CTX_check_private_key(ctx
.get()) != 1) {
705 ERR_print_errors_fp(stderr
);
706 throw std::runtime_error("The key from '" + pair
.second
+ "' does not match the certificate from '" + pair
.first
+ "'");
708 /* store the type of the new key, we might need it later to select the right OCSP stapling response */
709 auto keyType
= libssl_get_last_key_type(ctx
);
711 throw std::runtime_error("The key from '" + pair
.second
+ "' has an unknown type");
713 keyTypes
.push_back(keyType
);
716 if (!config
.d_ocspFiles
.empty()) {
718 ocspResponses
= libssl_load_ocsp_responses(config
.d_ocspFiles
, keyTypes
);
720 catch(const std::exception
& e
) {
721 throw std::runtime_error("Unable to load OCSP responses: " + std::string(e
.what()));
725 if (!config
.d_ciphers
.empty() && SSL_CTX_set_cipher_list(ctx
.get(), config
.d_ciphers
.c_str()) != 1) {
726 throw std::runtime_error("The TLS ciphers could not be set: " + config
.d_ciphers
);
729 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
730 if (!config
.d_ciphers13
.empty() && SSL_CTX_set_ciphersuites(ctx
.get(), config
.d_ciphers13
.c_str()) != 1) {
731 throw std::runtime_error("The TLS 1.3 ciphers could not be set: " + config
.d_ciphers13
);
733 #endif /* HAVE_SSL_CTX_SET_CIPHERSUITES */
738 #ifdef HAVE_SSL_CTX_SET_KEYLOG_CALLBACK
739 static void libssl_key_log_file_callback(const SSL
* ssl
, const char* line
)
741 SSL_CTX
* sslCtx
= SSL_get_SSL_CTX(ssl
);
742 if (sslCtx
== nullptr) {
746 auto fp
= reinterpret_cast<FILE*>(SSL_CTX_get_ex_data(sslCtx
, s_keyLogIndex
));
751 fprintf(fp
, "%s\n", line
);
754 #endif /* HAVE_SSL_CTX_SET_KEYLOG_CALLBACK */
756 std::unique_ptr
<FILE, int(*)(FILE*)> libssl_set_key_log_file(std::unique_ptr
<SSL_CTX
, void(*)(SSL_CTX
*)>& ctx
, const std::string
& logFile
)
758 #ifdef HAVE_SSL_CTX_SET_KEYLOG_CALLBACK
759 auto fp
= std::unique_ptr
<FILE, int(*)(FILE*)>(fopen(logFile
.c_str(), "a"), fclose
);
761 throw std::runtime_error("Error opening TLS log file '" + logFile
+ "'");
764 SSL_CTX_set_ex_data(ctx
.get(), s_keyLogIndex
, fp
.get());
765 SSL_CTX_set_keylog_callback(ctx
.get(), &libssl_key_log_file_callback
);
769 return std::unique_ptr
<FILE, int(*)(FILE*)>(nullptr, fclose
);
770 #endif /* HAVE_SSL_CTX_SET_KEYLOG_CALLBACK */
773 #endif /* HAVE_LIBSSL */