OpenVPN
ssl_openssl.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
9  * Copyright (C) 2010-2017 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #elif defined(_MSC_VER)
32 #include "config-msvc.h"
33 #endif
34 
35 #include "syshead.h"
36 
37 #if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL)
38 
39 #include "errlevel.h"
40 #include "buffer.h"
41 #include "misc.h"
42 #include "manage.h"
43 #include "memdbg.h"
44 #include "ssl_backend.h"
45 #include "ssl_common.h"
46 #include "base64.h"
47 #include "openssl_compat.h"
48 
49 #ifdef ENABLE_CRYPTOAPI
50 #include "cryptoapi.h"
51 #endif
52 
53 #include "ssl_verify_openssl.h"
54 
55 #include <openssl/err.h>
56 #include <openssl/pkcs12.h>
57 #include <openssl/x509.h>
58 #include <openssl/crypto.h>
59 #ifndef OPENSSL_NO_EC
60 #include <openssl/ec.h>
61 #endif
62 
63 /*
64  * Allocate space in SSL objects in which to store a struct tls_session
65  * pointer back to parent.
66  *
67  */
68 
69 int mydata_index; /* GLOBAL */
70 
71 void
72 tls_init_lib(void)
73 {
74  SSL_library_init();
75 #ifndef ENABLE_SMALL
76  SSL_load_error_strings();
77 #endif
78  OpenSSL_add_all_algorithms();
79 
80  mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
81  ASSERT(mydata_index >= 0);
82 }
83 
84 void
85 tls_free_lib(void)
86 {
87  EVP_cleanup();
88 #ifndef ENABLE_SMALL
89  ERR_free_strings();
90 #endif
91 }
92 
93 void
94 tls_clear_error(void)
95 {
96  ERR_clear_error();
97 }
98 
99 void
100 tls_ctx_server_new(struct tls_root_ctx *ctx)
101 {
102  ASSERT(NULL != ctx);
103 
104  ctx->ctx = SSL_CTX_new(SSLv23_server_method());
105 
106  if (ctx->ctx == NULL)
107  {
108  crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
109  }
110 }
111 
112 void
113 tls_ctx_client_new(struct tls_root_ctx *ctx)
114 {
115  ASSERT(NULL != ctx);
116 
117  ctx->ctx = SSL_CTX_new(SSLv23_client_method());
118 
119  if (ctx->ctx == NULL)
120  {
121  crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
122  }
123 }
124 
125 void
126 tls_ctx_free(struct tls_root_ctx *ctx)
127 {
128  ASSERT(NULL != ctx);
129  if (NULL != ctx->ctx)
130  {
131  SSL_CTX_free(ctx->ctx);
132  }
133  ctx->ctx = NULL;
134 }
135 
136 bool
137 tls_ctx_initialised(struct tls_root_ctx *ctx)
138 {
139  ASSERT(NULL != ctx);
140  return NULL != ctx->ctx;
141 }
142 
143 void
144 key_state_export_keying_material(struct key_state_ssl *ssl,
145  struct tls_session *session)
146 {
147  if (session->opt->ekm_size > 0)
148  {
149 #if (OPENSSL_VERSION_NUMBER >= 0x10001000)
150  unsigned int size = session->opt->ekm_size;
151  struct gc_arena gc = gc_new();
152  unsigned char *ekm = (unsigned char *) gc_malloc(size, true, &gc);
153 
154  if (SSL_export_keying_material(ssl->ssl, ekm, size,
155  session->opt->ekm_label, session->opt->ekm_label_size, NULL, 0, 0))
156  {
157  unsigned int len = (size * 2) + 2;
158 
159  const char *key = format_hex_ex(ekm, size, len, 0, NULL, &gc);
160  setenv_str(session->opt->es, "exported_keying_material", key);
161 
162  dmsg(D_TLS_DEBUG_MED, "%s: exported keying material: %s",
163  __func__, key);
164  }
165  else
166  {
167  msg(M_WARN, "WARNING: Export keying material failed!");
168  setenv_del(session->opt->es, "exported_keying_material");
169  }
170  gc_free(&gc);
171 #endif /* if (OPENSSL_VERSION_NUMBER >= 0x10001000) */
172  }
173 }
174 
175 /*
176  * Print debugging information on SSL/TLS session negotiation.
177  */
178 
179 #ifndef INFO_CALLBACK_SSL_CONST
180 #define INFO_CALLBACK_SSL_CONST const
181 #endif
182 static void
183 info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
184 {
185  if (where & SSL_CB_LOOP)
186  {
187  dmsg(D_HANDSHAKE_VERBOSE, "SSL state (%s): %s",
188  where & SSL_ST_CONNECT ? "connect" :
189  where &SSL_ST_ACCEPT ? "accept" :
190  "undefined", SSL_state_string_long(s));
191  }
192  else if (where & SSL_CB_ALERT)
193  {
194  dmsg(D_HANDSHAKE_VERBOSE, "SSL alert (%s): %s: %s",
195  where & SSL_CB_READ ? "read" : "write",
196  SSL_alert_type_string_long(ret),
197  SSL_alert_desc_string_long(ret));
198  }
199 }
200 
201 /*
202  * Return maximum TLS version supported by local OpenSSL library.
203  * Assume that presence of SSL_OP_NO_TLSvX macro indicates that
204  * TLSvX is supported.
205  */
206 int
207 tls_version_max(void)
208 {
209 #if defined(SSL_OP_NO_TLSv1_2)
210  return TLS_VER_1_2;
211 #elif defined(SSL_OP_NO_TLSv1_1)
212  return TLS_VER_1_1;
213 #else
214  return TLS_VER_1_0;
215 #endif
216 }
217 
218 void
219 tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
220 {
221  ASSERT(NULL != ctx);
222 
223  /* default certificate verification flags */
224  int flags = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
225 
226  /* process SSL options including minimum TLS version we will accept from peer */
227  {
228  long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
229  int tls_ver_max = TLS_VER_UNSPEC;
230  const int tls_ver_min =
231  (ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) & SSLF_TLS_VERSION_MIN_MASK;
232 
233  tls_ver_max =
234  (ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK;
235  if (tls_ver_max <= TLS_VER_UNSPEC)
236  {
237  tls_ver_max = tls_version_max();
238  }
239 
240  if (tls_ver_min > TLS_VER_1_0 || tls_ver_max < TLS_VER_1_0)
241  {
242  sslopt |= SSL_OP_NO_TLSv1;
243  }
244 #ifdef SSL_OP_NO_TLSv1_1
245  if (tls_ver_min > TLS_VER_1_1 || tls_ver_max < TLS_VER_1_1)
246  {
247  sslopt |= SSL_OP_NO_TLSv1_1;
248  }
249 #endif
250 #ifdef SSL_OP_NO_TLSv1_2
251  if (tls_ver_min > TLS_VER_1_2 || tls_ver_max < TLS_VER_1_2)
252  {
253  sslopt |= SSL_OP_NO_TLSv1_2;
254  }
255 #endif
256 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
257  sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE;
258 #endif
259  sslopt |= SSL_OP_NO_COMPRESSION;
260  SSL_CTX_set_options(ctx->ctx, sslopt);
261  }
262 
263 #ifdef SSL_MODE_RELEASE_BUFFERS
264  SSL_CTX_set_mode(ctx->ctx, SSL_MODE_RELEASE_BUFFERS);
265 #endif
266  SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_OFF);
267  SSL_CTX_set_default_passwd_cb(ctx->ctx, pem_password_callback);
268 
269  /* Require peer certificate verification */
270 #if P2MP_SERVER
271  if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
272  {
273  flags = 0;
274  }
275  else if (ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
276  {
277  flags = SSL_VERIFY_PEER;
278  }
279 #endif
280  SSL_CTX_set_verify(ctx->ctx, flags, verify_callback);
281 
282  SSL_CTX_set_info_callback(ctx->ctx, info_callback);
283 }
284 
285 void
286 tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
287 {
288  if (ciphers == NULL)
289  {
290  /* Use sane default TLS cipher list */
291  if (!SSL_CTX_set_cipher_list(ctx->ctx,
292  /* Use openssl's default list as a basis */
293  "DEFAULT"
294  /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */
295  ":!EXP:!LOW:!MEDIUM"
296  /* Disable static (EC)DH keys (no forward secrecy) */
297  ":!kDH:!kECDH"
298  /* Disable DSA private keys */
299  ":!DSS"
300  /* Disable unsupported TLS modes */
301  ":!PSK:!SRP:!kRSA"))
302  {
303  crypto_msg(M_FATAL, "Failed to set default TLS cipher list.");
304  }
305  return;
306  }
307 
308  /* Parse supplied cipher list and pass on to OpenSSL */
309  size_t begin_of_cipher, end_of_cipher;
310 
311  const char *current_cipher;
312  size_t current_cipher_len;
313 
314  const tls_cipher_name_pair *cipher_pair;
315 
316  char openssl_ciphers[4096];
317  size_t openssl_ciphers_len = 0;
318  openssl_ciphers[0] = '\0';
319 
320  ASSERT(NULL != ctx);
321 
322  /* Translate IANA cipher suite names to OpenSSL names */
323  begin_of_cipher = end_of_cipher = 0;
324  for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
325  {
326  end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
327  cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
328 
329  if (NULL == cipher_pair)
330  {
331  /* No translation found, use original */
332  current_cipher = &ciphers[begin_of_cipher];
333  current_cipher_len = end_of_cipher - begin_of_cipher;
334 
335  /* Issue warning on missing translation */
336  /* %.*s format specifier expects length of type int, so guarantee */
337  /* that length is small enough and cast to int. */
338  msg(D_LOW, "No valid translation found for TLS cipher '%.*s'",
339  constrain_int(current_cipher_len, 0, 256), current_cipher);
340  }
341  else
342  {
343  /* Use OpenSSL name */
344  current_cipher = cipher_pair->openssl_name;
345  current_cipher_len = strlen(current_cipher);
346 
347  if (end_of_cipher - begin_of_cipher == current_cipher_len
348  && 0 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name,
349  end_of_cipher - begin_of_cipher))
350  {
351  /* Non-IANA name used, show warning */
352  msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'", cipher_pair->openssl_name, cipher_pair->iana_name);
353  }
354  }
355 
356  /* Make sure new cipher name fits in cipher string */
357  if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
358  || ((sizeof(openssl_ciphers)-1) < openssl_ciphers_len + current_cipher_len))
359  {
360  msg(M_FATAL,
361  "Failed to set restricted TLS cipher list, too long (>%d).",
362  (int)sizeof(openssl_ciphers)-1);
363  }
364 
365  /* Concatenate cipher name to OpenSSL cipher string */
366  memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
367  openssl_ciphers_len += current_cipher_len;
368  openssl_ciphers[openssl_ciphers_len] = ':';
369  openssl_ciphers_len++;
370 
371  end_of_cipher++;
372  }
373 
374  if (openssl_ciphers_len > 0)
375  {
376  openssl_ciphers[openssl_ciphers_len-1] = '\0';
377  }
378 
379  /* Set OpenSSL cipher list */
380  if (!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers))
381  {
382  crypto_msg(M_FATAL, "Failed to set restricted TLS cipher list: %s", openssl_ciphers);
383  }
384 }
385 
386 void
387 tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
388 {
389  int ret;
390  const X509 *cert;
391 
392  ASSERT(ctx);
393 
394 #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
395  /* OpenSSL 1.0.2 and up */
396  cert = SSL_CTX_get0_certificate(ctx->ctx);
397 #else
398  /* OpenSSL 1.0.1 and earlier need an SSL object to get at the certificate */
399  SSL *ssl = SSL_new(ctx->ctx);
400  cert = SSL_get_certificate(ssl);
401 #endif
402 
403  if (cert == NULL)
404  {
405  goto cleanup; /* Nothing to check if there is no certificate */
406  }
407 
408  ret = X509_cmp_time(X509_get_notBefore(cert), NULL);
409  if (ret == 0)
410  {
411  msg(D_TLS_DEBUG_MED, "Failed to read certificate notBefore field.");
412  }
413  if (ret > 0)
414  {
415  msg(M_WARN, "WARNING: Your certificate is not yet valid!");
416  }
417 
418  ret = X509_cmp_time(X509_get_notAfter(cert), NULL);
419  if (ret == 0)
420  {
421  msg(D_TLS_DEBUG_MED, "Failed to read certificate notAfter field.");
422  }
423  if (ret < 0)
424  {
425  msg(M_WARN, "WARNING: Your certificate has expired!");
426  }
427 
428 cleanup:
429 #if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
430  SSL_free(ssl);
431 #endif
432  return;
433 }
434 
435 void
436 tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
437  const char *dh_file_inline
438  )
439 {
440  DH *dh;
441  BIO *bio;
442 
443  ASSERT(NULL != ctx);
444 
445  if (!strcmp(dh_file, INLINE_FILE_TAG) && dh_file_inline)
446  {
447  if (!(bio = BIO_new_mem_buf((char *)dh_file_inline, -1)))
448  {
449  crypto_msg(M_FATAL, "Cannot open memory BIO for inline DH parameters");
450  }
451  }
452  else
453  {
454  /* Get Diffie Hellman Parameters */
455  if (!(bio = BIO_new_file(dh_file, "r")))
456  {
457  crypto_msg(M_FATAL, "Cannot open %s for DH parameters", dh_file);
458  }
459  }
460 
461  dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
462  BIO_free(bio);
463 
464  if (!dh)
465  {
466  crypto_msg(M_FATAL, "Cannot load DH parameters from %s", dh_file);
467  }
468  if (!SSL_CTX_set_tmp_dh(ctx->ctx, dh))
469  {
470  crypto_msg(M_FATAL, "SSL_CTX_set_tmp_dh");
471  }
472 
473  msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
474  8 * DH_size(dh));
475 
476  DH_free(dh);
477 }
478 
479 void
480 tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
481  )
482 {
483 #ifndef OPENSSL_NO_EC
484  int nid = NID_undef;
485  EC_KEY *ecdh = NULL;
486  const char *sname = NULL;
487 
488  /* Generate a new ECDH key for each SSL session (for non-ephemeral ECDH) */
489  SSL_CTX_set_options(ctx->ctx, SSL_OP_SINGLE_ECDH_USE);
490 
491  if (curve_name != NULL)
492  {
493  /* Use user supplied curve if given */
494  msg(D_TLS_DEBUG, "Using user specified ECDH curve (%s)", curve_name);
495  nid = OBJ_sn2nid(curve_name);
496  }
497  else
498  {
499 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
500  /* OpenSSL 1.0.2 and newer can automatically handle ECDH parameter
501  * loading */
502  SSL_CTX_set_ecdh_auto(ctx->ctx, 1);
503  return;
504 #else
505  /* For older OpenSSL we have to extract the curve from key on our own */
506  EC_KEY *eckey = NULL;
507  const EC_GROUP *ecgrp = NULL;
508  EVP_PKEY *pkey = NULL;
509 
510  /* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */
511  SSL *ssl = SSL_new(ctx->ctx);
512  if (!ssl)
513  {
514  crypto_msg(M_FATAL, "SSL_new failed");
515  }
516  pkey = SSL_get_privatekey(ssl);
517  SSL_free(ssl);
518 
519  msg(D_TLS_DEBUG, "Extracting ECDH curve from private key");
520 
521  if (pkey != NULL && (eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL
522  && (ecgrp = EC_KEY_get0_group(eckey)) != NULL)
523  {
524  nid = EC_GROUP_get_curve_name(ecgrp);
525  }
526 #endif
527  }
528 
529  /* Translate NID back to name , just for kicks */
530  sname = OBJ_nid2sn(nid);
531  if (sname == NULL)
532  {
533  sname = "(Unknown)";
534  }
535 
536  /* Create new EC key and set as ECDH key */
537  if (NID_undef == nid || NULL == (ecdh = EC_KEY_new_by_curve_name(nid)))
538  {
539  /* Creating key failed, fall back on sane default */
540  ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
541  const char *source = (NULL == curve_name) ?
542  "extract curve from certificate" : "use supplied curve";
543  msg(D_TLS_DEBUG_LOW,
544  "Failed to %s (%s), using secp384r1 instead.", source, sname);
545  sname = OBJ_nid2sn(NID_secp384r1);
546  }
547 
548  if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
549  {
550  crypto_msg(M_FATAL, "SSL_CTX_set_tmp_ecdh: cannot add curve");
551  }
552 
553  msg(D_TLS_DEBUG_LOW, "ECDH curve %s added", sname);
554 
555  EC_KEY_free(ecdh);
556 #else /* ifndef OPENSSL_NO_EC */
557  msg(M_DEBUG, "Your OpenSSL library was built without elliptic curve support."
558  " Skipping ECDH parameter loading.");
559 #endif /* OPENSSL_NO_EC */
560 }
561 
562 int
563 tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
564  const char *pkcs12_file_inline,
565  bool load_ca_file
566  )
567 {
568  FILE *fp;
569  EVP_PKEY *pkey;
570  X509 *cert;
571  STACK_OF(X509) *ca = NULL;
572  PKCS12 *p12;
573  int i;
574  char password[256];
575 
576  ASSERT(NULL != ctx);
577 
578  if (!strcmp(pkcs12_file, INLINE_FILE_TAG) && pkcs12_file_inline)
579  {
580  BIO *b64 = BIO_new(BIO_f_base64());
581  BIO *bio = BIO_new_mem_buf((void *) pkcs12_file_inline,
582  (int) strlen(pkcs12_file_inline));
583  ASSERT(b64 && bio);
584  BIO_push(b64, bio);
585  p12 = d2i_PKCS12_bio(b64, NULL);
586  if (!p12)
587  {
588  crypto_msg(M_FATAL, "Error reading inline PKCS#12 file");
589  }
590  BIO_free(b64);
591  BIO_free(bio);
592  }
593  else
594  {
595  /* Load the PKCS #12 file */
596  if (!(fp = platform_fopen(pkcs12_file, "rb")))
597  {
598  crypto_msg(M_FATAL, "Error opening file %s", pkcs12_file);
599  }
600  p12 = d2i_PKCS12_fp(fp, NULL);
601  fclose(fp);
602  if (!p12)
603  {
604  crypto_msg(M_FATAL, "Error reading PKCS#12 file %s", pkcs12_file);
605  }
606  }
607 
608  /* Parse the PKCS #12 file */
609  if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
610  {
611  pem_password_callback(password, sizeof(password) - 1, 0, NULL);
612  /* Reparse the PKCS #12 file with password */
613  ca = NULL;
614  if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
615  {
616 #ifdef ENABLE_MANAGEMENT
617  if (management && (ERR_GET_REASON(ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
618  {
619  management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
620  }
621 #endif
622  PKCS12_free(p12);
623  return 1;
624  }
625  }
626  PKCS12_free(p12);
627 
628  /* Load Certificate */
629  if (!SSL_CTX_use_certificate(ctx->ctx, cert))
630  {
631  crypto_msg(M_FATAL, "Cannot use certificate");
632  }
633 
634  /* Load Private Key */
635  if (!SSL_CTX_use_PrivateKey(ctx->ctx, pkey))
636  {
637  crypto_msg(M_FATAL, "Cannot use private key");
638  }
639 
640  /* Check Private Key */
641  if (!SSL_CTX_check_private_key(ctx->ctx))
642  {
643  crypto_msg(M_FATAL, "Private key does not match the certificate");
644  }
645 
646  /* Set Certificate Verification chain */
647  if (load_ca_file)
648  {
649  /* Add CAs from PKCS12 to the cert store and mark them as trusted.
650  * They're also used to fill in the chain of intermediate certs as
651  * necessary.
652  */
653  if (ca && sk_X509_num(ca))
654  {
655  for (i = 0; i < sk_X509_num(ca); i++)
656  {
657  X509_STORE *cert_store = SSL_CTX_get_cert_store(ctx->ctx);
658  if (!X509_STORE_add_cert(cert_store,sk_X509_value(ca, i)))
659  {
660  crypto_msg(M_FATAL,"Cannot add certificate to certificate chain (X509_STORE_add_cert)");
661  }
662  if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))
663  {
664  crypto_msg(M_FATAL,"Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
665  }
666  }
667  }
668  }
669  else
670  {
671  /* If trusted CA certs were loaded from a PEM file, and we ignore the
672  * ones in PKCS12, do load PKCS12-provided certs to the client extra
673  * certs chain just in case they include intermediate CAs needed to
674  * prove my identity to the other end. This does not make them trusted.
675  */
676  if (ca && sk_X509_num(ca))
677  {
678  for (i = 0; i < sk_X509_num(ca); i++)
679  {
680  if (!SSL_CTX_add_extra_chain_cert(ctx->ctx,sk_X509_value(ca, i)))
681  {
682  crypto_msg(M_FATAL, "Cannot add extra certificate to chain (SSL_CTX_add_extra_chain_cert)");
683  }
684  }
685  }
686  }
687  return 0;
688 }
689 
690 #ifdef ENABLE_CRYPTOAPI
691 void
692 tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
693 {
694  ASSERT(NULL != ctx);
695 
696  /* Load Certificate and Private Key */
697  if (!SSL_CTX_use_CryptoAPI_certificate(ctx->ctx, cryptoapi_cert))
698  {
699  crypto_msg(M_FATAL, "Cannot load certificate \"%s\" from Microsoft Certificate Store", cryptoapi_cert);
700  }
701 }
702 #endif /* ENABLE_CRYPTOAPI */
703 
704 static void
705 tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio)
706 {
707  X509 *cert;
708  for (;; )
709  {
710  cert = NULL;
711  if (!PEM_read_bio_X509(bio, &cert, NULL, NULL)) /* takes ownership of cert */
712  {
713  break;
714  }
715  if (!cert)
716  {
717  crypto_msg(M_FATAL, "Error reading extra certificate");
718  }
719  if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
720  {
721  crypto_msg(M_FATAL, "Error adding extra certificate");
722  }
723  }
724 }
725 
726 /* Like tls_ctx_load_cert, but returns a copy of the certificate in **X509 */
727 static void
728 tls_ctx_load_cert_file_and_copy(struct tls_root_ctx *ctx,
729  const char *cert_file, const char *cert_file_inline, X509 **x509
730  )
731 {
732  BIO *in = NULL;
733  X509 *x = NULL;
734  int ret = 0;
735  bool inline_file = false;
736 
737  ASSERT(NULL != ctx);
738  if (NULL != x509)
739  {
740  ASSERT(NULL == *x509);
741  }
742 
743  inline_file = (strcmp(cert_file, INLINE_FILE_TAG) == 0);
744 
745  if (inline_file && cert_file_inline)
746  {
747  in = BIO_new_mem_buf((char *)cert_file_inline, -1);
748  }
749  else
750  {
751  in = BIO_new_file(cert_file, "r");
752  }
753 
754  if (in == NULL)
755  {
756  SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
757  goto end;
758  }
759 
760  x = PEM_read_bio_X509(in, NULL,
761  SSL_CTX_get_default_passwd_cb(ctx->ctx),
762  SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
763  if (x == NULL)
764  {
765  SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
766  goto end;
767  }
768 
769  ret = SSL_CTX_use_certificate(ctx->ctx, x);
770  if (ret)
771  {
772  tls_ctx_add_extra_certs(ctx, in);
773  }
774 
775 end:
776  if (!ret)
777  {
778  if (inline_file)
779  {
780  crypto_msg(M_FATAL, "Cannot load inline certificate file");
781  }
782  else
783  {
784  crypto_msg(M_FATAL, "Cannot load certificate file %s", cert_file);
785  }
786  }
787 
788  if (in != NULL)
789  {
790  BIO_free(in);
791  }
792  if (x509)
793  {
794  *x509 = x;
795  }
796  else if (x)
797  {
798  X509_free(x);
799  }
800 }
801 
802 void
803 tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file,
804  const char *cert_file_inline)
805 {
806  tls_ctx_load_cert_file_and_copy(ctx, cert_file, cert_file_inline, NULL);
807 }
808 
809 int
810 tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
811  const char *priv_key_file_inline
812  )
813 {
814  SSL_CTX *ssl_ctx = NULL;
815  BIO *in = NULL;
816  EVP_PKEY *pkey = NULL;
817  int ret = 1;
818 
819  ASSERT(NULL != ctx);
820 
821  ssl_ctx = ctx->ctx;
822 
823  if (!strcmp(priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline)
824  {
825  in = BIO_new_mem_buf((char *)priv_key_file_inline, -1);
826  }
827  else
828  {
829  in = BIO_new_file(priv_key_file, "r");
830  }
831 
832  if (!in)
833  {
834  goto end;
835  }
836 
837  pkey = PEM_read_bio_PrivateKey(in, NULL,
838  SSL_CTX_get_default_passwd_cb(ctx->ctx),
839  SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
840  if (!pkey)
841  {
842  goto end;
843  }
844 
845  if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
846  {
847 #ifdef ENABLE_MANAGEMENT
848  if (management && (ERR_GET_REASON(ERR_peek_error()) == EVP_R_BAD_DECRYPT))
849  {
850  management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
851  }
852 #endif
853  crypto_msg(M_WARN, "Cannot load private key file %s", priv_key_file);
854  goto end;
855  }
856 
857  /* Check Private Key */
858  if (!SSL_CTX_check_private_key(ssl_ctx))
859  {
860  crypto_msg(M_FATAL, "Private key does not match the certificate");
861  }
862  ret = 0;
863 
864 end:
865  if (pkey)
866  {
867  EVP_PKEY_free(pkey);
868  }
869  if (in)
870  {
871  BIO_free(in);
872  }
873  return ret;
874 }
875 
876 void
877 backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file,
878  const char *crl_inline)
879 {
880  X509_CRL *crl = NULL;
881  BIO *in = NULL;
882 
883  X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx->ctx);
884  if (!store)
885  {
886  crypto_msg(M_FATAL, "Cannot get certificate store");
887  }
888 
889  /* Always start with a cleared CRL list, for that we
890  * we need to manually find the CRL object from the stack
891  * and remove it */
892  STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
893  for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
894  {
895  X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
896  ASSERT(obj);
897  if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
898  {
899  sk_X509_OBJECT_delete(objs, i);
900  X509_OBJECT_free(obj);
901  }
902  }
903 
904  X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
905 
906  if (!strcmp(crl_file, INLINE_FILE_TAG) && crl_inline)
907  {
908  in = BIO_new_mem_buf((char *)crl_inline, -1);
909  }
910  else
911  {
912  in = BIO_new_file(crl_file, "r");
913  }
914 
915  if (in == NULL)
916  {
917  msg(M_WARN, "CRL: cannot read: %s", crl_file);
918  goto end;
919  }
920 
921  crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
922  if (crl == NULL)
923  {
924  msg(M_WARN, "CRL: cannot read CRL from file %s", crl_file);
925  goto end;
926  }
927 
928  if (!X509_STORE_add_crl(store, crl))
929  {
930  msg(M_WARN, "CRL: cannot add %s to store", crl_file);
931  goto end;
932  }
933 
934 end:
935  X509_CRL_free(crl);
936  BIO_free(in);
937 }
938 
939 
940 #ifdef MANAGMENT_EXTERNAL_KEY
941 
942 /* encrypt */
943 static int
944 rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
945 {
946  ASSERT(0);
947  return -1;
948 }
949 
950 /* verify arbitrary data */
951 static int
952 rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
953 {
954  ASSERT(0);
955  return -1;
956 }
957 
958 /* decrypt */
959 static int
960 rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
961 {
962  ASSERT(0);
963  return -1;
964 }
965 
966 /* called at RSA_free */
967 static int
968 openvpn_extkey_rsa_finish(RSA *rsa)
969 {
970  /* meth was allocated in tls_ctx_use_external_private_key() ; since
971  * this function is called when the parent RSA object is destroyed,
972  * it is no longer used after this point so kill it. */
973  const RSA_METHOD *meth = RSA_get_method(rsa);
974  RSA_meth_free((RSA_METHOD *)meth);
975  return 1;
976 }
977 
978 /* sign arbitrary data */
979 static int
980 rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
981 {
982  /* optional app data in rsa->meth->app_data; */
983  char *in_b64 = NULL;
984  char *out_b64 = NULL;
985  int ret = -1;
986  int len;
987 
988  if (padding != RSA_PKCS1_PADDING)
989  {
990  RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
991  goto done;
992  }
993 
994  /* convert 'from' to base64 */
995  if (openvpn_base64_encode(from, flen, &in_b64) <= 0)
996  {
997  goto done;
998  }
999 
1000  /* call MI for signature */
1001  if (management)
1002  {
1003  out_b64 = management_query_rsa_sig(management, in_b64);
1004  }
1005  if (!out_b64)
1006  {
1007  goto done;
1008  }
1009 
1010  /* decode base64 signature to binary */
1011  len = RSA_size(rsa);
1012  ret = openvpn_base64_decode(out_b64, to, len);
1013 
1014  /* verify length */
1015  if (ret != len)
1016  {
1017  ret = -1;
1018  }
1019 
1020 done:
1021  if (in_b64)
1022  {
1023  free(in_b64);
1024  }
1025  if (out_b64)
1026  {
1027  free(out_b64);
1028  }
1029  return ret;
1030 }
1031 
1032 int
1033 tls_ctx_use_external_private_key(struct tls_root_ctx *ctx,
1034  const char *cert_file, const char *cert_file_inline)
1035 {
1036  RSA *rsa = NULL;
1037  RSA *pub_rsa;
1038  RSA_METHOD *rsa_meth;
1039  X509 *cert = NULL;
1040 
1041  ASSERT(NULL != ctx);
1042 
1043  tls_ctx_load_cert_file_and_copy(ctx, cert_file, cert_file_inline, &cert);
1044 
1045  ASSERT(NULL != cert);
1046 
1047  /* allocate custom RSA method object */
1048  rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method",
1049  RSA_METHOD_FLAG_NO_CHECK);
1050  check_malloc_return(rsa_meth);
1051  RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc);
1052  RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec);
1053  RSA_meth_set_priv_enc(rsa_meth, rsa_priv_enc);
1054  RSA_meth_set_priv_dec(rsa_meth, rsa_priv_dec);
1055  RSA_meth_set_init(rsa_meth, NULL);
1056  RSA_meth_set_finish(rsa_meth, openvpn_extkey_rsa_finish);
1057  RSA_meth_set0_app_data(rsa_meth, NULL);
1058 
1059  /* allocate RSA object */
1060  rsa = RSA_new();
1061  if (rsa == NULL)
1062  {
1063  SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
1064  goto err;
1065  }
1066 
1067  /* get the public key */
1068  EVP_PKEY *pkey = X509_get0_pubkey(cert);
1069  ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */
1070  pub_rsa = EVP_PKEY_get0_RSA(pkey);
1071 
1072  /* Certificate might not be RSA but DSA or EC */
1073  if (!pub_rsa)
1074  {
1075  crypto_msg(M_WARN, "management-external-key requires a RSA certificate");
1076  goto err;
1077  }
1078 
1079  /* initialize RSA object */
1080  const BIGNUM *n = NULL;
1081  const BIGNUM *e = NULL;
1082  RSA_get0_key(pub_rsa, &n, &e, NULL);
1083  RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL);
1084  RSA_set_flags(rsa, RSA_flags(rsa) | RSA_FLAG_EXT_PKEY);
1085  if (!RSA_set_method(rsa, rsa_meth))
1086  {
1087  goto err;
1088  }
1089 
1090  /* bind our custom RSA object to ssl_ctx */
1091  if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
1092  {
1093  goto err;
1094  }
1095 
1096  X509_free(cert);
1097  RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
1098  return 1;
1099 
1100 err:
1101  if (cert)
1102  {
1103  X509_free(cert);
1104  }
1105  if (rsa)
1106  {
1107  RSA_free(rsa);
1108  }
1109  else
1110  {
1111  if (rsa_meth)
1112  {
1113  free(rsa_meth);
1114  }
1115  }
1116  crypto_msg(M_FATAL, "Cannot enable SSL external private key capability");
1117  return 0;
1118 }
1119 
1120 #endif /* ifdef MANAGMENT_EXTERNAL_KEY */
1121 
1122 static int
1123 sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
1124 {
1125  return X509_NAME_cmp(*a, *b);
1126 }
1127 
1128 void
1129 tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file,
1130  const char *ca_file_inline,
1131  const char *ca_path, bool tls_server
1132  )
1133 {
1134  STACK_OF(X509_INFO) *info_stack = NULL;
1135  STACK_OF(X509_NAME) *cert_names = NULL;
1136  X509_LOOKUP *lookup = NULL;
1137  X509_STORE *store = NULL;
1138  X509_NAME *xn = NULL;
1139  BIO *in = NULL;
1140  int i, added = 0, prev = 0;
1141 
1142  ASSERT(NULL != ctx);
1143 
1144  store = SSL_CTX_get_cert_store(ctx->ctx);
1145  if (!store)
1146  {
1147  crypto_msg(M_FATAL, "Cannot get certificate store");
1148  }
1149 
1150  /* Try to add certificates and CRLs from ca_file */
1151  if (ca_file)
1152  {
1153  if (!strcmp(ca_file, INLINE_FILE_TAG) && ca_file_inline)
1154  {
1155  in = BIO_new_mem_buf((char *)ca_file_inline, -1);
1156  }
1157  else
1158  {
1159  in = BIO_new_file(ca_file, "r");
1160  }
1161 
1162  if (in)
1163  {
1164  info_stack = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
1165  }
1166 
1167  if (info_stack)
1168  {
1169  for (i = 0; i < sk_X509_INFO_num(info_stack); i++)
1170  {
1171  X509_INFO *info = sk_X509_INFO_value(info_stack, i);
1172  if (info->crl)
1173  {
1174  X509_STORE_add_crl(store, info->crl);
1175  }
1176 
1177  if (tls_server && !info->x509)
1178  {
1179  crypto_msg(M_FATAL, "X509 name was missing in TLS mode");
1180  }
1181 
1182  if (info->x509)
1183  {
1184  X509_STORE_add_cert(store, info->x509);
1185  added++;
1186 
1187  if (!tls_server)
1188  {
1189  continue;
1190  }
1191 
1192  /* Use names of CAs as a client CA list */
1193  if (cert_names == NULL)
1194  {
1195  cert_names = sk_X509_NAME_new(sk_x509_name_cmp);
1196  if (!cert_names)
1197  {
1198  continue;
1199  }
1200  }
1201 
1202  xn = X509_get_subject_name(info->x509);
1203  if (!xn)
1204  {
1205  continue;
1206  }
1207 
1208  /* Don't add duplicate CA names */
1209  if (sk_X509_NAME_find(cert_names, xn) == -1)
1210  {
1211  xn = X509_NAME_dup(xn);
1212  if (!xn)
1213  {
1214  continue;
1215  }
1216  sk_X509_NAME_push(cert_names, xn);
1217  }
1218  }
1219 
1220  if (tls_server)
1221  {
1222  int cnum = sk_X509_NAME_num(cert_names);
1223  if (cnum != (prev + 1))
1224  {
1225  crypto_msg(M_WARN,
1226  "Cannot load CA certificate file %s (entry %d did not validate)",
1227  np(ca_file), added);
1228  }
1229  prev = cnum;
1230  }
1231 
1232  }
1233  sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
1234  }
1235 
1236  if (tls_server)
1237  {
1238  SSL_CTX_set_client_CA_list(ctx->ctx, cert_names);
1239  }
1240 
1241  if (!added)
1242  {
1243  crypto_msg(M_FATAL,
1244  "Cannot load CA certificate file %s (no entries were read)",
1245  np(ca_file));
1246  }
1247 
1248  if (tls_server)
1249  {
1250  int cnum = sk_X509_NAME_num(cert_names);
1251  if (cnum != added)
1252  {
1253  crypto_msg(M_FATAL, "Cannot load CA certificate file %s (only %d "
1254  "of %d entries were valid X509 names)",
1255  np(ca_file), cnum, added);
1256  }
1257  }
1258 
1259  if (in)
1260  {
1261  BIO_free(in);
1262  }
1263  }
1264 
1265  /* Set a store for certs (CA & CRL) with a lookup on the "capath" hash directory */
1266  if (ca_path)
1267  {
1268  lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
1269  if (lookup && X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM))
1270  {
1271  msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);
1272  }
1273  else
1274  {
1275  crypto_msg(M_FATAL, "Cannot add lookup at --capath %s", ca_path);
1276  }
1277  X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1278  }
1279 }
1280 
1281 void
1282 tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
1283  const char *extra_certs_file_inline
1284  )
1285 {
1286  BIO *in;
1287  if (!strcmp(extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)
1288  {
1289  in = BIO_new_mem_buf((char *)extra_certs_file_inline, -1);
1290  }
1291  else
1292  {
1293  in = BIO_new_file(extra_certs_file, "r");
1294  }
1295 
1296  if (in == NULL)
1297  {
1298  crypto_msg(M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file);
1299  }
1300  else
1301  {
1302  tls_ctx_add_extra_certs(ctx, in);
1303  }
1304 
1305  BIO_free(in);
1306 }
1307 
1308 /* **************************************
1309  *
1310  * Key-state specific functions
1311  *
1312  ***************************************/
1313 /*
1314  *
1315  * BIO functions
1316  *
1317  */
1318 
1319 #ifdef BIO_DEBUG
1320 
1321 #warning BIO_DEBUG defined
1322 
1323 static FILE *biofp; /* GLOBAL */
1324 static bool biofp_toggle; /* GLOBAL */
1325 static time_t biofp_last_open; /* GLOBAL */
1326 static const int biofp_reopen_interval = 600; /* GLOBAL */
1327 
1328 static void
1329 close_biofp(void)
1330 {
1331  if (biofp)
1332  {
1333  ASSERT(!fclose(biofp));
1334  biofp = NULL;
1335  }
1336 }
1337 
1338 static void
1339 open_biofp(void)
1340 {
1341  const time_t current = time(NULL);
1342  const pid_t pid = getpid();
1343 
1344  if (biofp_last_open + biofp_reopen_interval < current)
1345  {
1346  close_biofp();
1347  }
1348  if (!biofp)
1349  {
1350  char fn[256];
1351  openvpn_snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
1352  biofp = fopen(fn, "w");
1353  ASSERT(biofp);
1354  biofp_last_open = time(NULL);
1355  biofp_toggle ^= 1;
1356  }
1357 }
1358 
1359 static void
1360 bio_debug_data(const char *mode, BIO *bio, const uint8_t *buf, int len, const char *desc)
1361 {
1362  struct gc_arena gc = gc_new();
1363  if (len > 0)
1364  {
1365  open_biofp();
1366  fprintf(biofp, "BIO_%s %s time=%lld bio=" ptr_format " len=%d data=%s\n",
1367  mode, desc, (long long)time(NULL), (ptr_type)bio, len, format_hex(buf, len, 0, &gc));
1368  fflush(biofp);
1369  }
1370  gc_free(&gc);
1371 }
1372 
1373 static void
1374 bio_debug_oc(const char *mode, BIO *bio)
1375 {
1376  open_biofp();
1377  fprintf(biofp, "BIO %s time=%lld bio=" ptr_format "\n",
1378  mode, (long long)time(NULL), (ptr_type)bio);
1379  fflush(biofp);
1380 }
1381 
1382 #endif /* ifdef BIO_DEBUG */
1383 
1384 /*
1385  * OpenVPN's interface to SSL/TLS authentication,
1386  * encryption, and decryption is exclusively
1387  * through "memory BIOs".
1388  */
1389 static BIO *
1390 getbio(BIO_METHOD *type, const char *desc)
1391 {
1392  BIO *ret;
1393  ret = BIO_new(type);
1394  if (!ret)
1395  {
1396  crypto_msg(M_FATAL, "Error creating %s BIO", desc);
1397  }
1398  return ret;
1399 }
1400 
1401 /*
1402  * Write to an OpenSSL BIO in non-blocking mode.
1403  */
1404 static int
1405 bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
1406 {
1407  int i;
1408  int ret = 0;
1409  ASSERT(size >= 0);
1410  if (size)
1411  {
1412  /*
1413  * Free the L_TLS lock prior to calling BIO routines
1414  * so that foreground thread can still call
1415  * tls_pre_decrypt or tls_pre_encrypt,
1416  * allowing tunnel packet forwarding to continue.
1417  */
1418 #ifdef BIO_DEBUG
1419  bio_debug_data("write", bio, data, size, desc);
1420 #endif
1421  i = BIO_write(bio, data, size);
1422 
1423  if (i < 0)
1424  {
1425  if (BIO_should_retry(bio))
1426  {
1427  }
1428  else
1429  {
1430  crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s error", desc);
1431  ret = -1;
1432  ERR_clear_error();
1433  }
1434  }
1435  else if (i != size)
1436  {
1437  crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s incomplete %d/%d",
1438  desc, i, size);
1439  ret = -1;
1440  ERR_clear_error();
1441  }
1442  else
1443  { /* successful write */
1444  dmsg(D_HANDSHAKE_VERBOSE, "BIO write %s %d bytes", desc, i);
1445  ret = 1;
1446  }
1447  }
1448  return ret;
1449 }
1450 
1451 /*
1452  * Inline functions for reading from and writing
1453  * to BIOs.
1454  */
1455 
1456 static void
1457 bio_write_post(const int status, struct buffer *buf)
1458 {
1459  if (status == 1) /* success status return from bio_write? */
1460  {
1461  memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
1462  buf->len = 0;
1463  }
1464 }
1465 
1466 /*
1467  * Read from an OpenSSL BIO in non-blocking mode.
1468  */
1469 static int
1470 bio_read(BIO *bio, struct buffer *buf, int maxlen, const char *desc)
1471 {
1472  int i;
1473  int ret = 0;
1474  ASSERT(buf->len >= 0);
1475  if (buf->len)
1476  {
1477  }
1478  else
1479  {
1480  int len = buf_forward_capacity(buf);
1481  if (maxlen < len)
1482  {
1483  len = maxlen;
1484  }
1485 
1486  /*
1487  * BIO_read brackets most of the serious RSA
1488  * key negotiation number crunching.
1489  */
1490  i = BIO_read(bio, BPTR(buf), len);
1491 
1492  VALGRIND_MAKE_READABLE((void *) &i, sizeof(i));
1493 
1494 #ifdef BIO_DEBUG
1495  bio_debug_data("read", bio, BPTR(buf), i, desc);
1496 #endif
1497  if (i < 0)
1498  {
1499  if (BIO_should_retry(bio))
1500  {
1501  }
1502  else
1503  {
1504  crypto_msg(D_TLS_ERRORS, "TLS_ERROR: BIO read %s error", desc);
1505  buf->len = 0;
1506  ret = -1;
1507  ERR_clear_error();
1508  }
1509  }
1510  else if (!i)
1511  {
1512  buf->len = 0;
1513  }
1514  else
1515  { /* successful read */
1516  dmsg(D_HANDSHAKE_VERBOSE, "BIO read %s %d bytes", desc, i);
1517  buf->len = i;
1518  ret = 1;
1519  VALGRIND_MAKE_READABLE((void *) BPTR(buf), BLEN(buf));
1520  }
1521  }
1522  return ret;
1523 }
1524 
1525 void
1526 key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
1527 {
1528  ASSERT(NULL != ssl_ctx);
1529  ASSERT(ks_ssl);
1530  CLEAR(*ks_ssl);
1531 
1532  ks_ssl->ssl = SSL_new(ssl_ctx->ctx);
1533  if (!ks_ssl->ssl)
1534  {
1535  crypto_msg(M_FATAL, "SSL_new failed");
1536  }
1537 
1538  /* put session * in ssl object so we can access it
1539  * from verify callback*/
1540  SSL_set_ex_data(ks_ssl->ssl, mydata_index, session);
1541 
1542  ks_ssl->ssl_bio = getbio(BIO_f_ssl(), "ssl_bio");
1543  ks_ssl->ct_in = getbio(BIO_s_mem(), "ct_in");
1544  ks_ssl->ct_out = getbio(BIO_s_mem(), "ct_out");
1545 
1546 #ifdef BIO_DEBUG
1547  bio_debug_oc("open ssl_bio", ks_ssl->ssl_bio);
1548  bio_debug_oc("open ct_in", ks_ssl->ct_in);
1549  bio_debug_oc("open ct_out", ks_ssl->ct_out);
1550 #endif
1551 
1552  if (is_server)
1553  {
1554  SSL_set_accept_state(ks_ssl->ssl);
1555  }
1556  else
1557  {
1558  SSL_set_connect_state(ks_ssl->ssl);
1559  }
1560 
1561  SSL_set_bio(ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
1562  BIO_set_ssl(ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
1563 }
1564 
1565 void
1566 key_state_ssl_free(struct key_state_ssl *ks_ssl)
1567 {
1568  if (ks_ssl->ssl)
1569  {
1570 #ifdef BIO_DEBUG
1571  bio_debug_oc("close ssl_bio", ks_ssl->ssl_bio);
1572  bio_debug_oc("close ct_in", ks_ssl->ct_in);
1573  bio_debug_oc("close ct_out", ks_ssl->ct_out);
1574 #endif
1575  BIO_free_all(ks_ssl->ssl_bio);
1576  SSL_free(ks_ssl->ssl);
1577  }
1578 }
1579 
1580 int
1581 key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
1582 {
1583  int ret = 0;
1584  perf_push(PERF_BIO_WRITE_PLAINTEXT);
1585 
1586 #ifdef ENABLE_CRYPTO_OPENSSL
1587  ASSERT(NULL != ks_ssl);
1588 
1589  ret = bio_write(ks_ssl->ssl_bio, BPTR(buf), BLEN(buf),
1590  "tls_write_plaintext");
1591  bio_write_post(ret, buf);
1592 #endif /* ENABLE_CRYPTO_OPENSSL */
1593 
1594  perf_pop();
1595  return ret;
1596 }
1597 
1598 int
1599 key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
1600 {
1601  int ret = 0;
1602  perf_push(PERF_BIO_WRITE_PLAINTEXT);
1603 
1604  ASSERT(NULL != ks_ssl);
1605 
1606  ret = bio_write(ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
1607 
1608  perf_pop();
1609  return ret;
1610 }
1611 
1612 int
1613 key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf,
1614  int maxlen)
1615 {
1616  int ret = 0;
1617  perf_push(PERF_BIO_READ_CIPHERTEXT);
1618 
1619  ASSERT(NULL != ks_ssl);
1620 
1621  ret = bio_read(ks_ssl->ct_out, buf, maxlen, "tls_read_ciphertext");
1622 
1623  perf_pop();
1624  return ret;
1625 }
1626 
1627 int
1628 key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
1629 {
1630  int ret = 0;
1631  perf_push(PERF_BIO_WRITE_CIPHERTEXT);
1632 
1633  ASSERT(NULL != ks_ssl);
1634 
1635  ret = bio_write(ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
1636  bio_write_post(ret, buf);
1637 
1638  perf_pop();
1639  return ret;
1640 }
1641 
1642 int
1643 key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf,
1644  int maxlen)
1645 {
1646  int ret = 0;
1647  perf_push(PERF_BIO_READ_PLAINTEXT);
1648 
1649  ASSERT(NULL != ks_ssl);
1650 
1651  ret = bio_read(ks_ssl->ssl_bio, buf, maxlen, "tls_read_plaintext");
1652 
1653  perf_pop();
1654  return ret;
1655 }
1656 
1657 /* **************************************
1658  *
1659  * Information functions
1660  *
1661  * Print information for the end user.
1662  *
1663  ***************************************/
1664 void
1665 print_details(struct key_state_ssl *ks_ssl, const char *prefix)
1666 {
1667  const SSL_CIPHER *ciph;
1668  X509 *cert;
1669  char s1[256];
1670  char s2[256];
1671 
1672  s1[0] = s2[0] = 0;
1673  ciph = SSL_get_current_cipher(ks_ssl->ssl);
1674  openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s %s",
1675  prefix,
1676  SSL_get_version(ks_ssl->ssl),
1677  SSL_CIPHER_get_version(ciph),
1678  SSL_CIPHER_get_name(ciph));
1679  cert = SSL_get_peer_certificate(ks_ssl->ssl);
1680  if (cert != NULL)
1681  {
1682  EVP_PKEY *pkey = X509_get_pubkey(cert);
1683  if (pkey != NULL)
1684  {
1685  if ((EVP_PKEY_id(pkey) == EVP_PKEY_RSA) && (EVP_PKEY_get0_RSA(pkey) != NULL))
1686  {
1687  RSA *rsa = EVP_PKEY_get0_RSA(pkey);
1688  openvpn_snprintf(s2, sizeof(s2), ", %d bit RSA",
1689  RSA_bits(rsa));
1690  }
1691  else if ((EVP_PKEY_id(pkey) == EVP_PKEY_DSA) && (EVP_PKEY_get0_DSA(pkey) != NULL))
1692  {
1693  DSA *dsa = EVP_PKEY_get0_DSA(pkey);
1694  openvpn_snprintf(s2, sizeof(s2), ", %d bit DSA",
1695  DSA_bits(dsa));
1696  }
1697 #ifndef OPENSSL_NO_EC
1698  else if ((EVP_PKEY_id(pkey) == EVP_PKEY_EC) && (EVP_PKEY_get0_EC_KEY(pkey) != NULL))
1699  {
1700  EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
1701  const EC_GROUP *group = EC_KEY_get0_group(ec);
1702  const char* curve;
1703 
1704  int nid = EC_GROUP_get_curve_name(group);
1705  if (nid == 0 || (curve = OBJ_nid2sn(nid)) == NULL)
1706  {
1707  curve = "Error getting curve name";
1708  }
1709 
1710  openvpn_snprintf(s2, sizeof(s2), ", %d bit EC, curve: %s",
1711  EC_GROUP_order_bits(group), curve);
1712 
1713  }
1714 #endif
1715  EVP_PKEY_free(pkey);
1716  }
1717  X509_free(cert);
1718  }
1719  /* The SSL API does not allow us to look at temporary RSA/DH keys,
1720  * otherwise we should print their lengths too */
1721  msg(D_HANDSHAKE, "%s%s", s1, s2);
1722 }
1723 
1724 void
1725 show_available_tls_ciphers(const char *cipher_list)
1726 {
1727  struct tls_root_ctx tls_ctx;
1728  SSL *ssl;
1729  const char *cipher_name;
1730  const tls_cipher_name_pair *pair;
1731  int priority = 0;
1732 
1733  tls_ctx.ctx = SSL_CTX_new(SSLv23_method());
1734  if (!tls_ctx.ctx)
1735  {
1736  crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
1737  }
1738 
1739  ssl = SSL_new(tls_ctx.ctx);
1740  if (!ssl)
1741  {
1742  crypto_msg(M_FATAL, "Cannot create SSL object");
1743  }
1744 
1745  tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
1746 
1747  printf("Available TLS Ciphers,\n");
1748  printf("listed in order of preference:\n\n");
1749  while ((cipher_name = SSL_get_cipher_list(ssl, priority++)))
1750  {
1751  pair = tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
1752 
1753  if (NULL == pair)
1754  {
1755  /* No translation found, print warning */
1756  printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n", cipher_name);
1757  }
1758  else
1759  {
1760  printf("%s\n", pair->iana_name);
1761  }
1762 
1763  }
1764  printf("\n" SHOW_TLS_CIPHER_LIST_WARNING);
1765 
1766  SSL_free(ssl);
1767  SSL_CTX_free(tls_ctx.ctx);
1768 }
1769 
1770 /*
1771  * Show the Elliptic curves that are available for us to use
1772  * in the OpenSSL library.
1773  */
1774 void
1775 show_available_curves(void)
1776 {
1777 #ifndef OPENSSL_NO_EC
1778  EC_builtin_curve *curves = NULL;
1779  size_t crv_len = 0;
1780  size_t n = 0;
1781 
1782  crv_len = EC_get_builtin_curves(NULL, 0);
1783  ALLOC_ARRAY(curves, EC_builtin_curve, crv_len);
1784  if (EC_get_builtin_curves(curves, crv_len))
1785  {
1786  printf("Available Elliptic curves:\n");
1787  for (n = 0; n < crv_len; n++)
1788  {
1789  const char *sname;
1790  sname = OBJ_nid2sn(curves[n].nid);
1791  if (sname == NULL)
1792  {
1793  sname = "";
1794  }
1795 
1796  printf("%s\n", sname);
1797  }
1798  }
1799  else
1800  {
1801  crypto_msg(M_FATAL, "Cannot get list of builtin curves");
1802  }
1803  free(curves);
1804 #else /* ifndef OPENSSL_NO_EC */
1805  msg(M_WARN, "Your OpenSSL library was built without elliptic curve support. "
1806  "No curves available.");
1807 #endif /* ifndef OPENSSL_NO_EC */
1808 }
1809 
1810 void
1811 get_highest_preference_tls_cipher(char *buf, int size)
1812 {
1813  SSL_CTX *ctx;
1814  SSL *ssl;
1815  const char *cipher_name;
1816 
1817  ctx = SSL_CTX_new(SSLv23_method());
1818  if (!ctx)
1819  {
1820  crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
1821  }
1822  ssl = SSL_new(ctx);
1823  if (!ssl)
1824  {
1825  crypto_msg(M_FATAL, "Cannot create SSL object");
1826  }
1827 
1828  cipher_name = SSL_get_cipher_list(ssl, 0);
1829  strncpynt(buf, cipher_name, size);
1830 
1831  SSL_free(ssl);
1832  SSL_CTX_free(ctx);
1833 }
1834 
1835 const char *
1836 get_ssl_library_version(void)
1837 {
1838  return SSLeay_version(SSLEAY_VERSION);
1839 }
1840 
1841 #endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) */
INFO_CALLBACK_SSL_CONST
#define INFO_CALLBACK_SSL_CONST
Definition: ssl_openssl.c:180
print_details
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Definition: ssl_openssl.c:1665
rsa_priv_dec
static int rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:960
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:343
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition: errlevel.h:77
SSL_CTX_get_default_passwd_cb_userdata
static void * SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
Fetch the default password callback user data from the SSL context.
Definition: openssl_compat.h:153
tls_ctx_load_cryptoapi
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Definition: ssl_openssl.c:692
D_TLS_DEBUG
#define D_TLS_DEBUG
Definition: errlevel.h:160
openvpn_base64_encode
int openvpn_base64_encode(const void *data, int size, char **str)
Definition: base64.c:54
key_state_write_plaintext_const
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition: ssl_openssl.c:1599
EVP_PKEY_id
static int EVP_PKEY_id(const EVP_PKEY *pkey)
Get the PKEY type.
Definition: openssl_compat.h:269
SSL_CTX_get_default_passwd_cb
static pem_password_cb * SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
Fetch the default password callback from the SSL context.
Definition: openssl_compat.h:167
ptr_type
unsigned long ptr_type
Definition: common.h:67
M_DEBUG
#define M_DEBUG
Definition: error.h:97
EVP_PKEY_get0_DSA
static DSA * EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
Get the DSA object of a public key.
Definition: openssl_compat.h:283
tls_session::opt
struct tls_options * opt
Definition: ssl_common.h:403
key_state_ssl::ct_out
BIO * ct_out
Definition: ssl_openssl.h:48
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:990
PERF_BIO_WRITE_CIPHERTEXT
#define PERF_BIO_WRITE_CIPHERTEXT
Definition: perf.h:41
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition: manage.c:2987
tls_ctx_add_extra_certs
static void tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio)
Definition: ssl_openssl.c:705
D_TLS_ERRORS
#define D_TLS_ERRORS
Definition: errlevel.h:59
rsa_pub_enc
static int rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:944
pem_password_callback
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user&#39;s password.
Definition: ssl.c:383
ASSERT
#define ASSERT(x)
Definition: error.h:221
RSA_meth_set_priv_dec
static int RSA_meth_set_priv_dec(RSA_METHOD *meth, int(*priv_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private decoding function of an RSA_METHOD object.
Definition: openssl_compat.h:553
openssl_compat.h
tls_ctx_load_priv_file
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, const char *priv_key_file_inline)
Load private key file into the given TLS context.
Definition: ssl_openssl.c:810
getbio
static BIO * getbio(BIO_METHOD *type, const char *desc)
Definition: ssl_openssl.c:1390
RSA_meth_set0_app_data
static int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
Set the application data of an RSA_METHOD object.
Definition: openssl_compat.h:616
tls_ctx_initialised
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition: ssl_openssl.c:137
perf_pop
static void perf_pop(void)
Definition: perf.h:82
M_FATAL
#define M_FATAL
Definition: error.h:94
crypto_msg
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
Definition: crypto_openssl.h:98
perf_push
static void perf_push(int type)
Definition: perf.h:78
key_state_ssl::ssl_bio
BIO * ssl_bio
Definition: ssl_openssl.h:46
format_hex
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
Definition: buffer.h:500
CLEAR
#define CLEAR(x)
Definition: basic.h:33
tls_ctx_use_external_private_key
int tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, const char *cert_file, const char *cert_file_inline)
Definition: ssl_openssl.c:1033
PERF_BIO_READ_PLAINTEXT
#define PERF_BIO_READ_PLAINTEXT
Definition: perf.h:38
RSA_meth_set_priv_enc
static int RSA_meth_set_priv_enc(RSA_METHOD *meth, int(*priv_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private encoding function of an RSA_METHOD object.
Definition: openssl_compat.h:530
RSA_meth_set_pub_dec
static int RSA_meth_set_pub_dec(RSA_METHOD *meth, int(*pub_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public decoding function of an RSA_METHOD object.
Definition: openssl_compat.h:507
TLS_VER_1_1
#define TLS_VER_1_1
Definition: ssl_backend.h:115
tls_options::ekm_label
const char * ekm_label
Definition: ssl_common.h:358
key_state_write_plaintext
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition: ssl_openssl.c:1581
EVP_PKEY_get0_EC_KEY
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
Get the EC_KEY object of a public key.
Definition: openssl_compat.h:255
ALLOC_ARRAY
#define ALLOC_ARRAY(dptr, type, n)
Definition: buffer.h:1023
setenv_str
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: misc.c:564
RSA_get0_key
static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
Get the RSA parameters.
Definition: openssl_compat.h:316
RSA_bits
static int RSA_bits(const RSA *rsa)
Number of significant RSA bits.
Definition: openssl_compat.h:381
SSLF_CLIENT_CERT_NOT_REQUIRED
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition: ssl_common.h:332
SSL_CTX_use_CryptoAPI_certificate
int SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
Definition: cryptoapi.c:409
D_LOW
#define D_LOW
Definition: errlevel.h:97
tls_ctx_free
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition: ssl_openssl.c:126
tls_clear_error
void tls_clear_error(void)
Clear the underlying SSL library&#39;s error state.
Definition: ssl_openssl.c:94
RSA_meth_free
static void RSA_meth_free(RSA_METHOD *meth)
Free an existing RSA_METHOD object.
Definition: openssl_compat.h:459
X509_OBJECT_free
static void X509_OBJECT_free(X509_OBJECT *obj)
Destroy a X509 object.
Definition: openssl_compat.h:209
TLS_VER_1_2
#define TLS_VER_1_2
Definition: ssl_backend.h:116
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
rsa_priv_enc
static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:980
bio_write_post
static void bio_write_post(const int status, struct buffer *buf)
Definition: ssl_openssl.c:1457
platform_fopen
FILE * platform_fopen(const char *path, const char *mode)
Definition: platform.c:300
tls_options::ekm_size
size_t ekm_size
Definition: ssl_common.h:360
BPTR
#define BPTR(buf)
Definition: buffer.h:124
tls_ctx_set_options
void tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition: ssl_openssl.c:219
openvpn_snprintf
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:277
X509_get0_pubkey
static EVP_PKEY * X509_get0_pubkey(const X509 *x)
Get the public key from a X509 certificate.
Definition: openssl_compat.h:181
SSLF_TLS_VERSION_MAX_SHIFT
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition: ssl_common.h:340
tls_cipher_name_pair::iana_name
const char * iana_name
Definition: ssl_backend.h:62
np
static const char * np(const char *str)
Definition: simple.c:108
show_available_curves
void show_available_curves(void)
Definition: ssl_openssl.c:1775
PERF_BIO_READ_CIPHERTEXT
#define PERF_BIO_READ_CIPHERTEXT
Definition: perf.h:40
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:982
RSA_meth_set_pub_enc
static int RSA_meth_set_pub_enc(RSA_METHOD *meth, int(*pub_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public encoding function of an RSA_METHOD object.
Definition: openssl_compat.h:484
get_highest_preference_tls_cipher
void get_highest_preference_tls_cipher(char *buf, int size)
Definition: ssl_openssl.c:1811
SSLF_TLS_VERSION_MIN_MASK
#define SSLF_TLS_VERSION_MIN_MASK
Definition: ssl_common.h:339
INLINE_FILE_TAG
#define INLINE_FILE_TAG
Definition: common.h:95
gc_malloc
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition: buffer.c:346
tls_ctx_load_cert_file
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, const char *cert_file_inline)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition: ssl_openssl.c:803
PERF_BIO_WRITE_PLAINTEXT
#define PERF_BIO_WRITE_PLAINTEXT
Definition: perf.h:39
tls_version_max
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation...
Definition: ssl_openssl.c:207
EVP_PKEY_get0_RSA
static RSA * EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
Get the RSA object of a public key.
Definition: openssl_compat.h:241
STACK_OF
static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store)
Fetch the X509 object stack from the X509 store.
Definition: openssl_compat.h:195
key_state_read_plaintext
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract plaintext data from the TLS module.
Definition: ssl_openssl.c:1643
RSA_meth_new
static RSA_METHOD * RSA_meth_new(const char *name, int flags)
Allocate a new RSA method object.
Definition: openssl_compat.h:442
status
static SERVICE_STATUS status
Definition: automatic.c:47
verify_callback
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer&#39;s certificate allows setting up a VPN tunnel. ...
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:536
key_state_export_keying_material
void key_state_export_keying_material(struct key_state_ssl *ssl, struct tls_session *session)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition: ssl_openssl.c:144
tls_init_lib
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition: ssl_openssl.c:72
get_ssl_library_version
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition: ssl_openssl.c:1836
key_state_ssl
Definition: ssl_mbedtls.h:87
TLS_VER_UNSPEC
#define TLS_VER_UNSPEC
Definition: ssl_backend.h:113
show_available_tls_ciphers
void show_available_tls_ciphers(const char *cipher_list)
Definition: ssl_openssl.c:1725
format_hex_ex
char * format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc)
Definition: buffer.c:460
tls_cipher_name_pair
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name...
Definition: ssl_backend.h:62
D_HANDSHAKE_VERBOSE
#define D_HANDSHAKE_VERBOSE
Definition: errlevel.h:151
dmsg
#define dmsg
Definition: error.h:174
tls_ctx_load_pkcs12
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, const char *pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context...
Definition: ssl_openssl.c:563
rsa_pub_dec
static int rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:952
TLS_VER_1_0
#define TLS_VER_1_0
Definition: ssl_backend.h:114
source
const char * source
Definition: compat-lz4.h:433
key_state_ssl_free
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition: ssl_openssl.c:1566
tls_ctx_server_new
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition: ssl_openssl.c:100
BLEN
#define BLEN(buf)
Definition: buffer.h:127
DSA_bits
static int DSA_bits(const DSA *dsa)
Number of significant DSA bits.
Definition: openssl_compat.h:425
D_HANDSHAKE
#define D_HANDSHAKE
Definition: errlevel.h:72
tls_root_ctx::ctx
SSL_CTX * ctx
Definition: ssl_openssl.h:39
sk_x509_name_cmp
static int sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
Definition: ssl_openssl.c:1123
tls_ctx_restrict_ciphers
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context.
Definition: ssl_openssl.c:286
uint8_t
unsigned __int8 uint8_t
Definition: config-msvc.h:123
key_state_ssl::ct_in
BIO * ct_in
Definition: ssl_openssl.h:47
tls_root_ctx
Structure that wraps the TLS context.
Definition: ssl_mbedtls.h:66
SSLF_CLIENT_CERT_OPTIONAL
#define SSLF_CLIENT_CERT_OPTIONAL
Definition: ssl_common.h:333
check_malloc_return
static void check_malloc_return(const void *p)
Definition: buffer.h:1060
backend_tls_ctx_reload_crl
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, const char *crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition: ssl_openssl.c:877
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:400
VALGRIND_MAKE_READABLE
#define VALGRIND_MAKE_READABLE(addr, len)
Definition: memdbg.h:53
msg
#define msg
Definition: error.h:173
tls_ctx_check_cert_time
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition: ssl_openssl.c:387
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
mydata_index
int mydata_index
Allocate space in SSL objects in which to store a struct tls_session pointer back to parent...
Definition: ssl_openssl.c:69
SHOW_TLS_CIPHER_LIST_WARNING
#define SHOW_TLS_CIPHER_LIST_WARNING
Definition: ssl_common.h:578
tls_ctx_load_ca
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, const char *ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1129
tls_options::ekm_label_size
size_t ekm_label_size
Definition: ssl_common.h:359
D_TLS_DEBUG_MED
#define D_TLS_DEBUG_MED
Definition: errlevel.h:152
info_callback
static void info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
Definition: ssl_openssl.c:183
key_state_write_ciphertext
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition: ssl_openssl.c:1628
constrain_int
static int constrain_int(int x, int min, int max)
Definition: integer.h:60
ssl_verify_openssl.h
tls_ctx_load_cert_file_and_copy
static void tls_ctx_load_cert_file_and_copy(struct tls_root_ctx *ctx, const char *cert_file, const char *cert_file_inline, X509 **x509)
Definition: ssl_openssl.c:728
ssl_backend.h
RSA_set0_key
static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
Set the RSA parameters.
Definition: openssl_compat.h:345
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
tls_ctx_load_dh_params
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, const char *dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:436
tls_cipher_name_pair::openssl_name
const char * openssl_name
Definition: ssl_backend.h:62
ssl_common.h
tls_ctx_client_new
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition: ssl_openssl.c:113
key_state_ssl_init
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition: ssl_openssl.c:1526
tls_free_lib
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition: ssl_openssl.c:85
UP_TYPE_PRIVATE_KEY
#define UP_TYPE_PRIVATE_KEY
Definition: ssl_common.h:42
openvpn_extkey_rsa_finish
static int openvpn_extkey_rsa_finish(RSA *rsa)
Definition: ssl_openssl.c:968
key_state_read_ciphertext
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract ciphertext data from the TLS module.
Definition: ssl_openssl.c:1613
SSLF_TLS_VERSION_MAX_MASK
#define SSLF_TLS_VERSION_MAX_MASK
Definition: ssl_common.h:341
RSA_meth_set_init
static int RSA_meth_set_init(RSA_METHOD *meth, int(*init)(RSA *rsa))
Set the init function of an RSA_METHOD object.
Definition: openssl_compat.h:576
RSA_F_RSA_OSSL_PRIVATE_ENCRYPT
#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT
Definition: openssl_compat.h:647
bio_write
static int bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
Definition: ssl_openssl.c:1405
SSLF_TLS_VERSION_MIN_SHIFT
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition: ssl_common.h:338
management_query_rsa_sig
char * management_query_rsa_sig(struct management *man, const char *b64_data)
Definition: manage.c:3654
setenv_del
void setenv_del(struct env_set *es, const char *name)
Definition: misc.c:609
tls_get_cipher_name_pair
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition: ssl.c:271
EC_GROUP_order_bits
static int EC_GROUP_order_bits(const EC_GROUP *group)
Gets the number of bits of the order of an EC_GROUP.
Definition: openssl_compat.h:635
tls_ctx_load_ecdh_params
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:480
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition: base64.c:160
M_WARN
#define M_WARN
Definition: error.h:96
tls_options::es
struct env_set * es
Definition: ssl_common.h:323
RSA_set_flags
static void RSA_set_flags(RSA *rsa, int flags)
Set the RSA flags.
Definition: openssl_compat.h:297
tls_ctx_load_extra_certs
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, const char *extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1282
X509_OBJECT_get_type
static int X509_OBJECT_get_type(const X509_OBJECT *obj)
Get the type of an X509 object.
Definition: openssl_compat.h:227
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:153
RSA_meth_set_finish
static int RSA_meth_set_finish(RSA_METHOD *meth, int(*finish)(RSA *rsa))
Set the finish function of an RSA_METHOD object.
Definition: openssl_compat.h:596
key_state_ssl::ssl
SSL * ssl
Definition: ssl_openssl.h:45
ptr_format
#define ptr_format
Definition: common.h:58
bio_read
static int bio_read(BIO *bio, struct buffer *buf, int maxlen, const char *desc)
Definition: ssl_openssl.c:1470
Generated by   doxygen 1.8.13