36 #if defined(ENABLE_CRYPTO_MBEDTLS)
50 #include <mbedtls/debug.h>
51 #include <mbedtls/error.h>
52 #include <mbedtls/version.h>
54 #if MBEDTLS_VERSION_NUMBER >= 0x02040000
55 #include <mbedtls/net_sockets.h>
57 #include <mbedtls/net.h>
60 #include <mbedtls/oid.h>
61 #include <mbedtls/pem.h>
63 static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_legacy =
66 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 )
67 |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 )
68 |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
69 |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
70 |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
71 |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
77 static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_preferred =
80 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
81 |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
82 |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
83 |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
89 #define openvpn_x509_crt_profile_suiteb mbedtls_x509_crt_profile_suiteb;
112 ctx->
endpoint = MBEDTLS_SSL_IS_SERVER;
125 ctx->
endpoint = MBEDTLS_SSL_IS_CLIENT;
137 mbedtls_x509_crt_free(ctx->
ca_chain);
143 mbedtls_dhm_free(ctx->
dhm_ctx);
146 mbedtls_x509_crl_free(ctx->
crl);
149 #if defined(ENABLE_PKCS11)
153 if (ctx->pkcs11_cert)
155 pkcs11h_certificate_freeCertificate(ctx->pkcs11_cert);
176 #ifdef HAVE_EXPORT_KEYING_MATERIAL
178 #if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
188 mbedtls_ssl_export_keys_cb(
void *p_expkey,
const unsigned char *ms,
189 const unsigned char *kb,
size_t maclen,
190 size_t keylen,
size_t ivlen,
191 const unsigned char client_random[32],
192 const unsigned char server_random[32],
193 mbedtls_tls_prf_types tls_prf_type)
200 ==
sizeof(cache->master_secret),
"master size mismatch");
202 memcpy(cache->client_server_random, client_random, 32);
203 memcpy(cache->client_server_random + 32, server_random, 32);
204 memcpy(cache->master_secret, ms,
sizeof(cache->master_secret));
205 cache->tls_prf_type = tls_prf_type;
209 #elif HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
222 mbedtls_ssl_export_keys_cb(
void *p_expkey,
223 mbedtls_ssl_key_export_type type,
224 const unsigned char *secret,
226 const unsigned char client_random[32],
227 const unsigned char server_random[32],
228 mbedtls_tls_prf_types tls_prf_type)
232 if (type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET)
243 if (secret_len !=
sizeof(cache->master_secret))
246 "ERROR: Incorrect TLS 1.2 master secret length: Got %zu, expected %zu",
247 secret_len,
sizeof(cache->master_secret));
250 memcpy(cache->client_server_random, client_random, 32);
251 memcpy(cache->client_server_random + 32, server_random, 32);
252 memcpy(cache->master_secret, secret,
sizeof(cache->master_secret));
253 cache->tls_prf_type = tls_prf_type;
259 const char *label,
size_t label_size,
260 void *ekm,
size_t ekm_size)
262 ASSERT(strlen(label) == label_size);
268 if (cache->tls_prf_type == MBEDTLS_SSL_TLS_PRF_NONE)
273 int ret = mbedtls_ssl_tls_prf(cache->tls_prf_type, cache->master_secret,
274 sizeof(cache->master_secret),
275 label, cache->client_server_random,
276 sizeof(cache->client_server_random),
292 const char *label,
size_t label_size,
293 void *ekm,
size_t ekm_size)
307 tls_translate_cipher_name(
const char *cipher_name)
317 if (0 != strcmp(cipher_name, pair->
iana_name))
335 msg(
M_WARN,
"mbed TLS does not support setting tls-ciphersuites. "
336 "Ignoring TLS 1.3 cipher list: %s", ciphers);
342 char *tmp_ciphers, *tmp_ciphers_orig, *token;
359 tmp_ciphers_orig = tmp_ciphers =
string_alloc(ciphers, NULL);
361 token = strtok(tmp_ciphers, ":");
365 tls_translate_cipher_name(token));
370 token = strtok(NULL,
":");
372 free(tmp_ciphers_orig);
378 if (!profile || 0 == strcmp(profile,
"legacy")
379 || 0 == strcmp(profile,
"insecure"))
383 else if (0 == strcmp(profile,
"preferred"))
387 else if (0 == strcmp(profile,
"suiteb"))
393 msg(
M_FATAL,
"ERROR: Invalid cert profile: %s", profile);
412 while ((token =
strsep(&tmp_groups, ":")))
414 const mbedtls_ecp_curve_info *ci =
415 mbedtls_ecp_curve_info_from_name(token);
418 msg(
M_WARN,
"Warning unknown curve/group specified: %s", token);
422 ctx->
groups[i] = ci->grp_id;
426 ctx->
groups[i] = MBEDTLS_ECP_DP_NONE;
441 if (mbedtls_x509_time_is_future(&ctx->
crt_chain->valid_from))
443 msg(
M_WARN,
"WARNING: Your certificate is not yet valid!");
446 if (mbedtls_x509_time_is_past(&ctx->
crt_chain->valid_to))
448 msg(
M_WARN,
"WARNING: Your certificate has expired!");
459 (
const unsigned char *) dh_file,
460 strlen(dh_file) + 1)))
462 msg(
M_FATAL,
"Cannot read inline DH parameters");
469 msg(
M_FATAL,
"Cannot read DH parameters from file %s", dh_file);
481 if (NULL != curve_name)
483 msg(
M_WARN,
"WARNING: mbed TLS builds do not support specifying an "
484 "ECDH curve with --ecdh-curve, using default curves. Use "
485 "--tls-groups to specify curves.");
491 bool pkcs12_file_inline,
bool load_ca_file)
493 msg(
M_FATAL,
"PKCS #12 files not yet supported for mbed TLS.");
497 #ifdef ENABLE_CRYPTOAPI
501 msg(
M_FATAL,
"Windows CryptoAPI not yet supported for mbed TLS.");
519 (
const unsigned char *)cert_file,
520 strlen(cert_file) + 1)))
522 msg(
M_FATAL,
"Cannot load inline certificate file");
529 msg(
M_FATAL,
"Cannot load certificate file %s", cert_file);
536 bool priv_key_inline)
549 (
const unsigned char *) priv_key_file,
550 strlen(priv_key_file) + 1, NULL, 0,
551 mbedtls_ctr_drbg_random,
554 if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED ==
status)
559 (
const unsigned char *) priv_key_file,
560 strlen(priv_key_file) + 1,
563 mbedtls_ctr_drbg_random,
572 mbedtls_ctr_drbg_random,
574 if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED ==
status)
580 mbedtls_ctr_drbg_random,
586 #ifdef ENABLE_MANAGEMENT
592 msg(
M_WARN,
"Cannot load private key file %s",
599 mbedtls_ctr_drbg_random,
602 msg(
M_WARN,
"Private key does not match the certificate");
628 external_pkcs1_sign(
void *ctx_voidptr,
629 int (*f_rng)(
void *,
unsigned char *,
size_t),
void *p_rng,
630 #
if MBEDTLS_VERSION_NUMBER < 0x03020100
633 mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *
hash,
638 uint8_t *to_sign = NULL;
639 size_t asn_len = 0, oid_size = 0;
640 const char *oid = NULL;
644 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
647 #if MBEDTLS_VERSION_NUMBER < 0x03020100
648 if (MBEDTLS_RSA_PRIVATE != mode)
650 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
660 if (md_alg != MBEDTLS_MD_NONE)
662 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
665 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
668 if (!
mbed_ok(mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size )))
670 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
673 hashlen = mbedtls_md_get_size( md_info );
674 asn_len = 10 + oid_size;
677 if ((SIZE_MAX - hashlen) < asn_len
680 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
684 uint8_t *p = to_sign;
685 if (md_alg != MBEDTLS_MD_NONE)
696 *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
697 *p++ = (
unsigned char) ( 0x08 + oid_size + hashlen );
698 *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
699 *p++ = (
unsigned char) ( 0x04 + oid_size );
700 *p++ = MBEDTLS_ASN1_OID;
701 *p++ = oid_size & 0xFF;
702 memcpy( p, oid, oid_size );
704 *p++ = MBEDTLS_ASN1_NULL;
706 *p++ = MBEDTLS_ASN1_OCTET_STRING;
710 ASSERT(asn_len == p - to_sign);
714 memcpy(p,
hash, hashlen);
717 if (!ctx->
sign(ctx->
sign_ctx, to_sign, asn_len + hashlen, sig,
720 rv = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
732 external_key_len(
void *vctx)
747 msg(
M_WARN,
"ERROR: external key requires a certificate.");
751 if (mbedtls_pk_get_type(&ctx->
crt_chain->pk) != MBEDTLS_PK_RSA)
753 msg(
M_WARN,
"ERROR: external key with mbed TLS requires a "
754 "certificate with an RSA key.");
764 NULL, external_pkcs1_sign, external_key_len)))
772 #ifdef ENABLE_MANAGEMENT
775 management_sign_func(
void *
sign_ctx,
const void *src,
size_t src_len,
776 void *dst,
size_t dst_len)
779 char *src_b64 = NULL;
780 char *dst_b64 = NULL;
792 "RSA_PKCS1_PADDING")))
820 bool ca_inline,
const char *ca_path,
bool tls_server)
824 msg(
M_FATAL,
"ERROR: mbed TLS cannot handle the capath directive");
827 if (ca_file && ca_inline)
830 (
const unsigned char *) ca_file,
831 strlen(ca_file) + 1)))
833 msg(
M_FATAL,
"Cannot load inline CA certificates");
841 msg(
M_FATAL,
"Cannot load CA certificate file %s", ca_file);
848 bool extra_certs_inline)
857 if (extra_certs_inline)
860 (
const unsigned char *) extra_certs_file,
861 strlen(extra_certs_file) + 1)))
863 msg(
M_FATAL,
"Cannot load inline extra-certs file");
868 if (!
mbed_ok(mbedtls_x509_crt_parse_file(ctx->
crt_chain, extra_certs_file)))
870 msg(
M_FATAL,
"Cannot load extra-certs file: %s", extra_certs_file);
902 buf_free_entry(cur_block);
908 endless_buf_read(
endless_buffer *in,
unsigned char *out,
size_t out_len )
914 return MBEDTLS_ERR_SSL_WANT_READ;
917 while (in->
first_block != NULL && read_len < out_len)
920 if (block_len <= out_len - read_len)
923 memcpy(out + read_len, cur_entry->data + in->
data_start,
926 read_len += block_len;
936 buf_free_entry(cur_entry);
951 endless_buf_write(
endless_buffer *out,
const unsigned char *in,
size_t len )
954 if (NULL == new_block)
956 return MBEDTLS_ERR_NET_SEND_FAILED;
959 new_block->data = malloc(len);
960 if (NULL == new_block->data)
963 return MBEDTLS_ERR_NET_SEND_FAILED;
966 new_block->length = len;
967 new_block->next_block = NULL;
969 memcpy(new_block->data, in, len);
987 ssl_bio_read(
void *ctx,
unsigned char *out,
size_t out_len)
990 return endless_buf_read(&my_ctx->
in, out, out_len);
994 ssl_bio_write(
void *ctx,
const unsigned char *in,
size_t in_len)
997 return endless_buf_write(&my_ctx->
out, in, in_len);
1001 my_debug(
void *ctx,
int level,
const char *file,
int line,
1005 msg(my_loglevel,
"mbed TLS msg (%s:%d): %s", file, line, str);
1014 static char old_sha256_hash[32] = {0};
1015 unsigned char sha256_hash[32] = {0};
1020 mbedtls_x509_crt *cert = ctx->
crt_chain;
1022 if (!
md_full(
"SHA256", cert->tbs.p, cert->tbs.len, sha256_hash))
1024 msg(
M_WARN,
"WARNING: failed to personalise random");
1027 if (0 != memcmp(old_sha256_hash, sha256_hash,
sizeof(sha256_hash)))
1031 msg(
M_WARN,
"WARNING: failed to personalise random, could not update CTR_DRBG");
1033 memcpy(old_sha256_hash, sha256_hash,
sizeof(old_sha256_hash));
1041 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
1043 #elif defined(MBEDTLS_SSL_PROTO_TLS1_1)
1045 #elif defined(MBEDTLS_SSL_PROTO_TLS1)
1048 #error "mbedtls is compiled without support for TLS 1.0, 1.1 and 1.2."
1063 tls_version_to_major_minor(
int tls_ver,
int *major,
int *minor)
1070 #if defined(MBEDTLS_SSL_PROTO_TLS1)
1072 *major = MBEDTLS_SSL_MAJOR_VERSION_3;
1073 *minor = MBEDTLS_SSL_MINOR_VERSION_1;
1077 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
1079 *major = MBEDTLS_SSL_MAJOR_VERSION_3;
1080 *minor = MBEDTLS_SSL_MINOR_VERSION_2;
1084 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
1086 *major = MBEDTLS_SSL_MAJOR_VERSION_3;
1087 *minor = MBEDTLS_SSL_MINOR_VERSION_3;
1092 msg(
M_FATAL,
"%s: invalid or unsupported TLS version %d", __func__, tls_ver);
1103 if (ctx->
crl == NULL)
1107 mbedtls_x509_crl_free(ctx->
crl);
1111 if (!
mbed_ok(mbedtls_x509_crl_parse(ctx->
crl,
1112 (
const unsigned char *)crl_file,
1113 strlen(crl_file) + 1)))
1115 msg(
M_WARN,
"CRL: cannot parse inline CRL");
1121 if (!
mbed_ok(mbedtls_x509_crl_parse_file(ctx->
crl, crl_file)))
1123 msg(
M_WARN,
"CRL: cannot read CRL from file %s", crl_file);
1130 mbedtls_x509_crl_free(ctx->
crl);
1146 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1147 #ifdef MBEDTLS_DEBUG_C
1154 mbedtls_debug_set_threshold(3);
1158 mbedtls_debug_set_threshold(2);
1161 mbedtls_ssl_conf_dbg(ks_ssl->
ssl_config, my_debug, NULL);
1162 mbedtls_ssl_conf_rng(ks_ssl->
ssl_config, mbedtls_ctr_drbg_random,
1180 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1181 mbedtls_ssl_conf_renegotiation(ks_ssl->
ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1188 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
1189 mbedtls_ssl_conf_cbc_record_splitting(ks_ssl->
ssl_config,
1190 MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED);
1206 mbedtls_ssl_conf_authmode(ks_ssl->
ssl_config, MBEDTLS_SSL_VERIFY_OPTIONAL);
1210 mbedtls_ssl_conf_authmode(ks_ssl->
ssl_config, MBEDTLS_SSL_VERIFY_REQUIRED);
1219 const int configured_tls_version_min =
1224 int major = MBEDTLS_SSL_MAJOR_VERSION_3;
1225 int minor = MBEDTLS_SSL_MINOR_VERSION_3;
1229 tls_version_to_major_minor(configured_tls_version_min, &major, &minor);
1232 mbedtls_ssl_conf_min_version(ks_ssl->
ssl_config, major, minor);
1237 const int configured_tls_version_max =
1246 tls_version_to_major_minor(configured_tls_version_max, &major, &minor);
1254 mbedtls_ssl_conf_max_version(ks_ssl->
ssl_config, major, minor);
1257 #if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
1259 mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->
ssl_config,
1260 mbedtls_ssl_export_keys_cb,
session);
1265 mbedtls_ssl_init(ks_ssl->
ctx);
1268 #if HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
1270 mbedtls_ssl_set_export_keys_cb(ks_ssl->
ctx, mbedtls_ssl_export_keys_cb,
session);
1275 mbedtls_ssl_set_bio(ks_ssl->
ctx, ks_ssl->
bio_ctx, ssl_bio_write,
1276 ssl_bio_read, NULL);
1288 mbedtls_ssl_free(ks_ssl->
ctx);
1341 retval = mbedtls_ssl_write(ks->
ctx, data, len);
1346 if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1351 "TLS ERROR: write tls_write_plaintext_const error");
1358 "TLS ERROR: write tls_write_plaintext_const incomplete %d/%d",
1397 if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1442 if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1447 "TLS ERROR: write tls_write_ciphertext error");
1451 if (retval != buf->
len)
1453 msg(
D_TLS_ERRORS,
"TLS ERROR: write tls_write_ciphertext incomplete %d/%d",
1489 retval = mbedtls_ssl_read(ks->
ctx,
BPTR(buf), len);
1494 if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1529 const mbedtls_x509_crt *cert;
1536 mbedtls_ssl_get_version(ks_ssl->
ctx),
1537 mbedtls_ssl_get_ciphersuite(ks_ssl->
ctx));
1539 cert = mbedtls_ssl_get_peer_cert(ks_ssl->
ctx);
1543 (
unsigned int) mbedtls_pk_get_bitlen(&cert->pk));
1551 const char *tls_cert_profile,
1560 const int *ciphers = mbedtls_ssl_list_ciphersuites();
1566 if (tls_ctx.allowed_ciphers)
1568 ciphers = tls_ctx.allowed_ciphers;
1571 while (*ciphers != 0)
1573 printf(
"%s\n", mbedtls_ssl_get_ciphersuite_name(*ciphers));
1582 const mbedtls_ecp_curve_info *pcurve = mbedtls_ecp_curve_list();
1586 msg(
M_FATAL,
"Cannot retrieve curve list from mbed TLS");
1590 printf(
"Available Elliptic curves, listed in order of preference:\n\n");
1591 while (MBEDTLS_ECP_DP_NONE != pcurve->grp_id)
1593 printf(
"%s\n", pcurve->name);
1601 const char *cipher_name;
1602 const int *ciphers = mbedtls_ssl_list_ciphersuites();
1605 msg(
M_FATAL,
"Cannot retrieve list of supported SSL ciphers.");
1608 cipher_name = mbedtls_ssl_get_ciphersuite_name(*ciphers);
1615 static char mbedtls_version[30];
1616 unsigned int pv = mbedtls_version_get_number();
1617 sprintf( mbedtls_version,
"mbed TLS %d.%d.%d",
1618 (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
1619 return mbedtls_version;