OpenVPN
ssl_mbedtls.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  * Copyright (C) 2006-2010, Brainspark B.V.
11  *
12  * This program is free software; you can redistribute it and/or modify
13  * it under the terms of the GNU General Public License version 2
14  * as published by the Free Software Foundation.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 
30 #ifdef HAVE_CONFIG_H
31 #include "config.h"
32 #elif defined(_MSC_VER)
33 #include "config-msvc.h"
34 #endif
35 
36 #include "syshead.h"
37 
38 #if defined(ENABLE_CRYPTO_MBEDTLS)
39 
40 #include "errlevel.h"
41 #include "ssl_backend.h"
42 #include "base64.h"
43 #include "buffer.h"
44 #include "misc.h"
45 #include "manage.h"
46 #include "pkcs11_backend.h"
47 #include "ssl_common.h"
48 
49 #include <mbedtls/havege.h>
50 
51 #include "ssl_verify_mbedtls.h"
52 #include <mbedtls/debug.h>
53 #include <mbedtls/error.h>
54 #include <mbedtls/version.h>
55 
56 #if MBEDTLS_VERSION_NUMBER >= 0x02040000
57  #include <mbedtls/net_sockets.h>
58 #else
59  #include <mbedtls/net.h>
60 #endif
61 
62 #include <mbedtls/oid.h>
63 #include <mbedtls/pem.h>
64 
65 static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_legacy =
66 {
67  /* Hashes from SHA-1 and above */
68  MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 )
69  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 )
70  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
71  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
72  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
73  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
74  0xFFFFFFF, /* Any PK alg */
75  0xFFFFFFF, /* Any curve */
76  1024, /* RSA-1024 and larger */
77 };
78 
79 static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_preferred =
80 {
81  /* SHA-2 and above */
82  MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
83  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
84  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
85  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
86  0xFFFFFFF, /* Any PK alg */
87  0xFFFFFFF, /* Any curve */
88  2048, /* RSA-2048 and larger */
89 };
90 
91 #define openvpn_x509_crt_profile_suiteb mbedtls_x509_crt_profile_suiteb;
92 
93 void
94 tls_init_lib(void)
95 {
96 }
97 
98 void
99 tls_free_lib(void)
100 {
101 }
102 
103 void
104 tls_clear_error(void)
105 {
106 }
107 
108 void
109 tls_ctx_server_new(struct tls_root_ctx *ctx)
110 {
111  ASSERT(NULL != ctx);
112  CLEAR(*ctx);
113 
114  ALLOC_OBJ_CLEAR(ctx->dhm_ctx, mbedtls_dhm_context);
115 
116  ALLOC_OBJ_CLEAR(ctx->ca_chain, mbedtls_x509_crt);
117 
118  ctx->endpoint = MBEDTLS_SSL_IS_SERVER;
119  ctx->initialised = true;
120 }
121 
122 void
123 tls_ctx_client_new(struct tls_root_ctx *ctx)
124 {
125  ASSERT(NULL != ctx);
126  CLEAR(*ctx);
127 
128  ALLOC_OBJ_CLEAR(ctx->dhm_ctx, mbedtls_dhm_context);
129  ALLOC_OBJ_CLEAR(ctx->ca_chain, mbedtls_x509_crt);
130 
131  ctx->endpoint = MBEDTLS_SSL_IS_CLIENT;
132  ctx->initialised = true;
133 }
134 
135 void
136 tls_ctx_free(struct tls_root_ctx *ctx)
137 {
138  if (ctx)
139  {
140  mbedtls_pk_free(ctx->priv_key);
141  if (ctx->priv_key)
142  {
143  free(ctx->priv_key);
144  }
145 
146  mbedtls_x509_crt_free(ctx->ca_chain);
147  if (ctx->ca_chain)
148  {
149  free(ctx->ca_chain);
150  }
151 
152  mbedtls_x509_crt_free(ctx->crt_chain);
153  if (ctx->crt_chain)
154  {
155  free(ctx->crt_chain);
156  }
157 
158  mbedtls_dhm_free(ctx->dhm_ctx);
159  if (ctx->dhm_ctx)
160  {
161  free(ctx->dhm_ctx);
162  }
163 
164  mbedtls_x509_crl_free(ctx->crl);
165  if (ctx->crl)
166  {
167  free(ctx->crl);
168  }
169 
170 #if defined(ENABLE_PKCS11)
171  pkcs11h_certificate_freeCertificate(ctx->pkcs11_cert);
172 #endif
173 
174  if (ctx->allowed_ciphers)
175  {
176  free(ctx->allowed_ciphers);
177  }
178 
179  CLEAR(*ctx);
180 
181  ctx->initialised = false;
182 
183  }
184 }
185 
186 bool
188 {
189  ASSERT(NULL != ctx);
190  return ctx->initialised;
191 }
192 
193 void
195  struct tls_session *session)
196 {
197 }
198 
199 bool
200 tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
201 {
202  return true;
203 }
204 
205 static const char *
206 tls_translate_cipher_name(const char *cipher_name)
207 {
208  const tls_cipher_name_pair *pair = tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
209 
210  if (NULL == pair)
211  {
212  /* No translation found, return original */
213  return cipher_name;
214  }
215 
216  if (0 != strcmp(cipher_name, pair->iana_name))
217  {
218  /* Deprecated name found, notify user */
219  msg(M_WARN, "Deprecated cipher suite name '%s', please use IANA name '%s'", pair->openssl_name, pair->iana_name);
220  }
221 
222  return pair->iana_name;
223 }
224 
225 void
226 tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
227 {
228  if (ciphers == NULL)
229  {
230  /* Nothing to do, return without warning message */
231  return;
232  }
233 
234  msg(M_WARN, "mbed TLS does not support setting tls-ciphersuites. "
235  "Ignoring TLS 1.3 cipher list: %s", ciphers);
236 }
237 
238 void
239 tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
240 {
241  char *tmp_ciphers, *tmp_ciphers_orig, *token;
242  int i, cipher_count;
243  int ciphers_len;
244 
245  if (NULL == ciphers)
246  {
247  return; /* Nothing to do */
248 
249  }
250  ciphers_len = strlen(ciphers);
251 
252  ASSERT(NULL != ctx);
253  ASSERT(0 != ciphers_len);
254 
255  /* Get number of ciphers */
256  for (i = 0, cipher_count = 1; i < ciphers_len; i++)
257  {
258  if (ciphers[i] == ':')
259  {
260  cipher_count++;
261  }
262  }
263 
264  /* Allocate an array for them */
265  ALLOC_ARRAY_CLEAR(ctx->allowed_ciphers, int, cipher_count+1)
266 
267  /* Parse allowed ciphers, getting IDs */
268  i = 0;
269  tmp_ciphers_orig = tmp_ciphers = string_alloc(ciphers, NULL);
270 
271  token = strtok(tmp_ciphers, ":");
272  while (token)
273  {
274  ctx->allowed_ciphers[i] = mbedtls_ssl_get_ciphersuite_id(
275  tls_translate_cipher_name(token));
276  if (0 != ctx->allowed_ciphers[i])
277  {
278  i++;
279  }
280  token = strtok(NULL, ":");
281  }
282  free(tmp_ciphers_orig);
283 }
284 
285 void
286 tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
287 {
288  if (!profile || 0 == strcmp(profile, "legacy"))
289  {
290  ctx->cert_profile = openvpn_x509_crt_profile_legacy;
291  }
292  else if (0 == strcmp(profile, "preferred"))
293  {
294  ctx->cert_profile = openvpn_x509_crt_profile_preferred;
295  }
296  else if (0 == strcmp(profile, "suiteb"))
297  {
298  ctx->cert_profile = openvpn_x509_crt_profile_suiteb;
299  }
300  else
301  {
302  msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
303  }
304 }
305 
306 void
307 tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
308 {
309  ASSERT(ctx);
310  if (ctx->crt_chain == NULL)
311  {
312  return; /* Nothing to check if there is no certificate */
313  }
314 
315  if (mbedtls_x509_time_is_future(&ctx->crt_chain->valid_from))
316  {
317  msg(M_WARN, "WARNING: Your certificate is not yet valid!");
318  }
319 
320  if (mbedtls_x509_time_is_past(&ctx->crt_chain->valid_to))
321  {
322  msg(M_WARN, "WARNING: Your certificate has expired!");
323  }
324 }
325 
326 void
327 tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
328  const char *dh_inline
329  )
330 {
331  if (!strcmp(dh_file, INLINE_FILE_TAG) && dh_inline)
332  {
333  if (!mbed_ok(mbedtls_dhm_parse_dhm(ctx->dhm_ctx,
334  (const unsigned char *) dh_inline, strlen(dh_inline)+1)))
335  {
336  msg(M_FATAL, "Cannot read inline DH parameters");
337  }
338  }
339  else
340  {
341  if (!mbed_ok(mbedtls_dhm_parse_dhmfile(ctx->dhm_ctx, dh_file)))
342  {
343  msg(M_FATAL, "Cannot read DH parameters from file %s", dh_file);
344  }
345  }
346 
347  msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with " counter_format " bit key",
348  (counter_type) 8 * mbedtls_mpi_size(&ctx->dhm_ctx->P));
349 }
350 
351 void
352 tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
353  )
354 {
355  if (NULL != curve_name)
356  {
357  msg(M_WARN, "WARNING: mbed TLS builds do not support specifying an ECDH "
358  "curve, using default curves.");
359  }
360 }
361 
362 int
363 tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
364  const char *pkcs12_file_inline,
365  bool load_ca_file
366  )
367 {
368  msg(M_FATAL, "PKCS #12 files not yet supported for mbed TLS.");
369  return 0;
370 }
371 
372 #ifdef ENABLE_CRYPTOAPI
373 void
374 tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
375 {
376  msg(M_FATAL, "Windows CryptoAPI not yet supported for mbed TLS.");
377 }
378 #endif /* _WIN32 */
379 
380 void
381 tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file,
382  const char *cert_inline
383  )
384 {
385  ASSERT(NULL != ctx);
386 
387  if (!ctx->crt_chain)
388  {
389  ALLOC_OBJ_CLEAR(ctx->crt_chain, mbedtls_x509_crt);
390  }
391 
392  if (!strcmp(cert_file, INLINE_FILE_TAG) && cert_inline)
393  {
394  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->crt_chain,
395  (const unsigned char *) cert_inline, strlen(cert_inline)+1)))
396  {
397  msg(M_FATAL, "Cannot load inline certificate file");
398  }
399  }
400  else
401  {
402  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->crt_chain, cert_file)))
403  {
404  msg(M_FATAL, "Cannot load certificate file %s", cert_file);
405  }
406  }
407 }
408 
409 int
410 tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
411  const char *priv_key_inline
412  )
413 {
414  int status;
415  ASSERT(NULL != ctx);
416 
417  if (!ctx->priv_key)
418  {
419  ALLOC_OBJ_CLEAR(ctx->priv_key, mbedtls_pk_context);
420  }
421 
422  if (!strcmp(priv_key_file, INLINE_FILE_TAG) && priv_key_inline)
423  {
424  status = mbedtls_pk_parse_key(ctx->priv_key,
425  (const unsigned char *) priv_key_inline, strlen(priv_key_inline)+1,
426  NULL, 0);
427 
428  if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED == status)
429  {
430  char passbuf[512] = {0};
431  pem_password_callback(passbuf, 512, 0, NULL);
432  status = mbedtls_pk_parse_key(ctx->priv_key,
433  (const unsigned char *) priv_key_inline,
434  strlen(priv_key_inline)+1, (unsigned char *) passbuf,
435  strlen(passbuf));
436  }
437  }
438  else
439  {
440  status = mbedtls_pk_parse_keyfile(ctx->priv_key, priv_key_file, NULL);
441  if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED == status)
442  {
443  char passbuf[512] = {0};
444  pem_password_callback(passbuf, 512, 0, NULL);
445  status = mbedtls_pk_parse_keyfile(ctx->priv_key, priv_key_file, passbuf);
446  }
447  }
448  if (!mbed_ok(status))
449  {
450 #ifdef ENABLE_MANAGEMENT
451  if (management && (MBEDTLS_ERR_PK_PASSWORD_MISMATCH == status))
452  {
454  }
455 #endif
456  msg(M_WARN, "Cannot load private key file %s", priv_key_file);
457  return 1;
458  }
459 
460  if (!mbed_ok(mbedtls_pk_check_pair(&ctx->crt_chain->pk, ctx->priv_key)))
461  {
462  msg(M_WARN, "Private key does not match the certificate");
463  return 1;
464  }
465 
466  return 0;
467 }
468 
488 static inline int
489 external_pkcs1_sign( void *ctx_voidptr,
490  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode,
491  mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash,
492  unsigned char *sig )
493 {
494  struct external_context *const ctx = ctx_voidptr;
495  int rv;
496  uint8_t *to_sign = NULL;
497  size_t asn_len = 0, oid_size = 0;
498  const char *oid = NULL;
499 
500  if (NULL == ctx)
501  {
502  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
503  }
504 
505  if (MBEDTLS_RSA_PRIVATE != mode)
506  {
507  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
508  }
509 
510  /*
511  * Support a wide range of hashes. TLSv1.1 and before only need SIG_RSA_RAW,
512  * but TLSv1.2 needs the full suite of hashes.
513  *
514  * This code has been taken from mbed TLS pkcs11_sign(), under the GPLv2.0+.
515  */
516  if (md_alg != MBEDTLS_MD_NONE)
517  {
518  const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
519  if (md_info == NULL)
520  {
521  return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
522  }
523 
524  if (!mbed_ok(mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size )))
525  {
526  return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
527  }
528 
529  hashlen = mbedtls_md_get_size( md_info );
530  asn_len = 10 + oid_size;
531  }
532 
533  if ((SIZE_MAX - hashlen) < asn_len
534  || ctx->signature_length < (asn_len + hashlen))
535  {
536  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
537  }
538 
539  ALLOC_ARRAY_CLEAR(to_sign, uint8_t, asn_len + hashlen);
540  uint8_t *p = to_sign;
541  if (md_alg != MBEDTLS_MD_NONE)
542  {
543  /*
544  * DigestInfo ::= SEQUENCE {
545  * digestAlgorithm DigestAlgorithmIdentifier,
546  * digest Digest }
547  *
548  * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
549  *
550  * Digest ::= OCTET STRING
551  */
552  *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
553  *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
554  *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
555  *p++ = (unsigned char) ( 0x04 + oid_size );
556  *p++ = MBEDTLS_ASN1_OID;
557  *p++ = oid_size & 0xFF;
558  memcpy( p, oid, oid_size );
559  p += oid_size;
560  *p++ = MBEDTLS_ASN1_NULL;
561  *p++ = 0x00;
562  *p++ = MBEDTLS_ASN1_OCTET_STRING;
563  *p++ = hashlen;
564 
565  /* Double-check ASN length */
566  ASSERT(asn_len == p - to_sign);
567  }
568 
569  /* Copy the hash to be signed */
570  memcpy(p, hash, hashlen);
571 
572  /* Call external signature function */
573  if (!ctx->sign(ctx->sign_ctx, to_sign, asn_len + hashlen, sig,
574  ctx->signature_length))
575  {
576  rv = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
577  goto done;
578  }
579 
580  rv = 0;
581 
582 done:
583  free(to_sign);
584  return rv;
585 }
586 
587 static inline size_t
588 external_key_len(void *vctx)
589 {
590  struct external_context *const ctx = vctx;
591 
592  return ctx->signature_length;
593 }
594 
595 int
597  external_sign_func sign_func, void *sign_ctx)
598 {
599  ASSERT(NULL != ctx);
600 
601  if (ctx->crt_chain == NULL)
602  {
603  msg(M_WARN, "ERROR: external key requires a certificate.");
604  return 1;
605  }
606 
607  if (mbedtls_pk_get_type(&ctx->crt_chain->pk) != MBEDTLS_PK_RSA)
608  {
609  msg(M_WARN, "ERROR: external key with mbed TLS requires a "
610  "certificate with an RSA key.");
611  return 1;
612  }
613 
614  ctx->external_key.signature_length = mbedtls_pk_get_len(&ctx->crt_chain->pk);
615  ctx->external_key.sign = sign_func;
617 
618  ALLOC_OBJ_CLEAR(ctx->priv_key, mbedtls_pk_context);
619  if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, &ctx->external_key,
620  NULL, external_pkcs1_sign, external_key_len)))
621  {
622  return 1;
623  }
624 
625  return 0;
626 }
627 
628 #ifdef ENABLE_MANAGEMENT
629 
631 static bool
632 management_sign_func(void *sign_ctx, const void *src, size_t src_len,
633  void *dst, size_t dst_len)
634 {
635  bool ret = false;
636  char *src_b64 = NULL;
637  char *dst_b64 = NULL;
638 
639  if (!management || (openvpn_base64_encode(src, src_len, &src_b64) <= 0))
640  {
641  goto cleanup;
642  }
643 
644  if (!(dst_b64 = management_query_pk_sig(management, src_b64)))
645  {
646  goto cleanup;
647  }
648 
649  if (openvpn_base64_decode(dst_b64, dst, dst_len) != dst_len)
650  {
651  goto cleanup;
652  }
653 
654  ret = true;
655 cleanup:
656  free(src_b64);
657  free(dst_b64);
658 
659  return ret;
660 }
661 
662 int
664 {
665  return tls_ctx_use_external_signing_func(ctx, management_sign_func, NULL);
666 }
667 
668 #endif /* ifdef ENABLE_MANAGEMENT */
669 
670 void
671 tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file,
672  const char *ca_inline, const char *ca_path, bool tls_server
673  )
674 {
675  if (ca_path)
676  {
677  msg(M_FATAL, "ERROR: mbed TLS cannot handle the capath directive");
678  }
679 
680  if (ca_file && !strcmp(ca_file, INLINE_FILE_TAG) && ca_inline)
681  {
682  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->ca_chain,
683  (const unsigned char *) ca_inline, strlen(ca_inline)+1)))
684  {
685  msg(M_FATAL, "Cannot load inline CA certificates");
686  }
687  }
688  else
689  {
690  /* Load CA file for verifying peer supplied certificate */
691  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->ca_chain, ca_file)))
692  {
693  msg(M_FATAL, "Cannot load CA certificate file %s", ca_file);
694  }
695  }
696 }
697 
698 void
699 tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
700  const char *extra_certs_inline
701  )
702 {
703  ASSERT(NULL != ctx);
704 
705  if (!ctx->crt_chain)
706  {
707  ALLOC_OBJ_CLEAR(ctx->crt_chain, mbedtls_x509_crt);
708  }
709 
710  if (!strcmp(extra_certs_file, INLINE_FILE_TAG) && extra_certs_inline)
711  {
712  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->crt_chain,
713  (const unsigned char *) extra_certs_inline,
714  strlen(extra_certs_inline)+1)))
715  {
716  msg(M_FATAL, "Cannot load inline extra-certs file");
717  }
718  }
719  else
720  {
721  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->crt_chain, extra_certs_file)))
722  {
723  msg(M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file);
724  }
725  }
726 }
727 
728 /* **************************************
729  *
730  * Key-state specific functions
731  *
732  ***************************************/
733 
734 /*
735  * "Endless buffer"
736  */
737 
738 static inline void
739 buf_free_entry(buffer_entry *entry)
740 {
741  if (NULL != entry)
742  {
743  free(entry->data);
744  free(entry);
745  }
746 }
747 
748 static void
749 buf_free_entries(endless_buffer *buf)
750 {
751  while (buf->first_block)
752  {
753  buffer_entry *cur_block = buf->first_block;
754  buf->first_block = cur_block->next_block;
755  buf_free_entry(cur_block);
756  }
757  buf->last_block = NULL;
758 }
759 
760 static int
761 endless_buf_read( endless_buffer *in, unsigned char *out, size_t out_len )
762 {
763  size_t read_len = 0;
764 
765  if (in->first_block == NULL)
766  {
767  return MBEDTLS_ERR_SSL_WANT_READ;
768  }
769 
770  while (in->first_block != NULL && read_len < out_len)
771  {
772  int block_len = in->first_block->length - in->data_start;
773  if (block_len <= out_len - read_len)
774  {
775  buffer_entry *cur_entry = in->first_block;
776  memcpy(out + read_len, cur_entry->data + in->data_start,
777  block_len);
778 
779  read_len += block_len;
780 
781  in->first_block = cur_entry->next_block;
782  in->data_start = 0;
783 
784  if (in->first_block == NULL)
785  {
786  in->last_block = NULL;
787  }
788 
789  buf_free_entry(cur_entry);
790  }
791  else
792  {
793  memcpy(out + read_len, in->first_block->data + in->data_start,
794  out_len - read_len);
795  in->data_start += out_len - read_len;
796  read_len = out_len;
797  }
798  }
799 
800  return read_len;
801 }
802 
803 static int
804 endless_buf_write( endless_buffer *out, const unsigned char *in, size_t len )
805 {
806  buffer_entry *new_block = malloc(sizeof(buffer_entry));
807  if (NULL == new_block)
808  {
809  return MBEDTLS_ERR_NET_SEND_FAILED;
810  }
811 
812  new_block->data = malloc(len);
813  if (NULL == new_block->data)
814  {
815  free(new_block);
816  return MBEDTLS_ERR_NET_SEND_FAILED;
817  }
818 
819  new_block->length = len;
820  new_block->next_block = NULL;
821 
822  memcpy(new_block->data, in, len);
823 
824  if (NULL == out->first_block)
825  {
826  out->first_block = new_block;
827  }
828 
829  if (NULL != out->last_block)
830  {
831  out->last_block->next_block = new_block;
832  }
833 
834  out->last_block = new_block;
835 
836  return len;
837 }
838 
839 static int
840 ssl_bio_read( void *ctx, unsigned char *out, size_t out_len)
841 {
842  bio_ctx *my_ctx = (bio_ctx *) ctx;
843  return endless_buf_read(&my_ctx->in, out, out_len);
844 }
845 
846 static int
847 ssl_bio_write( void *ctx, const unsigned char *in, size_t in_len)
848 {
849  bio_ctx *my_ctx = (bio_ctx *) ctx;
850  return endless_buf_write(&my_ctx->out, in, in_len);
851 }
852 
853 static void
854 my_debug( void *ctx, int level, const char *file, int line,
855  const char *str )
856 {
857  int my_loglevel = (level < 3) ? D_TLS_DEBUG_MED : D_TLS_DEBUG;
858  msg(my_loglevel, "mbed TLS msg (%s:%d): %s", file, line, str);
859 }
860 
861 /*
862  * Further personalise the RNG using a hash of the public key
863  */
864 void
865 tls_ctx_personalise_random(struct tls_root_ctx *ctx)
866 {
867  static char old_sha256_hash[32] = {0};
868  unsigned char sha256_hash[32] = {0};
869  mbedtls_ctr_drbg_context *cd_ctx = rand_ctx_get();
870 
871  if (NULL != ctx->crt_chain)
872  {
873  const md_kt_t *sha256_kt = md_kt_get("SHA256");
874  mbedtls_x509_crt *cert = ctx->crt_chain;
875 
876  if (!md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
877  {
878  msg(M_WARN, "WARNING: failed to personalise random");
879  }
880 
881  if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
882  {
883  mbedtls_ctr_drbg_update(cd_ctx, sha256_hash, 32);
884  memcpy(old_sha256_hash, sha256_hash, sizeof(old_sha256_hash));
885  }
886  }
887 }
888 
889 int
890 tls_version_max(void)
891 {
892 #if defined(MBEDTLS_SSL_MAJOR_VERSION_3) && defined(MBEDTLS_SSL_MINOR_VERSION_3)
893  return TLS_VER_1_2;
894 #elif defined(MBEDTLS_SSL_MAJOR_VERSION_3) && defined(MBEDTLS_SSL_MINOR_VERSION_2)
895  return TLS_VER_1_1;
896 #else
897  return TLS_VER_1_0;
898 #endif
899 }
900 
911 static void
912 tls_version_to_major_minor(int tls_ver, int *major, int *minor)
913 {
914  ASSERT(major);
915  ASSERT(minor);
916 
917  switch (tls_ver)
918  {
919  case TLS_VER_1_0:
920  *major = MBEDTLS_SSL_MAJOR_VERSION_3;
921  *minor = MBEDTLS_SSL_MINOR_VERSION_1;
922  break;
923 
924  case TLS_VER_1_1:
925  *major = MBEDTLS_SSL_MAJOR_VERSION_3;
926  *minor = MBEDTLS_SSL_MINOR_VERSION_2;
927  break;
928 
929  case TLS_VER_1_2:
930  *major = MBEDTLS_SSL_MAJOR_VERSION_3;
931  *minor = MBEDTLS_SSL_MINOR_VERSION_3;
932  break;
933 
934  default:
935  msg(M_FATAL, "%s: invalid TLS version %d", __func__, tls_ver);
936  break;
937  }
938 }
939 
940 void
941 backend_tls_ctx_reload_crl(struct tls_root_ctx *ctx, const char *crl_file,
942  const char *crl_inline)
943 {
944  ASSERT(crl_file);
945 
946  if (ctx->crl == NULL)
947  {
948  ALLOC_OBJ_CLEAR(ctx->crl, mbedtls_x509_crl);
949  }
950  mbedtls_x509_crl_free(ctx->crl);
951 
952  if (!strcmp(crl_file, INLINE_FILE_TAG) && crl_inline)
953  {
954  if (!mbed_ok(mbedtls_x509_crl_parse(ctx->crl,
955  (const unsigned char *)crl_inline, strlen(crl_inline)+1)))
956  {
957  msg(M_WARN, "CRL: cannot parse inline CRL");
958  goto err;
959  }
960  }
961  else
962  {
963  if (!mbed_ok(mbedtls_x509_crl_parse_file(ctx->crl, crl_file)))
964  {
965  msg(M_WARN, "CRL: cannot read CRL from file %s", crl_file);
966  goto err;
967  }
968  }
969  return;
970 
971 err:
972  mbedtls_x509_crl_free(ctx->crl);
973 }
974 
975 void
976 key_state_ssl_init(struct key_state_ssl *ks_ssl,
977  const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
978 {
979  ASSERT(NULL != ssl_ctx);
980  ASSERT(ks_ssl);
981  CLEAR(*ks_ssl);
982 
983  /* Initialise SSL config */
984  mbedtls_ssl_config_init(&ks_ssl->ssl_config);
985  mbedtls_ssl_config_defaults(&ks_ssl->ssl_config, ssl_ctx->endpoint,
986  MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
987 #ifdef MBEDTLS_DEBUG_C
988  mbedtls_debug_set_threshold(3);
989 #endif
990  mbedtls_ssl_conf_dbg(&ks_ssl->ssl_config, my_debug, NULL);
991  mbedtls_ssl_conf_rng(&ks_ssl->ssl_config, mbedtls_ctr_drbg_random,
992  rand_ctx_get());
993 
994  mbedtls_ssl_conf_cert_profile(&ks_ssl->ssl_config, &ssl_ctx->cert_profile);
995 
996  if (ssl_ctx->allowed_ciphers)
997  {
998  mbedtls_ssl_conf_ciphersuites(&ks_ssl->ssl_config, ssl_ctx->allowed_ciphers);
999  }
1000 
1001  /* Disable record splitting (for now). OpenVPN assumes records are sent
1002  * unfragmented, and changing that will require thorough review and
1003  * testing. Since OpenVPN is not susceptible to BEAST, we can just
1004  * disable record splitting as a quick fix. */
1005 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
1006  mbedtls_ssl_conf_cbc_record_splitting(&ks_ssl->ssl_config,
1007  MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED);
1008 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
1009 
1010  /* Initialise authentication information */
1011  if (is_server)
1012  {
1013  mbed_ok(mbedtls_ssl_conf_dh_param_ctx(&ks_ssl->ssl_config,
1014  ssl_ctx->dhm_ctx));
1015  }
1016 
1017  mbed_ok(mbedtls_ssl_conf_own_cert(&ks_ssl->ssl_config, ssl_ctx->crt_chain,
1018  ssl_ctx->priv_key));
1019 
1020  /* Initialise SSL verification */
1021 #if P2MP_SERVER
1022  if (session->opt->ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
1023  {
1024  mbedtls_ssl_conf_authmode(&ks_ssl->ssl_config, MBEDTLS_SSL_VERIFY_OPTIONAL);
1025  }
1026  else if (!(session->opt->ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED))
1027 #endif
1028  {
1029  mbedtls_ssl_conf_authmode(&ks_ssl->ssl_config, MBEDTLS_SSL_VERIFY_REQUIRED);
1030  }
1031  mbedtls_ssl_conf_verify(&ks_ssl->ssl_config, verify_callback, session);
1032 
1033  /* TODO: mbed TLS does not currently support sending the CA chain to the client */
1034  mbedtls_ssl_conf_ca_chain(&ks_ssl->ssl_config, ssl_ctx->ca_chain, ssl_ctx->crl);
1035 
1036  /* Initialize minimum TLS version */
1037  {
1038  const int tls_version_min =
1041 
1042  /* default to TLS 1.0 */
1043  int major = MBEDTLS_SSL_MAJOR_VERSION_3;
1044  int minor = MBEDTLS_SSL_MINOR_VERSION_1;
1045 
1046  if (tls_version_min > TLS_VER_UNSPEC)
1047  {
1048  tls_version_to_major_minor(tls_version_min, &major, &minor);
1049  }
1050 
1051  mbedtls_ssl_conf_min_version(&ks_ssl->ssl_config, major, minor);
1052  }
1053 
1054  /* Initialize maximum TLS version */
1055  {
1056  const int tls_version_max =
1059 
1060  if (tls_version_max > TLS_VER_UNSPEC)
1061  {
1062  int major, minor;
1063  tls_version_to_major_minor(tls_version_max, &major, &minor);
1064  mbedtls_ssl_conf_max_version(&ks_ssl->ssl_config, major, minor);
1065  }
1066  }
1067 
1068  /* Initialise SSL context */
1069  ALLOC_OBJ_CLEAR(ks_ssl->ctx, mbedtls_ssl_context);
1070  mbedtls_ssl_init(ks_ssl->ctx);
1071  mbedtls_ssl_setup(ks_ssl->ctx, &ks_ssl->ssl_config);
1072 
1073  /* Initialise BIOs */
1074  CLEAR(ks_ssl->bio_ctx);
1075  mbedtls_ssl_set_bio(ks_ssl->ctx, &ks_ssl->bio_ctx, ssl_bio_write,
1076  ssl_bio_read, NULL);
1077 }
1078 
1079 void
1080 key_state_ssl_free(struct key_state_ssl *ks_ssl)
1081 {
1082  if (ks_ssl)
1083  {
1084  if (ks_ssl->ctx)
1085  {
1086  mbedtls_ssl_free(ks_ssl->ctx);
1087  free(ks_ssl->ctx);
1088  }
1089  mbedtls_ssl_config_free(&ks_ssl->ssl_config);
1090  buf_free_entries(&ks_ssl->bio_ctx.in);
1091  buf_free_entries(&ks_ssl->bio_ctx.out);
1092  CLEAR(*ks_ssl);
1093  }
1094 }
1095 
1096 int
1097 key_state_write_plaintext(struct key_state_ssl *ks, struct buffer *buf)
1098 {
1099  int retval = 0;
1100 
1101  ASSERT(buf);
1102 
1103  retval = key_state_write_plaintext_const(ks, BPTR(buf), BLEN(buf));
1104 
1105  if (1 == retval)
1106  {
1107  memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
1108  buf->len = 0;
1109  }
1110 
1111  return retval;
1112 }
1113 
1114 int
1115 key_state_write_plaintext_const(struct key_state_ssl *ks, const uint8_t *data, int len)
1116 {
1117  int retval = 0;
1119 
1120  ASSERT(NULL != ks);
1121  ASSERT(len >= 0);
1122 
1123  if (0 == len)
1124  {
1125  perf_pop();
1126  return 0;
1127  }
1128 
1129  ASSERT(data);
1130 
1131  retval = mbedtls_ssl_write(ks->ctx, data, len);
1132 
1133  if (retval < 0)
1134  {
1135  perf_pop();
1136  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1137  {
1138  return 0;
1139  }
1140  mbed_log_err(D_TLS_ERRORS, retval,
1141  "TLS ERROR: write tls_write_plaintext_const error");
1142  return -1;
1143  }
1144 
1145  if (retval != len)
1146  {
1147  msg(D_TLS_ERRORS,
1148  "TLS ERROR: write tls_write_plaintext_const incomplete %d/%d",
1149  retval, len);
1150  perf_pop();
1151  return -1;
1152  }
1153 
1154  /* successful write */
1155  dmsg(D_HANDSHAKE_VERBOSE, "write tls_write_plaintext_const %d bytes", retval);
1156 
1157  perf_pop();
1158  return 1;
1159 }
1160 
1161 int
1162 key_state_read_ciphertext(struct key_state_ssl *ks, struct buffer *buf,
1163  int maxlen)
1164 {
1165  int retval = 0;
1166  int len = 0;
1167 
1169 
1170  ASSERT(NULL != ks);
1171  ASSERT(buf);
1172  ASSERT(buf->len >= 0);
1173 
1174  if (buf->len)
1175  {
1176  perf_pop();
1177  return 0;
1178  }
1179 
1180  len = buf_forward_capacity(buf);
1181  if (maxlen < len)
1182  {
1183  len = maxlen;
1184  }
1185 
1186  retval = endless_buf_read(&ks->bio_ctx.out, BPTR(buf), len);
1187 
1188  /* Error during read, check for retry error */
1189  if (retval < 0)
1190  {
1191  perf_pop();
1192  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1193  {
1194  return 0;
1195  }
1196  mbed_log_err(D_TLS_ERRORS, retval, "TLS_ERROR: read tls_read_ciphertext error");
1197  buf->len = 0;
1198  return -1;
1199  }
1200  /* Nothing read, try again */
1201  if (0 == retval)
1202  {
1203  buf->len = 0;
1204  perf_pop();
1205  return 0;
1206  }
1207 
1208  /* successful read */
1209  dmsg(D_HANDSHAKE_VERBOSE, "read tls_read_ciphertext %d bytes", retval);
1210  buf->len = retval;
1211  perf_pop();
1212  return 1;
1213 }
1214 
1215 int
1216 key_state_write_ciphertext(struct key_state_ssl *ks, struct buffer *buf)
1217 {
1218  int retval = 0;
1220 
1221  ASSERT(NULL != ks);
1222  ASSERT(buf);
1223  ASSERT(buf->len >= 0);
1224 
1225  if (0 == buf->len)
1226  {
1227  perf_pop();
1228  return 0;
1229  }
1230 
1231  retval = endless_buf_write(&ks->bio_ctx.in, BPTR(buf), buf->len);
1232 
1233  if (retval < 0)
1234  {
1235  perf_pop();
1236 
1237  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1238  {
1239  return 0;
1240  }
1241  mbed_log_err(D_TLS_ERRORS, retval,
1242  "TLS ERROR: write tls_write_ciphertext error");
1243  return -1;
1244  }
1245 
1246  if (retval != buf->len)
1247  {
1248  msg(D_TLS_ERRORS, "TLS ERROR: write tls_write_ciphertext incomplete %d/%d",
1249  retval, buf->len);
1250  perf_pop();
1251  return -1;
1252  }
1253 
1254  /* successful write */
1255  dmsg(D_HANDSHAKE_VERBOSE, "write tls_write_ciphertext %d bytes", retval);
1256 
1257  memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
1258  buf->len = 0;
1259 
1260  perf_pop();
1261  return 1;
1262 }
1263 
1264 int
1265 key_state_read_plaintext(struct key_state_ssl *ks, struct buffer *buf,
1266  int maxlen)
1267 {
1268  int retval = 0;
1269  int len = 0;
1270 
1272 
1273  ASSERT(NULL != ks);
1274  ASSERT(buf);
1275  ASSERT(buf->len >= 0);
1276 
1277  if (buf->len)
1278  {
1279  perf_pop();
1280  return 0;
1281  }
1282 
1283  len = buf_forward_capacity(buf);
1284  if (maxlen < len)
1285  {
1286  len = maxlen;
1287  }
1288 
1289  retval = mbedtls_ssl_read(ks->ctx, BPTR(buf), len);
1290 
1291  /* Error during read, check for retry error */
1292  if (retval < 0)
1293  {
1294  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1295  {
1296  return 0;
1297  }
1298  mbed_log_err(D_TLS_ERRORS, retval, "TLS_ERROR: read tls_read_plaintext error");
1299  buf->len = 0;
1300  perf_pop();
1301  return -1;
1302  }
1303  /* Nothing read, try again */
1304  if (0 == retval)
1305  {
1306  buf->len = 0;
1307  perf_pop();
1308  return 0;
1309  }
1310 
1311  /* successful read */
1312  dmsg(D_HANDSHAKE_VERBOSE, "read tls_read_plaintext %d bytes", retval);
1313  buf->len = retval;
1314 
1315  perf_pop();
1316  return 1;
1317 }
1318 
1319 /* **************************************
1320  *
1321  * Information functions
1322  *
1323  * Print information for the end user.
1324  *
1325  ***************************************/
1326 void
1327 print_details(struct key_state_ssl *ks_ssl, const char *prefix)
1328 {
1329  const mbedtls_x509_crt *cert;
1330  char s1[256];
1331  char s2[256];
1332 
1333  s1[0] = s2[0] = 0;
1334  openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s",
1335  prefix,
1336  mbedtls_ssl_get_version(ks_ssl->ctx),
1337  mbedtls_ssl_get_ciphersuite(ks_ssl->ctx));
1338 
1339  cert = mbedtls_ssl_get_peer_cert(ks_ssl->ctx);
1340  if (cert != NULL)
1341  {
1342  openvpn_snprintf(s2, sizeof(s2), ", %u bit key",
1343  (unsigned int) mbedtls_pk_get_bitlen(&cert->pk));
1344  }
1345 
1346  msg(D_HANDSHAKE, "%s%s", s1, s2);
1347 }
1348 
1349 void
1350 show_available_tls_ciphers_list(const char *cipher_list,
1351  const char *tls_cert_profile,
1352  bool tls13)
1353 {
1354  if (tls13)
1355  {
1356  /* mbed TLS has no TLS 1.3 support currently */
1357  return;
1358  }
1359  struct tls_root_ctx tls_ctx;
1360  const int *ciphers = mbedtls_ssl_list_ciphersuites();
1361 
1362  tls_ctx_server_new(&tls_ctx);
1363  tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
1364  tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
1365 
1366  if (tls_ctx.allowed_ciphers)
1367  {
1368  ciphers = tls_ctx.allowed_ciphers;
1369  }
1370 
1371  while (*ciphers != 0)
1372  {
1373  printf("%s\n", mbedtls_ssl_get_ciphersuite_name(*ciphers));
1374  ciphers++;
1375  }
1376  tls_ctx_free(&tls_ctx);
1377 }
1378 
1379 void
1381 {
1382  const mbedtls_ecp_curve_info *pcurve = mbedtls_ecp_curve_list();
1383 
1384  if (NULL == pcurve)
1385  {
1386  msg(M_FATAL, "Cannot retrieve curve list from mbed TLS");
1387  }
1388 
1389  /* Print curve list */
1390  printf("Available Elliptic curves, listed in order of preference:\n\n");
1391  while (MBEDTLS_ECP_DP_NONE != pcurve->grp_id)
1392  {
1393  printf("%s\n", pcurve->name);
1394  pcurve++;
1395  }
1396 }
1397 
1398 void
1399 get_highest_preference_tls_cipher(char *buf, int size)
1400 {
1401  const char *cipher_name;
1402  const int *ciphers = mbedtls_ssl_list_ciphersuites();
1403  if (*ciphers == 0)
1404  {
1405  msg(M_FATAL, "Cannot retrieve list of supported SSL ciphers.");
1406  }
1407 
1408  cipher_name = mbedtls_ssl_get_ciphersuite_name(*ciphers);
1409  strncpynt(buf, cipher_name, size);
1410 }
1411 
1412 const char *
1414 {
1415  static char mbedtls_version[30];
1416  unsigned int pv = mbedtls_version_get_number();
1417  sprintf( mbedtls_version, "mbed TLS %d.%d.%d",
1418  (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
1419  return mbedtls_version;
1420 }
1421 
1422 #endif /* defined(ENABLE_CRYPTO_MBEDTLS) */
int md_full(const md_kt_t *kt, const uint8_t *src, int src_len, uint8_t *dst)
bool initialised
True if the context has been initialised.
Definition: ssl_mbedtls.h:91
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, const char *pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context...
Definition: ssl_openssl.c:700
buffer_entry * last_block
Definition: ssl_mbedtls.h:52
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:348
#define D_TLS_DEBUG_LOW
Definition: errlevel.h:77
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Definition: ssl_openssl.c:829
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:688
#define D_TLS_DEBUG
Definition: errlevel.h:160
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:617
mbedtls_x509_crt * crt_chain
Local Certificate chain.
Definition: ssl_mbedtls.h:96
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition: ssl_openssl.c:1871
struct tls_options * opt
Definition: ssl_common.h:411
#define PERF_BIO_WRITE_CIPHERTEXT
Definition: perf.h:41
#define dmsg
Definition: error.h:174
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition: manage.c:2983
external_sign_func sign
Definition: ssl_mbedtls.h:80
#define D_TLS_ERRORS
Definition: errlevel.h:59
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user&#39;s password.
Definition: ssl.c:381
endless_buffer out
Definition: ssl_mbedtls.h:57
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition: ssl_openssl.c:1838
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, const char *crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition: ssl_openssl.c:997
mbedtls_ssl_context * ctx
mbedTLS connection context
Definition: ssl_mbedtls.h:112
static void perf_pop(void)
Definition: perf.h:82
static void perf_push(int type)
Definition: perf.h:78
#define PERF_BIO_READ_PLAINTEXT
Definition: perf.h:38
void key_state_export_keying_material(struct key_state_ssl *ks_ssl, struct tls_session *session) __attribute__((nonnull))
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition: ssl_openssl.c:149
#define TLS_VER_1_1
Definition: ssl_backend.h:115
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition: ssl_openssl.c:1853
#define ASSERT(x)
Definition: error.h:221
mbedtls_pk_context * priv_key
Local private key.
Definition: ssl_mbedtls.h:98
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition: ssl_openssl.c:90
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition: ssl_common.h:340
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition: ssl_openssl.c:2133
int * allowed_ciphers
List of allowed ciphers for this connection.
Definition: ssl_mbedtls.h:106
char * management_query_pk_sig(struct management *man, const char *b64_data)
Definition: manage.c:3642
buffer_entry * first_block
Definition: ssl_mbedtls.h:51
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition: ssl_openssl.c:118
#define TLS_VER_1_2
Definition: ssl_backend.h:116
Context used by external_pkcs1_sign()
Definition: ssl_mbedtls.h:78
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition: ssl_openssl.c:488
void get_highest_preference_tls_cipher(char *buf, int size)
Definition: ssl_openssl.c:2108
#define CLEAR(x)
Definition: basic.h:33
#define BPTR(buf)
Definition: buffer.h:124
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Definition: ssl_openssl.c:1937
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:299
mbedtls_x509_crt * ca_chain
CA chain for remote verification.
Definition: ssl_mbedtls.h:97
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition: ssl_common.h:348
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition: ssl_openssl.c:131
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition: ssl_openssl.c:1798
const char * iana_name
Definition: ssl_backend.h:62
#define counter_format
Definition: common.h:39
#define PERF_BIO_READ_CIPHERTEXT
Definition: perf.h:40
#define mbed_ok(errval)
Check errval and log on error.
#define malloc
Definition: cmocka.c:1795
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, const char *extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1571
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1050
#define SSLF_TLS_VERSION_MIN_MASK
Definition: ssl_common.h:347
#define INLINE_FILE_TAG
Definition: common.h:95
int openvpn_base64_decode(const char *str, void *data, int size)
Definition: base64.c:160
static struct user_pass passbuf
Definition: ssl.c:369
mbedtls_md_info_t md_kt_t
Generic message digest key type context.
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition: ssl_openssl.c:142
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below...
Definition: ssl_openssl.c:397
#define PERF_BIO_WRITE_PLAINTEXT
Definition: perf.h:39
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher...
Definition: ssl_openssl.c:459
mbedtls_x509_crl * crl
Certificate Revocation List.
Definition: ssl_mbedtls.h:99
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition: ssl_openssl.c:105
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract plaintext data from the TLS module.
Definition: ssl_openssl.c:1915
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer&#39;s certificate allows setting up a VPN tunnel. ...
static SERVICE_STATUS status
Definition: automatic.c:43
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:562
bool(* external_sign_func)(void *sign_ctx, const void *src, size_t src_size, void *dst, size_t dst_size)
External signing function prototype.
Definition: ssl_mbedtls.h:73
const md_kt_t * md_kt_get(const char *digest)
Return message digest parameters, based on the given digest name.
unsigned int counter_type
Definition: common.h:38
#define TLS_VER_UNSPEC
Definition: ssl_backend.h:113
#define msg
Definition: error.h:173
int openvpn_base64_encode(const void *data, int size, char **str)
Definition: base64.c:54
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name...
Definition: ssl_backend.h:62
#define D_HANDSHAKE_VERBOSE
Definition: errlevel.h:151
mbedtls_ssl_config ssl_config
mbedTLS global ssl config
Definition: ssl_mbedtls.h:111
#define TLS_VER_1_0
Definition: ssl_backend.h:114
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition: ssl_openssl.c:522
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
Definition: ssl_openssl.c:1997
#define BLEN(buf)
Definition: buffer.h:127
struct external_context external_key
External key context.
Definition: ssl_mbedtls.h:105
#define D_HANDSHAKE
Definition: errlevel.h:72
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, const char *ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1418
int tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx, external_sign_func sign_func, void *sign_ctx)
Call the supplied signing function to create a TLS signature during the TLS handshake.
unsigned __int8 uint8_t
Definition: config-msvc.h:123
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition: buffer.h:1066
Structure that wraps the TLS context.
Definition: ssl_mbedtls.h:90
#define SSLF_CLIENT_CERT_OPTIONAL
Definition: ssl_common.h:341
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, const char *dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:573
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:408
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition: ssl_openssl.c:281
mbedtls_dhm_context * dhm_ctx
Diffie-Helmann-Merkle context.
Definition: ssl_mbedtls.h:95
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define M_FATAL
Definition: error.h:94
bio_ctx bio_ctx
Definition: ssl_mbedtls.h:113
int endpoint
Whether or not this is a server or a client.
Definition: ssl_mbedtls.h:93
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, const char *priv_key_file_inline)
Load private key file into the given TLS context.
Definition: ssl_openssl.c:930
bool mbed_log_err(unsigned int flags, int errval, const char *prefix)
Log the supplied mbed TLS error, prefixed by supplied prefix.
#define D_TLS_DEBUG_MED
Definition: errlevel.h:152
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition: ssl_openssl.c:1900
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition: ssl_openssl.c:77
#define M_WARN
Definition: error.h:96
void tls_clear_error(void)
Clear the underlying SSL library&#39;s error state.
Definition: ssl_openssl.c:99
#define free
Definition: cmocka.c:1850
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, const char *cert_file_inline)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition: ssl_openssl.c:864
Definition: buffer.h:1104
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation...
Definition: ssl_openssl.c:212
const char * openssl_name
Definition: ssl_backend.h:62
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
Definition: ssl_openssl.c:1341
#define UP_TYPE_PRIVATE_KEY
Definition: ssl_common.h:42
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract ciphertext data from the TLS module.
Definition: ssl_openssl.c:1885
char * dst
Definition: compat-lz4.h:455
#define SSLF_TLS_VERSION_MAX_MASK
Definition: ssl_common.h:349
size_t signature_length
Definition: ssl_mbedtls.h:79
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition: ssl_common.h:346
size_t data_start
Definition: ssl_mbedtls.h:50
Definition: list.h:60
endless_buffer in
Definition: ssl_mbedtls.h:56
mbedtls_ctr_drbg_context * rand_ctx_get(void)
Returns a singleton instance of the mbed TLS random number generator.
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition: ssl.c:269
unsigned int ssl_flags
Definition: ssl_common.h:350
mbedtls_x509_crt_profile cert_profile
Allowed certificate types.
Definition: ssl_mbedtls.h:107
void show_available_curves(void)
Definition: ssl_openssl.c:2072