OpenVPN
ssl_mbedtls.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10  * Copyright (C) 2006-2010, Brainspark B.V.
11  *
12  * This program is free software; you can redistribute it and/or modify
13  * it under the terms of the GNU General Public License version 2
14  * as published by the Free Software Foundation.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 
30 #ifdef HAVE_CONFIG_H
31 #include "config.h"
32 #endif
33 
34 #include "syshead.h"
35 
36 #if defined(ENABLE_CRYPTO_MBEDTLS)
37 
38 #include "errlevel.h"
39 #include "ssl_backend.h"
40 #include "base64.h"
41 #include "buffer.h"
42 #include "misc.h"
43 #include "manage.h"
44 #include "mbedtls_compat.h"
45 #include "pkcs11_backend.h"
46 #include "ssl_common.h"
47 #include "ssl_util.h"
48 
49 #include "ssl_verify_mbedtls.h"
50 #include <mbedtls/debug.h>
51 #include <mbedtls/error.h>
52 #include <mbedtls/version.h>
53 
54 #if MBEDTLS_VERSION_NUMBER >= 0x02040000
55  #include <mbedtls/net_sockets.h>
56 #else
57  #include <mbedtls/net.h>
58 #endif
59 
60 #include <mbedtls/oid.h>
61 #include <mbedtls/pem.h>
62 
63 static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_legacy =
64 {
65  /* Hashes from SHA-1 and above */
66  MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 )
67  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 )
68  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
69  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
70  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
71  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
72  0xFFFFFFF, /* Any PK alg */
73  0xFFFFFFF, /* Any curve */
74  1024, /* RSA-1024 and larger */
75 };
76 
77 static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_preferred =
78 {
79  /* SHA-2 and above */
80  MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
81  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
82  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
83  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
84  0xFFFFFFF, /* Any PK alg */
85  0xFFFFFFF, /* Any curve */
86  2048, /* RSA-2048 and larger */
87 };
88 
89 #define openvpn_x509_crt_profile_suiteb mbedtls_x509_crt_profile_suiteb;
90 
91 void
92 tls_init_lib(void)
93 {
95 }
96 
97 void
98 tls_free_lib(void)
99 {
100 }
101 
102 void
103 tls_ctx_server_new(struct tls_root_ctx *ctx)
104 {
105  ASSERT(NULL != ctx);
106  CLEAR(*ctx);
107 
108  ALLOC_OBJ_CLEAR(ctx->dhm_ctx, mbedtls_dhm_context);
109 
110  ALLOC_OBJ_CLEAR(ctx->ca_chain, mbedtls_x509_crt);
111 
112  ctx->endpoint = MBEDTLS_SSL_IS_SERVER;
113  ctx->initialised = true;
114 }
115 
116 void
117 tls_ctx_client_new(struct tls_root_ctx *ctx)
118 {
119  ASSERT(NULL != ctx);
120  CLEAR(*ctx);
121 
122  ALLOC_OBJ_CLEAR(ctx->dhm_ctx, mbedtls_dhm_context);
123  ALLOC_OBJ_CLEAR(ctx->ca_chain, mbedtls_x509_crt);
124 
125  ctx->endpoint = MBEDTLS_SSL_IS_CLIENT;
126  ctx->initialised = true;
127 }
128 
129 void
130 tls_ctx_free(struct tls_root_ctx *ctx)
131 {
132  if (ctx)
133  {
134  mbedtls_pk_free(ctx->priv_key);
135  free(ctx->priv_key);
136 
137  mbedtls_x509_crt_free(ctx->ca_chain);
138  free(ctx->ca_chain);
139 
140  mbedtls_x509_crt_free(ctx->crt_chain);
141  free(ctx->crt_chain);
142 
143  mbedtls_dhm_free(ctx->dhm_ctx);
144  free(ctx->dhm_ctx);
145 
146  mbedtls_x509_crl_free(ctx->crl);
147  free(ctx->crl);
148 
149 #if defined(ENABLE_PKCS11)
150  /* ...freeCertificate() can handle NULL ptrs, but if pkcs11 helper
151  * has not been initialized, it will ASSERT() - so, do not pass NULL
152  */
153  if (ctx->pkcs11_cert)
154  {
155  pkcs11h_certificate_freeCertificate(ctx->pkcs11_cert);
156  }
157 #endif
158 
159  free(ctx->allowed_ciphers);
160 
161  free(ctx->groups);
162 
163  CLEAR(*ctx);
164 
165  ctx->initialised = false;
166  }
167 }
168 
169 bool
171 {
172  ASSERT(NULL != ctx);
173  return ctx->initialised;
174 }
175 
176 #ifdef HAVE_EXPORT_KEYING_MATERIAL
177 
178 #if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
179 /*
180  * Key export callback for older versions of mbed TLS, to be used with
181  * mbedtls_ssl_conf_export_keys_ext_cb(). It is called with the master
182  * secret, client random and server random, and the type of PRF function
183  * to use.
184  *
185  * Mbed TLS stores this callback in the mbedtls_ssl_config struct and it
186  * is used in the mbedtls_ssl_contexts set up from that config. */
187 int
188 mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
189  const unsigned char *kb, size_t maclen,
190  size_t keylen, size_t ivlen,
191  const unsigned char client_random[32],
192  const unsigned char server_random[32],
193  mbedtls_tls_prf_types tls_prf_type)
194 {
195  struct tls_session *session = p_expkey;
196  struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl;
197  struct tls_key_cache *cache = &ks_ssl->tls_key_cache;
198 
199  static_assert(sizeof(ks_ssl->ctx->session->master)
200  == sizeof(cache->master_secret), "master size mismatch");
201 
202  memcpy(cache->client_server_random, client_random, 32);
203  memcpy(cache->client_server_random + 32, server_random, 32);
204  memcpy(cache->master_secret, ms, sizeof(cache->master_secret));
205  cache->tls_prf_type = tls_prf_type;
206 
207  return 0;
208 }
209 #elif HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
210 /*
211  * Key export callback for newer versions of mbed TLS, to be used with
212  * mbedtls_ssl_set_export_keys_cb(). When used with TLS 1.2, the callback
213  * is called with the TLS 1.2 master secret, client random, server random
214  * and the type of PRF to use. With TLS 1.3, it is called with several
215  * different keys (indicated by type), but unfortunately not the exporter
216  * master secret.
217  *
218  * Unlike in older versions, the callback is not stored in the
219  * mbedtls_ssl_config. It is placed in the mbedtls_ssl_context after it
220  * has been set up. */
221 void
222 mbedtls_ssl_export_keys_cb(void *p_expkey,
223  mbedtls_ssl_key_export_type type,
224  const unsigned char *secret,
225  size_t secret_len,
226  const unsigned char client_random[32],
227  const unsigned char server_random[32],
228  mbedtls_tls_prf_types tls_prf_type)
229 {
230  /* Since we can't get the TLS 1.3 exporter master secret, we ignore all key
231  * types except MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET. */
232  if (type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET)
233  {
234  return;
235  }
236 
237  struct tls_session *session = p_expkey;
238  struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl;
239  struct tls_key_cache *cache = &ks_ssl->tls_key_cache;
240 
241  /* The TLS 1.2 master secret has a fixed size, so if secret_len has
242  * a different value, something is wrong with mbed TLS. */
243  if (secret_len != sizeof(cache->master_secret))
244  {
245  msg(M_FATAL,
246  "ERROR: Incorrect TLS 1.2 master secret length: Got %zu, expected %zu",
247  secret_len, sizeof(cache->master_secret));
248  }
249 
250  memcpy(cache->client_server_random, client_random, 32);
251  memcpy(cache->client_server_random + 32, server_random, 32);
252  memcpy(cache->master_secret, secret, sizeof(cache->master_secret));
253  cache->tls_prf_type = tls_prf_type;
254 }
255 #endif /* HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */
256 
257 bool
259  const char *label, size_t label_size,
260  void *ekm, size_t ekm_size)
261 {
262  ASSERT(strlen(label) == label_size);
263 
264  struct tls_key_cache *cache = &session->key[KS_PRIMARY].ks_ssl.tls_key_cache;
265 
266  /* If the type is NONE, we either have no cached secrets or
267  * there is no PRF, in both cases we cannot generate key material */
268  if (cache->tls_prf_type == MBEDTLS_SSL_TLS_PRF_NONE)
269  {
270  return false;
271  }
272 
273  int ret = mbedtls_ssl_tls_prf(cache->tls_prf_type, cache->master_secret,
274  sizeof(cache->master_secret),
275  label, cache->client_server_random,
276  sizeof(cache->client_server_random),
277  ekm, ekm_size);
278 
279  if (mbed_ok(ret))
280  {
281  return true;
282  }
283  else
284  {
285  secure_memzero(ekm, session->opt->ekm_size);
286  return false;
287  }
288 }
289 #else /* ifdef HAVE_EXPORT_KEYING_MATERIAL */
290 bool
292  const char *label, size_t label_size,
293  void *ekm, size_t ekm_size)
294 {
295  /* Dummy function to avoid ifdefs in the common code */
296  return false;
297 }
298 #endif /* HAVE_EXPORT_KEYING_MATERIAL */
299 
300 bool
301 tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
302 {
303  return true;
304 }
305 
306 static const char *
307 tls_translate_cipher_name(const char *cipher_name)
308 {
309  const tls_cipher_name_pair *pair = tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
310 
311  if (NULL == pair)
312  {
313  /* No translation found, return original */
314  return cipher_name;
315  }
316 
317  if (0 != strcmp(cipher_name, pair->iana_name))
318  {
319  /* Deprecated name found, notify user */
320  msg(M_WARN, "Deprecated cipher suite name '%s', please use IANA name '%s'", pair->openssl_name, pair->iana_name);
321  }
322 
323  return pair->iana_name;
324 }
325 
326 void
327 tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
328 {
329  if (ciphers == NULL)
330  {
331  /* Nothing to do, return without warning message */
332  return;
333  }
334 
335  msg(M_WARN, "mbed TLS does not support setting tls-ciphersuites. "
336  "Ignoring TLS 1.3 cipher list: %s", ciphers);
337 }
338 
339 void
340 tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
341 {
342  char *tmp_ciphers, *tmp_ciphers_orig, *token;
343 
344  if (NULL == ciphers)
345  {
346  return; /* Nothing to do */
347  }
348 
349  ASSERT(NULL != ctx);
350 
351  /* Get number of ciphers */
352  int cipher_count = get_num_elements(ciphers, ':');
353 
354  /* Allocate an array for them */
355  ALLOC_ARRAY_CLEAR(ctx->allowed_ciphers, int, cipher_count+1)
356 
357  /* Parse allowed ciphers, getting IDs */
358  int i = 0;
359  tmp_ciphers_orig = tmp_ciphers = string_alloc(ciphers, NULL);
360 
361  token = strtok(tmp_ciphers, ":");
362  while (token)
363  {
364  ctx->allowed_ciphers[i] = mbedtls_ssl_get_ciphersuite_id(
365  tls_translate_cipher_name(token));
366  if (0 != ctx->allowed_ciphers[i])
367  {
368  i++;
369  }
370  token = strtok(NULL, ":");
371  }
372  free(tmp_ciphers_orig);
373 }
374 
375 void
376 tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
377 {
378  if (!profile || 0 == strcmp(profile, "legacy")
379  || 0 == strcmp(profile, "insecure"))
380  {
381  ctx->cert_profile = openvpn_x509_crt_profile_legacy;
382  }
383  else if (0 == strcmp(profile, "preferred"))
384  {
385  ctx->cert_profile = openvpn_x509_crt_profile_preferred;
386  }
387  else if (0 == strcmp(profile, "suiteb"))
388  {
389  ctx->cert_profile = openvpn_x509_crt_profile_suiteb;
390  }
391  else
392  {
393  msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
394  }
395 }
396 
397 void
398 tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
399 {
400  ASSERT(ctx);
401  struct gc_arena gc = gc_new();
402 
403  /* Get number of groups and allocate an array in ctx */
404  int groups_count = get_num_elements(groups, ':');
405  ALLOC_ARRAY_CLEAR(ctx->groups, mbedtls_ecp_group_id, groups_count + 1)
406 
407  /* Parse allowed ciphers, getting IDs */
408  int i = 0;
409  char *tmp_groups = string_alloc(groups, &gc);
410 
411  const char *token;
412  while ((token = strsep(&tmp_groups, ":")))
413  {
414  const mbedtls_ecp_curve_info *ci =
415  mbedtls_ecp_curve_info_from_name(token);
416  if (!ci)
417  {
418  msg(M_WARN, "Warning unknown curve/group specified: %s", token);
419  }
420  else
421  {
422  ctx->groups[i] = ci->grp_id;
423  i++;
424  }
425  }
426  ctx->groups[i] = MBEDTLS_ECP_DP_NONE;
427 
428  gc_free(&gc);
429 }
430 
431 
432 void
433 tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
434 {
435  ASSERT(ctx);
436  if (ctx->crt_chain == NULL)
437  {
438  return; /* Nothing to check if there is no certificate */
439  }
440 
441  if (mbedtls_x509_time_is_future(&ctx->crt_chain->valid_from))
442  {
443  msg(M_WARN, "WARNING: Your certificate is not yet valid!");
444  }
445 
446  if (mbedtls_x509_time_is_past(&ctx->crt_chain->valid_to))
447  {
448  msg(M_WARN, "WARNING: Your certificate has expired!");
449  }
450 }
451 
452 void
453 tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
454  bool dh_inline)
455 {
456  if (dh_inline)
457  {
458  if (!mbed_ok(mbedtls_dhm_parse_dhm(ctx->dhm_ctx,
459  (const unsigned char *) dh_file,
460  strlen(dh_file) + 1)))
461  {
462  msg(M_FATAL, "Cannot read inline DH parameters");
463  }
464  }
465  else
466  {
467  if (!mbed_ok(mbedtls_dhm_parse_dhmfile(ctx->dhm_ctx, dh_file)))
468  {
469  msg(M_FATAL, "Cannot read DH parameters from file %s", dh_file);
470  }
471  }
472 
473  msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with " counter_format " bit key",
475 }
476 
477 void
478 tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
479  )
480 {
481  if (NULL != curve_name)
482  {
483  msg(M_WARN, "WARNING: mbed TLS builds do not support specifying an "
484  "ECDH curve with --ecdh-curve, using default curves. Use "
485  "--tls-groups to specify curves.");
486  }
487 }
488 
489 int
490 tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
491  bool pkcs12_file_inline, bool load_ca_file)
492 {
493  msg(M_FATAL, "PKCS #12 files not yet supported for mbed TLS.");
494  return 0;
495 }
496 
497 #ifdef ENABLE_CRYPTOAPI
498 void
499 tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
500 {
501  msg(M_FATAL, "Windows CryptoAPI not yet supported for mbed TLS.");
502 }
503 #endif /* _WIN32 */
504 
505 void
506 tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file,
507  bool cert_inline)
508 {
509  ASSERT(NULL != ctx);
510 
511  if (!ctx->crt_chain)
512  {
513  ALLOC_OBJ_CLEAR(ctx->crt_chain, mbedtls_x509_crt);
514  }
515 
516  if (cert_inline)
517  {
518  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->crt_chain,
519  (const unsigned char *)cert_file,
520  strlen(cert_file) + 1)))
521  {
522  msg(M_FATAL, "Cannot load inline certificate file");
523  }
524  }
525  else
526  {
527  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->crt_chain, cert_file)))
528  {
529  msg(M_FATAL, "Cannot load certificate file %s", cert_file);
530  }
531  }
532 }
533 
534 int
535 tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
536  bool priv_key_inline)
537 {
538  int status;
539  ASSERT(NULL != ctx);
540 
541  if (!ctx->priv_key)
542  {
543  ALLOC_OBJ_CLEAR(ctx->priv_key, mbedtls_pk_context);
544  }
545 
546  if (priv_key_inline)
547  {
549  (const unsigned char *) priv_key_file,
550  strlen(priv_key_file) + 1, NULL, 0,
551  mbedtls_ctr_drbg_random,
552  rand_ctx_get());
553 
554  if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED == status)
555  {
556  char passbuf[512] = {0};
557  pem_password_callback(passbuf, 512, 0, NULL);
559  (const unsigned char *) priv_key_file,
560  strlen(priv_key_file) + 1,
561  (unsigned char *) passbuf,
562  strlen(passbuf),
563  mbedtls_ctr_drbg_random,
564  rand_ctx_get());
565  }
566  }
567  else
568  {
570  priv_key_file,
571  NULL,
572  mbedtls_ctr_drbg_random,
573  rand_ctx_get());
574  if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED == status)
575  {
576  char passbuf[512] = {0};
577  pem_password_callback(passbuf, 512, 0, NULL);
579  priv_key_file, passbuf,
580  mbedtls_ctr_drbg_random,
581  rand_ctx_get());
582  }
583  }
584  if (!mbed_ok(status))
585  {
586 #ifdef ENABLE_MANAGEMENT
587  if (management && (MBEDTLS_ERR_PK_PASSWORD_MISMATCH == status))
588  {
590  }
591 #endif
592  msg(M_WARN, "Cannot load private key file %s",
593  print_key_filename(priv_key_file, priv_key_inline));
594  return 1;
595  }
596 
598  ctx->priv_key,
599  mbedtls_ctr_drbg_random,
600  rand_ctx_get())))
601  {
602  msg(M_WARN, "Private key does not match the certificate");
603  return 1;
604  }
605 
606  return 0;
607 }
608 
627 static inline int
628 external_pkcs1_sign( void *ctx_voidptr,
629  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
630 #if MBEDTLS_VERSION_NUMBER < 0x03020100
631  int mode,
632 #endif
633  mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash,
634  unsigned char *sig )
635 {
636  struct external_context *const ctx = ctx_voidptr;
637  int rv;
638  uint8_t *to_sign = NULL;
639  size_t asn_len = 0, oid_size = 0;
640  const char *oid = NULL;
641 
642  if (NULL == ctx)
643  {
644  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
645  }
646 
647 #if MBEDTLS_VERSION_NUMBER < 0x03020100
648  if (MBEDTLS_RSA_PRIVATE != mode)
649  {
650  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
651  }
652 #endif
653 
654  /*
655  * Support a wide range of hashes. TLSv1.1 and before only need SIG_RSA_RAW,
656  * but TLSv1.2 needs the full suite of hashes.
657  *
658  * This code has been taken from mbed TLS pkcs11_sign(), under the GPLv2.0+.
659  */
660  if (md_alg != MBEDTLS_MD_NONE)
661  {
662  const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
663  if (md_info == NULL)
664  {
665  return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
666  }
667 
668  if (!mbed_ok(mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size )))
669  {
670  return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
671  }
672 
673  hashlen = mbedtls_md_get_size( md_info );
674  asn_len = 10 + oid_size;
675  }
676 
677  if ((SIZE_MAX - hashlen) < asn_len
678  || ctx->signature_length < (asn_len + hashlen))
679  {
680  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
681  }
682 
683  ALLOC_ARRAY_CLEAR(to_sign, uint8_t, asn_len + hashlen);
684  uint8_t *p = to_sign;
685  if (md_alg != MBEDTLS_MD_NONE)
686  {
687  /*
688  * DigestInfo ::= SEQUENCE {
689  * digestAlgorithm DigestAlgorithmIdentifier,
690  * digest Digest }
691  *
692  * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
693  *
694  * Digest ::= OCTET STRING
695  */
696  *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
697  *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
698  *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
699  *p++ = (unsigned char) ( 0x04 + oid_size );
700  *p++ = MBEDTLS_ASN1_OID;
701  *p++ = oid_size & 0xFF;
702  memcpy( p, oid, oid_size );
703  p += oid_size;
704  *p++ = MBEDTLS_ASN1_NULL;
705  *p++ = 0x00;
706  *p++ = MBEDTLS_ASN1_OCTET_STRING;
707  *p++ = hashlen;
708 
709  /* Double-check ASN length */
710  ASSERT(asn_len == p - to_sign);
711  }
712 
713  /* Copy the hash to be signed */
714  memcpy(p, hash, hashlen);
715 
716  /* Call external signature function */
717  if (!ctx->sign(ctx->sign_ctx, to_sign, asn_len + hashlen, sig,
718  ctx->signature_length))
719  {
720  rv = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
721  goto done;
722  }
723 
724  rv = 0;
725 
726 done:
727  free(to_sign);
728  return rv;
729 }
730 
731 static inline size_t
732 external_key_len(void *vctx)
733 {
734  struct external_context *const ctx = vctx;
735 
736  return ctx->signature_length;
737 }
738 
739 int
741  external_sign_func sign_func, void *sign_ctx)
742 {
743  ASSERT(NULL != ctx);
744 
745  if (ctx->crt_chain == NULL)
746  {
747  msg(M_WARN, "ERROR: external key requires a certificate.");
748  return 1;
749  }
750 
751  if (mbedtls_pk_get_type(&ctx->crt_chain->pk) != MBEDTLS_PK_RSA)
752  {
753  msg(M_WARN, "ERROR: external key with mbed TLS requires a "
754  "certificate with an RSA key.");
755  return 1;
756  }
757 
758  ctx->external_key.signature_length = mbedtls_pk_get_len(&ctx->crt_chain->pk);
759  ctx->external_key.sign = sign_func;
761 
762  ALLOC_OBJ_CLEAR(ctx->priv_key, mbedtls_pk_context);
763  if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, &ctx->external_key,
764  NULL, external_pkcs1_sign, external_key_len)))
765  {
766  return 1;
767  }
768 
769  return 0;
770 }
771 
772 #ifdef ENABLE_MANAGEMENT
773 
774 static bool
775 management_sign_func(void *sign_ctx, const void *src, size_t src_len,
776  void *dst, size_t dst_len)
777 {
778  bool ret = false;
779  char *src_b64 = NULL;
780  char *dst_b64 = NULL;
781 
782  if (!management || (openvpn_base64_encode(src, src_len, &src_b64) <= 0))
783  {
784  goto cleanup;
785  }
786 
787  /*
788  * We only support RSA external keys and PKCS1 signatures at the moment
789  * in mbed TLS, so the signature parameter is hardcoded to this encoding
790  */
791  if (!(dst_b64 = management_query_pk_sig(management, src_b64,
792  "RSA_PKCS1_PADDING")))
793  {
794  goto cleanup;
795  }
796 
797  if (openvpn_base64_decode(dst_b64, dst, dst_len) != dst_len)
798  {
799  goto cleanup;
800  }
801 
802  ret = true;
803 cleanup:
804  free(src_b64);
805  free(dst_b64);
806 
807  return ret;
808 }
809 
810 int
812 {
813  return tls_ctx_use_external_signing_func(ctx, management_sign_func, NULL);
814 }
815 
816 #endif /* ifdef ENABLE_MANAGEMENT */
817 
818 void
819 tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file,
820  bool ca_inline, const char *ca_path, bool tls_server)
821 {
822  if (ca_path)
823  {
824  msg(M_FATAL, "ERROR: mbed TLS cannot handle the capath directive");
825  }
826 
827  if (ca_file && ca_inline)
828  {
829  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->ca_chain,
830  (const unsigned char *) ca_file,
831  strlen(ca_file) + 1)))
832  {
833  msg(M_FATAL, "Cannot load inline CA certificates");
834  }
835  }
836  else
837  {
838  /* Load CA file for verifying peer supplied certificate */
839  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->ca_chain, ca_file)))
840  {
841  msg(M_FATAL, "Cannot load CA certificate file %s", ca_file);
842  }
843  }
844 }
845 
846 void
847 tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
848  bool extra_certs_inline)
849 {
850  ASSERT(NULL != ctx);
851 
852  if (!ctx->crt_chain)
853  {
854  ALLOC_OBJ_CLEAR(ctx->crt_chain, mbedtls_x509_crt);
855  }
856 
857  if (extra_certs_inline)
858  {
859  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->crt_chain,
860  (const unsigned char *) extra_certs_file,
861  strlen(extra_certs_file) + 1)))
862  {
863  msg(M_FATAL, "Cannot load inline extra-certs file");
864  }
865  }
866  else
867  {
868  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->crt_chain, extra_certs_file)))
869  {
870  msg(M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file);
871  }
872  }
873 }
874 
875 /* **************************************
876  *
877  * Key-state specific functions
878  *
879  ***************************************/
880 
881 /*
882  * "Endless buffer"
883  */
884 
885 static inline void
886 buf_free_entry(buffer_entry *entry)
887 {
888  if (NULL != entry)
889  {
890  free(entry->data);
891  free(entry);
892  }
893 }
894 
895 static void
896 buf_free_entries(endless_buffer *buf)
897 {
898  while (buf->first_block)
899  {
900  buffer_entry *cur_block = buf->first_block;
901  buf->first_block = cur_block->next_block;
902  buf_free_entry(cur_block);
903  }
904  buf->last_block = NULL;
905 }
906 
907 static int
908 endless_buf_read( endless_buffer *in, unsigned char *out, size_t out_len )
909 {
910  size_t read_len = 0;
911 
912  if (in->first_block == NULL)
913  {
914  return MBEDTLS_ERR_SSL_WANT_READ;
915  }
916 
917  while (in->first_block != NULL && read_len < out_len)
918  {
919  int block_len = in->first_block->length - in->data_start;
920  if (block_len <= out_len - read_len)
921  {
922  buffer_entry *cur_entry = in->first_block;
923  memcpy(out + read_len, cur_entry->data + in->data_start,
924  block_len);
925 
926  read_len += block_len;
927 
928  in->first_block = cur_entry->next_block;
929  in->data_start = 0;
930 
931  if (in->first_block == NULL)
932  {
933  in->last_block = NULL;
934  }
935 
936  buf_free_entry(cur_entry);
937  }
938  else
939  {
940  memcpy(out + read_len, in->first_block->data + in->data_start,
941  out_len - read_len);
942  in->data_start += out_len - read_len;
943  read_len = out_len;
944  }
945  }
946 
947  return read_len;
948 }
949 
950 static int
951 endless_buf_write( endless_buffer *out, const unsigned char *in, size_t len )
952 {
953  buffer_entry *new_block = malloc(sizeof(buffer_entry));
954  if (NULL == new_block)
955  {
956  return MBEDTLS_ERR_NET_SEND_FAILED;
957  }
958 
959  new_block->data = malloc(len);
960  if (NULL == new_block->data)
961  {
962  free(new_block);
963  return MBEDTLS_ERR_NET_SEND_FAILED;
964  }
965 
966  new_block->length = len;
967  new_block->next_block = NULL;
968 
969  memcpy(new_block->data, in, len);
970 
971  if (NULL == out->first_block)
972  {
973  out->first_block = new_block;
974  }
975 
976  if (NULL != out->last_block)
977  {
978  out->last_block->next_block = new_block;
979  }
980 
981  out->last_block = new_block;
982 
983  return len;
984 }
985 
986 static int
987 ssl_bio_read( void *ctx, unsigned char *out, size_t out_len)
988 {
989  bio_ctx *my_ctx = (bio_ctx *) ctx;
990  return endless_buf_read(&my_ctx->in, out, out_len);
991 }
992 
993 static int
994 ssl_bio_write( void *ctx, const unsigned char *in, size_t in_len)
995 {
996  bio_ctx *my_ctx = (bio_ctx *) ctx;
997  return endless_buf_write(&my_ctx->out, in, in_len);
998 }
999 
1000 static void
1001 my_debug( void *ctx, int level, const char *file, int line,
1002  const char *str )
1003 {
1004  int my_loglevel = (level < 3) ? D_TLS_DEBUG_MED : D_TLS_DEBUG;
1005  msg(my_loglevel, "mbed TLS msg (%s:%d): %s", file, line, str);
1006 }
1007 
1008 /*
1009  * Further personalise the RNG using a hash of the public key
1010  */
1011 void
1012 tls_ctx_personalise_random(struct tls_root_ctx *ctx)
1013 {
1014  static char old_sha256_hash[32] = {0};
1015  unsigned char sha256_hash[32] = {0};
1016  mbedtls_ctr_drbg_context *cd_ctx = rand_ctx_get();
1017 
1018  if (NULL != ctx->crt_chain)
1019  {
1020  mbedtls_x509_crt *cert = ctx->crt_chain;
1021 
1022  if (!md_full("SHA256", cert->tbs.p, cert->tbs.len, sha256_hash))
1023  {
1024  msg(M_WARN, "WARNING: failed to personalise random");
1025  }
1026 
1027  if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
1028  {
1029  if (!mbed_ok(mbedtls_compat_ctr_drbg_update(cd_ctx, sha256_hash, 32)))
1030  {
1031  msg(M_WARN, "WARNING: failed to personalise random, could not update CTR_DRBG");
1032  }
1033  memcpy(old_sha256_hash, sha256_hash, sizeof(old_sha256_hash));
1034  }
1035  }
1036 }
1037 
1038 int
1039 tls_version_max(void)
1040 {
1041 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
1042  return TLS_VER_1_2;
1043 #elif defined(MBEDTLS_SSL_PROTO_TLS1_1)
1044  return TLS_VER_1_1;
1045 #elif defined(MBEDTLS_SSL_PROTO_TLS1)
1046  return TLS_VER_1_0;
1047 #else /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */
1048  #error "mbedtls is compiled without support for TLS 1.0, 1.1 and 1.2."
1049 #endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */
1050 }
1051 
1062 static void
1063 tls_version_to_major_minor(int tls_ver, int *major, int *minor)
1064 {
1065  ASSERT(major);
1066  ASSERT(minor);
1067 
1068  switch (tls_ver)
1069  {
1070 #if defined(MBEDTLS_SSL_PROTO_TLS1)
1071  case TLS_VER_1_0:
1072  *major = MBEDTLS_SSL_MAJOR_VERSION_3;
1073  *minor = MBEDTLS_SSL_MINOR_VERSION_1;
1074  break;
1075 #endif
1076 
1077 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
1078  case TLS_VER_1_1:
1079  *major = MBEDTLS_SSL_MAJOR_VERSION_3;
1080  *minor = MBEDTLS_SSL_MINOR_VERSION_2;
1081  break;
1082 #endif
1083 
1084 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
1085  case TLS_VER_1_2:
1086  *major = MBEDTLS_SSL_MAJOR_VERSION_3;
1087  *minor = MBEDTLS_SSL_MINOR_VERSION_3;
1088  break;
1089 #endif
1090 
1091  default:
1092  msg(M_FATAL, "%s: invalid or unsupported TLS version %d", __func__, tls_ver);
1093  break;
1094  }
1095 }
1096 
1097 void
1098 backend_tls_ctx_reload_crl(struct tls_root_ctx *ctx, const char *crl_file,
1099  bool crl_inline)
1100 {
1101  ASSERT(crl_file);
1102 
1103  if (ctx->crl == NULL)
1104  {
1105  ALLOC_OBJ_CLEAR(ctx->crl, mbedtls_x509_crl);
1106  }
1107  mbedtls_x509_crl_free(ctx->crl);
1108 
1109  if (crl_inline)
1110  {
1111  if (!mbed_ok(mbedtls_x509_crl_parse(ctx->crl,
1112  (const unsigned char *)crl_file,
1113  strlen(crl_file) + 1)))
1114  {
1115  msg(M_WARN, "CRL: cannot parse inline CRL");
1116  goto err;
1117  }
1118  }
1119  else
1120  {
1121  if (!mbed_ok(mbedtls_x509_crl_parse_file(ctx->crl, crl_file)))
1122  {
1123  msg(M_WARN, "CRL: cannot read CRL from file %s", crl_file);
1124  goto err;
1125  }
1126  }
1127  return;
1128 
1129 err:
1130  mbedtls_x509_crl_free(ctx->crl);
1131 }
1132 
1133 void
1134 key_state_ssl_init(struct key_state_ssl *ks_ssl,
1135  const struct tls_root_ctx *ssl_ctx, bool is_server,
1136  struct tls_session *session)
1137 {
1138  ASSERT(NULL != ssl_ctx);
1139  ASSERT(ks_ssl);
1140  CLEAR(*ks_ssl);
1141 
1142  /* Initialise SSL config */
1143  ALLOC_OBJ_CLEAR(ks_ssl->ssl_config, mbedtls_ssl_config);
1144  mbedtls_ssl_config_init(ks_ssl->ssl_config);
1145  mbedtls_ssl_config_defaults(ks_ssl->ssl_config, ssl_ctx->endpoint,
1146  MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1147 #ifdef MBEDTLS_DEBUG_C
1148  /* We only want to have mbed TLS generate debug level logging when we would
1149  * also display it.
1150  * In fact mbed TLS 2.25.0 crashes generating debug log if Curve25591 is
1151  * selected for DH (https://github.com/ARMmbed/mbedtls/issues/4208) */
1152  if (session->opt->ssl_flags & SSLF_TLS_DEBUG_ENABLED)
1153  {
1154  mbedtls_debug_set_threshold(3);
1155  }
1156  else
1157  {
1158  mbedtls_debug_set_threshold(2);
1159  }
1160 #endif
1161  mbedtls_ssl_conf_dbg(ks_ssl->ssl_config, my_debug, NULL);
1162  mbedtls_ssl_conf_rng(ks_ssl->ssl_config, mbedtls_ctr_drbg_random,
1163  rand_ctx_get());
1164 
1165  mbedtls_ssl_conf_cert_profile(ks_ssl->ssl_config, &ssl_ctx->cert_profile);
1166 
1167  if (ssl_ctx->allowed_ciphers)
1168  {
1169  mbedtls_ssl_conf_ciphersuites(ks_ssl->ssl_config, ssl_ctx->allowed_ciphers);
1170  }
1171 
1172  if (ssl_ctx->groups)
1173  {
1174  mbedtls_ssl_conf_curves(ks_ssl->ssl_config, ssl_ctx->groups);
1175  }
1176 
1177  /* Disable TLS renegotiations if the mbedtls library supports that feature.
1178  * OpenVPN's renegotiation creates new SSL sessions and does not depend on
1179  * this feature and TLS renegotiations have been problematic in the past. */
1180 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1181  mbedtls_ssl_conf_renegotiation(ks_ssl->ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1182 #endif /* MBEDTLS_SSL_RENEGOTIATION */
1183 
1184  /* Disable record splitting (for now). OpenVPN assumes records are sent
1185  * unfragmented, and changing that will require thorough review and
1186  * testing. Since OpenVPN is not susceptible to BEAST, we can just
1187  * disable record splitting as a quick fix. */
1188 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
1189  mbedtls_ssl_conf_cbc_record_splitting(ks_ssl->ssl_config,
1190  MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED);
1191 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
1192 
1193  /* Initialise authentication information */
1194  if (is_server)
1195  {
1196  mbed_ok(mbedtls_ssl_conf_dh_param_ctx(ks_ssl->ssl_config,
1197  ssl_ctx->dhm_ctx));
1198  }
1199 
1200  mbed_ok(mbedtls_ssl_conf_own_cert(ks_ssl->ssl_config, ssl_ctx->crt_chain,
1201  ssl_ctx->priv_key));
1202 
1203  /* Initialise SSL verification */
1204  if (session->opt->ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
1205  {
1206  mbedtls_ssl_conf_authmode(ks_ssl->ssl_config, MBEDTLS_SSL_VERIFY_OPTIONAL);
1207  }
1208  else if (!(session->opt->ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED))
1209  {
1210  mbedtls_ssl_conf_authmode(ks_ssl->ssl_config, MBEDTLS_SSL_VERIFY_REQUIRED);
1211  }
1212  mbedtls_ssl_conf_verify(ks_ssl->ssl_config, verify_callback, session);
1213 
1214  /* TODO: mbed TLS does not currently support sending the CA chain to the client */
1215  mbedtls_ssl_conf_ca_chain(ks_ssl->ssl_config, ssl_ctx->ca_chain, ssl_ctx->crl);
1216 
1217  /* Initialize minimum TLS version */
1218  {
1219  const int configured_tls_version_min =
1220  (session->opt->ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT)
1222 
1223  /* default to TLS 1.2 */
1224  int major = MBEDTLS_SSL_MAJOR_VERSION_3;
1225  int minor = MBEDTLS_SSL_MINOR_VERSION_3;
1226 
1227  if (configured_tls_version_min > TLS_VER_UNSPEC)
1228  {
1229  tls_version_to_major_minor(configured_tls_version_min, &major, &minor);
1230  }
1231 
1232  mbedtls_ssl_conf_min_version(ks_ssl->ssl_config, major, minor);
1233  }
1234 
1235  /* Initialize maximum TLS version */
1236  {
1237  const int configured_tls_version_max =
1238  (session->opt->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT)
1240 
1241  int major = 0;
1242  int minor = 0;
1243 
1244  if (configured_tls_version_max > TLS_VER_UNSPEC)
1245  {
1246  tls_version_to_major_minor(configured_tls_version_max, &major, &minor);
1247  }
1248  else
1249  {
1250  /* Default to tls_version_max(). */
1251  tls_version_to_major_minor(tls_version_max(), &major, &minor);
1252  }
1253 
1254  mbedtls_ssl_conf_max_version(ks_ssl->ssl_config, major, minor);
1255  }
1256 
1257 #if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
1258  /* Initialize keying material exporter, old style. */
1259  mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config,
1260  mbedtls_ssl_export_keys_cb, session);
1261 #endif
1262 
1263  /* Initialise SSL context */
1264  ALLOC_OBJ_CLEAR(ks_ssl->ctx, mbedtls_ssl_context);
1265  mbedtls_ssl_init(ks_ssl->ctx);
1266  mbed_ok(mbedtls_ssl_setup(ks_ssl->ctx, ks_ssl->ssl_config));
1267 
1268 #if HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
1269  /* Initialize keying material exporter, new style. */
1270  mbedtls_ssl_set_export_keys_cb(ks_ssl->ctx, mbedtls_ssl_export_keys_cb, session);
1271 #endif
1272 
1273  /* Initialise BIOs */
1274  ALLOC_OBJ_CLEAR(ks_ssl->bio_ctx, bio_ctx);
1275  mbedtls_ssl_set_bio(ks_ssl->ctx, ks_ssl->bio_ctx, ssl_bio_write,
1276  ssl_bio_read, NULL);
1277 }
1278 
1279 void
1280 key_state_ssl_free(struct key_state_ssl *ks_ssl)
1281 {
1282  if (ks_ssl)
1283  {
1284  CLEAR(ks_ssl->tls_key_cache);
1285 
1286  if (ks_ssl->ctx)
1287  {
1288  mbedtls_ssl_free(ks_ssl->ctx);
1289  free(ks_ssl->ctx);
1290  }
1291  if (ks_ssl->ssl_config)
1292  {
1293  mbedtls_ssl_config_free(ks_ssl->ssl_config);
1294  free(ks_ssl->ssl_config);
1295  }
1296  if (ks_ssl->bio_ctx)
1297  {
1298  buf_free_entries(&ks_ssl->bio_ctx->in);
1299  buf_free_entries(&ks_ssl->bio_ctx->out);
1300  free(ks_ssl->bio_ctx);
1301  }
1302  CLEAR(*ks_ssl);
1303  }
1304 }
1305 
1306 int
1307 key_state_write_plaintext(struct key_state_ssl *ks, struct buffer *buf)
1308 {
1309  int retval = 0;
1310 
1311  ASSERT(buf);
1312 
1313  retval = key_state_write_plaintext_const(ks, BPTR(buf), BLEN(buf));
1314 
1315  if (1 == retval)
1316  {
1317  memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
1318  buf->len = 0;
1319  }
1320 
1321  return retval;
1322 }
1323 
1324 int
1325 key_state_write_plaintext_const(struct key_state_ssl *ks, const uint8_t *data, int len)
1326 {
1327  int retval = 0;
1329 
1330  ASSERT(NULL != ks);
1331  ASSERT(len >= 0);
1332 
1333  if (0 == len)
1334  {
1335  perf_pop();
1336  return 0;
1337  }
1338 
1339  ASSERT(data);
1340 
1341  retval = mbedtls_ssl_write(ks->ctx, data, len);
1342 
1343  if (retval < 0)
1344  {
1345  perf_pop();
1346  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1347  {
1348  return 0;
1349  }
1350  mbed_log_err(D_TLS_ERRORS, retval,
1351  "TLS ERROR: write tls_write_plaintext_const error");
1352  return -1;
1353  }
1354 
1355  if (retval != len)
1356  {
1357  msg(D_TLS_ERRORS,
1358  "TLS ERROR: write tls_write_plaintext_const incomplete %d/%d",
1359  retval, len);
1360  perf_pop();
1361  return -1;
1362  }
1363 
1364  /* successful write */
1365  dmsg(D_HANDSHAKE_VERBOSE, "write tls_write_plaintext_const %d bytes", retval);
1366 
1367  perf_pop();
1368  return 1;
1369 }
1370 
1371 int
1372 key_state_read_ciphertext(struct key_state_ssl *ks, struct buffer *buf)
1373 {
1374  int retval = 0;
1375  int len = 0;
1376 
1378 
1379  ASSERT(NULL != ks);
1380  ASSERT(buf);
1381  ASSERT(buf->len >= 0);
1382 
1383  if (buf->len)
1384  {
1385  perf_pop();
1386  return 0;
1387  }
1388 
1389  len = buf_forward_capacity(buf);
1390 
1391  retval = endless_buf_read(&ks->bio_ctx->out, BPTR(buf), len);
1392 
1393  /* Error during read, check for retry error */
1394  if (retval < 0)
1395  {
1396  perf_pop();
1397  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1398  {
1399  return 0;
1400  }
1401  mbed_log_err(D_TLS_ERRORS, retval, "TLS_ERROR: read tls_read_ciphertext error");
1402  buf->len = 0;
1403  return -1;
1404  }
1405  /* Nothing read, try again */
1406  if (0 == retval)
1407  {
1408  buf->len = 0;
1409  perf_pop();
1410  return 0;
1411  }
1412 
1413  /* successful read */
1414  dmsg(D_HANDSHAKE_VERBOSE, "read tls_read_ciphertext %d bytes", retval);
1415  buf->len = retval;
1416  perf_pop();
1417  return 1;
1418 }
1419 
1420 int
1421 key_state_write_ciphertext(struct key_state_ssl *ks, struct buffer *buf)
1422 {
1423  int retval = 0;
1425 
1426  ASSERT(NULL != ks);
1427  ASSERT(buf);
1428  ASSERT(buf->len >= 0);
1429 
1430  if (0 == buf->len)
1431  {
1432  perf_pop();
1433  return 0;
1434  }
1435 
1436  retval = endless_buf_write(&ks->bio_ctx->in, BPTR(buf), buf->len);
1437 
1438  if (retval < 0)
1439  {
1440  perf_pop();
1441 
1442  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1443  {
1444  return 0;
1445  }
1446  mbed_log_err(D_TLS_ERRORS, retval,
1447  "TLS ERROR: write tls_write_ciphertext error");
1448  return -1;
1449  }
1450 
1451  if (retval != buf->len)
1452  {
1453  msg(D_TLS_ERRORS, "TLS ERROR: write tls_write_ciphertext incomplete %d/%d",
1454  retval, buf->len);
1455  perf_pop();
1456  return -1;
1457  }
1458 
1459  /* successful write */
1460  dmsg(D_HANDSHAKE_VERBOSE, "write tls_write_ciphertext %d bytes", retval);
1461 
1462  memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
1463  buf->len = 0;
1464 
1465  perf_pop();
1466  return 1;
1467 }
1468 
1469 int
1470 key_state_read_plaintext(struct key_state_ssl *ks, struct buffer *buf)
1471 {
1472  int retval = 0;
1473  int len = 0;
1474 
1476 
1477  ASSERT(NULL != ks);
1478  ASSERT(buf);
1479  ASSERT(buf->len >= 0);
1480 
1481  if (buf->len)
1482  {
1483  perf_pop();
1484  return 0;
1485  }
1486 
1487  len = buf_forward_capacity(buf);
1488 
1489  retval = mbedtls_ssl_read(ks->ctx, BPTR(buf), len);
1490 
1491  /* Error during read, check for retry error */
1492  if (retval < 0)
1493  {
1494  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1495  {
1496  return 0;
1497  }
1498  mbed_log_err(D_TLS_ERRORS, retval, "TLS_ERROR: read tls_read_plaintext error");
1499  buf->len = 0;
1500  perf_pop();
1501  return -1;
1502  }
1503  /* Nothing read, try again */
1504  if (0 == retval)
1505  {
1506  buf->len = 0;
1507  perf_pop();
1508  return 0;
1509  }
1510 
1511  /* successful read */
1512  dmsg(D_HANDSHAKE_VERBOSE, "read tls_read_plaintext %d bytes", retval);
1513  buf->len = retval;
1514 
1515  perf_pop();
1516  return 1;
1517 }
1518 
1519 /* **************************************
1520  *
1521  * Information functions
1522  *
1523  * Print information for the end user.
1524  *
1525  ***************************************/
1526 void
1527 print_details(struct key_state_ssl *ks_ssl, const char *prefix)
1528 {
1529  const mbedtls_x509_crt *cert;
1530  char s1[256];
1531  char s2[256];
1532 
1533  s1[0] = s2[0] = 0;
1534  openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s",
1535  prefix,
1536  mbedtls_ssl_get_version(ks_ssl->ctx),
1537  mbedtls_ssl_get_ciphersuite(ks_ssl->ctx));
1538 
1539  cert = mbedtls_ssl_get_peer_cert(ks_ssl->ctx);
1540  if (cert != NULL)
1541  {
1542  openvpn_snprintf(s2, sizeof(s2), ", %u bit key",
1543  (unsigned int) mbedtls_pk_get_bitlen(&cert->pk));
1544  }
1545 
1546  msg(D_HANDSHAKE, "%s%s", s1, s2);
1547 }
1548 
1549 void
1550 show_available_tls_ciphers_list(const char *cipher_list,
1551  const char *tls_cert_profile,
1552  bool tls13)
1553 {
1554  if (tls13)
1555  {
1556  /* mbed TLS has no TLS 1.3 support currently */
1557  return;
1558  }
1559  struct tls_root_ctx tls_ctx;
1560  const int *ciphers = mbedtls_ssl_list_ciphersuites();
1561 
1562  tls_ctx_server_new(&tls_ctx);
1563  tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
1564  tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
1565 
1566  if (tls_ctx.allowed_ciphers)
1567  {
1568  ciphers = tls_ctx.allowed_ciphers;
1569  }
1570 
1571  while (*ciphers != 0)
1572  {
1573  printf("%s\n", mbedtls_ssl_get_ciphersuite_name(*ciphers));
1574  ciphers++;
1575  }
1576  tls_ctx_free(&tls_ctx);
1577 }
1578 
1579 void
1581 {
1582  const mbedtls_ecp_curve_info *pcurve = mbedtls_ecp_curve_list();
1583 
1584  if (NULL == pcurve)
1585  {
1586  msg(M_FATAL, "Cannot retrieve curve list from mbed TLS");
1587  }
1588 
1589  /* Print curve list */
1590  printf("Available Elliptic curves, listed in order of preference:\n\n");
1591  while (MBEDTLS_ECP_DP_NONE != pcurve->grp_id)
1592  {
1593  printf("%s\n", pcurve->name);
1594  pcurve++;
1595  }
1596 }
1597 
1598 void
1599 get_highest_preference_tls_cipher(char *buf, int size)
1600 {
1601  const char *cipher_name;
1602  const int *ciphers = mbedtls_ssl_list_ciphersuites();
1603  if (*ciphers == 0)
1604  {
1605  msg(M_FATAL, "Cannot retrieve list of supported SSL ciphers.");
1606  }
1607 
1608  cipher_name = mbedtls_ssl_get_ciphersuite_name(*ciphers);
1609  strncpynt(buf, cipher_name, size);
1610 }
1611 
1612 const char *
1614 {
1615  static char mbedtls_version[30];
1616  unsigned int pv = mbedtls_version_get_number();
1617  sprintf( mbedtls_version, "mbed TLS %d.%d.%d",
1618  (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
1619  return mbedtls_version;
1620 }
1621 
1622 void
1623 load_xkey_provider(void)
1624 {
1625  return; /* no external key provider in mbedTLS build */
1626 }
1627 
1628 #endif /* defined(ENABLE_CRYPTO_MBEDTLS) */
SSLF_TLS_VERSION_MIN_SHIFT
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition: ssl_common.h:410
load_xkey_provider
void load_xkey_provider(void)
Load ovpn.xkey provider used for external key signing.
Definition: ssl_openssl.c:2377
md_full
int md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst)
Calculates the message digest for the given buffer.
Definition: crypto_openssl.c:1097
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition: base64.c:158
D_TLS_DEBUG
#define D_TLS_DEBUG
Definition: errlevel.h:165
key_state_ssl_free
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition: ssl_openssl.c:1965
tls_ctx_load_cert_file
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition: ssl_openssl.c:970
key_state_ssl
Definition: ssl_mbedtls.h:125
ALLOC_ARRAY_CLEAR
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition: buffer.h:1082
ssl_backend.h
tls_root_ctx::external_key
struct external_context external_key
External key context.
Definition: ssl_mbedtls.h:119
external_context
Context used by external_pkcs1_sign()
Definition: ssl_mbedtls.h:79
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:1031
PERF_BIO_READ_PLAINTEXT
#define PERF_BIO_READ_PLAINTEXT
Definition: perf.h:38
SSLF_TLS_VERSION_MAX_MASK
#define SSLF_TLS_VERSION_MAX_MASK
Definition: ssl_common.h:413
tls_init_lib
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition: ssl_openssl.c:85
mbedtls_compat_pk_parse_key
static int mbedtls_compat_pk_parse_key(mbedtls_pk_context *ctx, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:102
rand_ctx_get
mbedtls_ctr_drbg_context * rand_ctx_get(void)
Returns a singleton instance of the mbed TLS random number generator.
tls_ctx_load_priv_file
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
Definition: ssl_openssl.c:1032
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
tls_root_ctx::groups
mbedtls_ecp_group_id * groups
List of allowed groups for this connection.
Definition: ssl_mbedtls.h:121
M_FATAL
#define M_FATAL
Definition: error.h:95
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition: manage.c:3080
manage.h
D_HANDSHAKE_VERBOSE
#define D_HANDSHAKE_VERBOSE
Definition: errlevel.h:156
KS_PRIMARY
#define KS_PRIMARY
Primary key state index.
Definition: ssl_common.h:445
tls_ctx_load_ecdh_params
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:722
hash
Definition: list.h:58
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition: errlevel.h:77
static_assert
#define static_assert(expr, diagnostic)
Definition: error.h:218
tls_root_ctx::cert_profile
mbedtls_x509_crt_profile cert_profile
Allowed certificate types.
Definition: ssl_mbedtls.h:122
get_ssl_library_version
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition: ssl_openssl.c:2344
print_details
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Definition: ssl_openssl.c:2177
tls_ctx_load_extra_certs
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, bool extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1706
D_HANDSHAKE
#define D_HANDSHAKE
Definition: errlevel.h:72
tls_ctx_client_new
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition: ssl_openssl.c:128
TLS_VER_1_1
#define TLS_VER_1_1
Definition: ssl_backend.h:106
tls_ctx_server_new
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition: ssl_openssl.c:110
mbedtls_compat_ctr_drbg_update
static int mbedtls_compat_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len)
Definition: mbedtls_compat.h:76
get_num_elements
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number e...
Definition: ssl_util.c:284
show_available_tls_ciphers_list
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
Definition: ssl_openssl.c:2204
session::key
char key[48]
Definition: keyingmaterialexporter.c:58
tls_ctx_set_options
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition: ssl_openssl.c:316
openvpn_base64_encode
int openvpn_base64_encode(const void *data, int size, char **str)
Definition: base64.c:52
bio_ctx::out
endless_buffer out
Definition: ssl_mbedtls.h:58
print_key_filename
const char * print_key_filename(const char *str, bool is_inline)
To be used when printing a string that may contain inline data.
Definition: crypto.c:1083
dmsg
#define dmsg(flags,...)
Definition: error.h:154
tls_free_lib
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition: ssl_openssl.c:99
ssl_verify_mbedtls.h
backend_tls_ctx_reload_crl
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition: ssl_openssl.c:1089
tls_ctx_use_management_external_key
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
Definition: ssl_openssl.c:1477
mbedtls_compat_pk_check_pair
static int mbedtls_compat_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:91
PERF_BIO_WRITE_PLAINTEXT
#define PERF_BIO_WRITE_PLAINTEXT
Definition: perf.h:39
tls_root_ctx::ca_chain
mbedtls_x509_crt * ca_chain
CA chain for remote verification.
Definition: ssl_mbedtls.h:111
TLS_VER_1_0
#define TLS_VER_1_0
Definition: ssl_backend.h:105
endless_buffer
Definition: ssl_mbedtls.h:50
mbed_ok
#define mbed_ok(errval)
Check errval and log on error.
Definition: crypto_mbedtls.h:146
external_context::signature_length
size_t signature_length
Definition: ssl_mbedtls.h:80
external_context::sign_ctx
void * sign_ctx
Definition: ssl_mbedtls.h:82
key_state_write_ciphertext
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition: ssl_openssl.c:2024
CLEAR
#define CLEAR(x)
Definition: basic.h:33
tls_root_ctx::dhm_ctx
mbedtls_dhm_context * dhm_ctx
Diffie-Helmann-Merkle context.
Definition: ssl_mbedtls.h:109
ssl_util.h
passbuf
static struct user_pass passbuf
Definition: ssl.c:241
key_state_read_plaintext
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract plaintext data from the TLS module.
Definition: ssl_openssl.c:2039
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:693
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:414
ASSERT
#define ASSERT(x)
Definition: error.h:201
tls_get_cipher_name_pair
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition: ssl_util.c:265
key_state_ssl::ssl_config
mbedtls_ssl_config * ssl_config
mbedTLS global ssl config
Definition: ssl_mbedtls.h:126
counter_type
uint64_t counter_type
Definition: common.h:30
SSLF_TLS_VERSION_MIN_MASK
#define SSLF_TLS_VERSION_MIN_MASK
Definition: ssl_common.h:411
external_sign_func
bool(* external_sign_func)(void *sign_ctx, const void *src, size_t src_size, void *dst, size_t dst_size)
External signing function prototype.
Definition: ssl_mbedtls.h:74
BLEN
#define BLEN(buf)
Definition: buffer.h:127
SSLF_TLS_DEBUG_ENABLED
#define SSLF_TLS_DEBUG_ENABLED
Definition: ssl_common.h:414
tls_root_ctx::priv_key
mbedtls_pk_context * priv_key
Local private key.
Definition: ssl_mbedtls.h:112
PERF_BIO_WRITE_CIPHERTEXT
#define PERF_BIO_WRITE_CIPHERTEXT
Definition: perf.h:41
tls_ctx_initialised
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition: ssl_openssl.c:155
misc.h
endless_buffer::first_block
buffer_entry * first_block
Definition: ssl_mbedtls.h:52
M_WARN
#define M_WARN
Definition: error.h:97
perf_pop
static void perf_pop(void)
Definition: perf.h:82
tls_version_max
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation.
Definition: ssl_openssl.c:213
tls_ctx_free
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition: ssl_openssl.c:146
tls_ctx_set_cert_profile
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition: ssl_openssl.c:527
pkcs11_backend.h
external_context::sign
external_sign_func sign
Definition: ssl_mbedtls.h:81
base64.h
tls_root_ctx::crt_chain
mbedtls_x509_crt * crt_chain
Local Certificate chain.
Definition: ssl_mbedtls.h:110
errlevel.h
SSLF_CLIENT_CERT_NOT_REQUIRED
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition: ssl_common.h:404
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition: manage.c:3747
mbedtls_dhm_get_bitlen
static size_t mbedtls_dhm_get_bitlen(const mbedtls_dhm_context *ctx)
Definition: mbedtls_compat.h:164
key_state_ssl_init
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition: ssl_openssl.c:1925
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition: ssl_openssl.c:162
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
key_state_write_plaintext
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition: ssl_openssl.c:1980
get_highest_preference_tls_cipher
void get_highest_preference_tls_cipher(char *buf, int size)
Definition: ssl_openssl.c:2319
mbedtls_compat_psa_crypto_init
static void mbedtls_compat_psa_crypto_init(void)
Definition: mbedtls_compat.h:55
D_TLS_ERRORS
#define D_TLS_ERRORS
Definition: errlevel.h:59
tls_ctx_load_cryptoapi
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Definition: ssl_openssl.c:923
tls_ctx_set_tls_groups
void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
Set the (elliptic curve) group allowed for signatures and key exchange.
Definition: ssl_openssl.c:565
mbedtls_compat.h
TLS_VER_1_2
#define TLS_VER_1_2
Definition: ssl_backend.h:107
tls_root_ctx::initialised
bool initialised
True if the context has been initialised.
Definition: ssl_mbedtls.h:105
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:468
buffer.h
tls_key_cache
Definition: ssl_mbedtls.h:95
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
tls_root_ctx::endpoint
int endpoint
Whether or not this is a server or a client.
Definition: ssl_mbedtls.h:107
tls_ctx_restrict_ciphers_tls13
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher.
Definition: ssl_openssl.c:498
SSLF_TLS_VERSION_MAX_SHIFT
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition: ssl_common.h:412
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
tls_ctx_check_cert_time
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition: ssl_openssl.c:625
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:361
endless_buffer::last_block
buffer_entry * last_block
Definition: ssl_mbedtls.h:53
PERF_BIO_READ_CIPHERTEXT
#define PERF_BIO_READ_CIPHERTEXT
Definition: perf.h:40
tls_root_ctx::crl
mbedtls_x509_crl * crl
Certificate Revocation List.
Definition: ssl_mbedtls.h:113
counter_format
#define counter_format
Definition: common.h:31
tls_cipher_name_pair::openssl_name
const char * openssl_name
Definition: ssl_util.h:75
tls_ctx_load_ca
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1557
bio_ctx
Definition: ssl_mbedtls.h:56
verify_callback
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer's certificate allows setting up a VPN tunnel.
D_TLS_DEBUG_MED
#define D_TLS_DEBUG_MED
Definition: errlevel.h:157
tls_root_ctx
Structure that wraps the TLS context.
Definition: ssl_mbedtls.h:104
openvpn_snprintf
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:294
status
static SERVICE_STATUS status
Definition: interactive.c:52
management
Definition: manage.h:335
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1039
show_available_curves
void show_available_curves(void)
Definition: ssl_openssl.c:2279
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1066
strsep
char * strsep(char **stringp, const char *delim)
Definition: compat-strsep.c:36
config.h
pem_password_callback
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user's password.
Definition: ssl.c:253
ssl_common.h
mbed_log_err
bool mbed_log_err(unsigned int flags, int errval, const char *prefix)
Log the supplied mbed TLS error, prefixed by supplied prefix.
key_state_ssl::bio_ctx
bio_ctx * bio_ctx
Definition: ssl_mbedtls.h:128
session
Definition: keyingmaterialexporter.c:56
tls_root_ctx::allowed_ciphers
int * allowed_ciphers
List of allowed ciphers for this connection.
Definition: ssl_mbedtls.h:120
key_state_ssl::tls_key_cache
struct tls_key_cache tls_key_cache
Definition: ssl_mbedtls.h:130
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:559
key_state_write_plaintext_const
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition: ssl_openssl.c:1996
tls_ctx_load_pkcs12
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context.
Definition: ssl_openssl.c:793
tls_cipher_name_pair::iana_name
const char * iana_name
Definition: ssl_util.h:75
UP_TYPE_PRIVATE_KEY
#define UP_TYPE_PRIVATE_KEY
Definition: ssl_common.h:42
TLS_VER_UNSPEC
#define TLS_VER_UNSPEC
Definition: ssl_backend.h:104
mbedtls_compat_pk_parse_keyfile
static int mbedtls_compat_pk_parse_keyfile(mbedtls_pk_context *ctx, const char *path, const char *password, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:115
msg
#define msg(flags,...)
Definition: error.h:150
key_state_ssl::ctx
mbedtls_ssl_context * ctx
mbedTLS connection context
Definition: ssl_mbedtls.h:127
SSLF_CLIENT_CERT_OPTIONAL
#define SSLF_CLIENT_CERT_OPTIONAL
Definition: ssl_common.h:405
tls_ctx_load_dh_params
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:661
buffer_entry
Definition: buffer.h:1120
endless_buffer::data_start
size_t data_start
Definition: ssl_mbedtls.h:51
tls_ctx_use_external_signing_func
int tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx, external_sign_func sign_func, void *sign_ctx)
Call the supplied signing function to create a TLS signature during the TLS handshake.
perf_push
static void perf_push(int type)
Definition: perf.h:78
tls_ctx_restrict_ciphers
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below.
Definition: ssl_openssl.c:436
key_state_read_ciphertext
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract ciphertext data from the TLS module.
Definition: ssl_openssl.c:2010
bio_ctx::in
endless_buffer in
Definition: ssl_mbedtls.h:57
tls_cipher_name_pair
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name.
Definition: ssl_util.h:75
cleanup
static int cleanup(void **state)
Definition: test_pkcs11.c:280