OpenVPN
ssl_openssl.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #elif defined(_MSC_VER)
32 #include "config-msvc.h"
33 #endif
34 
35 #include "syshead.h"
36 
37 #if defined(ENABLE_CRYPTO_OPENSSL)
38 
39 #include "errlevel.h"
40 #include "buffer.h"
41 #include "misc.h"
42 #include "manage.h"
43 #include "memdbg.h"
44 #include "ssl_backend.h"
45 #include "ssl_common.h"
46 #include "base64.h"
47 #include "openssl_compat.h"
48 
49 #ifdef ENABLE_CRYPTOAPI
50 #include "cryptoapi.h"
51 #endif
52 
53 #include "ssl_verify_openssl.h"
54 
55 #include <openssl/bn.h>
56 #include <openssl/crypto.h>
57 #include <openssl/dh.h>
58 #include <openssl/dsa.h>
59 #include <openssl/err.h>
60 #include <openssl/pkcs12.h>
61 #include <openssl/rsa.h>
62 #include <openssl/x509.h>
63 #include <openssl/ssl.h>
64 #ifndef OPENSSL_NO_EC
65 #include <openssl/ec.h>
66 #endif
67 
68 /*
69  * Allocate space in SSL objects in which to store a struct tls_session
70  * pointer back to parent.
71  *
72  */
73 
74 int mydata_index; /* GLOBAL */
75 
76 void
78 {
79  SSL_library_init();
80 #ifndef ENABLE_SMALL
81  SSL_load_error_strings();
82 #endif
83  OpenSSL_add_all_algorithms();
84 
85  mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
86  ASSERT(mydata_index >= 0);
87 }
88 
89 void
91 {
92  EVP_cleanup();
93 #ifndef ENABLE_SMALL
94  ERR_free_strings();
95 #endif
96 }
97 
98 void
100 {
101  ERR_clear_error();
102 }
103 
104 void
106 {
107  ASSERT(NULL != ctx);
108 
109  ctx->ctx = SSL_CTX_new(SSLv23_server_method());
110 
111  if (ctx->ctx == NULL)
112  {
113  crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
114  }
115 }
116 
117 void
119 {
120  ASSERT(NULL != ctx);
121 
122  ctx->ctx = SSL_CTX_new(SSLv23_client_method());
123 
124  if (ctx->ctx == NULL)
125  {
126  crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
127  }
128 }
129 
130 void
132 {
133  ASSERT(NULL != ctx);
134  if (NULL != ctx->ctx)
135  {
136  SSL_CTX_free(ctx->ctx);
137  }
138  ctx->ctx = NULL;
139 }
140 
141 bool
143 {
144  ASSERT(NULL != ctx);
145  return NULL != ctx->ctx;
146 }
147 
148 void
150  struct tls_session *session)
151 {
152  if (session->opt->ekm_size > 0)
153  {
154 #if (OPENSSL_VERSION_NUMBER >= 0x10001000)
155  unsigned int size = session->opt->ekm_size;
156  struct gc_arena gc = gc_new();
157  unsigned char *ekm = (unsigned char *) gc_malloc(size, true, &gc);
158 
159  if (SSL_export_keying_material(ssl->ssl, ekm, size,
160  session->opt->ekm_label, session->opt->ekm_label_size, NULL, 0, 0))
161  {
162  unsigned int len = (size * 2) + 2;
163 
164  const char *key = format_hex_ex(ekm, size, len, 0, NULL, &gc);
165  setenv_str(session->opt->es, "exported_keying_material", key);
166 
167  dmsg(D_TLS_DEBUG_MED, "%s: exported keying material: %s",
168  __func__, key);
169  }
170  else
171  {
172  msg(M_WARN, "WARNING: Export keying material failed!");
173  setenv_del(session->opt->es, "exported_keying_material");
174  }
175  gc_free(&gc);
176 #endif /* if (OPENSSL_VERSION_NUMBER >= 0x10001000) */
177  }
178 }
179 
180 /*
181  * Print debugging information on SSL/TLS session negotiation.
182  */
183 
184 #ifndef INFO_CALLBACK_SSL_CONST
185 #define INFO_CALLBACK_SSL_CONST const
186 #endif
187 static void
188 info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
189 {
190  if (where & SSL_CB_LOOP)
191  {
192  dmsg(D_HANDSHAKE_VERBOSE, "SSL state (%s): %s",
193  where & SSL_ST_CONNECT ? "connect" :
194  where &SSL_ST_ACCEPT ? "accept" :
195  "undefined", SSL_state_string_long(s));
196  }
197  else if (where & SSL_CB_ALERT)
198  {
199  dmsg(D_HANDSHAKE_VERBOSE, "SSL alert (%s): %s: %s",
200  where & SSL_CB_READ ? "read" : "write",
201  SSL_alert_type_string_long(ret),
202  SSL_alert_desc_string_long(ret));
203  }
204 }
205 
206 /*
207  * Return maximum TLS version supported by local OpenSSL library.
208  * Assume that presence of SSL_OP_NO_TLSvX macro indicates that
209  * TLSvX is supported.
210  */
211 int
213 {
214 #if defined(TLS1_3_VERSION)
215  return TLS_VER_1_3;
216 #elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2)
217  return TLS_VER_1_2;
218 #elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1)
219  return TLS_VER_1_1;
220 #else
221  return TLS_VER_1_0;
222 #endif
223 }
224 
226 static int
228 {
229  if (ver == TLS_VER_1_0)
230  {
231  return TLS1_VERSION;
232  }
233  else if (ver == TLS_VER_1_1)
234  {
235  return TLS1_1_VERSION;
236  }
237  else if (ver == TLS_VER_1_2)
238  {
239  return TLS1_2_VERSION;
240  }
241 #if defined(TLS1_3_VERSION)
242  else if (ver == TLS_VER_1_3)
243  {
244  return TLS1_3_VERSION;
245  }
246 #endif
247  return 0;
248 }
249 
250 static bool
251 tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
252 {
253  int tls_ver_min = openssl_tls_version(
255  int tls_ver_max = openssl_tls_version(
257 
258  if (!tls_ver_min)
259  {
260  /* Enforce at least TLS 1.0 */
261  int cur_min = SSL_CTX_get_min_proto_version(ctx->ctx);
262  tls_ver_min = cur_min < TLS1_VERSION ? TLS1_VERSION : cur_min;
263  }
264 
265  if (!SSL_CTX_set_min_proto_version(ctx->ctx, tls_ver_min))
266  {
267  msg(D_TLS_ERRORS, "%s: failed to set minimum TLS version", __func__);
268  return false;
269  }
270 
271  if (tls_ver_max && !SSL_CTX_set_max_proto_version(ctx->ctx, tls_ver_max))
272  {
273  msg(D_TLS_ERRORS, "%s: failed to set maximum TLS version", __func__);
274  return false;
275  }
276 
277  return true;
278 }
279 
280 bool
281 tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
282 {
283  ASSERT(NULL != ctx);
284 
285  /* process SSL options */
286  long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET;
287 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
288  sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE;
289 #endif
290  sslopt |= SSL_OP_NO_COMPRESSION;
291 
292  SSL_CTX_set_options(ctx->ctx, sslopt);
293 
294  if (!tls_ctx_set_tls_versions(ctx, ssl_flags))
295  {
296  return false;
297  }
298 
299 #ifdef SSL_MODE_RELEASE_BUFFERS
300  SSL_CTX_set_mode(ctx->ctx, SSL_MODE_RELEASE_BUFFERS);
301 #endif
302  SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_OFF);
303  SSL_CTX_set_default_passwd_cb(ctx->ctx, pem_password_callback);
304 
305  /* Require peer certificate verification */
306  int verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
307 #if P2MP_SERVER
308  if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
309  {
310  verify_flags = 0;
311  }
312  else if (ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
313  {
314  verify_flags = SSL_VERIFY_PEER;
315  }
316 #endif
317  SSL_CTX_set_verify(ctx->ctx, verify_flags, verify_callback);
318 
319  SSL_CTX_set_info_callback(ctx->ctx, info_callback);
320 
321  return true;
322 }
323 
324 void
325 convert_tls_list_to_openssl(char* openssl_ciphers, size_t len,const char *ciphers)
326 {
327  /* Parse supplied cipher list and pass on to OpenSSL */
328  size_t begin_of_cipher, end_of_cipher;
329 
330  const char *current_cipher;
331  size_t current_cipher_len;
332 
333  const tls_cipher_name_pair *cipher_pair;
334 
335  size_t openssl_ciphers_len = 0;
336  openssl_ciphers[0] = '\0';
337 
338  /* Translate IANA cipher suite names to OpenSSL names */
339  begin_of_cipher = end_of_cipher = 0;
340  for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
341  {
342  end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
343  cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
344 
345  if (NULL == cipher_pair)
346  {
347  /* No translation found, use original */
348  current_cipher = &ciphers[begin_of_cipher];
349  current_cipher_len = end_of_cipher - begin_of_cipher;
350 
351  /* Issue warning on missing translation */
352  /* %.*s format specifier expects length of type int, so guarantee */
353  /* that length is small enough and cast to int. */
354  msg(D_LOW, "No valid translation found for TLS cipher '%.*s'",
355  constrain_int(current_cipher_len, 0, 256), current_cipher);
356  }
357  else
358  {
359  /* Use OpenSSL name */
360  current_cipher = cipher_pair->openssl_name;
361  current_cipher_len = strlen(current_cipher);
362 
363  if (end_of_cipher - begin_of_cipher == current_cipher_len
364  && 0 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name,
365  end_of_cipher - begin_of_cipher))
366  {
367  /* Non-IANA name used, show warning */
368  msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'", cipher_pair->openssl_name, cipher_pair->iana_name);
369  }
370  }
371 
372  /* Make sure new cipher name fits in cipher string */
373  if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
374  || (len - 1) < (openssl_ciphers_len + current_cipher_len))
375  {
376  msg(M_FATAL,
377  "Failed to set restricted TLS cipher list, too long (>%d).",
378  (int)(len - 1));
379  }
380 
381  /* Concatenate cipher name to OpenSSL cipher string */
382  memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
383  openssl_ciphers_len += current_cipher_len;
384  openssl_ciphers[openssl_ciphers_len] = ':';
385  openssl_ciphers_len++;
386 
387  end_of_cipher++;
388  }
389 
390  if (openssl_ciphers_len > 0)
391  {
392  openssl_ciphers[openssl_ciphers_len-1] = '\0';
393  }
394 }
395 
396 void
397 tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
398 {
399  if (ciphers == NULL)
400  {
401  /* Use sane default TLS cipher list */
402  if (!SSL_CTX_set_cipher_list(ctx->ctx,
403  /* Use openssl's default list as a basis */
404  "DEFAULT"
405  /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */
406  ":!EXP:!LOW:!MEDIUM"
407  /* Disable static (EC)DH keys (no forward secrecy) */
408  ":!kDH:!kECDH"
409  /* Disable DSA private keys */
410  ":!DSS"
411  /* Disable unsupported TLS modes */
412  ":!PSK:!SRP:!kRSA"))
413  {
414  crypto_msg(M_FATAL, "Failed to set default TLS cipher list.");
415  }
416  return;
417  }
418 
419  char openssl_ciphers[4096];
420  convert_tls_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
421 
422  ASSERT(NULL != ctx);
423 
424  /* Set OpenSSL cipher list */
425  if (!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers))
426  {
427  crypto_msg(M_FATAL, "Failed to set restricted TLS cipher list: %s", openssl_ciphers);
428  }
429 }
430 
431 void
432 convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len,
433  const char *ciphers)
434 {
435  /*
436  * OpenSSL (and official IANA) cipher names have _ in them. We
437  * historically used names with - in them. Silently convert names
438  * with - to names with _ to support both
439  */
440  if (strlen(ciphers) >= (len - 1))
441  {
442  msg(M_FATAL,
443  "Failed to set restricted TLS 1.3 cipher list, too long (>%d).",
444  (int) (len - 1));
445  }
446 
447  strncpy(openssl_ciphers, ciphers, len);
448 
449  for (size_t i = 0; i < strlen(openssl_ciphers); i++)
450  {
451  if (openssl_ciphers[i] == '-')
452  {
453  openssl_ciphers[i] = '_';
454  }
455  }
456 }
457 
458 void
459 tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
460 {
461  if (ciphers == NULL)
462  {
463  /* default cipher list of OpenSSL 1.1.1 is sane, do not set own
464  * default as we do with tls-cipher */
465  return;
466  }
467 
468 #if (OPENSSL_VERSION_NUMBER < 0x1010100fL)
469  crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
470  "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
471  ciphers);
472 #else
473  ASSERT(NULL != ctx);
474 
475  char openssl_ciphers[4096];
476  convert_tls13_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers),
477  ciphers);
478 
479  if (!SSL_CTX_set_ciphersuites(ctx->ctx, openssl_ciphers))
480  {
481  crypto_msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list: %s",
482  openssl_ciphers);
483  }
484 #endif
485 }
486 
487 void
488 tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
489 {
490 #ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
491  /* OpenSSL does not have certificate profiles, but a complex set of
492  * callbacks that we could try to implement to achieve something similar.
493  * For now, use OpenSSL's security levels to achieve similar (but not equal)
494  * behaviour. */
495  if (!profile || 0 == strcmp(profile, "legacy"))
496  {
497  SSL_CTX_set_security_level(ctx->ctx, 1);
498  }
499  else if (0 == strcmp(profile, "preferred"))
500  {
501  SSL_CTX_set_security_level(ctx->ctx, 2);
502  }
503  else if (0 == strcmp(profile, "suiteb"))
504  {
505  SSL_CTX_set_security_level(ctx->ctx, 3);
506  SSL_CTX_set_cipher_list(ctx->ctx, "SUITEB128");
507  }
508  else
509  {
510  msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
511  }
512 #else
513  if (profile)
514  {
515  msg(M_WARN, "WARNING: OpenSSL 1.0.1 does not support --tls-cert-profile"
516  ", ignoring user-set profile: '%s'", profile);
517  }
518 #endif
519 }
520 
521 void
523 {
524  int ret;
525  const X509 *cert;
526 
527  ASSERT(ctx);
528 
529 #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
530  /* OpenSSL 1.0.2 and up */
531  cert = SSL_CTX_get0_certificate(ctx->ctx);
532 #else
533  /* OpenSSL 1.0.1 and earlier need an SSL object to get at the certificate */
534  SSL *ssl = SSL_new(ctx->ctx);
535  cert = SSL_get_certificate(ssl);
536 #endif
537 
538  if (cert == NULL)
539  {
540  goto cleanup; /* Nothing to check if there is no certificate */
541  }
542 
543  ret = X509_cmp_time(X509_get_notBefore(cert), NULL);
544  if (ret == 0)
545  {
546  msg(D_TLS_DEBUG_MED, "Failed to read certificate notBefore field.");
547  }
548  if (ret > 0)
549  {
550  msg(M_WARN, "WARNING: Your certificate is not yet valid!");
551  }
552 
553  ret = X509_cmp_time(X509_get_notAfter(cert), NULL);
554  if (ret == 0)
555  {
556  msg(D_TLS_DEBUG_MED, "Failed to read certificate notAfter field.");
557  }
558  if (ret < 0)
559  {
560  msg(M_WARN, "WARNING: Your certificate has expired!");
561  }
562 
563 cleanup:
564 #if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
565  SSL_free(ssl);
566 #endif
567  return;
568 }
569 
570 void
571 tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
572  const char *dh_file_inline
573  )
574 {
575  DH *dh;
576  BIO *bio;
577 
578  ASSERT(NULL != ctx);
579 
580  if (!strcmp(dh_file, INLINE_FILE_TAG) && dh_file_inline)
581  {
582  if (!(bio = BIO_new_mem_buf((char *)dh_file_inline, -1)))
583  {
584  crypto_msg(M_FATAL, "Cannot open memory BIO for inline DH parameters");
585  }
586  }
587  else
588  {
589  /* Get Diffie Hellman Parameters */
590  if (!(bio = BIO_new_file(dh_file, "r")))
591  {
592  crypto_msg(M_FATAL, "Cannot open %s for DH parameters", dh_file);
593  }
594  }
595 
596  dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
597  BIO_free(bio);
598 
599  if (!dh)
600  {
601  crypto_msg(M_FATAL, "Cannot load DH parameters from %s", dh_file);
602  }
603  if (!SSL_CTX_set_tmp_dh(ctx->ctx, dh))
604  {
605  crypto_msg(M_FATAL, "SSL_CTX_set_tmp_dh");
606  }
607 
608  msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
609  8 * DH_size(dh));
610 
611  DH_free(dh);
612 }
613 
614 void
615 tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
616  )
617 {
618 #ifndef OPENSSL_NO_EC
619  int nid = NID_undef;
620  EC_KEY *ecdh = NULL;
621  const char *sname = NULL;
622 
623  /* Generate a new ECDH key for each SSL session (for non-ephemeral ECDH) */
624  SSL_CTX_set_options(ctx->ctx, SSL_OP_SINGLE_ECDH_USE);
625 
626  if (curve_name != NULL)
627  {
628  /* Use user supplied curve if given */
629  msg(D_TLS_DEBUG, "Using user specified ECDH curve (%s)", curve_name);
630  nid = OBJ_sn2nid(curve_name);
631  }
632  else
633  {
634 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
635  /* OpenSSL 1.0.2 and newer can automatically handle ECDH parameter
636  * loading */
637  SSL_CTX_set_ecdh_auto(ctx->ctx, 1);
638  return;
639 #else
640  /* For older OpenSSL we have to extract the curve from key on our own */
641  EC_KEY *eckey = NULL;
642  const EC_GROUP *ecgrp = NULL;
643  EVP_PKEY *pkey = NULL;
644 
645  /* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */
646  SSL *ssl = SSL_new(ctx->ctx);
647  if (!ssl)
648  {
649  crypto_msg(M_FATAL, "SSL_new failed");
650  }
651  pkey = SSL_get_privatekey(ssl);
652  SSL_free(ssl);
653 
654  msg(D_TLS_DEBUG, "Extracting ECDH curve from private key");
655 
656  if (pkey != NULL && (eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL
657  && (ecgrp = EC_KEY_get0_group(eckey)) != NULL)
658  {
659  nid = EC_GROUP_get_curve_name(ecgrp);
660  }
661 #endif
662  }
663 
664  /* Translate NID back to name , just for kicks */
665  sname = OBJ_nid2sn(nid);
666  if (sname == NULL)
667  {
668  sname = "(Unknown)";
669  }
670 
671  /* Create new EC key and set as ECDH key */
672  if (NID_undef == nid || NULL == (ecdh = EC_KEY_new_by_curve_name(nid)))
673  {
674  /* Creating key failed, fall back on sane default */
675  ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
676  const char *source = (NULL == curve_name) ?
677  "extract curve from certificate" : "use supplied curve";
679  "Failed to %s (%s), using secp384r1 instead.", source, sname);
680  sname = OBJ_nid2sn(NID_secp384r1);
681  }
682 
683  if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
684  {
685  crypto_msg(M_FATAL, "SSL_CTX_set_tmp_ecdh: cannot add curve");
686  }
687 
688  msg(D_TLS_DEBUG_LOW, "ECDH curve %s added", sname);
689 
690  EC_KEY_free(ecdh);
691 #else /* ifndef OPENSSL_NO_EC */
692  msg(D_LOW, "Your OpenSSL library was built without elliptic curve support."
693  " Skipping ECDH parameter loading.");
694 #endif /* OPENSSL_NO_EC */
695 }
696 
697 int
698 tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
699  const char *pkcs12_file_inline,
700  bool load_ca_file
701  )
702 {
703  FILE *fp;
704  EVP_PKEY *pkey;
705  X509 *cert;
706  STACK_OF(X509) *ca = NULL;
707  PKCS12 *p12;
708  int i;
709  char password[256];
710 
711  ASSERT(NULL != ctx);
712 
713  if (!strcmp(pkcs12_file, INLINE_FILE_TAG) && pkcs12_file_inline)
714  {
715  BIO *b64 = BIO_new(BIO_f_base64());
716  BIO *bio = BIO_new_mem_buf((void *) pkcs12_file_inline,
717  (int) strlen(pkcs12_file_inline));
718  ASSERT(b64 && bio);
719  BIO_push(b64, bio);
720  p12 = d2i_PKCS12_bio(b64, NULL);
721  if (!p12)
722  {
723  crypto_msg(M_FATAL, "Error reading inline PKCS#12 file");
724  }
725  BIO_free(b64);
726  BIO_free(bio);
727  }
728  else
729  {
730  /* Load the PKCS #12 file */
731  if (!(fp = platform_fopen(pkcs12_file, "rb")))
732  {
733  crypto_msg(M_FATAL, "Error opening file %s", pkcs12_file);
734  }
735  p12 = d2i_PKCS12_fp(fp, NULL);
736  fclose(fp);
737  if (!p12)
738  {
739  crypto_msg(M_FATAL, "Error reading PKCS#12 file %s", pkcs12_file);
740  }
741  }
742 
743  /* Parse the PKCS #12 file */
744  if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
745  {
746  pem_password_callback(password, sizeof(password) - 1, 0, NULL);
747  /* Reparse the PKCS #12 file with password */
748  ca = NULL;
749  if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
750  {
751 #ifdef ENABLE_MANAGEMENT
752  if (management && (ERR_GET_REASON(ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
753  {
755  }
756 #endif
757  PKCS12_free(p12);
758  return 1;
759  }
760  }
761  PKCS12_free(p12);
762 
763  /* Load Certificate */
764  if (!SSL_CTX_use_certificate(ctx->ctx, cert))
765  {
766  crypto_msg(M_FATAL, "Cannot use certificate");
767  }
768 
769  /* Load Private Key */
770  if (!SSL_CTX_use_PrivateKey(ctx->ctx, pkey))
771  {
772  crypto_msg(M_FATAL, "Cannot use private key");
773  }
774 
775  /* Check Private Key */
776  if (!SSL_CTX_check_private_key(ctx->ctx))
777  {
778  crypto_msg(M_FATAL, "Private key does not match the certificate");
779  }
780 
781  /* Set Certificate Verification chain */
782  if (load_ca_file)
783  {
784  /* Add CAs from PKCS12 to the cert store and mark them as trusted.
785  * They're also used to fill in the chain of intermediate certs as
786  * necessary.
787  */
788  if (ca && sk_X509_num(ca))
789  {
790  for (i = 0; i < sk_X509_num(ca); i++)
791  {
792  X509_STORE *cert_store = SSL_CTX_get_cert_store(ctx->ctx);
793  if (!X509_STORE_add_cert(cert_store,sk_X509_value(ca, i)))
794  {
795  crypto_msg(M_FATAL,"Cannot add certificate to certificate chain (X509_STORE_add_cert)");
796  }
797  if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))
798  {
799  crypto_msg(M_FATAL,"Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
800  }
801  }
802  }
803  }
804  else
805  {
806  /* If trusted CA certs were loaded from a PEM file, and we ignore the
807  * ones in PKCS12, do load PKCS12-provided certs to the client extra
808  * certs chain just in case they include intermediate CAs needed to
809  * prove my identity to the other end. This does not make them trusted.
810  */
811  if (ca && sk_X509_num(ca))
812  {
813  for (i = 0; i < sk_X509_num(ca); i++)
814  {
815  if (!SSL_CTX_add_extra_chain_cert(ctx->ctx,sk_X509_value(ca, i)))
816  {
817  crypto_msg(M_FATAL, "Cannot add extra certificate to chain (SSL_CTX_add_extra_chain_cert)");
818  }
819  }
820  }
821  }
822  return 0;
823 }
824 
825 #ifdef ENABLE_CRYPTOAPI
826 void
827 tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
828 {
829  ASSERT(NULL != ctx);
830 
831  /* Load Certificate and Private Key */
832  if (!SSL_CTX_use_CryptoAPI_certificate(ctx->ctx, cryptoapi_cert))
833  {
834  crypto_msg(M_FATAL, "Cannot load certificate \"%s\" from Microsoft Certificate Store", cryptoapi_cert);
835  }
836 }
837 #endif /* ENABLE_CRYPTOAPI */
838 
839 static void
840 tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio)
841 {
842  X509 *cert;
843  for (;; )
844  {
845  cert = NULL;
846  if (!PEM_read_bio_X509(bio, &cert, NULL, NULL)) /* takes ownership of cert */
847  {
848  break;
849  }
850  if (!cert)
851  {
852  crypto_msg(M_FATAL, "Error reading extra certificate");
853  }
854  if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
855  {
856  crypto_msg(M_FATAL, "Error adding extra certificate");
857  }
858  }
859 }
860 
861 void
862 tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file,
863  const char *cert_file_inline)
864 {
865  BIO *in = NULL;
866  X509 *x = NULL;
867  int ret = 0;
868  bool inline_file = false;
869 
870  ASSERT(NULL != ctx);
871 
872  inline_file = (strcmp(cert_file, INLINE_FILE_TAG) == 0);
873 
874  if (inline_file && cert_file_inline)
875  {
876  in = BIO_new_mem_buf((char *)cert_file_inline, -1);
877  }
878  else
879  {
880  in = BIO_new_file(cert_file, "r");
881  }
882 
883  if (in == NULL)
884  {
885  SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
886  goto end;
887  }
888 
889  x = PEM_read_bio_X509(in, NULL,
892  if (x == NULL)
893  {
894  SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
895  goto end;
896  }
897 
898  ret = SSL_CTX_use_certificate(ctx->ctx, x);
899  if (ret)
900  {
901  tls_ctx_add_extra_certs(ctx, in);
902  }
903 
904 end:
905  if (!ret)
906  {
907  if (inline_file)
908  {
909  crypto_msg(M_FATAL, "Cannot load inline certificate file");
910  }
911  else
912  {
913  crypto_msg(M_FATAL, "Cannot load certificate file %s", cert_file);
914  }
915  }
916 
917  if (in != NULL)
918  {
919  BIO_free(in);
920  }
921  if (x)
922  {
923  X509_free(x);
924  }
925 }
926 
927 int
928 tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
929  const char *priv_key_file_inline
930  )
931 {
932  SSL_CTX *ssl_ctx = NULL;
933  BIO *in = NULL;
934  EVP_PKEY *pkey = NULL;
935  int ret = 1;
936 
937  ASSERT(NULL != ctx);
938 
939  ssl_ctx = ctx->ctx;
940 
941  if (!strcmp(priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline)
942  {
943  in = BIO_new_mem_buf((char *)priv_key_file_inline, -1);
944  }
945  else
946  {
947  in = BIO_new_file(priv_key_file, "r");
948  }
949 
950  if (!in)
951  {
952  goto end;
953  }
954 
955  pkey = PEM_read_bio_PrivateKey(in, NULL,
958  if (!pkey)
959  {
960  goto end;
961  }
962 
963  if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
964  {
965 #ifdef ENABLE_MANAGEMENT
966  if (management && (ERR_GET_REASON(ERR_peek_error()) == EVP_R_BAD_DECRYPT))
967  {
969  }
970 #endif
971  crypto_msg(M_WARN, "Cannot load private key file %s", priv_key_file);
972  goto end;
973  }
974 
975  /* Check Private Key */
976  if (!SSL_CTX_check_private_key(ssl_ctx))
977  {
978  crypto_msg(M_FATAL, "Private key does not match the certificate");
979  }
980  ret = 0;
981 
982 end:
983  if (pkey)
984  {
985  EVP_PKEY_free(pkey);
986  }
987  if (in)
988  {
989  BIO_free(in);
990  }
991  return ret;
992 }
993 
994 void
995 backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file,
996  const char *crl_inline)
997 {
998  X509_CRL *crl = NULL;
999  BIO *in = NULL;
1000 
1001  X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx->ctx);
1002  if (!store)
1003  {
1004  crypto_msg(M_FATAL, "Cannot get certificate store");
1005  }
1006 
1007  /* Always start with a cleared CRL list, for that we
1008  * we need to manually find the CRL object from the stack
1009  * and remove it */
1010  STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
1011  for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
1012  {
1013  X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
1014  ASSERT(obj);
1015  if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
1016  {
1017  sk_X509_OBJECT_delete(objs, i);
1018  X509_OBJECT_free(obj);
1019  }
1020  }
1021 
1022  X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1023 
1024  if (!strcmp(crl_file, INLINE_FILE_TAG) && crl_inline)
1025  {
1026  in = BIO_new_mem_buf((char *)crl_inline, -1);
1027  }
1028  else
1029  {
1030  in = BIO_new_file(crl_file, "r");
1031  }
1032 
1033  if (in == NULL)
1034  {
1035  msg(M_WARN, "CRL: cannot read: %s", crl_file);
1036  goto end;
1037  }
1038 
1039  crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
1040  if (crl == NULL)
1041  {
1042  msg(M_WARN, "CRL: cannot read CRL from file %s", crl_file);
1043  goto end;
1044  }
1045 
1046  if (!X509_STORE_add_crl(store, crl))
1047  {
1048  msg(M_WARN, "CRL: cannot add %s to store", crl_file);
1049  goto end;
1050  }
1051 
1052 end:
1053  X509_CRL_free(crl);
1054  BIO_free(in);
1055 }
1056 
1057 
1058 #ifdef ENABLE_MANAGEMENT
1059 
1060 /* encrypt */
1061 static int
1062 rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1063 {
1064  ASSERT(0);
1065  return -1;
1066 }
1067 
1068 /* verify arbitrary data */
1069 static int
1070 rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1071 {
1072  ASSERT(0);
1073  return -1;
1074 }
1075 
1076 /* decrypt */
1077 static int
1078 rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1079 {
1080  ASSERT(0);
1081  return -1;
1082 }
1083 
1084 /* called at RSA_free */
1085 static int
1087 {
1088  /* meth was allocated in tls_ctx_use_management_external_key() ; since
1089  * this function is called when the parent RSA object is destroyed,
1090  * it is no longer used after this point so kill it. */
1091  const RSA_METHOD *meth = RSA_get_method(rsa);
1092  RSA_meth_free((RSA_METHOD *)meth);
1093  return 1;
1094 }
1095 
1096 /* Pass the input hash in 'dgst' to management and get the signature back.
1097  * On input siglen contains the capacity of the buffer 'sig'.
1098  * On return signature is in sig.
1099  * Return value is signature length or -1 on error.
1100  */
1101 static int
1102 get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen,
1103  unsigned char *sig, unsigned int siglen)
1104 {
1105  char *in_b64 = NULL;
1106  char *out_b64 = NULL;
1107  int len = -1;
1108 
1109  /* convert 'dgst' to base64 */
1110  if (management
1111  && openvpn_base64_encode(dgst, dgstlen, &in_b64) > 0)
1112  {
1113  out_b64 = management_query_pk_sig(management, in_b64);
1114  }
1115  if (out_b64)
1116  {
1117  len = openvpn_base64_decode(out_b64, sig, siglen);
1118  }
1119 
1120  free(in_b64);
1121  free(out_b64);
1122  return len;
1123 }
1124 
1125 /* sign arbitrary data */
1126 static int
1127 rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1128 {
1129  unsigned int len = RSA_size(rsa);
1130  int ret = -1;
1131 
1132  if (padding != RSA_PKCS1_PADDING)
1133  {
1134  RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
1135  return -1;
1136  }
1137 
1138  ret = get_sig_from_man(from, flen, to, len);
1139 
1140  return (ret == len)? ret : -1;
1141 }
1142 
1143 static int
1144 tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1145 {
1146  RSA *rsa = NULL;
1147  RSA *pub_rsa;
1148  RSA_METHOD *rsa_meth;
1149 
1150  ASSERT(NULL != ctx);
1151 
1152  pub_rsa = EVP_PKEY_get0_RSA(pkey);
1153  ASSERT(NULL != pub_rsa);
1154 
1155  /* allocate custom RSA method object */
1156  rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method",
1157  RSA_METHOD_FLAG_NO_CHECK);
1158  check_malloc_return(rsa_meth);
1159  RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc);
1160  RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec);
1163  RSA_meth_set_init(rsa_meth, NULL);
1165  RSA_meth_set0_app_data(rsa_meth, NULL);
1166 
1167  /* allocate RSA object */
1168  rsa = RSA_new();
1169  if (rsa == NULL)
1170  {
1171  SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
1172  goto err;
1173  }
1174 
1175  /* initialize RSA object */
1176  const BIGNUM *n = NULL;
1177  const BIGNUM *e = NULL;
1178  RSA_get0_key(pub_rsa, &n, &e, NULL);
1179  RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL);
1180  RSA_set_flags(rsa, RSA_flags(rsa) | RSA_FLAG_EXT_PKEY);
1181  if (!RSA_set_method(rsa, rsa_meth))
1182  {
1183  RSA_meth_free(rsa_meth);
1184  goto err;
1185  }
1186  /* from this point rsa_meth will get freed with rsa */
1187 
1188  /* bind our custom RSA object to ssl_ctx */
1189  if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
1190  {
1191  goto err;
1192  }
1193 
1194  RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
1195  return 1;
1196 
1197 err:
1198  if (rsa)
1199  {
1200  RSA_free(rsa);
1201  }
1202  else
1203  {
1204  if (rsa_meth)
1205  {
1206  RSA_meth_free(rsa_meth);
1207  }
1208  }
1209  return 0;
1210 }
1211 
1212 #if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
1213 
1214 /* called when EC_KEY is destroyed */
1215 static void
1216 openvpn_extkey_ec_finish(EC_KEY *ec)
1217 {
1218  /* release the method structure */
1219  const EC_KEY_METHOD *ec_meth = EC_KEY_get_method(ec);
1220  EC_KEY_METHOD_free((EC_KEY_METHOD *) ec_meth);
1221 }
1222 
1223 /* EC_KEY_METHOD callback: sign().
1224  * Sign the hash using EC key and return DER encoded signature in sig,
1225  * its length in siglen. Return value is 1 on success, 0 on error.
1226  */
1227 static int
1228 ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig,
1229  unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
1230 {
1231  int capacity = ECDSA_size(ec);
1232  int len = get_sig_from_man(dgst, dgstlen, sig, capacity);
1233 
1234  if (len > 0)
1235  {
1236  *siglen = len;
1237  return 1;
1238  }
1239  return 0;
1240 }
1241 
1242 /* EC_KEY_METHOD callback: sign_setup(). We do no precomputations */
1243 static int
1244 ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
1245 {
1246  return 1;
1247 }
1248 
1249 /* EC_KEY_METHOD callback: sign_sig().
1250  * Sign the hash and return the result as a newly allocated ECDS_SIG
1251  * struct or NULL on error.
1252  */
1253 static ECDSA_SIG *
1254 ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv,
1255  const BIGNUM *in_r, EC_KEY *ec)
1256 {
1257  ECDSA_SIG *ecsig = NULL;
1258  unsigned int len = ECDSA_size(ec);
1259  struct gc_arena gc = gc_new();
1260 
1261  unsigned char *buf = gc_malloc(len, false, &gc);
1262  if (ecdsa_sign(0, dgst, dgstlen, buf, &len, NULL, NULL, ec) != 1)
1263  {
1264  goto out;
1265  }
1266  /* const char ** should be avoided: not up to us, so we cast our way through */
1267  ecsig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&buf, len);
1268 
1269 out:
1270  gc_free(&gc);
1271  return ecsig;
1272 }
1273 
1274 static int
1275 tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1276 {
1277  EC_KEY *ec = NULL;
1278  EVP_PKEY *privkey = NULL;
1279  EC_KEY_METHOD *ec_method;
1280 
1281  ASSERT(ctx);
1282 
1283  ec_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
1284  if (!ec_method)
1285  {
1286  goto err;
1287  }
1288 
1289  /* Among init methods, we only need the finish method */
1290  EC_KEY_METHOD_set_init(ec_method, NULL, openvpn_extkey_ec_finish, NULL, NULL, NULL, NULL);
1291  EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, ecdsa_sign_setup, ecdsa_sign_sig);
1292 
1293  ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pkey));
1294  if (!ec)
1295  {
1296  EC_KEY_METHOD_free(ec_method);
1297  goto err;
1298  }
1299  if (!EC_KEY_set_method(ec, ec_method))
1300  {
1301  EC_KEY_METHOD_free(ec_method);
1302  goto err;
1303  }
1304  /* from this point ec_method will get freed when ec is freed */
1305 
1306  privkey = EVP_PKEY_new();
1307  if (!EVP_PKEY_assign_EC_KEY(privkey, ec))
1308  {
1309  goto err;
1310  }
1311  /* from this point ec will get freed when privkey is freed */
1312 
1313  if (!SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1314  {
1315  ec = NULL; /* avoid double freeing it below */
1316  goto err;
1317  }
1318 
1319  EVP_PKEY_free(privkey); /* this will down ref privkey and ec */
1320  return 1;
1321 
1322 err:
1323  /* Reach here only when ec and privkey can be independenly freed */
1324  if (privkey)
1325  {
1326  EVP_PKEY_free(privkey);
1327  }
1328  if(ec)
1329  {
1330  EC_KEY_free(ec);
1331  }
1332  return 0;
1333 }
1334 #endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */
1335 
1336 int
1338 {
1339  int ret = 1;
1340 
1341  ASSERT(NULL != ctx);
1342 
1343 #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
1344  /* OpenSSL 1.0.2 and up */
1345  X509 *cert = SSL_CTX_get0_certificate(ctx->ctx);
1346 #else
1347  /* OpenSSL 1.0.1 and earlier need an SSL object to get at the certificate */
1348  SSL *ssl = SSL_new(ctx->ctx);
1349  X509 *cert = SSL_get_certificate(ssl);
1350 #endif
1351 
1352  ASSERT(NULL != cert);
1353 
1354  /* get the public key */
1355  EVP_PKEY *pkey = X509_get0_pubkey(cert);
1356  ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */
1357 
1358  if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
1359  {
1360  if (!tls_ctx_use_external_rsa_key(ctx, pkey))
1361  {
1362  goto cleanup;
1363  }
1364  }
1365 #if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
1366  else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
1367  {
1368  if (!tls_ctx_use_external_ec_key(ctx, pkey))
1369  {
1370  goto cleanup;
1371  }
1372  }
1373  else
1374  {
1375  crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate");
1376  goto cleanup;
1377  }
1378 #else
1379  else
1380  {
1381  crypto_msg(M_WARN, "management-external-key requires an RSA certificate");
1382  goto cleanup;
1383  }
1384 #endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */
1385 
1386  ret = 0;
1387 cleanup:
1388 #if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
1389  if (ssl)
1390  {
1391  SSL_free(ssl);
1392  }
1393 #endif
1394  if (ret)
1395  {
1396  crypto_msg(M_FATAL, "Cannot enable SSL external private key capability");
1397  }
1398  return ret;
1399 }
1400 
1401 #endif /* ifdef ENABLE_MANAGEMENT */
1402 
1403 static int
1404 sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
1405 {
1406  return X509_NAME_cmp(*a, *b);
1407 }
1408 
1409 void
1410 tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file,
1411  const char *ca_file_inline,
1412  const char *ca_path, bool tls_server
1413  )
1414 {
1415  STACK_OF(X509_INFO) *info_stack = NULL;
1416  STACK_OF(X509_NAME) *cert_names = NULL;
1417  X509_LOOKUP *lookup = NULL;
1418  X509_STORE *store = NULL;
1419  X509_NAME *xn = NULL;
1420  BIO *in = NULL;
1421  int i, added = 0, prev = 0;
1422 
1423  ASSERT(NULL != ctx);
1424 
1425  store = SSL_CTX_get_cert_store(ctx->ctx);
1426  if (!store)
1427  {
1428  crypto_msg(M_FATAL, "Cannot get certificate store");
1429  }
1430 
1431  /* Try to add certificates and CRLs from ca_file */
1432  if (ca_file)
1433  {
1434  if (!strcmp(ca_file, INLINE_FILE_TAG) && ca_file_inline)
1435  {
1436  in = BIO_new_mem_buf((char *)ca_file_inline, -1);
1437  }
1438  else
1439  {
1440  in = BIO_new_file(ca_file, "r");
1441  }
1442 
1443  if (in)
1444  {
1445  info_stack = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
1446  }
1447 
1448  if (info_stack)
1449  {
1450  for (i = 0; i < sk_X509_INFO_num(info_stack); i++)
1451  {
1452  X509_INFO *info = sk_X509_INFO_value(info_stack, i);
1453  if (info->crl)
1454  {
1455  X509_STORE_add_crl(store, info->crl);
1456  }
1457 
1458  if (tls_server && !info->x509)
1459  {
1460  crypto_msg(M_FATAL, "X509 name was missing in TLS mode");
1461  }
1462 
1463  if (info->x509)
1464  {
1465  X509_STORE_add_cert(store, info->x509);
1466  added++;
1467 
1468  if (!tls_server)
1469  {
1470  continue;
1471  }
1472 
1473  /* Use names of CAs as a client CA list */
1474  if (cert_names == NULL)
1475  {
1476  cert_names = sk_X509_NAME_new(sk_x509_name_cmp);
1477  if (!cert_names)
1478  {
1479  continue;
1480  }
1481  }
1482 
1483  xn = X509_get_subject_name(info->x509);
1484  if (!xn)
1485  {
1486  continue;
1487  }
1488 
1489  /* Don't add duplicate CA names */
1490  if (sk_X509_NAME_find(cert_names, xn) == -1)
1491  {
1492  xn = X509_NAME_dup(xn);
1493  if (!xn)
1494  {
1495  continue;
1496  }
1497  sk_X509_NAME_push(cert_names, xn);
1498  }
1499  }
1500 
1501  if (tls_server)
1502  {
1503  int cnum = sk_X509_NAME_num(cert_names);
1504  if (cnum != (prev + 1))
1505  {
1507  "Cannot load CA certificate file %s (entry %d did not validate)",
1508  np(ca_file), added);
1509  }
1510  prev = cnum;
1511  }
1512 
1513  }
1514  sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
1515  }
1516 
1517  if (tls_server)
1518  {
1519  SSL_CTX_set_client_CA_list(ctx->ctx, cert_names);
1520  }
1521 
1522  if (!added)
1523  {
1525  "Cannot load CA certificate file %s (no entries were read)",
1526  np(ca_file));
1527  }
1528 
1529  if (tls_server)
1530  {
1531  int cnum = sk_X509_NAME_num(cert_names);
1532  if (cnum != added)
1533  {
1534  crypto_msg(M_FATAL, "Cannot load CA certificate file %s (only %d "
1535  "of %d entries were valid X509 names)",
1536  np(ca_file), cnum, added);
1537  }
1538  }
1539 
1540  if (in)
1541  {
1542  BIO_free(in);
1543  }
1544  }
1545 
1546  /* Set a store for certs (CA & CRL) with a lookup on the "capath" hash directory */
1547  if (ca_path)
1548  {
1549  lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
1550  if (lookup && X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM))
1551  {
1552  msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);
1553  }
1554  else
1555  {
1556  crypto_msg(M_FATAL, "Cannot add lookup at --capath %s", ca_path);
1557  }
1558  X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1559  }
1560 }
1561 
1562 void
1563 tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
1564  const char *extra_certs_file_inline
1565  )
1566 {
1567  BIO *in;
1568  if (!strcmp(extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)
1569  {
1570  in = BIO_new_mem_buf((char *)extra_certs_file_inline, -1);
1571  }
1572  else
1573  {
1574  in = BIO_new_file(extra_certs_file, "r");
1575  }
1576 
1577  if (in == NULL)
1578  {
1579  crypto_msg(M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file);
1580  }
1581  else
1582  {
1583  tls_ctx_add_extra_certs(ctx, in);
1584  }
1585 
1586  BIO_free(in);
1587 }
1588 
1589 /* **************************************
1590  *
1591  * Key-state specific functions
1592  *
1593  ***************************************/
1594 /*
1595  *
1596  * BIO functions
1597  *
1598  */
1599 
1600 #ifdef BIO_DEBUG
1601 
1602 #warning BIO_DEBUG defined
1603 
1604 static FILE *biofp; /* GLOBAL */
1605 static bool biofp_toggle; /* GLOBAL */
1606 static time_t biofp_last_open; /* GLOBAL */
1607 static const int biofp_reopen_interval = 600; /* GLOBAL */
1608 
1609 static void
1610 close_biofp(void)
1611 {
1612  if (biofp)
1613  {
1614  ASSERT(!fclose(biofp));
1615  biofp = NULL;
1616  }
1617 }
1618 
1619 static void
1620 open_biofp(void)
1621 {
1622  const time_t current = time(NULL);
1623  const pid_t pid = getpid();
1624 
1625  if (biofp_last_open + biofp_reopen_interval < current)
1626  {
1627  close_biofp();
1628  }
1629  if (!biofp)
1630  {
1631  char fn[256];
1632  openvpn_snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
1633  biofp = fopen(fn, "w");
1634  ASSERT(biofp);
1635  biofp_last_open = time(NULL);
1636  biofp_toggle ^= 1;
1637  }
1638 }
1639 
1640 static void
1641 bio_debug_data(const char *mode, BIO *bio, const uint8_t *buf, int len, const char *desc)
1642 {
1643  struct gc_arena gc = gc_new();
1644  if (len > 0)
1645  {
1646  open_biofp();
1647  fprintf(biofp, "BIO_%s %s time=%"PRIi64" bio=" ptr_format " len=%d data=%s\n",
1648  mode, desc, (int64_t)time(NULL), (ptr_type)bio, len, format_hex(buf, len, 0, &gc));
1649  fflush(biofp);
1650  }
1651  gc_free(&gc);
1652 }
1653 
1654 static void
1655 bio_debug_oc(const char *mode, BIO *bio)
1656 {
1657  open_biofp();
1658  fprintf(biofp, "BIO %s time=%"PRIi64" bio=" ptr_format "\n",
1659  mode, (int64_t)time(NULL), (ptr_type)bio);
1660  fflush(biofp);
1661 }
1662 
1663 #endif /* ifdef BIO_DEBUG */
1664 
1665 /*
1666  * Write to an OpenSSL BIO in non-blocking mode.
1667  */
1668 static int
1669 bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
1670 {
1671  int i;
1672  int ret = 0;
1673  ASSERT(size >= 0);
1674  if (size)
1675  {
1676  /*
1677  * Free the L_TLS lock prior to calling BIO routines
1678  * so that foreground thread can still call
1679  * tls_pre_decrypt or tls_pre_encrypt,
1680  * allowing tunnel packet forwarding to continue.
1681  */
1682 #ifdef BIO_DEBUG
1683  bio_debug_data("write", bio, data, size, desc);
1684 #endif
1685  i = BIO_write(bio, data, size);
1686 
1687  if (i < 0)
1688  {
1689  if (BIO_should_retry(bio))
1690  {
1691  }
1692  else
1693  {
1694  crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s error", desc);
1695  ret = -1;
1696  ERR_clear_error();
1697  }
1698  }
1699  else if (i != size)
1700  {
1701  crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s incomplete %d/%d",
1702  desc, i, size);
1703  ret = -1;
1704  ERR_clear_error();
1705  }
1706  else
1707  { /* successful write */
1708  dmsg(D_HANDSHAKE_VERBOSE, "BIO write %s %d bytes", desc, i);
1709  ret = 1;
1710  }
1711  }
1712  return ret;
1713 }
1714 
1715 /*
1716  * Inline functions for reading from and writing
1717  * to BIOs.
1718  */
1719 
1720 static void
1721 bio_write_post(const int status, struct buffer *buf)
1722 {
1723  if (status == 1) /* success status return from bio_write? */
1724  {
1725  memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
1726  buf->len = 0;
1727  }
1728 }
1729 
1730 /*
1731  * Read from an OpenSSL BIO in non-blocking mode.
1732  */
1733 static int
1734 bio_read(BIO *bio, struct buffer *buf, int maxlen, const char *desc)
1735 {
1736  int i;
1737  int ret = 0;
1738  ASSERT(buf->len >= 0);
1739  if (buf->len)
1740  {
1741  }
1742  else
1743  {
1744  int len = buf_forward_capacity(buf);
1745  if (maxlen < len)
1746  {
1747  len = maxlen;
1748  }
1749 
1750  /*
1751  * BIO_read brackets most of the serious RSA
1752  * key negotiation number crunching.
1753  */
1754  i = BIO_read(bio, BPTR(buf), len);
1755 
1756  VALGRIND_MAKE_READABLE((void *) &i, sizeof(i));
1757 
1758 #ifdef BIO_DEBUG
1759  bio_debug_data("read", bio, BPTR(buf), i, desc);
1760 #endif
1761  if (i < 0)
1762  {
1763  if (BIO_should_retry(bio))
1764  {
1765  }
1766  else
1767  {
1768  crypto_msg(D_TLS_ERRORS, "TLS_ERROR: BIO read %s error", desc);
1769  buf->len = 0;
1770  ret = -1;
1771  ERR_clear_error();
1772  }
1773  }
1774  else if (!i)
1775  {
1776  buf->len = 0;
1777  }
1778  else
1779  { /* successful read */
1780  dmsg(D_HANDSHAKE_VERBOSE, "BIO read %s %d bytes", desc, i);
1781  buf->len = i;
1782  ret = 1;
1783  VALGRIND_MAKE_READABLE((void *) BPTR(buf), BLEN(buf));
1784  }
1785  }
1786  return ret;
1787 }
1788 
1789 void
1790 key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
1791 {
1792  ASSERT(NULL != ssl_ctx);
1793  ASSERT(ks_ssl);
1794  CLEAR(*ks_ssl);
1795 
1796  ks_ssl->ssl = SSL_new(ssl_ctx->ctx);
1797  if (!ks_ssl->ssl)
1798  {
1799  crypto_msg(M_FATAL, "SSL_new failed");
1800  }
1801 
1802  /* put session * in ssl object so we can access it
1803  * from verify callback*/
1804  SSL_set_ex_data(ks_ssl->ssl, mydata_index, session);
1805 
1806  ASSERT((ks_ssl->ssl_bio = BIO_new(BIO_f_ssl())));
1807  ASSERT((ks_ssl->ct_in = BIO_new(BIO_s_mem())));
1808  ASSERT((ks_ssl->ct_out = BIO_new(BIO_s_mem())));
1809 
1810 #ifdef BIO_DEBUG
1811  bio_debug_oc("open ssl_bio", ks_ssl->ssl_bio);
1812  bio_debug_oc("open ct_in", ks_ssl->ct_in);
1813  bio_debug_oc("open ct_out", ks_ssl->ct_out);
1814 #endif
1815 
1816  if (is_server)
1817  {
1818  SSL_set_accept_state(ks_ssl->ssl);
1819  }
1820  else
1821  {
1822  SSL_set_connect_state(ks_ssl->ssl);
1823  }
1824 
1825  SSL_set_bio(ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
1826  BIO_set_ssl(ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
1827 }
1828 
1829 void
1831 {
1832  if (ks_ssl->ssl)
1833  {
1834 #ifdef BIO_DEBUG
1835  bio_debug_oc("close ssl_bio", ks_ssl->ssl_bio);
1836  bio_debug_oc("close ct_in", ks_ssl->ct_in);
1837  bio_debug_oc("close ct_out", ks_ssl->ct_out);
1838 #endif
1839  BIO_free_all(ks_ssl->ssl_bio);
1840  SSL_free(ks_ssl->ssl);
1841  }
1842 }
1843 
1844 int
1845 key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
1846 {
1847  int ret = 0;
1849 
1850 #ifdef ENABLE_CRYPTO_OPENSSL
1851  ASSERT(NULL != ks_ssl);
1852 
1853  ret = bio_write(ks_ssl->ssl_bio, BPTR(buf), BLEN(buf),
1854  "tls_write_plaintext");
1855  bio_write_post(ret, buf);
1856 #endif /* ENABLE_CRYPTO_OPENSSL */
1857 
1858  perf_pop();
1859  return ret;
1860 }
1861 
1862 int
1863 key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
1864 {
1865  int ret = 0;
1867 
1868  ASSERT(NULL != ks_ssl);
1869 
1870  ret = bio_write(ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
1871 
1872  perf_pop();
1873  return ret;
1874 }
1875 
1876 int
1877 key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf,
1878  int maxlen)
1879 {
1880  int ret = 0;
1882 
1883  ASSERT(NULL != ks_ssl);
1884 
1885  ret = bio_read(ks_ssl->ct_out, buf, maxlen, "tls_read_ciphertext");
1886 
1887  perf_pop();
1888  return ret;
1889 }
1890 
1891 int
1893 {
1894  int ret = 0;
1896 
1897  ASSERT(NULL != ks_ssl);
1898 
1899  ret = bio_write(ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
1900  bio_write_post(ret, buf);
1901 
1902  perf_pop();
1903  return ret;
1904 }
1905 
1906 int
1907 key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf,
1908  int maxlen)
1909 {
1910  int ret = 0;
1912 
1913  ASSERT(NULL != ks_ssl);
1914 
1915  ret = bio_read(ks_ssl->ssl_bio, buf, maxlen, "tls_read_plaintext");
1916 
1917  perf_pop();
1918  return ret;
1919 }
1920 
1921 /* **************************************
1922  *
1923  * Information functions
1924  *
1925  * Print information for the end user.
1926  *
1927  ***************************************/
1928 void
1929 print_details(struct key_state_ssl *ks_ssl, const char *prefix)
1930 {
1931  const SSL_CIPHER *ciph;
1932  X509 *cert;
1933  char s1[256];
1934  char s2[256];
1935 
1936  s1[0] = s2[0] = 0;
1937  ciph = SSL_get_current_cipher(ks_ssl->ssl);
1938  openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s %s",
1939  prefix,
1940  SSL_get_version(ks_ssl->ssl),
1941  SSL_CIPHER_get_version(ciph),
1942  SSL_CIPHER_get_name(ciph));
1943  cert = SSL_get_peer_certificate(ks_ssl->ssl);
1944  if (cert != NULL)
1945  {
1946  EVP_PKEY *pkey = X509_get_pubkey(cert);
1947  if (pkey != NULL)
1948  {
1949  if ((EVP_PKEY_id(pkey) == EVP_PKEY_RSA) && (EVP_PKEY_get0_RSA(pkey) != NULL))
1950  {
1951  RSA *rsa = EVP_PKEY_get0_RSA(pkey);
1952  openvpn_snprintf(s2, sizeof(s2), ", %d bit RSA",
1953  RSA_bits(rsa));
1954  }
1955  else if ((EVP_PKEY_id(pkey) == EVP_PKEY_DSA) && (EVP_PKEY_get0_DSA(pkey) != NULL))
1956  {
1957  DSA *dsa = EVP_PKEY_get0_DSA(pkey);
1958  openvpn_snprintf(s2, sizeof(s2), ", %d bit DSA",
1959  DSA_bits(dsa));
1960  }
1961 #ifndef OPENSSL_NO_EC
1962  else if ((EVP_PKEY_id(pkey) == EVP_PKEY_EC) && (EVP_PKEY_get0_EC_KEY(pkey) != NULL))
1963  {
1964  EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
1965  const EC_GROUP *group = EC_KEY_get0_group(ec);
1966  const char* curve;
1967 
1968  int nid = EC_GROUP_get_curve_name(group);
1969  if (nid == 0 || (curve = OBJ_nid2sn(nid)) == NULL)
1970  {
1971  curve = "Error getting curve name";
1972  }
1973 
1974  openvpn_snprintf(s2, sizeof(s2), ", %d bit EC, curve: %s",
1975  EC_GROUP_order_bits(group), curve);
1976 
1977  }
1978 #endif
1979  EVP_PKEY_free(pkey);
1980  }
1981  X509_free(cert);
1982  }
1983  /* The SSL API does not allow us to look at temporary RSA/DH keys,
1984  * otherwise we should print their lengths too */
1985  msg(D_HANDSHAKE, "%s%s", s1, s2);
1986 }
1987 
1988 void
1989 show_available_tls_ciphers_list(const char *cipher_list,
1990  const char *tls_cert_profile,
1991  const bool tls13)
1992 {
1993  struct tls_root_ctx tls_ctx;
1994 
1995  tls_ctx.ctx = SSL_CTX_new(SSLv23_method());
1996  if (!tls_ctx.ctx)
1997  {
1998  crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
1999  }
2000 
2001 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL)
2002  if (tls13)
2003  {
2004  SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
2005  tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list);
2006  }
2007  else
2008 #endif
2009  {
2010  SSL_CTX_set_max_proto_version(tls_ctx.ctx, TLS1_2_VERSION);
2011  tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
2012  }
2013 
2014  tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
2015 
2016  SSL *ssl = SSL_new(tls_ctx.ctx);
2017  if (!ssl)
2018  {
2019  crypto_msg(M_FATAL, "Cannot create SSL object");
2020  }
2021 
2022 #if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
2023  STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
2024 #else
2025  STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
2026 #endif
2027  for (int i=0;i < sk_SSL_CIPHER_num(sk);i++)
2028  {
2029  const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
2030 
2031  const char *cipher_name = SSL_CIPHER_get_name(c);
2032 
2033  const tls_cipher_name_pair *pair =
2034  tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
2035 
2036  if (tls13)
2037  {
2038  printf("%s\n", cipher_name);
2039  }
2040  else if (NULL == pair)
2041  {
2042  /* No translation found, print warning */
2043  printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n",
2044  cipher_name);
2045  }
2046  else
2047  {
2048  printf("%s\n", pair->iana_name);
2049  }
2050  }
2051 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
2052  sk_SSL_CIPHER_free(sk);
2053 #endif
2054  SSL_free(ssl);
2055  SSL_CTX_free(tls_ctx.ctx);
2056 }
2057 
2058 /*
2059  * Show the Elliptic curves that are available for us to use
2060  * in the OpenSSL library.
2061  */
2062 void
2064 {
2065 #ifndef OPENSSL_NO_EC
2066  EC_builtin_curve *curves = NULL;
2067  size_t crv_len = 0;
2068  size_t n = 0;
2069 
2070  crv_len = EC_get_builtin_curves(NULL, 0);
2071  ALLOC_ARRAY(curves, EC_builtin_curve, crv_len);
2072  if (EC_get_builtin_curves(curves, crv_len))
2073  {
2074  printf("Available Elliptic curves:\n");
2075  for (n = 0; n < crv_len; n++)
2076  {
2077  const char *sname;
2078  sname = OBJ_nid2sn(curves[n].nid);
2079  if (sname == NULL)
2080  {
2081  sname = "";
2082  }
2083 
2084  printf("%s\n", sname);
2085  }
2086  }
2087  else
2088  {
2089  crypto_msg(M_FATAL, "Cannot get list of builtin curves");
2090  }
2091  free(curves);
2092 #else /* ifndef OPENSSL_NO_EC */
2093  msg(M_WARN, "Your OpenSSL library was built without elliptic curve support. "
2094  "No curves available.");
2095 #endif /* ifndef OPENSSL_NO_EC */
2096 }
2097 
2098 void
2100 {
2101  SSL_CTX *ctx;
2102  SSL *ssl;
2103  const char *cipher_name;
2104 
2105  ctx = SSL_CTX_new(SSLv23_method());
2106  if (!ctx)
2107  {
2108  crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
2109  }
2110  ssl = SSL_new(ctx);
2111  if (!ssl)
2112  {
2113  crypto_msg(M_FATAL, "Cannot create SSL object");
2114  }
2115 
2116  cipher_name = SSL_get_cipher_list(ssl, 0);
2117  strncpynt(buf, cipher_name, size);
2118 
2119  SSL_free(ssl);
2120  SSL_CTX_free(ctx);
2121 }
2122 
2123 const char *
2125 {
2127 }
2128 
2129 #endif /* defined(ENABLE_CRYPTO_OPENSSL) */
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher...
Definition: ssl_openssl.c:459
#define INFO_CALLBACK_SSL_CONST
Definition: ssl_openssl.c:185
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Definition: ssl_openssl.c:1929
static int rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:1078
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:348
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition: ssl_openssl.c:281
#define D_TLS_DEBUG_LOW
Definition: errlevel.h:77
static void * SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
Fetch the default password callback user data from the SSL context.
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Definition: ssl_openssl.c:827
#define D_TLS_DEBUG
Definition: errlevel.h:159
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition: ssl_openssl.c:488
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition: ssl_openssl.c:1863
static int EVP_PKEY_id(const EVP_PKEY *pkey)
Get the PKEY type.
static pem_password_cb * SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
Fetch the default password callback from the SSL context.
unsigned long ptr_type
Definition: common.h:67
static DSA * EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
Get the DSA object of a public key.
struct tls_options * opt
Definition: ssl_common.h:401
static void gc_free(struct gc_arena *a)
Definition: buffer.h:999
#define PERF_BIO_WRITE_CIPHERTEXT
Definition: perf.h:41
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition: manage.c:2983
static void tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio)
Definition: ssl_openssl.c:840
#define D_TLS_ERRORS
Definition: errlevel.h:59
static int rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:1062
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user&#39;s password.
Definition: ssl.c:381
#define ASSERT(x)
Definition: error.h:221
static int RSA_meth_set_priv_dec(RSA_METHOD *meth, int(*priv_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private decoding function of an RSA_METHOD object.
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, const char *priv_key_file_inline)
Load private key file into the given TLS context.
Definition: ssl_openssl.c:928
static int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1.
static int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
Set the application data of an RSA_METHOD object.
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition: ssl_openssl.c:142
static void perf_pop(void)
Definition: perf.h:82
#define M_FATAL
Definition: error.h:94
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
static void perf_push(int type)
Definition: perf.h:78
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
Definition: buffer.h:509
#define CLEAR(x)
Definition: basic.h:33
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: env_set.c:285
#define PERF_BIO_READ_PLAINTEXT
Definition: perf.h:38
static int RSA_meth_set_priv_enc(RSA_METHOD *meth, int(*priv_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private encoding function of an RSA_METHOD object.
static int RSA_meth_set_pub_dec(RSA_METHOD *meth, int(*pub_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public decoding function of an RSA_METHOD object.
#define TLS_VER_1_1
Definition: ssl_backend.h:115
const char * ekm_label
Definition: ssl_common.h:356
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition: ssl_openssl.c:1845
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
Get the EC_KEY object of a public key.
#define ALLOC_ARRAY(dptr, type, n)
Definition: buffer.h:1032
static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
Get the RSA parameters.
static int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1.
static int RSA_bits(const RSA *rsa)
Number of significant RSA bits.
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition: ssl_common.h:330
int SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
Definition: cryptoapi.c:817
#define D_LOW
Definition: errlevel.h:97
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition: ssl_openssl.c:131
void tls_clear_error(void)
Clear the underlying SSL library&#39;s error state.
Definition: ssl_openssl.c:99
static void RSA_meth_free(RSA_METHOD *meth)
Free an existing RSA_METHOD object.
static void X509_OBJECT_free(X509_OBJECT *obj)
Destroy a X509 object.
char * management_query_pk_sig(struct management *man, const char *b64_data)
Definition: manage.c:3642
void convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition: ssl_openssl.c:325
#define TLS_VER_1_2
Definition: ssl_backend.h:116
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
void setenv_del(struct env_set *es, const char *name)
Definition: env_set.c:330
static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:1127
static void bio_write_post(const int status, struct buffer *buf)
Definition: ssl_openssl.c:1721
FILE * platform_fopen(const char *path, const char *mode)
Definition: platform.c:302
static int get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig, unsigned int siglen)
Definition: ssl_openssl.c:1102
void convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition: ssl_openssl.c:432
size_t ekm_size
Definition: ssl_common.h:358
#define BPTR(buf)
Definition: buffer.h:124
static int tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition: ssl_openssl.c:1144
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:297
static EVP_PKEY * X509_get0_pubkey(const X509 *x)
Get the public key from a X509 certificate.
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition: ssl_common.h:338
const char * iana_name
Definition: ssl_backend.h:62
static const char * np(const char *str)
Definition: simple.c:108
void show_available_curves(void)
Definition: ssl_openssl.c:2063
#define PERF_BIO_READ_CIPHERTEXT
Definition: perf.h:40
static struct gc_arena gc_new(void)
Definition: buffer.h:991
static int RSA_meth_set_pub_enc(RSA_METHOD *meth, int(*pub_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public encoding function of an RSA_METHOD object.
void get_highest_preference_tls_cipher(char *buf, int size)
Definition: ssl_openssl.c:2099
#define SSLF_TLS_VERSION_MIN_MASK
Definition: ssl_common.h:337
#define INLINE_FILE_TAG
Definition: common.h:95
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition: buffer.c:383
int openvpn_base64_decode(const char *str, void *data, int size)
Definition: base64.c:160
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, const char *cert_file_inline)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition: ssl_openssl.c:862
#define PERF_BIO_WRITE_PLAINTEXT
Definition: perf.h:39
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation...
Definition: ssl_openssl.c:212
static RSA * EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
Get the RSA object of a public key.
static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store)
Fetch the X509 object stack from the X509 store.
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract plaintext data from the TLS module.
Definition: ssl_openssl.c:1907
static RSA_METHOD * RSA_meth_new(const char *name, int flags)
Allocate a new RSA method object.
static SERVICE_STATUS status
Definition: automatic.c:43
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer&#39;s certificate allows setting up a VPN tunnel. ...
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:545
void key_state_export_keying_material(struct key_state_ssl *ssl, struct tls_session *session)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition: ssl_openssl.c:149
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition: ssl_openssl.c:77
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition: ssl_openssl.c:2124
char * format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc)
Definition: buffer.c:497
int openvpn_base64_encode(const void *data, int size, char **str)
Definition: base64.c:54
#define OPENSSL_VERSION
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name...
Definition: ssl_backend.h:62
#define D_HANDSHAKE_VERBOSE
Definition: errlevel.h:150
#define dmsg
Definition: error.h:174
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, const char *pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context...
Definition: ssl_openssl.c:698
static int rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:1070
#define TLS_VER_1_0
Definition: ssl_backend.h:114
const char * source
Definition: compat-lz4.h:433
#define TLS_VER_1_3
Definition: ssl_backend.h:117
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition: ssl_openssl.c:1830
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition: ssl_openssl.c:105
#define BLEN(buf)
Definition: buffer.h:127
static int openssl_tls_version(int ver)
Convert internal version number to openssl version number.
Definition: ssl_openssl.c:227
static int DSA_bits(const DSA *dsa)
Number of significant DSA bits.
#define D_HANDSHAKE
Definition: errlevel.h:72
SSL_CTX * ctx
Definition: ssl_openssl.h:39
static int sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
Definition: ssl_openssl.c:1404
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below...
Definition: ssl_openssl.c:397
__int64 int64_t
Definition: config-msvc.h:124
unsigned __int8 uint8_t
Definition: config-msvc.h:123
Structure that wraps the TLS context.
Definition: ssl_mbedtls.h:90
#define SSLF_CLIENT_CERT_OPTIONAL
Definition: ssl_common.h:331
static void check_malloc_return(const void *p)
Definition: buffer.h:1069
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, const char *crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition: ssl_openssl.c:995
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:398
#define VALGRIND_MAKE_READABLE(addr, len)
Definition: memdbg.h:53
#define msg
Definition: error.h:173
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition: ssl_openssl.c:522
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
int mydata_index
Allocate space in SSL objects in which to store a struct tls_session pointer back to parent...
Definition: ssl_openssl.c:74
static int SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
Return the min SSL protocol version currently enabled in the context.
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, const char *ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1410
size_t ekm_label_size
Definition: ssl_common.h:357
#define D_TLS_DEBUG_MED
Definition: errlevel.h:151
static void info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
Definition: ssl_openssl.c:188
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition: ssl_openssl.c:1892
static int constrain_int(int x, int min, int max)
Definition: integer.h:60
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
Definition: ssl_openssl.c:1337
#define free
Definition: cmocka.c:1850
static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
Set the RSA parameters.
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, const char *dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:571
const char * openssl_name
Definition: ssl_backend.h:62
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition: ssl_openssl.c:118
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition: ssl_openssl.c:1790
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition: ssl_openssl.c:90
#define UP_TYPE_PRIVATE_KEY
Definition: ssl_common.h:42
static int openvpn_extkey_rsa_finish(RSA *rsa)
Definition: ssl_openssl.c:1086
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract ciphertext data from the TLS module.
Definition: ssl_openssl.c:1877
#define SSLF_TLS_VERSION_MAX_MASK
Definition: ssl_common.h:339
static int RSA_meth_set_init(RSA_METHOD *meth, int(*init)(RSA *rsa))
Set the init function of an RSA_METHOD object.
#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT
static int bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
Definition: ssl_openssl.c:1669
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition: ssl_common.h:336
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, const bool tls13)
Definition: ssl_openssl.c:1989
#define OpenSSL_version
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition: ssl.c:269
static int EC_GROUP_order_bits(const EC_GROUP *group)
Gets the number of bits of the order of an EC_GROUP.
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:615
#define M_WARN
Definition: error.h:96
struct env_set * es
Definition: ssl_common.h:321
static void RSA_set_flags(RSA *rsa, int flags)
Set the RSA flags.
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, const char *extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1563
static int X509_OBJECT_get_type(const X509_OBJECT *obj)
Get the type of an X509 object.
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
static int RSA_meth_set_finish(RSA_METHOD *meth, int(*finish)(RSA *rsa))
Set the finish function of an RSA_METHOD object.
static bool tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Definition: ssl_openssl.c:251
#define ptr_format
Definition: common.h:58
static int bio_read(BIO *bio, struct buffer *buf, int maxlen, const char *desc)
Definition: ssl_openssl.c:1734