OpenVPN
ssl_openssl.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #elif defined(_MSC_VER)
32 #include "config-msvc.h"
33 #endif
34 
35 #include "syshead.h"
36 
37 #if defined(ENABLE_CRYPTO_OPENSSL)
38 
39 #include "errlevel.h"
40 #include "buffer.h"
41 #include "misc.h"
42 #include "manage.h"
43 #include "memdbg.h"
44 #include "ssl_backend.h"
45 #include "ssl_common.h"
46 #include "base64.h"
47 #include "openssl_compat.h"
48 
49 #ifdef ENABLE_CRYPTOAPI
50 #include "cryptoapi.h"
51 #endif
52 
53 #include "ssl_verify_openssl.h"
54 
55 #include <openssl/bn.h>
56 #include <openssl/crypto.h>
57 #include <openssl/dh.h>
58 #include <openssl/dsa.h>
59 #include <openssl/err.h>
60 #include <openssl/pkcs12.h>
61 #include <openssl/rsa.h>
62 #include <openssl/x509.h>
63 #ifndef OPENSSL_NO_EC
64 #include <openssl/ec.h>
65 #endif
66 
67 /*
68  * Allocate space in SSL objects in which to store a struct tls_session
69  * pointer back to parent.
70  *
71  */
72 
73 int mydata_index; /* GLOBAL */
74 
75 void
77 {
78  SSL_library_init();
79 #ifndef ENABLE_SMALL
80  SSL_load_error_strings();
81 #endif
82  OpenSSL_add_all_algorithms();
83 
84  mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
85  ASSERT(mydata_index >= 0);
86 }
87 
88 void
90 {
91  EVP_cleanup();
92 #ifndef ENABLE_SMALL
93  ERR_free_strings();
94 #endif
95 }
96 
97 void
99 {
100  ERR_clear_error();
101 }
102 
103 void
105 {
106  ASSERT(NULL != ctx);
107 
108  ctx->ctx = SSL_CTX_new(SSLv23_server_method());
109 
110  if (ctx->ctx == NULL)
111  {
112  crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
113  }
114 }
115 
116 void
118 {
119  ASSERT(NULL != ctx);
120 
121  ctx->ctx = SSL_CTX_new(SSLv23_client_method());
122 
123  if (ctx->ctx == NULL)
124  {
125  crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
126  }
127 }
128 
129 void
131 {
132  ASSERT(NULL != ctx);
133  if (NULL != ctx->ctx)
134  {
135  SSL_CTX_free(ctx->ctx);
136  }
137  ctx->ctx = NULL;
138 }
139 
140 bool
142 {
143  ASSERT(NULL != ctx);
144  return NULL != ctx->ctx;
145 }
146 
147 void
149  struct tls_session *session)
150 {
151  if (session->opt->ekm_size > 0)
152  {
153 #if (OPENSSL_VERSION_NUMBER >= 0x10001000)
154  unsigned int size = session->opt->ekm_size;
155  struct gc_arena gc = gc_new();
156  unsigned char *ekm = (unsigned char *) gc_malloc(size, true, &gc);
157 
158  if (SSL_export_keying_material(ssl->ssl, ekm, size,
159  session->opt->ekm_label, session->opt->ekm_label_size, NULL, 0, 0))
160  {
161  unsigned int len = (size * 2) + 2;
162 
163  const char *key = format_hex_ex(ekm, size, len, 0, NULL, &gc);
164  setenv_str(session->opt->es, "exported_keying_material", key);
165 
166  dmsg(D_TLS_DEBUG_MED, "%s: exported keying material: %s",
167  __func__, key);
168  }
169  else
170  {
171  msg(M_WARN, "WARNING: Export keying material failed!");
172  setenv_del(session->opt->es, "exported_keying_material");
173  }
174  gc_free(&gc);
175 #endif /* if (OPENSSL_VERSION_NUMBER >= 0x10001000) */
176  }
177 }
178 
179 /*
180  * Print debugging information on SSL/TLS session negotiation.
181  */
182 
183 #ifndef INFO_CALLBACK_SSL_CONST
184 #define INFO_CALLBACK_SSL_CONST const
185 #endif
186 static void
187 info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
188 {
189  if (where & SSL_CB_LOOP)
190  {
191  dmsg(D_HANDSHAKE_VERBOSE, "SSL state (%s): %s",
192  where & SSL_ST_CONNECT ? "connect" :
193  where &SSL_ST_ACCEPT ? "accept" :
194  "undefined", SSL_state_string_long(s));
195  }
196  else if (where & SSL_CB_ALERT)
197  {
198  dmsg(D_HANDSHAKE_VERBOSE, "SSL alert (%s): %s: %s",
199  where & SSL_CB_READ ? "read" : "write",
200  SSL_alert_type_string_long(ret),
201  SSL_alert_desc_string_long(ret));
202  }
203 }
204 
205 /*
206  * Return maximum TLS version supported by local OpenSSL library.
207  * Assume that presence of SSL_OP_NO_TLSvX macro indicates that
208  * TLSvX is supported.
209  */
210 int
212 {
213 #if defined(TLS1_3_VERSION)
214  return TLS_VER_1_3;
215 #elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2)
216  return TLS_VER_1_2;
217 #elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1)
218  return TLS_VER_1_1;
219 #else
220  return TLS_VER_1_0;
221 #endif
222 }
223 
225 static int
227 {
228  if (ver == TLS_VER_1_0)
229  {
230  return TLS1_VERSION;
231  }
232  else if (ver == TLS_VER_1_1)
233  {
234  return TLS1_1_VERSION;
235  }
236  else if (ver == TLS_VER_1_2)
237  {
238  return TLS1_2_VERSION;
239  }
240 #if defined(TLS1_3_VERSION)
241  else if (ver == TLS_VER_1_3)
242  {
243  return TLS1_3_VERSION;
244  }
245 #endif
246  return 0;
247 }
248 
249 static bool
250 tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
251 {
252  int tls_ver_min = openssl_tls_version(
254  int tls_ver_max = openssl_tls_version(
256 
257  if (!tls_ver_min)
258  {
259  /* Enforce at least TLS 1.0 */
260  int cur_min = SSL_CTX_get_min_proto_version(ctx->ctx);
261  tls_ver_min = cur_min < TLS1_VERSION ? TLS1_VERSION : cur_min;
262  }
263 
264  if (!SSL_CTX_set_min_proto_version(ctx->ctx, tls_ver_min))
265  {
266  msg(D_TLS_ERRORS, "%s: failed to set minimum TLS version", __func__);
267  return false;
268  }
269 
270  if (tls_ver_max && !SSL_CTX_set_max_proto_version(ctx->ctx, tls_ver_max))
271  {
272  msg(D_TLS_ERRORS, "%s: failed to set maximum TLS version", __func__);
273  return false;
274  }
275 
276  return true;
277 }
278 
279 bool
280 tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
281 {
282  ASSERT(NULL != ctx);
283 
284  /* process SSL options */
285  long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET;
286 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
287  sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE;
288 #endif
289  sslopt |= SSL_OP_NO_COMPRESSION;
290 
291  SSL_CTX_set_options(ctx->ctx, sslopt);
292 
293  if (!tls_ctx_set_tls_versions(ctx, ssl_flags))
294  {
295  return false;
296  }
297 
298 #ifdef SSL_MODE_RELEASE_BUFFERS
299  SSL_CTX_set_mode(ctx->ctx, SSL_MODE_RELEASE_BUFFERS);
300 #endif
301  SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_OFF);
302  SSL_CTX_set_default_passwd_cb(ctx->ctx, pem_password_callback);
303 
304  /* Require peer certificate verification */
305  int verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
306 #if P2MP_SERVER
307  if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
308  {
309  verify_flags = 0;
310  }
311  else if (ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
312  {
313  verify_flags = SSL_VERIFY_PEER;
314  }
315 #endif
316  SSL_CTX_set_verify(ctx->ctx, verify_flags, verify_callback);
317 
318  SSL_CTX_set_info_callback(ctx->ctx, info_callback);
319 
320  return true;
321 }
322 
323 void
324 tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
325 {
326  if (ciphers == NULL)
327  {
328  /* Use sane default TLS cipher list */
329  if (!SSL_CTX_set_cipher_list(ctx->ctx,
330  /* Use openssl's default list as a basis */
331  "DEFAULT"
332  /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */
333  ":!EXP:!LOW:!MEDIUM"
334  /* Disable static (EC)DH keys (no forward secrecy) */
335  ":!kDH:!kECDH"
336  /* Disable DSA private keys */
337  ":!DSS"
338  /* Disable unsupported TLS modes */
339  ":!PSK:!SRP:!kRSA"))
340  {
341  crypto_msg(M_FATAL, "Failed to set default TLS cipher list.");
342  }
343  return;
344  }
345 
346  /* Parse supplied cipher list and pass on to OpenSSL */
347  size_t begin_of_cipher, end_of_cipher;
348 
349  const char *current_cipher;
350  size_t current_cipher_len;
351 
352  const tls_cipher_name_pair *cipher_pair;
353 
354  char openssl_ciphers[4096];
355  size_t openssl_ciphers_len = 0;
356  openssl_ciphers[0] = '\0';
357 
358  ASSERT(NULL != ctx);
359 
360  /* Translate IANA cipher suite names to OpenSSL names */
361  begin_of_cipher = end_of_cipher = 0;
362  for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
363  {
364  end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
365  cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
366 
367  if (NULL == cipher_pair)
368  {
369  /* No translation found, use original */
370  current_cipher = &ciphers[begin_of_cipher];
371  current_cipher_len = end_of_cipher - begin_of_cipher;
372 
373  /* Issue warning on missing translation */
374  /* %.*s format specifier expects length of type int, so guarantee */
375  /* that length is small enough and cast to int. */
376  msg(D_LOW, "No valid translation found for TLS cipher '%.*s'",
377  constrain_int(current_cipher_len, 0, 256), current_cipher);
378  }
379  else
380  {
381  /* Use OpenSSL name */
382  current_cipher = cipher_pair->openssl_name;
383  current_cipher_len = strlen(current_cipher);
384 
385  if (end_of_cipher - begin_of_cipher == current_cipher_len
386  && 0 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name,
387  end_of_cipher - begin_of_cipher))
388  {
389  /* Non-IANA name used, show warning */
390  msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'", cipher_pair->openssl_name, cipher_pair->iana_name);
391  }
392  }
393 
394  /* Make sure new cipher name fits in cipher string */
395  if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
396  || ((sizeof(openssl_ciphers)-1) < openssl_ciphers_len + current_cipher_len))
397  {
398  msg(M_FATAL,
399  "Failed to set restricted TLS cipher list, too long (>%d).",
400  (int)sizeof(openssl_ciphers)-1);
401  }
402 
403  /* Concatenate cipher name to OpenSSL cipher string */
404  memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
405  openssl_ciphers_len += current_cipher_len;
406  openssl_ciphers[openssl_ciphers_len] = ':';
407  openssl_ciphers_len++;
408 
409  end_of_cipher++;
410  }
411 
412  if (openssl_ciphers_len > 0)
413  {
414  openssl_ciphers[openssl_ciphers_len-1] = '\0';
415  }
416 
417  /* Set OpenSSL cipher list */
418  if (!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers))
419  {
420  crypto_msg(M_FATAL, "Failed to set restricted TLS cipher list: %s", openssl_ciphers);
421  }
422 }
423 
424 void
425 tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
426 {
427 #ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
428  /* OpenSSL does not have certificate profiles, but a complex set of
429  * callbacks that we could try to implement to achieve something similar.
430  * For now, use OpenSSL's security levels to achieve similar (but not equal)
431  * behaviour. */
432  if (!profile || 0 == strcmp(profile, "legacy"))
433  {
434  SSL_CTX_set_security_level(ctx->ctx, 1);
435  }
436  else if (0 == strcmp(profile, "preferred"))
437  {
438  SSL_CTX_set_security_level(ctx->ctx, 2);
439  }
440  else if (0 == strcmp(profile, "suiteb"))
441  {
442  SSL_CTX_set_security_level(ctx->ctx, 3);
443  SSL_CTX_set_cipher_list(ctx->ctx, "SUITEB128");
444  }
445  else
446  {
447  msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
448  }
449 #else
450  if (profile)
451  {
452  msg(M_WARN, "WARNING: OpenSSL 1.0.1 does not support --tls-cert-profile"
453  ", ignoring user-set profile: '%s'", profile);
454  }
455 #endif
456 }
457 
458 void
460 {
461  int ret;
462  const X509 *cert;
463 
464  ASSERT(ctx);
465 
466 #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
467  /* OpenSSL 1.0.2 and up */
468  cert = SSL_CTX_get0_certificate(ctx->ctx);
469 #else
470  /* OpenSSL 1.0.1 and earlier need an SSL object to get at the certificate */
471  SSL *ssl = SSL_new(ctx->ctx);
472  cert = SSL_get_certificate(ssl);
473 #endif
474 
475  if (cert == NULL)
476  {
477  goto cleanup; /* Nothing to check if there is no certificate */
478  }
479 
480  ret = X509_cmp_time(X509_get_notBefore(cert), NULL);
481  if (ret == 0)
482  {
483  msg(D_TLS_DEBUG_MED, "Failed to read certificate notBefore field.");
484  }
485  if (ret > 0)
486  {
487  msg(M_WARN, "WARNING: Your certificate is not yet valid!");
488  }
489 
490  ret = X509_cmp_time(X509_get_notAfter(cert), NULL);
491  if (ret == 0)
492  {
493  msg(D_TLS_DEBUG_MED, "Failed to read certificate notAfter field.");
494  }
495  if (ret < 0)
496  {
497  msg(M_WARN, "WARNING: Your certificate has expired!");
498  }
499 
500 cleanup:
501 #if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
502  SSL_free(ssl);
503 #endif
504  return;
505 }
506 
507 void
508 tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
509  const char *dh_file_inline
510  )
511 {
512  DH *dh;
513  BIO *bio;
514 
515  ASSERT(NULL != ctx);
516 
517  if (!strcmp(dh_file, INLINE_FILE_TAG) && dh_file_inline)
518  {
519  if (!(bio = BIO_new_mem_buf((char *)dh_file_inline, -1)))
520  {
521  crypto_msg(M_FATAL, "Cannot open memory BIO for inline DH parameters");
522  }
523  }
524  else
525  {
526  /* Get Diffie Hellman Parameters */
527  if (!(bio = BIO_new_file(dh_file, "r")))
528  {
529  crypto_msg(M_FATAL, "Cannot open %s for DH parameters", dh_file);
530  }
531  }
532 
533  dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
534  BIO_free(bio);
535 
536  if (!dh)
537  {
538  crypto_msg(M_FATAL, "Cannot load DH parameters from %s", dh_file);
539  }
540  if (!SSL_CTX_set_tmp_dh(ctx->ctx, dh))
541  {
542  crypto_msg(M_FATAL, "SSL_CTX_set_tmp_dh");
543  }
544 
545  msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
546  8 * DH_size(dh));
547 
548  DH_free(dh);
549 }
550 
551 void
552 tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
553  )
554 {
555 #ifndef OPENSSL_NO_EC
556  int nid = NID_undef;
557  EC_KEY *ecdh = NULL;
558  const char *sname = NULL;
559 
560  /* Generate a new ECDH key for each SSL session (for non-ephemeral ECDH) */
561  SSL_CTX_set_options(ctx->ctx, SSL_OP_SINGLE_ECDH_USE);
562 
563  if (curve_name != NULL)
564  {
565  /* Use user supplied curve if given */
566  msg(D_TLS_DEBUG, "Using user specified ECDH curve (%s)", curve_name);
567  nid = OBJ_sn2nid(curve_name);
568  }
569  else
570  {
571 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
572  /* OpenSSL 1.0.2 and newer can automatically handle ECDH parameter
573  * loading */
574  SSL_CTX_set_ecdh_auto(ctx->ctx, 1);
575  return;
576 #else
577  /* For older OpenSSL we have to extract the curve from key on our own */
578  EC_KEY *eckey = NULL;
579  const EC_GROUP *ecgrp = NULL;
580  EVP_PKEY *pkey = NULL;
581 
582  /* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */
583  SSL *ssl = SSL_new(ctx->ctx);
584  if (!ssl)
585  {
586  crypto_msg(M_FATAL, "SSL_new failed");
587  }
588  pkey = SSL_get_privatekey(ssl);
589  SSL_free(ssl);
590 
591  msg(D_TLS_DEBUG, "Extracting ECDH curve from private key");
592 
593  if (pkey != NULL && (eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL
594  && (ecgrp = EC_KEY_get0_group(eckey)) != NULL)
595  {
596  nid = EC_GROUP_get_curve_name(ecgrp);
597  }
598 #endif
599  }
600 
601  /* Translate NID back to name , just for kicks */
602  sname = OBJ_nid2sn(nid);
603  if (sname == NULL)
604  {
605  sname = "(Unknown)";
606  }
607 
608  /* Create new EC key and set as ECDH key */
609  if (NID_undef == nid || NULL == (ecdh = EC_KEY_new_by_curve_name(nid)))
610  {
611  /* Creating key failed, fall back on sane default */
612  ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
613  const char *source = (NULL == curve_name) ?
614  "extract curve from certificate" : "use supplied curve";
616  "Failed to %s (%s), using secp384r1 instead.", source, sname);
617  sname = OBJ_nid2sn(NID_secp384r1);
618  }
619 
620  if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
621  {
622  crypto_msg(M_FATAL, "SSL_CTX_set_tmp_ecdh: cannot add curve");
623  }
624 
625  msg(D_TLS_DEBUG_LOW, "ECDH curve %s added", sname);
626 
627  EC_KEY_free(ecdh);
628 #else /* ifndef OPENSSL_NO_EC */
629  msg(D_LOW, "Your OpenSSL library was built without elliptic curve support."
630  " Skipping ECDH parameter loading.");
631 #endif /* OPENSSL_NO_EC */
632 }
633 
634 int
635 tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
636  const char *pkcs12_file_inline,
637  bool load_ca_file
638  )
639 {
640  FILE *fp;
641  EVP_PKEY *pkey;
642  X509 *cert;
643  STACK_OF(X509) *ca = NULL;
644  PKCS12 *p12;
645  int i;
646  char password[256];
647 
648  ASSERT(NULL != ctx);
649 
650  if (!strcmp(pkcs12_file, INLINE_FILE_TAG) && pkcs12_file_inline)
651  {
652  BIO *b64 = BIO_new(BIO_f_base64());
653  BIO *bio = BIO_new_mem_buf((void *) pkcs12_file_inline,
654  (int) strlen(pkcs12_file_inline));
655  ASSERT(b64 && bio);
656  BIO_push(b64, bio);
657  p12 = d2i_PKCS12_bio(b64, NULL);
658  if (!p12)
659  {
660  crypto_msg(M_FATAL, "Error reading inline PKCS#12 file");
661  }
662  BIO_free(b64);
663  BIO_free(bio);
664  }
665  else
666  {
667  /* Load the PKCS #12 file */
668  if (!(fp = platform_fopen(pkcs12_file, "rb")))
669  {
670  crypto_msg(M_FATAL, "Error opening file %s", pkcs12_file);
671  }
672  p12 = d2i_PKCS12_fp(fp, NULL);
673  fclose(fp);
674  if (!p12)
675  {
676  crypto_msg(M_FATAL, "Error reading PKCS#12 file %s", pkcs12_file);
677  }
678  }
679 
680  /* Parse the PKCS #12 file */
681  if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
682  {
683  pem_password_callback(password, sizeof(password) - 1, 0, NULL);
684  /* Reparse the PKCS #12 file with password */
685  ca = NULL;
686  if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
687  {
688 #ifdef ENABLE_MANAGEMENT
689  if (management && (ERR_GET_REASON(ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
690  {
692  }
693 #endif
694  PKCS12_free(p12);
695  return 1;
696  }
697  }
698  PKCS12_free(p12);
699 
700  /* Load Certificate */
701  if (!SSL_CTX_use_certificate(ctx->ctx, cert))
702  {
703  crypto_msg(M_FATAL, "Cannot use certificate");
704  }
705 
706  /* Load Private Key */
707  if (!SSL_CTX_use_PrivateKey(ctx->ctx, pkey))
708  {
709  crypto_msg(M_FATAL, "Cannot use private key");
710  }
711 
712  /* Check Private Key */
713  if (!SSL_CTX_check_private_key(ctx->ctx))
714  {
715  crypto_msg(M_FATAL, "Private key does not match the certificate");
716  }
717 
718  /* Set Certificate Verification chain */
719  if (load_ca_file)
720  {
721  /* Add CAs from PKCS12 to the cert store and mark them as trusted.
722  * They're also used to fill in the chain of intermediate certs as
723  * necessary.
724  */
725  if (ca && sk_X509_num(ca))
726  {
727  for (i = 0; i < sk_X509_num(ca); i++)
728  {
729  X509_STORE *cert_store = SSL_CTX_get_cert_store(ctx->ctx);
730  if (!X509_STORE_add_cert(cert_store,sk_X509_value(ca, i)))
731  {
732  crypto_msg(M_FATAL,"Cannot add certificate to certificate chain (X509_STORE_add_cert)");
733  }
734  if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))
735  {
736  crypto_msg(M_FATAL,"Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
737  }
738  }
739  }
740  }
741  else
742  {
743  /* If trusted CA certs were loaded from a PEM file, and we ignore the
744  * ones in PKCS12, do load PKCS12-provided certs to the client extra
745  * certs chain just in case they include intermediate CAs needed to
746  * prove my identity to the other end. This does not make them trusted.
747  */
748  if (ca && sk_X509_num(ca))
749  {
750  for (i = 0; i < sk_X509_num(ca); i++)
751  {
752  if (!SSL_CTX_add_extra_chain_cert(ctx->ctx,sk_X509_value(ca, i)))
753  {
754  crypto_msg(M_FATAL, "Cannot add extra certificate to chain (SSL_CTX_add_extra_chain_cert)");
755  }
756  }
757  }
758  }
759  return 0;
760 }
761 
762 #ifdef ENABLE_CRYPTOAPI
763 void
764 tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
765 {
766  ASSERT(NULL != ctx);
767 
768  /* Load Certificate and Private Key */
769  if (!SSL_CTX_use_CryptoAPI_certificate(ctx->ctx, cryptoapi_cert))
770  {
771  crypto_msg(M_FATAL, "Cannot load certificate \"%s\" from Microsoft Certificate Store", cryptoapi_cert);
772  }
773 }
774 #endif /* ENABLE_CRYPTOAPI */
775 
776 static void
777 tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio)
778 {
779  X509 *cert;
780  for (;; )
781  {
782  cert = NULL;
783  if (!PEM_read_bio_X509(bio, &cert, NULL, NULL)) /* takes ownership of cert */
784  {
785  break;
786  }
787  if (!cert)
788  {
789  crypto_msg(M_FATAL, "Error reading extra certificate");
790  }
791  if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
792  {
793  crypto_msg(M_FATAL, "Error adding extra certificate");
794  }
795  }
796 }
797 
798 /* Like tls_ctx_load_cert, but returns a copy of the certificate in **X509 */
799 static void
801  const char *cert_file, const char *cert_file_inline, X509 **x509
802  )
803 {
804  BIO *in = NULL;
805  X509 *x = NULL;
806  int ret = 0;
807  bool inline_file = false;
808 
809  ASSERT(NULL != ctx);
810  if (NULL != x509)
811  {
812  ASSERT(NULL == *x509);
813  }
814 
815  inline_file = (strcmp(cert_file, INLINE_FILE_TAG) == 0);
816 
817  if (inline_file && cert_file_inline)
818  {
819  in = BIO_new_mem_buf((char *)cert_file_inline, -1);
820  }
821  else
822  {
823  in = BIO_new_file(cert_file, "r");
824  }
825 
826  if (in == NULL)
827  {
828  SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
829  goto end;
830  }
831 
832  x = PEM_read_bio_X509(in, NULL,
835  if (x == NULL)
836  {
837  SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
838  goto end;
839  }
840 
841  ret = SSL_CTX_use_certificate(ctx->ctx, x);
842  if (ret)
843  {
844  tls_ctx_add_extra_certs(ctx, in);
845  }
846 
847 end:
848  if (!ret)
849  {
850  if (inline_file)
851  {
852  crypto_msg(M_FATAL, "Cannot load inline certificate file");
853  }
854  else
855  {
856  crypto_msg(M_FATAL, "Cannot load certificate file %s", cert_file);
857  }
858  }
859 
860  if (in != NULL)
861  {
862  BIO_free(in);
863  }
864  if (x509)
865  {
866  *x509 = x;
867  }
868  else if (x)
869  {
870  X509_free(x);
871  }
872 }
873 
874 void
875 tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file,
876  const char *cert_file_inline)
877 {
878  tls_ctx_load_cert_file_and_copy(ctx, cert_file, cert_file_inline, NULL);
879 }
880 
881 int
882 tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
883  const char *priv_key_file_inline
884  )
885 {
886  SSL_CTX *ssl_ctx = NULL;
887  BIO *in = NULL;
888  EVP_PKEY *pkey = NULL;
889  int ret = 1;
890 
891  ASSERT(NULL != ctx);
892 
893  ssl_ctx = ctx->ctx;
894 
895  if (!strcmp(priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline)
896  {
897  in = BIO_new_mem_buf((char *)priv_key_file_inline, -1);
898  }
899  else
900  {
901  in = BIO_new_file(priv_key_file, "r");
902  }
903 
904  if (!in)
905  {
906  goto end;
907  }
908 
909  pkey = PEM_read_bio_PrivateKey(in, NULL,
912  if (!pkey)
913  {
914  goto end;
915  }
916 
917  if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
918  {
919 #ifdef ENABLE_MANAGEMENT
920  if (management && (ERR_GET_REASON(ERR_peek_error()) == EVP_R_BAD_DECRYPT))
921  {
923  }
924 #endif
925  crypto_msg(M_WARN, "Cannot load private key file %s", priv_key_file);
926  goto end;
927  }
928 
929  /* Check Private Key */
930  if (!SSL_CTX_check_private_key(ssl_ctx))
931  {
932  crypto_msg(M_FATAL, "Private key does not match the certificate");
933  }
934  ret = 0;
935 
936 end:
937  if (pkey)
938  {
939  EVP_PKEY_free(pkey);
940  }
941  if (in)
942  {
943  BIO_free(in);
944  }
945  return ret;
946 }
947 
948 void
949 backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file,
950  const char *crl_inline)
951 {
952  X509_CRL *crl = NULL;
953  BIO *in = NULL;
954 
955  X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx->ctx);
956  if (!store)
957  {
958  crypto_msg(M_FATAL, "Cannot get certificate store");
959  }
960 
961  /* Always start with a cleared CRL list, for that we
962  * we need to manually find the CRL object from the stack
963  * and remove it */
964  STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
965  for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
966  {
967  X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
968  ASSERT(obj);
969  if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
970  {
971  sk_X509_OBJECT_delete(objs, i);
972  X509_OBJECT_free(obj);
973  }
974  }
975 
976  X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
977 
978  if (!strcmp(crl_file, INLINE_FILE_TAG) && crl_inline)
979  {
980  in = BIO_new_mem_buf((char *)crl_inline, -1);
981  }
982  else
983  {
984  in = BIO_new_file(crl_file, "r");
985  }
986 
987  if (in == NULL)
988  {
989  msg(M_WARN, "CRL: cannot read: %s", crl_file);
990  goto end;
991  }
992 
993  crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
994  if (crl == NULL)
995  {
996  msg(M_WARN, "CRL: cannot read CRL from file %s", crl_file);
997  goto end;
998  }
999 
1000  if (!X509_STORE_add_crl(store, crl))
1001  {
1002  msg(M_WARN, "CRL: cannot add %s to store", crl_file);
1003  goto end;
1004  }
1005 
1006 end:
1007  X509_CRL_free(crl);
1008  BIO_free(in);
1009 }
1010 
1011 
1012 #ifdef MANAGMENT_EXTERNAL_KEY
1013 
1014 /* encrypt */
1015 static int
1016 rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1017 {
1018  ASSERT(0);
1019  return -1;
1020 }
1021 
1022 /* verify arbitrary data */
1023 static int
1024 rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1025 {
1026  ASSERT(0);
1027  return -1;
1028 }
1029 
1030 /* decrypt */
1031 static int
1032 rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1033 {
1034  ASSERT(0);
1035  return -1;
1036 }
1037 
1038 /* called at RSA_free */
1039 static int
1041 {
1042  /* meth was allocated in tls_ctx_use_external_private_key() ; since
1043  * this function is called when the parent RSA object is destroyed,
1044  * it is no longer used after this point so kill it. */
1045  const RSA_METHOD *meth = RSA_get_method(rsa);
1046  RSA_meth_free((RSA_METHOD *)meth);
1047  return 1;
1048 }
1049 
1050 /* Pass the input hash in 'dgst' to management and get the signature back.
1051  * On input siglen contains the capacity of the buffer 'sig'.
1052  * On return signature is in sig.
1053  * Return value is signature length or -1 on error.
1054  */
1055 static int
1056 get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen,
1057  unsigned char *sig, unsigned int siglen)
1058 {
1059  char *in_b64 = NULL;
1060  char *out_b64 = NULL;
1061  int len = -1;
1062 
1063  /* convert 'dgst' to base64 */
1064  if (management
1065  && openvpn_base64_encode(dgst, dgstlen, &in_b64) > 0)
1066  {
1067  out_b64 = management_query_pk_sig(management, in_b64);
1068  }
1069  if (out_b64)
1070  {
1071  len = openvpn_base64_decode(out_b64, sig, siglen);
1072  }
1073 
1074  free(in_b64);
1075  free(out_b64);
1076  return len;
1077 }
1078 
1079 /* sign arbitrary data */
1080 static int
1081 rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1082 {
1083  unsigned int len = RSA_size(rsa);
1084  int ret = -1;
1085 
1086  if (padding != RSA_PKCS1_PADDING)
1087  {
1088  RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
1089  return -1;
1090  }
1091 
1092  ret = get_sig_from_man(from, flen, to, len);
1093 
1094  return (ret == len)? ret : -1;
1095 }
1096 
1097 static int
1098 tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1099 {
1100  RSA *rsa = NULL;
1101  RSA *pub_rsa;
1102  RSA_METHOD *rsa_meth;
1103 
1104  ASSERT(NULL != ctx);
1105 
1106  pub_rsa = EVP_PKEY_get0_RSA(pkey);
1107  ASSERT(NULL != pub_rsa);
1108 
1109  /* allocate custom RSA method object */
1110  rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method",
1111  RSA_METHOD_FLAG_NO_CHECK);
1112  check_malloc_return(rsa_meth);
1113  RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc);
1114  RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec);
1117  RSA_meth_set_init(rsa_meth, NULL);
1119  RSA_meth_set0_app_data(rsa_meth, NULL);
1120 
1121  /* allocate RSA object */
1122  rsa = RSA_new();
1123  if (rsa == NULL)
1124  {
1125  SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
1126  goto err;
1127  }
1128 
1129  /* initialize RSA object */
1130  const BIGNUM *n = NULL;
1131  const BIGNUM *e = NULL;
1132  RSA_get0_key(pub_rsa, &n, &e, NULL);
1133  RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL);
1134  RSA_set_flags(rsa, RSA_flags(rsa) | RSA_FLAG_EXT_PKEY);
1135  if (!RSA_set_method(rsa, rsa_meth))
1136  {
1137  RSA_meth_free(rsa_meth);
1138  goto err;
1139  }
1140  /* from this point rsa_meth will get freed with rsa */
1141 
1142  /* bind our custom RSA object to ssl_ctx */
1143  if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
1144  {
1145  goto err;
1146  }
1147 
1148  RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
1149  return 1;
1150 
1151 err:
1152  if (rsa)
1153  {
1154  RSA_free(rsa);
1155  }
1156  else
1157  {
1158  if (rsa_meth)
1159  {
1160  RSA_meth_free(rsa_meth);
1161  }
1162  }
1163  return 0;
1164 }
1165 
1166 #if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
1167 
1168 /* called when EC_KEY is destroyed */
1169 static void
1170 openvpn_extkey_ec_finish(EC_KEY *ec)
1171 {
1172  /* release the method structure */
1173  const EC_KEY_METHOD *ec_meth = EC_KEY_get_method(ec);
1174  EC_KEY_METHOD_free((EC_KEY_METHOD *) ec_meth);
1175 }
1176 
1177 /* EC_KEY_METHOD callback: sign().
1178  * Sign the hash using EC key and return DER encoded signature in sig,
1179  * its length in siglen. Return value is 1 on success, 0 on error.
1180  */
1181 static int
1182 ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig,
1183  unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
1184 {
1185  int capacity = ECDSA_size(ec);
1186  int len = get_sig_from_man(dgst, dgstlen, sig, capacity);
1187 
1188  if (len > 0)
1189  {
1190  *siglen = len;
1191  return 1;
1192  }
1193  return 0;
1194 }
1195 
1196 /* EC_KEY_METHOD callback: sign_setup(). We do no precomputations */
1197 static int
1198 ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
1199 {
1200  return 1;
1201 }
1202 
1203 /* EC_KEY_METHOD callback: sign_sig().
1204  * Sign the hash and return the result as a newly allocated ECDS_SIG
1205  * struct or NULL on error.
1206  */
1207 static ECDSA_SIG *
1208 ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv,
1209  const BIGNUM *in_r, EC_KEY *ec)
1210 {
1211  ECDSA_SIG *ecsig = NULL;
1212  unsigned int len = ECDSA_size(ec);
1213  struct gc_arena gc = gc_new();
1214 
1215  unsigned char *buf = gc_malloc(len, false, &gc);
1216  if (ecdsa_sign(0, dgst, dgstlen, buf, &len, NULL, NULL, ec) != 1)
1217  {
1218  goto out;
1219  }
1220  /* const char ** should be avoided: not up to us, so we cast our way through */
1221  ecsig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&buf, len);
1222 
1223 out:
1224  gc_free(&gc);
1225  return ecsig;
1226 }
1227 
1228 static int
1229 tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1230 {
1231  EC_KEY *ec = NULL;
1232  EVP_PKEY *privkey = NULL;
1233  EC_KEY_METHOD *ec_method;
1234 
1235  ASSERT(ctx);
1236 
1237  ec_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
1238  if (!ec_method)
1239  {
1240  goto err;
1241  }
1242 
1243  /* Among init methods, we only need the finish method */
1244  EC_KEY_METHOD_set_init(ec_method, NULL, openvpn_extkey_ec_finish, NULL, NULL, NULL, NULL);
1245  EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, ecdsa_sign_setup, ecdsa_sign_sig);
1246 
1247  ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pkey));
1248  if (!ec)
1249  {
1250  EC_KEY_METHOD_free(ec_method);
1251  goto err;
1252  }
1253  if (!EC_KEY_set_method(ec, ec_method))
1254  {
1255  EC_KEY_METHOD_free(ec_method);
1256  goto err;
1257  }
1258  /* from this point ec_method will get freed when ec is freed */
1259 
1260  privkey = EVP_PKEY_new();
1261  if (!EVP_PKEY_assign_EC_KEY(privkey, ec))
1262  {
1263  goto err;
1264  }
1265  /* from this point ec will get freed when privkey is freed */
1266 
1267  if (!SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1268  {
1269  ec = NULL; /* avoid double freeing it below */
1270  goto err;
1271  }
1272 
1273  EVP_PKEY_free(privkey); /* this will down ref privkey and ec */
1274  return 1;
1275 
1276 err:
1277  /* Reach here only when ec and privkey can be independenly freed */
1278  if (privkey)
1279  {
1280  EVP_PKEY_free(privkey);
1281  }
1282  if(ec)
1283  {
1284  EC_KEY_free(ec);
1285  }
1286  return 0;
1287 }
1288 #endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */
1289 
1290 int
1292  const char *cert_file, const char *cert_file_inline)
1293 {
1294  X509 *cert = NULL;
1295 
1296  ASSERT(NULL != ctx);
1297 
1298  tls_ctx_load_cert_file_and_copy(ctx, cert_file, cert_file_inline, &cert);
1299 
1300  ASSERT(NULL != cert);
1301 
1302  /* get the public key */
1303  EVP_PKEY *pkey = X509_get0_pubkey(cert);
1304  ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */
1305  X509_free(cert);
1306 
1307  if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
1308  {
1309  if (!tls_ctx_use_external_rsa_key(ctx, pkey))
1310  {
1311  goto err;
1312  }
1313  }
1314 #if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
1315  else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
1316  {
1317  if (!tls_ctx_use_external_ec_key(ctx, pkey))
1318  {
1319  goto err;
1320  }
1321  }
1322  else
1323  {
1324  crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate");
1325  goto err;
1326  }
1327 #else
1328  else
1329  {
1330  crypto_msg(M_WARN, "management-external-key requires an RSA certificate");
1331  goto err;
1332  }
1333 #endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */
1334  return 0;
1335 
1336 err:
1337  crypto_msg(M_FATAL, "Cannot enable SSL external private key capability");
1338  return 1;
1339 }
1340 
1341 #endif /* ifdef MANAGMENT_EXTERNAL_KEY */
1342 
1343 static int
1344 sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
1345 {
1346  return X509_NAME_cmp(*a, *b);
1347 }
1348 
1349 void
1350 tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file,
1351  const char *ca_file_inline,
1352  const char *ca_path, bool tls_server
1353  )
1354 {
1355  STACK_OF(X509_INFO) *info_stack = NULL;
1356  STACK_OF(X509_NAME) *cert_names = NULL;
1357  X509_LOOKUP *lookup = NULL;
1358  X509_STORE *store = NULL;
1359  X509_NAME *xn = NULL;
1360  BIO *in = NULL;
1361  int i, added = 0, prev = 0;
1362 
1363  ASSERT(NULL != ctx);
1364 
1365  store = SSL_CTX_get_cert_store(ctx->ctx);
1366  if (!store)
1367  {
1368  crypto_msg(M_FATAL, "Cannot get certificate store");
1369  }
1370 
1371  /* Try to add certificates and CRLs from ca_file */
1372  if (ca_file)
1373  {
1374  if (!strcmp(ca_file, INLINE_FILE_TAG) && ca_file_inline)
1375  {
1376  in = BIO_new_mem_buf((char *)ca_file_inline, -1);
1377  }
1378  else
1379  {
1380  in = BIO_new_file(ca_file, "r");
1381  }
1382 
1383  if (in)
1384  {
1385  info_stack = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
1386  }
1387 
1388  if (info_stack)
1389  {
1390  for (i = 0; i < sk_X509_INFO_num(info_stack); i++)
1391  {
1392  X509_INFO *info = sk_X509_INFO_value(info_stack, i);
1393  if (info->crl)
1394  {
1395  X509_STORE_add_crl(store, info->crl);
1396  }
1397 
1398  if (tls_server && !info->x509)
1399  {
1400  crypto_msg(M_FATAL, "X509 name was missing in TLS mode");
1401  }
1402 
1403  if (info->x509)
1404  {
1405  X509_STORE_add_cert(store, info->x509);
1406  added++;
1407 
1408  if (!tls_server)
1409  {
1410  continue;
1411  }
1412 
1413  /* Use names of CAs as a client CA list */
1414  if (cert_names == NULL)
1415  {
1416  cert_names = sk_X509_NAME_new(sk_x509_name_cmp);
1417  if (!cert_names)
1418  {
1419  continue;
1420  }
1421  }
1422 
1423  xn = X509_get_subject_name(info->x509);
1424  if (!xn)
1425  {
1426  continue;
1427  }
1428 
1429  /* Don't add duplicate CA names */
1430  if (sk_X509_NAME_find(cert_names, xn) == -1)
1431  {
1432  xn = X509_NAME_dup(xn);
1433  if (!xn)
1434  {
1435  continue;
1436  }
1437  sk_X509_NAME_push(cert_names, xn);
1438  }
1439  }
1440 
1441  if (tls_server)
1442  {
1443  int cnum = sk_X509_NAME_num(cert_names);
1444  if (cnum != (prev + 1))
1445  {
1447  "Cannot load CA certificate file %s (entry %d did not validate)",
1448  np(ca_file), added);
1449  }
1450  prev = cnum;
1451  }
1452 
1453  }
1454  sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
1455  }
1456 
1457  if (tls_server)
1458  {
1459  SSL_CTX_set_client_CA_list(ctx->ctx, cert_names);
1460  }
1461 
1462  if (!added)
1463  {
1465  "Cannot load CA certificate file %s (no entries were read)",
1466  np(ca_file));
1467  }
1468 
1469  if (tls_server)
1470  {
1471  int cnum = sk_X509_NAME_num(cert_names);
1472  if (cnum != added)
1473  {
1474  crypto_msg(M_FATAL, "Cannot load CA certificate file %s (only %d "
1475  "of %d entries were valid X509 names)",
1476  np(ca_file), cnum, added);
1477  }
1478  }
1479 
1480  if (in)
1481  {
1482  BIO_free(in);
1483  }
1484  }
1485 
1486  /* Set a store for certs (CA & CRL) with a lookup on the "capath" hash directory */
1487  if (ca_path)
1488  {
1489  lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
1490  if (lookup && X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM))
1491  {
1492  msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);
1493  }
1494  else
1495  {
1496  crypto_msg(M_FATAL, "Cannot add lookup at --capath %s", ca_path);
1497  }
1498  X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1499  }
1500 }
1501 
1502 void
1503 tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
1504  const char *extra_certs_file_inline
1505  )
1506 {
1507  BIO *in;
1508  if (!strcmp(extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)
1509  {
1510  in = BIO_new_mem_buf((char *)extra_certs_file_inline, -1);
1511  }
1512  else
1513  {
1514  in = BIO_new_file(extra_certs_file, "r");
1515  }
1516 
1517  if (in == NULL)
1518  {
1519  crypto_msg(M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file);
1520  }
1521  else
1522  {
1523  tls_ctx_add_extra_certs(ctx, in);
1524  }
1525 
1526  BIO_free(in);
1527 }
1528 
1529 /* **************************************
1530  *
1531  * Key-state specific functions
1532  *
1533  ***************************************/
1534 /*
1535  *
1536  * BIO functions
1537  *
1538  */
1539 
1540 #ifdef BIO_DEBUG
1541 
1542 #warning BIO_DEBUG defined
1543 
1544 static FILE *biofp; /* GLOBAL */
1545 static bool biofp_toggle; /* GLOBAL */
1546 static time_t biofp_last_open; /* GLOBAL */
1547 static const int biofp_reopen_interval = 600; /* GLOBAL */
1548 
1549 static void
1550 close_biofp(void)
1551 {
1552  if (biofp)
1553  {
1554  ASSERT(!fclose(biofp));
1555  biofp = NULL;
1556  }
1557 }
1558 
1559 static void
1560 open_biofp(void)
1561 {
1562  const time_t current = time(NULL);
1563  const pid_t pid = getpid();
1564 
1565  if (biofp_last_open + biofp_reopen_interval < current)
1566  {
1567  close_biofp();
1568  }
1569  if (!biofp)
1570  {
1571  char fn[256];
1572  openvpn_snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
1573  biofp = fopen(fn, "w");
1574  ASSERT(biofp);
1575  biofp_last_open = time(NULL);
1576  biofp_toggle ^= 1;
1577  }
1578 }
1579 
1580 static void
1581 bio_debug_data(const char *mode, BIO *bio, const uint8_t *buf, int len, const char *desc)
1582 {
1583  struct gc_arena gc = gc_new();
1584  if (len > 0)
1585  {
1586  open_biofp();
1587  fprintf(biofp, "BIO_%s %s time=%"PRIi64" bio=" ptr_format " len=%d data=%s\n",
1588  mode, desc, (int64_t)time(NULL), (ptr_type)bio, len, format_hex(buf, len, 0, &gc));
1589  fflush(biofp);
1590  }
1591  gc_free(&gc);
1592 }
1593 
1594 static void
1595 bio_debug_oc(const char *mode, BIO *bio)
1596 {
1597  open_biofp();
1598  fprintf(biofp, "BIO %s time=%"PRIi64" bio=" ptr_format "\n",
1599  mode, (int64_t)time(NULL), (ptr_type)bio);
1600  fflush(biofp);
1601 }
1602 
1603 #endif /* ifdef BIO_DEBUG */
1604 
1605 /*
1606  * Write to an OpenSSL BIO in non-blocking mode.
1607  */
1608 static int
1609 bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
1610 {
1611  int i;
1612  int ret = 0;
1613  ASSERT(size >= 0);
1614  if (size)
1615  {
1616  /*
1617  * Free the L_TLS lock prior to calling BIO routines
1618  * so that foreground thread can still call
1619  * tls_pre_decrypt or tls_pre_encrypt,
1620  * allowing tunnel packet forwarding to continue.
1621  */
1622 #ifdef BIO_DEBUG
1623  bio_debug_data("write", bio, data, size, desc);
1624 #endif
1625  i = BIO_write(bio, data, size);
1626 
1627  if (i < 0)
1628  {
1629  if (BIO_should_retry(bio))
1630  {
1631  }
1632  else
1633  {
1634  crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s error", desc);
1635  ret = -1;
1636  ERR_clear_error();
1637  }
1638  }
1639  else if (i != size)
1640  {
1641  crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s incomplete %d/%d",
1642  desc, i, size);
1643  ret = -1;
1644  ERR_clear_error();
1645  }
1646  else
1647  { /* successful write */
1648  dmsg(D_HANDSHAKE_VERBOSE, "BIO write %s %d bytes", desc, i);
1649  ret = 1;
1650  }
1651  }
1652  return ret;
1653 }
1654 
1655 /*
1656  * Inline functions for reading from and writing
1657  * to BIOs.
1658  */
1659 
1660 static void
1661 bio_write_post(const int status, struct buffer *buf)
1662 {
1663  if (status == 1) /* success status return from bio_write? */
1664  {
1665  memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
1666  buf->len = 0;
1667  }
1668 }
1669 
1670 /*
1671  * Read from an OpenSSL BIO in non-blocking mode.
1672  */
1673 static int
1674 bio_read(BIO *bio, struct buffer *buf, int maxlen, const char *desc)
1675 {
1676  int i;
1677  int ret = 0;
1678  ASSERT(buf->len >= 0);
1679  if (buf->len)
1680  {
1681  }
1682  else
1683  {
1684  int len = buf_forward_capacity(buf);
1685  if (maxlen < len)
1686  {
1687  len = maxlen;
1688  }
1689 
1690  /*
1691  * BIO_read brackets most of the serious RSA
1692  * key negotiation number crunching.
1693  */
1694  i = BIO_read(bio, BPTR(buf), len);
1695 
1696  VALGRIND_MAKE_READABLE((void *) &i, sizeof(i));
1697 
1698 #ifdef BIO_DEBUG
1699  bio_debug_data("read", bio, BPTR(buf), i, desc);
1700 #endif
1701  if (i < 0)
1702  {
1703  if (BIO_should_retry(bio))
1704  {
1705  }
1706  else
1707  {
1708  crypto_msg(D_TLS_ERRORS, "TLS_ERROR: BIO read %s error", desc);
1709  buf->len = 0;
1710  ret = -1;
1711  ERR_clear_error();
1712  }
1713  }
1714  else if (!i)
1715  {
1716  buf->len = 0;
1717  }
1718  else
1719  { /* successful read */
1720  dmsg(D_HANDSHAKE_VERBOSE, "BIO read %s %d bytes", desc, i);
1721  buf->len = i;
1722  ret = 1;
1723  VALGRIND_MAKE_READABLE((void *) BPTR(buf), BLEN(buf));
1724  }
1725  }
1726  return ret;
1727 }
1728 
1729 void
1730 key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
1731 {
1732  ASSERT(NULL != ssl_ctx);
1733  ASSERT(ks_ssl);
1734  CLEAR(*ks_ssl);
1735 
1736  ks_ssl->ssl = SSL_new(ssl_ctx->ctx);
1737  if (!ks_ssl->ssl)
1738  {
1739  crypto_msg(M_FATAL, "SSL_new failed");
1740  }
1741 
1742  /* put session * in ssl object so we can access it
1743  * from verify callback*/
1744  SSL_set_ex_data(ks_ssl->ssl, mydata_index, session);
1745 
1746  ASSERT((ks_ssl->ssl_bio = BIO_new(BIO_f_ssl())));
1747  ASSERT((ks_ssl->ct_in = BIO_new(BIO_s_mem())));
1748  ASSERT((ks_ssl->ct_out = BIO_new(BIO_s_mem())));
1749 
1750 #ifdef BIO_DEBUG
1751  bio_debug_oc("open ssl_bio", ks_ssl->ssl_bio);
1752  bio_debug_oc("open ct_in", ks_ssl->ct_in);
1753  bio_debug_oc("open ct_out", ks_ssl->ct_out);
1754 #endif
1755 
1756  if (is_server)
1757  {
1758  SSL_set_accept_state(ks_ssl->ssl);
1759  }
1760  else
1761  {
1762  SSL_set_connect_state(ks_ssl->ssl);
1763  }
1764 
1765  SSL_set_bio(ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
1766  BIO_set_ssl(ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
1767 }
1768 
1769 void
1771 {
1772  if (ks_ssl->ssl)
1773  {
1774 #ifdef BIO_DEBUG
1775  bio_debug_oc("close ssl_bio", ks_ssl->ssl_bio);
1776  bio_debug_oc("close ct_in", ks_ssl->ct_in);
1777  bio_debug_oc("close ct_out", ks_ssl->ct_out);
1778 #endif
1779  BIO_free_all(ks_ssl->ssl_bio);
1780  SSL_free(ks_ssl->ssl);
1781  }
1782 }
1783 
1784 int
1785 key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
1786 {
1787  int ret = 0;
1789 
1790 #ifdef ENABLE_CRYPTO_OPENSSL
1791  ASSERT(NULL != ks_ssl);
1792 
1793  ret = bio_write(ks_ssl->ssl_bio, BPTR(buf), BLEN(buf),
1794  "tls_write_plaintext");
1795  bio_write_post(ret, buf);
1796 #endif /* ENABLE_CRYPTO_OPENSSL */
1797 
1798  perf_pop();
1799  return ret;
1800 }
1801 
1802 int
1803 key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
1804 {
1805  int ret = 0;
1807 
1808  ASSERT(NULL != ks_ssl);
1809 
1810  ret = bio_write(ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
1811 
1812  perf_pop();
1813  return ret;
1814 }
1815 
1816 int
1817 key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf,
1818  int maxlen)
1819 {
1820  int ret = 0;
1822 
1823  ASSERT(NULL != ks_ssl);
1824 
1825  ret = bio_read(ks_ssl->ct_out, buf, maxlen, "tls_read_ciphertext");
1826 
1827  perf_pop();
1828  return ret;
1829 }
1830 
1831 int
1833 {
1834  int ret = 0;
1836 
1837  ASSERT(NULL != ks_ssl);
1838 
1839  ret = bio_write(ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
1840  bio_write_post(ret, buf);
1841 
1842  perf_pop();
1843  return ret;
1844 }
1845 
1846 int
1847 key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf,
1848  int maxlen)
1849 {
1850  int ret = 0;
1852 
1853  ASSERT(NULL != ks_ssl);
1854 
1855  ret = bio_read(ks_ssl->ssl_bio, buf, maxlen, "tls_read_plaintext");
1856 
1857  perf_pop();
1858  return ret;
1859 }
1860 
1861 /* **************************************
1862  *
1863  * Information functions
1864  *
1865  * Print information for the end user.
1866  *
1867  ***************************************/
1868 void
1869 print_details(struct key_state_ssl *ks_ssl, const char *prefix)
1870 {
1871  const SSL_CIPHER *ciph;
1872  X509 *cert;
1873  char s1[256];
1874  char s2[256];
1875 
1876  s1[0] = s2[0] = 0;
1877  ciph = SSL_get_current_cipher(ks_ssl->ssl);
1878  openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s %s",
1879  prefix,
1880  SSL_get_version(ks_ssl->ssl),
1881  SSL_CIPHER_get_version(ciph),
1882  SSL_CIPHER_get_name(ciph));
1883  cert = SSL_get_peer_certificate(ks_ssl->ssl);
1884  if (cert != NULL)
1885  {
1886  EVP_PKEY *pkey = X509_get_pubkey(cert);
1887  if (pkey != NULL)
1888  {
1889  if ((EVP_PKEY_id(pkey) == EVP_PKEY_RSA) && (EVP_PKEY_get0_RSA(pkey) != NULL))
1890  {
1891  RSA *rsa = EVP_PKEY_get0_RSA(pkey);
1892  openvpn_snprintf(s2, sizeof(s2), ", %d bit RSA",
1893  RSA_bits(rsa));
1894  }
1895  else if ((EVP_PKEY_id(pkey) == EVP_PKEY_DSA) && (EVP_PKEY_get0_DSA(pkey) != NULL))
1896  {
1897  DSA *dsa = EVP_PKEY_get0_DSA(pkey);
1898  openvpn_snprintf(s2, sizeof(s2), ", %d bit DSA",
1899  DSA_bits(dsa));
1900  }
1901 #ifndef OPENSSL_NO_EC
1902  else if ((EVP_PKEY_id(pkey) == EVP_PKEY_EC) && (EVP_PKEY_get0_EC_KEY(pkey) != NULL))
1903  {
1904  EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
1905  const EC_GROUP *group = EC_KEY_get0_group(ec);
1906  const char* curve;
1907 
1908  int nid = EC_GROUP_get_curve_name(group);
1909  if (nid == 0 || (curve = OBJ_nid2sn(nid)) == NULL)
1910  {
1911  curve = "Error getting curve name";
1912  }
1913 
1914  openvpn_snprintf(s2, sizeof(s2), ", %d bit EC, curve: %s",
1915  EC_GROUP_order_bits(group), curve);
1916 
1917  }
1918 #endif
1919  EVP_PKEY_free(pkey);
1920  }
1921  X509_free(cert);
1922  }
1923  /* The SSL API does not allow us to look at temporary RSA/DH keys,
1924  * otherwise we should print their lengths too */
1925  msg(D_HANDSHAKE, "%s%s", s1, s2);
1926 }
1927 
1928 void
1929 show_available_tls_ciphers(const char *cipher_list,
1930  const char *tls_cert_profile)
1931 {
1932  struct tls_root_ctx tls_ctx;
1933  SSL *ssl;
1934  const char *cipher_name;
1935  const tls_cipher_name_pair *pair;
1936  int priority = 0;
1937 
1938  tls_ctx.ctx = SSL_CTX_new(SSLv23_method());
1939  if (!tls_ctx.ctx)
1940  {
1941  crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
1942  }
1943 
1944  ssl = SSL_new(tls_ctx.ctx);
1945  if (!ssl)
1946  {
1947  crypto_msg(M_FATAL, "Cannot create SSL object");
1948  }
1949 
1950  tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
1951  tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
1952 
1953  printf("Available TLS Ciphers,\n");
1954  printf("listed in order of preference:\n\n");
1955  while ((cipher_name = SSL_get_cipher_list(ssl, priority++)))
1956  {
1957  pair = tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
1958 
1959  if (NULL == pair)
1960  {
1961  /* No translation found, print warning */
1962  printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n", cipher_name);
1963  }
1964  else
1965  {
1966  printf("%s\n", pair->iana_name);
1967  }
1968 
1969  }
1970  printf("\n" SHOW_TLS_CIPHER_LIST_WARNING);
1971 
1972  SSL_free(ssl);
1973  SSL_CTX_free(tls_ctx.ctx);
1974 }
1975 
1976 /*
1977  * Show the Elliptic curves that are available for us to use
1978  * in the OpenSSL library.
1979  */
1980 void
1982 {
1983 #ifndef OPENSSL_NO_EC
1984  EC_builtin_curve *curves = NULL;
1985  size_t crv_len = 0;
1986  size_t n = 0;
1987 
1988  crv_len = EC_get_builtin_curves(NULL, 0);
1989  ALLOC_ARRAY(curves, EC_builtin_curve, crv_len);
1990  if (EC_get_builtin_curves(curves, crv_len))
1991  {
1992  printf("Available Elliptic curves:\n");
1993  for (n = 0; n < crv_len; n++)
1994  {
1995  const char *sname;
1996  sname = OBJ_nid2sn(curves[n].nid);
1997  if (sname == NULL)
1998  {
1999  sname = "";
2000  }
2001 
2002  printf("%s\n", sname);
2003  }
2004  }
2005  else
2006  {
2007  crypto_msg(M_FATAL, "Cannot get list of builtin curves");
2008  }
2009  free(curves);
2010 #else /* ifndef OPENSSL_NO_EC */
2011  msg(M_WARN, "Your OpenSSL library was built without elliptic curve support. "
2012  "No curves available.");
2013 #endif /* ifndef OPENSSL_NO_EC */
2014 }
2015 
2016 void
2018 {
2019  SSL_CTX *ctx;
2020  SSL *ssl;
2021  const char *cipher_name;
2022 
2023  ctx = SSL_CTX_new(SSLv23_method());
2024  if (!ctx)
2025  {
2026  crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
2027  }
2028  ssl = SSL_new(ctx);
2029  if (!ssl)
2030  {
2031  crypto_msg(M_FATAL, "Cannot create SSL object");
2032  }
2033 
2034  cipher_name = SSL_get_cipher_list(ssl, 0);
2035  strncpynt(buf, cipher_name, size);
2036 
2037  SSL_free(ssl);
2038  SSL_CTX_free(ctx);
2039 }
2040 
2041 const char *
2043 {
2045 }
2046 
2047 #endif /* defined(ENABLE_CRYPTO_OPENSSL) */
#define INFO_CALLBACK_SSL_CONST
Definition: ssl_openssl.c:184
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Definition: ssl_openssl.c:1869
static int rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:1032
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:348
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition: ssl_openssl.c:280
#define D_TLS_DEBUG_LOW
Definition: errlevel.h:77
static void * SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
Fetch the default password callback user data from the SSL context.
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Definition: ssl_openssl.c:764
#define D_TLS_DEBUG
Definition: errlevel.h:160
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition: ssl_openssl.c:425
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition: ssl_openssl.c:1803
static int EVP_PKEY_id(const EVP_PKEY *pkey)
Get the PKEY type.
static pem_password_cb * SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
Fetch the default password callback from the SSL context.
unsigned long ptr_type
Definition: common.h:67
static DSA * EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
Get the DSA object of a public key.
struct tls_options * opt
Definition: ssl_common.h:401
static void gc_free(struct gc_arena *a)
Definition: buffer.h:999
#define PERF_BIO_WRITE_CIPHERTEXT
Definition: perf.h:41
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition: manage.c:3005
static void tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio)
Definition: ssl_openssl.c:777
#define D_TLS_ERRORS
Definition: errlevel.h:59
static int rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:1016
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user&#39;s password.
Definition: ssl.c:381
#define ASSERT(x)
Definition: error.h:221
static int RSA_meth_set_priv_dec(RSA_METHOD *meth, int(*priv_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private decoding function of an RSA_METHOD object.
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, const char *priv_key_file_inline)
Load private key file into the given TLS context.
Definition: ssl_openssl.c:882
static int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1.
static int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
Set the application data of an RSA_METHOD object.
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition: ssl_openssl.c:141
static void perf_pop(void)
Definition: perf.h:82
#define M_FATAL
Definition: error.h:94
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
static void perf_push(int type)
Definition: perf.h:78
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
Definition: buffer.h:509
#define CLEAR(x)
Definition: basic.h:33
int tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, const char *cert_file, const char *cert_file_inline)
Definition: ssl_openssl.c:1291
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: env_set.c:285
void show_available_tls_ciphers(const char *cipher_list, const char *tls_cert_profile)
Definition: ssl_openssl.c:1929
#define PERF_BIO_READ_PLAINTEXT
Definition: perf.h:38
static int RSA_meth_set_priv_enc(RSA_METHOD *meth, int(*priv_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private encoding function of an RSA_METHOD object.
static int RSA_meth_set_pub_dec(RSA_METHOD *meth, int(*pub_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public decoding function of an RSA_METHOD object.
#define TLS_VER_1_1
Definition: ssl_backend.h:115
const char * ekm_label
Definition: ssl_common.h:356
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition: ssl_openssl.c:1785
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
Get the EC_KEY object of a public key.
#define ALLOC_ARRAY(dptr, type, n)
Definition: buffer.h:1032
static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
Get the RSA parameters.
static int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1.
static int RSA_bits(const RSA *rsa)
Number of significant RSA bits.
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition: ssl_common.h:330
int SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
Definition: cryptoapi.c:743
#define D_LOW
Definition: errlevel.h:97
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition: ssl_openssl.c:130
void tls_clear_error(void)
Clear the underlying SSL library&#39;s error state.
Definition: ssl_openssl.c:98
static void RSA_meth_free(RSA_METHOD *meth)
Free an existing RSA_METHOD object.
static void X509_OBJECT_free(X509_OBJECT *obj)
Destroy a X509 object.
char * management_query_pk_sig(struct management *man, const char *b64_data)
Definition: manage.c:3672
#define TLS_VER_1_2
Definition: ssl_backend.h:116
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
void setenv_del(struct env_set *es, const char *name)
Definition: env_set.c:330
static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:1081
static void bio_write_post(const int status, struct buffer *buf)
Definition: ssl_openssl.c:1661
FILE * platform_fopen(const char *path, const char *mode)
Definition: platform.c:301
static int get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig, unsigned int siglen)
Definition: ssl_openssl.c:1056
size_t ekm_size
Definition: ssl_common.h:358
#define BPTR(buf)
Definition: buffer.h:124
static int tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition: ssl_openssl.c:1098
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:297
static EVP_PKEY * X509_get0_pubkey(const X509 *x)
Get the public key from a X509 certificate.
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition: ssl_common.h:338
const char * iana_name
Definition: ssl_backend.h:62
static const char * np(const char *str)
Definition: simple.c:108
void show_available_curves(void)
Definition: ssl_openssl.c:1981
#define PERF_BIO_READ_CIPHERTEXT
Definition: perf.h:40
static struct gc_arena gc_new(void)
Definition: buffer.h:991
static int RSA_meth_set_pub_enc(RSA_METHOD *meth, int(*pub_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public encoding function of an RSA_METHOD object.
void get_highest_preference_tls_cipher(char *buf, int size)
Definition: ssl_openssl.c:2017
#define SSLF_TLS_VERSION_MIN_MASK
Definition: ssl_common.h:337
#define INLINE_FILE_TAG
Definition: common.h:95
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition: buffer.c:383
int openvpn_base64_decode(const char *str, void *data, int size)
Definition: base64.c:160
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, const char *cert_file_inline)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition: ssl_openssl.c:875
#define PERF_BIO_WRITE_PLAINTEXT
Definition: perf.h:39
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation...
Definition: ssl_openssl.c:211
static RSA * EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
Get the RSA object of a public key.
static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store)
Fetch the X509 object stack from the X509 store.
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract plaintext data from the TLS module.
Definition: ssl_openssl.c:1847
static RSA_METHOD * RSA_meth_new(const char *name, int flags)
Allocate a new RSA method object.
static SERVICE_STATUS status
Definition: automatic.c:47
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer&#39;s certificate allows setting up a VPN tunnel. ...
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:545
void key_state_export_keying_material(struct key_state_ssl *ssl, struct tls_session *session)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition: ssl_openssl.c:148
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition: ssl_openssl.c:76
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition: ssl_openssl.c:2042
char * format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc)
Definition: buffer.c:497
int openvpn_base64_encode(const void *data, int size, char **str)
Definition: base64.c:54
#define OPENSSL_VERSION
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name...
Definition: ssl_backend.h:62
#define D_HANDSHAKE_VERBOSE
Definition: errlevel.h:151
#define dmsg
Definition: error.h:174
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, const char *pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context...
Definition: ssl_openssl.c:635
static int rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssl_openssl.c:1024
#define TLS_VER_1_0
Definition: ssl_backend.h:114
const char * source
Definition: compat-lz4.h:433
#define TLS_VER_1_3
Definition: ssl_backend.h:117
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition: ssl_openssl.c:1770
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition: ssl_openssl.c:104
#define BLEN(buf)
Definition: buffer.h:127
static int openssl_tls_version(int ver)
Convert internal version number to openssl version number.
Definition: ssl_openssl.c:226
static int DSA_bits(const DSA *dsa)
Number of significant DSA bits.
#define D_HANDSHAKE
Definition: errlevel.h:72
SSL_CTX * ctx
Definition: ssl_openssl.h:39
static int sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
Definition: ssl_openssl.c:1344
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context.
Definition: ssl_openssl.c:324
__int64 int64_t
Definition: config-msvc.h:123
unsigned __int8 uint8_t
Definition: config-msvc.h:122
Structure that wraps the TLS context.
Definition: ssl_mbedtls.h:66
#define SSLF_CLIENT_CERT_OPTIONAL
Definition: ssl_common.h:331
static void check_malloc_return(const void *p)
Definition: buffer.h:1069
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, const char *crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition: ssl_openssl.c:949
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:398
#define VALGRIND_MAKE_READABLE(addr, len)
Definition: memdbg.h:53
#define msg
Definition: error.h:173
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition: ssl_openssl.c:459
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
int mydata_index
Allocate space in SSL objects in which to store a struct tls_session pointer back to parent...
Definition: ssl_openssl.c:73
static int SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
Return the min SSL protocol version currently enabled in the context.
#define SHOW_TLS_CIPHER_LIST_WARNING
Definition: ssl_common.h:576
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, const char *ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1350
size_t ekm_label_size
Definition: ssl_common.h:357
#define D_TLS_DEBUG_MED
Definition: errlevel.h:152
static void info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
Definition: ssl_openssl.c:187
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition: ssl_openssl.c:1832
static int constrain_int(int x, int min, int max)
Definition: integer.h:60
#define free
Definition: cmocka.c:1850
static void tls_ctx_load_cert_file_and_copy(struct tls_root_ctx *ctx, const char *cert_file, const char *cert_file_inline, X509 **x509)
Definition: ssl_openssl.c:800
static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
Set the RSA parameters.
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, const char *dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:508
const char * openssl_name
Definition: ssl_backend.h:62
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition: ssl_openssl.c:117
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition: ssl_openssl.c:1730
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition: ssl_openssl.c:89
#define UP_TYPE_PRIVATE_KEY
Definition: ssl_common.h:42
static int openvpn_extkey_rsa_finish(RSA *rsa)
Definition: ssl_openssl.c:1040
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract ciphertext data from the TLS module.
Definition: ssl_openssl.c:1817
#define SSLF_TLS_VERSION_MAX_MASK
Definition: ssl_common.h:339
static int RSA_meth_set_init(RSA_METHOD *meth, int(*init)(RSA *rsa))
Set the init function of an RSA_METHOD object.
#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT
static int bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
Definition: ssl_openssl.c:1609
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition: ssl_common.h:336
#define OpenSSL_version
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition: ssl.c:269
static int EC_GROUP_order_bits(const EC_GROUP *group)
Gets the number of bits of the order of an EC_GROUP.
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:552
#define M_WARN
Definition: error.h:96
struct env_set * es
Definition: ssl_common.h:321
static void RSA_set_flags(RSA *rsa, int flags)
Set the RSA flags.
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, const char *extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1503
static int X509_OBJECT_get_type(const X509_OBJECT *obj)
Get the type of an X509 object.
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
static int RSA_meth_set_finish(RSA_METHOD *meth, int(*finish)(RSA *rsa))
Set the finish function of an RSA_METHOD object.
static bool tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Definition: ssl_openssl.c:250
#define ptr_format
Definition: common.h:58
static int bio_read(BIO *bio, struct buffer *buf, int maxlen, const char *desc)
Definition: ssl_openssl.c:1674