39 #elif defined(_MSC_VER) 67 #ifdef MEASURE_TLS_HANDSHAKE_STATS 69 static int tls_handshake_success;
70 static int tls_handshake_error;
71 static int tls_packets_generated;
72 static int tls_packets_sent;
74 #define INCR_SENT ++tls_packets_sent 75 #define INCR_GENERATED ++tls_packets_generated 76 #define INCR_SUCCESS ++tls_handshake_success 77 #define INCR_ERROR ++tls_handshake_error 80 show_tls_performance_stats(
void)
82 msg(
D_TLS_DEBUG_LOW,
"TLS Handshakes, success=%f%% (good=%d, bad=%d), retransmits=%f%%",
83 (
double) tls_handshake_success / (tls_handshake_success + tls_handshake_error) * 100.0,
84 tls_handshake_success, tls_handshake_error,
85 (
double) (tls_packets_sent - tls_packets_generated) / tls_packets_generated * 100.0);
90 #define INCR_GENERATED 100 {
"ADH-SEED-SHA",
"TLS-DH-anon-WITH-SEED-CBC-SHA"},
101 {
"AES128-GCM-SHA256",
"TLS-RSA-WITH-AES-128-GCM-SHA256"},
102 {
"AES128-SHA256",
"TLS-RSA-WITH-AES-128-CBC-SHA256"},
103 {
"AES128-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA"},
104 {
"AES256-GCM-SHA384",
"TLS-RSA-WITH-AES-256-GCM-SHA384"},
105 {
"AES256-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256"},
106 {
"AES256-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA"},
107 {
"CAMELLIA128-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
108 {
"CAMELLIA128-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"},
109 {
"CAMELLIA256-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
110 {
"CAMELLIA256-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA"},
111 {
"DES-CBC3-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA"},
112 {
"DES-CBC-SHA",
"TLS-RSA-WITH-DES-CBC-SHA"},
113 {
"DH-DSS-SEED-SHA",
"TLS-DH-DSS-WITH-SEED-CBC-SHA"},
114 {
"DHE-DSS-AES128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256"},
115 {
"DHE-DSS-AES128-SHA256",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256"},
116 {
"DHE-DSS-AES128-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA"},
117 {
"DHE-DSS-AES256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384"},
118 {
"DHE-DSS-AES256-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256"},
119 {
"DHE-DSS-AES256-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA"},
120 {
"DHE-DSS-CAMELLIA128-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256"},
121 {
"DHE-DSS-CAMELLIA128-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA"},
122 {
"DHE-DSS-CAMELLIA256-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256"},
123 {
"DHE-DSS-CAMELLIA256-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA"},
124 {
"DHE-DSS-SEED-SHA",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA"},
125 {
"DHE-RSA-AES128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256"},
126 {
"DHE-RSA-AES128-SHA256",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256"},
127 {
"DHE-RSA-AES128-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA"},
128 {
"DHE-RSA-AES256-GCM-SHA384",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384"},
129 {
"DHE-RSA-AES256-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"},
130 {
"DHE-RSA-AES256-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA"},
131 {
"DHE-RSA-CAMELLIA128-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
132 {
"DHE-RSA-CAMELLIA128-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA"},
133 {
"DHE-RSA-CAMELLIA256-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
134 {
"DHE-RSA-CAMELLIA256-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA"},
135 {
"DHE-RSA-CHACHA20-POLY1305",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256"},
136 {
"DHE-RSA-SEED-SHA",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA"},
137 {
"DH-RSA-SEED-SHA",
"TLS-DH-RSA-WITH-SEED-CBC-SHA"},
138 {
"ECDH-ECDSA-AES128-GCM-SHA256",
"TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256"},
139 {
"ECDH-ECDSA-AES128-SHA256",
"TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256"},
140 {
"ECDH-ECDSA-AES128-SHA",
"TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA"},
141 {
"ECDH-ECDSA-AES256-GCM-SHA384",
"TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384"},
142 {
"ECDH-ECDSA-AES256-SHA256",
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA256"},
143 {
"ECDH-ECDSA-AES256-SHA384",
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384"},
144 {
"ECDH-ECDSA-AES256-SHA",
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA"},
145 {
"ECDH-ECDSA-CAMELLIA128-SHA256",
"TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256"},
146 {
"ECDH-ECDSA-CAMELLIA128-SHA",
"TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA"},
147 {
"ECDH-ECDSA-CAMELLIA256-SHA256",
"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA256"},
148 {
"ECDH-ECDSA-CAMELLIA256-SHA",
"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA"},
149 {
"ECDH-ECDSA-DES-CBC3-SHA",
"TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA"},
150 {
"ECDH-ECDSA-DES-CBC-SHA",
"TLS-ECDH-ECDSA-WITH-DES-CBC-SHA"},
151 {
"ECDH-ECDSA-RC4-SHA",
"TLS-ECDH-ECDSA-WITH-RC4-128-SHA"},
152 {
"ECDHE-ECDSA-AES128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"},
153 {
"ECDHE-ECDSA-AES128-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256"},
154 {
"ECDHE-ECDSA-AES128-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA384"},
155 {
"ECDHE-ECDSA-AES128-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA"},
156 {
"ECDHE-ECDSA-AES256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"},
157 {
"ECDHE-ECDSA-AES256-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA256"},
158 {
"ECDHE-ECDSA-AES256-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384"},
159 {
"ECDHE-ECDSA-AES256-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA"},
160 {
"ECDHE-ECDSA-CAMELLIA128-SHA256",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256"},
161 {
"ECDHE-ECDSA-CAMELLIA128-SHA",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA"},
162 {
"ECDHE-ECDSA-CAMELLIA256-SHA256",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA256"},
163 {
"ECDHE-ECDSA-CAMELLIA256-SHA",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA"},
164 {
"ECDHE-ECDSA-CHACHA20-POLY1305",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"},
165 {
"ECDHE-ECDSA-DES-CBC3-SHA",
"TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA"},
166 {
"ECDHE-ECDSA-DES-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-DES-CBC-SHA"},
167 {
"ECDHE-ECDSA-RC4-SHA",
"TLS-ECDHE-ECDSA-WITH-RC4-128-SHA"},
168 {
"ECDHE-RSA-AES128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256"},
169 {
"ECDHE-RSA-AES128-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256"},
170 {
"ECDHE-RSA-AES128-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA384"},
171 {
"ECDHE-RSA-AES128-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA"},
172 {
"ECDHE-RSA-AES256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"},
173 {
"ECDHE-RSA-AES256-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA256"},
174 {
"ECDHE-RSA-AES256-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"},
175 {
"ECDHE-RSA-AES256-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA"},
176 {
"ECDHE-RSA-CAMELLIA128-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
177 {
"ECDHE-RSA-CAMELLIA128-SHA",
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA"},
178 {
"ECDHE-RSA-CAMELLIA256-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
179 {
"ECDHE-RSA-CAMELLIA256-SHA",
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA"},
180 {
"ECDHE-RSA-CHACHA20-POLY1305",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"},
181 {
"ECDHE-RSA-DES-CBC3-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA"},
182 {
"ECDHE-RSA-DES-CBC-SHA",
"TLS-ECDHE-RSA-WITH-DES-CBC-SHA"},
183 {
"ECDHE-RSA-RC4-SHA",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA"},
184 {
"ECDH-RSA-AES128-GCM-SHA256",
"TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256"},
185 {
"ECDH-RSA-AES128-SHA256",
"TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256"},
186 {
"ECDH-RSA-AES128-SHA384",
"TLS-ECDH-RSA-WITH-AES-128-CBC-SHA384"},
187 {
"ECDH-RSA-AES128-SHA",
"TLS-ECDH-RSA-WITH-AES-128-CBC-SHA"},
188 {
"ECDH-RSA-AES256-GCM-SHA384",
"TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384"},
189 {
"ECDH-RSA-AES256-SHA256",
"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA256"},
190 {
"ECDH-RSA-AES256-SHA384",
"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384"},
191 {
"ECDH-RSA-AES256-SHA",
"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA"},
192 {
"ECDH-RSA-CAMELLIA128-SHA256",
"TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
193 {
"ECDH-RSA-CAMELLIA128-SHA",
"TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA"},
194 {
"ECDH-RSA-CAMELLIA256-SHA256",
"TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
195 {
"ECDH-RSA-CAMELLIA256-SHA",
"TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA"},
196 {
"ECDH-RSA-DES-CBC3-SHA",
"TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA"},
197 {
"ECDH-RSA-DES-CBC-SHA",
"TLS-ECDH-RSA-WITH-DES-CBC-SHA"},
198 {
"ECDH-RSA-RC4-SHA",
"TLS-ECDH-RSA-WITH-RC4-128-SHA"},
199 {
"EDH-DSS-DES-CBC3-SHA",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA"},
200 {
"EDH-DSS-DES-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"},
201 {
"EDH-RSA-DES-CBC3-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"},
202 {
"EDH-RSA-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-DES-CBC-SHA"},
203 {
"EXP-DES-CBC-SHA",
"TLS-RSA-EXPORT-WITH-DES40-CBC-SHA"},
204 {
"EXP-EDH-DSS-DES-CBC-SHA",
"TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA"},
205 {
"EXP-EDH-RSA-DES-CBC-SHA",
"TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA"},
206 {
"EXP-RC2-CBC-MD5",
"TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5"},
207 {
"EXP-RC4-MD5",
"TLS-RSA-EXPORT-WITH-RC4-40-MD5"},
208 {
"NULL-MD5",
"TLS-RSA-WITH-NULL-MD5"},
209 {
"NULL-SHA256",
"TLS-RSA-WITH-NULL-SHA256"},
210 {
"NULL-SHA",
"TLS-RSA-WITH-NULL-SHA"},
211 {
"PSK-3DES-EDE-CBC-SHA",
"TLS-PSK-WITH-3DES-EDE-CBC-SHA"},
212 {
"PSK-AES128-CBC-SHA",
"TLS-PSK-WITH-AES-128-CBC-SHA"},
213 {
"PSK-AES256-CBC-SHA",
"TLS-PSK-WITH-AES-256-CBC-SHA"},
214 {
"PSK-RC4-SHA",
"TLS-PSK-WITH-RC4-128-SHA"},
215 {
"RC4-MD5",
"TLS-RSA-WITH-RC4-128-MD5"},
216 {
"RC4-SHA",
"TLS-RSA-WITH-RC4-128-SHA"},
217 {
"SEED-SHA",
"TLS-RSA-WITH-SEED-CBC-SHA"},
218 {
"SRP-DSS-3DES-EDE-CBC-SHA",
"TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA"},
219 {
"SRP-DSS-AES-128-CBC-SHA",
"TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA"},
220 {
"SRP-DSS-AES-256-CBC-SHA",
"TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA"},
221 {
"SRP-RSA-3DES-EDE-CBC-SHA",
"TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA"},
222 {
"SRP-RSA-AES-128-CBC-SHA",
"TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA"},
223 {
"SRP-RSA-AES-256-CBC-SHA",
"TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA"},
224 #ifdef ENABLE_CRYPTO_OPENSSL 226 {
"DEFAULT",
"DEFAULT"},
228 {
"HIGH",
"HIGH"}, {
"!HIGH",
"!HIGH"},
229 {
"MEDIUM",
"MEDIUM"}, {
"!MEDIUM",
"!MEDIUM"},
230 {
"LOW",
"LOW"}, {
"!LOW",
"!LOW"},
231 {
"ECDH",
"ECDH"}, {
"!ECDH",
"!ECDH"},
232 {
"ECDSA",
"ECDSA"}, {
"!ECDSA",
"!ECDSA"},
233 {
"EDH",
"EDH"}, {
"!EDH",
"!EDH"},
234 {
"EXP",
"EXP"}, {
"!EXP",
"!EXP"},
235 {
"RSA",
"RSA"}, {
"!RSA",
"!RSA"},
236 {
"kRSA",
"kRSA"}, {
"!kRSA",
"!kRSA"},
237 {
"SRP",
"SRP"}, {
"!SRP",
"!SRP"},
264 || (strlen(pair->
iana_name) == len && 0 == memcmp(cipher_name, pair->
iana_name, len)))
287 if (*reneg_bytes == -1)
289 msg(
M_WARN,
"WARNING: cipher with small block size in use, " 290 "reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.");
291 *reneg_bytes = 64 * 1024 * 1024;
391 #ifdef ENABLE_MANAGEMENT 398 auth_user_pass_enabled =
true;
401 #ifdef ENABLE_MANAGEMENT 465 if (!auth_user_pass_only)
473 #ifdef ENABLE_MANAGEMENT 478 #ifdef ENABLE_MANAGEMENT 483 free(auth_challenge);
484 auth_challenge = NULL;
505 if (!strcmp(vstr,
"1.0") &&
TLS_VER_1_0 <= max_version)
509 else if (!strcmp(vstr,
"1.1") &&
TLS_VER_1_1 <= max_version)
513 else if (!strcmp(vstr,
"1.2") &&
TLS_VER_1_2 <= max_version)
517 else if (!strcmp(vstr,
"1.3") &&
TLS_VER_1_3 <= max_version)
521 else if (extra && !strcmp(extra,
"or-highest"))
544 bool crl_file_inline)
557 crl_stat.st_mtime = 1;
561 msg(
M_WARN,
"WARNING: Failed to stat CRL file, not (re)loading CRL.");
636 else if (options->pkcs11_providers[0])
638 if (!tls_ctx_use_pkcs11(new_ctx, options->pkcs11_id_management, options->pkcs11_id))
640 msg(
M_WARN,
"Cannot load certificate \"%s\" using PKCS#11 interface",
646 #ifdef ENABLE_CRYPTOAPI 652 #ifdef ENABLE_MANAGEMENT 674 #ifdef ENABLE_MANAGEMENT 679 msg(
M_WARN,
"Cannot initialize mamagement-external-key");
713 #ifdef ENABLE_CRYPTO_MBEDTLS 715 tls_ctx_personalise_random(new_ctx);
742 return "S_PRE_START";
770 return "KS_AUTH_TRUE";
772 return "KS_AUTH_DEFERRED";
774 return "KS_AUTH_FALSE";
786 return "P_CONTROL_HARD_RESET_CLIENT_V1";
789 return "P_CONTROL_HARD_RESET_SERVER_V1";
792 return "P_CONTROL_HARD_RESET_CLIENT_V2";
795 return "P_CONTROL_HARD_RESET_SERVER_V2";
798 return "P_CONTROL_HARD_RESET_CLIENT_V3";
801 return "P_CONTROL_SOFT_RESET_V1";
804 return "P_CONTROL_V1";
829 return "TM_UNTRUSTED";
832 return "TM_LAME_DUCK";
850 buf_printf(&out,
" [key#%d state=%s auth=%s id=%d sid=%s]", i,
955 #ifdef ENABLE_MANAGEMENT 995 #ifdef PLUGIN_DEF_AUTH 1060 session->
opt = &multi->
opt;
1087 "TLS_WRAP", session->
key_id);
1095 dmsg(
D_TLS_DEBUG,
"TLS: tls_session_init: new session object, sid=%s",
1121 for (
size_t i = 0; i <
KS_SIZE; ++i)
1183 if (seconds_from_now < *earliest)
1185 *earliest = seconds_from_now;
1232 ret->
opt = *tls_options;
1321 for (
int i = 0; i <
TM_SIZE; ++i)
1344 #define SWAP_BUF_SIZE 256 1360 const int osid_size = 1 +
SID_SIZE;
1380 if (buf->
len >= e1 + e2)
1382 memcpy(buf1, b, e1);
1383 memcpy(buf2, b + e1, e2);
1384 memcpy(b, buf2, e2);
1385 memcpy(b + e2, buf1, e1);
1395 #undef SWAP_BUF_SIZE 1476 "TLS Error: can not extract tls-crypt-v2 client key from %s",
1481 if (ctx->
mode == TLS_WRAP_AUTH)
1489 "TLS Error: cannot locate HMAC in incoming packet from %s",
1501 "TLS Error: incoming packet authentication failed from %s",
1507 else if (ctx->
mode == TLS_WRAP_CRYPT)
1533 if (ctx->
mode == TLS_WRAP_NONE || ctx->
mode == TLS_WRAP_AUTH)
1561 "%s pre_master: %s",
1607 const int olen_orig = olen;
1608 const uint8_t *out_orig = out;
1644 memcpy(out,A1,olen);
1693 const uint8_t *S2 = &(sec[len]);
1696 tls1_P_hash(md5,S1,len,label,label_len,out1,olen);
1697 tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
1699 for (
int i = 0; i<olen; i++)
1716 int client_seed_len,
1718 int server_seed_len,
1745 tls1_PRF(
BPTR(&seed),
BLEN(&seed), secret, secret_len, output, output_len);
1841 for (
int i = 0; i < 2; ++i)
1883 "Master Encrypt",
"Master Decrypt");
1886 for (
int i = 0; i < 2; ++i)
1911 size_t impl_iv_len = 0;
1915 ASSERT(impl_iv_len <= key_len);
1958 struct frame *frame_fragment)
1969 if (!session->
opt->
server && !cipher_allowed_as_fallback
1990 msg(
D_HANDSHAKE,
"NCP: overriding user-set keysize with default");
2007 if (packet_id_long_form)
2015 options->
replay, packet_id_long_form);
2032 options->
replay, packet_id_long_form);
2047 msg(
M_FATAL,
"ERROR: Random number generator cannot obtain entropy for key generation [SSL]");
2137 (reliable_empty(ks->send_reliable) && reliable_ack_empty(ks->rec_ack)) 2175 const int len = strlen(str) + 1;
2176 if (len < 1 || (maxlen >= 0 && len > maxlen))
2195 if (len < 1 || len > (
int)capacity)
2217 str = (
char *)
malloc(len);
2243 #if defined(TARGET_LINUX) 2245 #elif defined(TARGET_SOLARIS) 2247 #elif defined(TARGET_OPENBSD) 2249 #elif defined(TARGET_DARWIN) 2251 #elif defined(TARGET_NETBSD) 2253 #elif defined(TARGET_FREEBSD) 2255 #elif defined(TARGET_ANDROID) 2257 #elif defined(_WIN32) 2286 #ifdef HAVE_EXPORT_KEYING_MATERIAL 2295 comp_generate_peer_info_string(&session->
opt->comp_options, &out);
2318 if ((((strncmp(e->string,
"UV_", 3)==0
2319 || strncmp(e->string,
"IV_PLAT_VER=",
sizeof(
"IV_PLAT_VER=")-1)==0)
2321 || (strncmp(e->string,
"IV_GUI_VER=",
sizeof(
"IV_GUI_VER=")-1)==0)
2322 || (strncmp(e->string,
"IV_SSO=",
sizeof(
"IV_SSO=")-1)==0)
2324 &&
buf_safe(&out, strlen(e->string)+1))
2388 if (auth_user_pass_enabled)
2390 #ifdef ENABLE_MANAGEMENT 2486 unsigned int len = (size * 2) + 2;
2488 const char *key =
format_hex_ex(ekm, size, len, 0, NULL, &gc);
2497 msg(
M_WARN,
"WARNING: Export keying material failed!");
2513 bool username_status, password_status;
2525 msg(
D_TLS_ERRORS,
"TLS ERROR: Plaintext buffer too short (%d bytes).",
2535 "TLS ERROR: Unknown key_method/flags=%d received from remote host",
2543 msg(
D_TLS_ERRORS,
"TLS Error: Error reading remote data channel key source entropy from plaintext buffer");
2550 msg(
D_TLS_ERRORS,
"TLS Error: Failed to read required OCC options string");
2587 if (!username_status || !password_status)
2592 msg(
D_TLS_ERRORS,
"TLS Error: Auth Username/Password was not provided by peer");
2605 "TLS Error: Certificate verification failed (key-method 2)");
2627 msg(
D_TLS_ERRORS,
"Option inconsistency warnings triggering disconnect due to --opt-verify");
2712 bool state_change =
false;
2713 bool active =
false;
2751 dmsg(
D_TLS_DEBUG,
"TLS: tls_process: chg=%d ks=%s lame=%s to_link->len=%d wakeup=%d",
2758 state_change =
false;
2782 state_change =
true;
2786 #ifdef ENABLE_MANAGEMENT 2805 "TLS Error: TLS key negotiation failed to occur within %d seconds (check your network connectivity)",
2814 state_change =
true;
2845 state_change =
true;
2857 #ifdef MEASURE_TLS_HANDSHAKE_STATS 2858 show_tls_performance_stats();
2879 state_change =
true;
2895 "TLS Error: Incoming Ciphertext -> TLS object write error");
2906 state_change =
true;
2922 msg(
D_TLS_ERRORS,
"TLS Error: TLS object -> incoming plaintext read error");
2927 state_change =
true;
2945 state_change =
true;
2961 state_change =
true;
2974 "TLS ERROR: Outgoing Plaintext -> TLS object write error");
2979 state_change =
true;
2994 "TLS Error: Ciphertext -> reliable TCP/UDP transport read error");
3001 state_change =
true;
3007 while (state_change);
3094 for (
int i = 0; i <
TM_SIZE; ++i)
3108 "TLS: tls_multi_process: i=%d state=%s, mysid=%s, stored-sid=%s, stored-ip=%s",
3122 to_link_socket_info, wakeup))
3192 msg(
D_TLS_DEBUG_LOW,
"TLS: tls_multi_process: untrusted session promoted to %strusted",
3216 const int throw_level = GREMLIN_CONNECTION_FLOOD_LEVEL(multi->
opt.
gremlin);
3282 "Key %s [%d] not initialized (yet), dropping packet.",
3291 *ad_start =
BPTR(buf);
3296 *ad_start =
BPTR(buf);
3302 msg(
D_TLS_ERRORS,
"Protocol error: received P_DATA_V2 from %s but length is < 4",
3313 "TLS: tls_pre_decrypt, key_id=%d, IP=%s",
3321 "TLS Error: local/remote TLS keys are out of sync: %s " 3322 "(received key id: %d, known key ids: %s)",
3391 bool do_burst =
false;
3392 bool new_link =
false;
3404 "TLS Error: unknown opcode received from %s op=%d",
3418 "TLS Error: client->client or server->server connection attempted from %s",
3432 struct buffer tmp = *buf;
3437 "TLS Error: session-id not found in packet from %s",
3451 "TLS: initial packet test, i=%d state=%s, mysid=%s, rec-sid=%s, rec-ip=%s, stored-sid=%s, stored-ip=%s",
3466 "TLS ERROR: received control packet with stale session-id=%s",
3471 "TLS: found match, session[%d], sid=%s",
3495 "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [1]",
3500 #ifdef ENABLE_MANAGEMENT 3514 "TLS: Initial packet from %s, sid=%s",
3544 "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [2]",
3562 "TLS: new session incoming connection from %s",
3580 "TLS Error: Unroutable control packet received from %s (si=%d op=%s)",
3592 msg(
D_TLS_ERRORS,
"TLS Error: Received control packet from unexpected IP addr: %s",
3612 "TLS: received P_CONTROL_SOFT_RESET_V1 s=%d sid=%s",
3632 "TLS: received control channel packet s#=%d sid=%s",
3665 "TLS Error: Existing session control channel packet from unknown IP address: %s",
3675 if (do_burst && !session->
burst)
3678 session->
burst =
true;
3682 if (ks->
key_id != key_id)
3685 "TLS ERROR: local/remote key IDs out of sync (%d/%d) ID: %s",
3702 "TLS Error: reading acknowledgement record from packet");
3726 "Incoming control channel packet too big, dropping.");
3766 const struct buffer *buf)
3790 "TLS State Error: No TLS state for client %s, opcode=%d",
3799 "TLS State Error: Unknown key ID (%d) received from %s -- 0 was expected",
3808 "TLS State Error: Large packet (size %d) received from %s -- a packet no larger than %d bytes was expected",
3934 | (multi->
peer_id & 0xFFFFFF));
4030 for (
int i = 0; i <
TM_SIZE; ++i)
4034 for (
int j = 0; j <
KS_SIZE; ++j)
4056 const char *cipher_list_tls13,
4057 const char *tls_cert_profile)
4059 printf(
"Available TLS Ciphers, listed in order of preference:\n");
4063 printf(
"\nFor TLS 1.3 and newer (--tls-ciphersuites):\n\n");
4067 printf(
"\nFor TLS 1.2 and older (--tls-cipher):\n\n");
4071 "Be aware that that whether a cipher suite in this list can actually work\n" 4072 "depends on the specific setup of both peers. See the man page entries of\n" 4073 "--tls-cipher and --show-tls for more details.\n\n" 4085 struct buffer buf = *buffer;
4107 if (!
buf_read(&buf, &c,
sizeof(c)))
4139 if (tls_auth_hmac_size)
4146 if (!
buf_read(&buf, tls_auth_hmac, tls_auth_hmac_size))
4177 if (!
buf_read(&buf, &l,
sizeof(l)))
static void tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame, struct frame *frame)
struct reliable * rec_reliable
bool cipher_kt_mode_aead(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported AEAD mode cipher.
char * management_query_cert(struct management *man, const char *cert_name)
static bool buf_write_u8(struct buffer *dest, int data)
void reliable_free(struct reliable *rel)
Free allocated memory associated with a reliable structure and the pointer itself.
static const char * packet_opcode_name(int op)
const cipher_kt_t * cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
Returns the static cipher parameters for this context.
void options_warning(char *actual, const char *expected)
#define EXPANDED_SIZE_DYNAMIC(f)
#define P_CONTROL_HARD_RESET_SERVER_V1
static const char * print_key_id(struct tls_multi *multi, struct gc_arena *gc)
size_t implicit_iv_len
The length of implicit_iv.
Security parameter state for processing data channel packets.
struct key_state_ssl ks_ssl
const char * management_certificate
static void tls_wrap_free(struct tls_wrap_ctx *tls_wrap)
Free the elements of a tls_wrap_ctx structure.
#define CO_PACKET_ID_LONG_FORM
Bit-flag indicating whether to use OpenVPN's long packet ID format.
static void strncpynt(char *dest, const char *src, size_t maxlen)
#define TM_ACTIVE
Active tls_session.
Security parameter state of one TLS and data channel key session.
static void compute_earliest_wakeup(interval_t *earliest, interval_t seconds_from_now)
struct buffer work
Work buffer (only for –tls-crypt)
unsigned int management_flags
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
struct key_state key[KS_SIZE]
struct buffer plaintext_read_buf
int n_sessions
Number of sessions negotiated thus far.
unsigned int crypto_max_overhead(void)
Return the worst-case OpenVPN crypto overhead (in bytes)
void tls_auth_standalone_finalize(struct tls_auth_standalone *tas, const struct frame *frame)
#define SSLF_CRL_VERIFY_DIR
void ssl_clean_user_pass(void)
Cleans the saved user/password unless auth-nocache is in use.
void free_buf(struct buffer *buf)
void ssl_put_auth_challenge(const char *cr_str)
static bool write_string(struct buffer *buf, const char *str, const int maxlen)
unsigned int flags
Bit-flags determining behavior of security operation functions.
static void export_user_keying_material(struct key_state_ssl *ssl, struct tls_session *session)
#define TLS_MULTI_AUTH_STATUS_INTERVAL
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
char * string_alloc(const char *str, struct gc_arena *gc)
#define S_PRE_START
Waiting for the remote OpenVPN peer to acknowledge during the initial three-way handshake.
static const char * session_index_name(int index)
bool enable_ncp_fallback
If defined fall back to ciphername if NCP fails.
static bool session_id_equal(const struct session_id *sid1, const struct session_id *sid2)
struct link_socket_addr * lsa
struct key keys[2]
Two unidirectional sets of key material.
struct buffer tls_crypt_v2_metadata
Received from client.
#define IV_PROTO_DATA_V2
Support P_DATA_V2.
static void tls_limit_reneg_bytes(const cipher_kt_t *cipher, int *reneg_bytes)
Limit the reneg_bytes value when using a small-block (<128 bytes) cipher.
struct packet_id_persist * pid_persist
Persistent packet ID state for keeping state between successive OpenVPN process startups.
bool options_cmp_equal(char *actual, const char *expected)
const char * tls_cert_profile
#define GET_USER_PASS_STATIC_CHALLENGE
Container for both halves of random material to be used in key method 2 data channel key generation...
static bool session_id_write(const struct session_id *sid, struct buffer *buf)
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
static bool buf_advance(struct buffer *buf, int size)
void packet_id_persist_load_obj(const struct packet_id_persist *p, struct packet_id *pid)
Packet geometry parameters.
struct key_state * save_ks
#define OPENVPN_MAX_IV_LENGTH
Maximum length of an IV.
static bool generate_key_expansion_tls_export(struct tls_session *session, struct key2 *key2)
bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
#define IV_PROTO_AUTH_PENDING_KW
Supports signaling keywords with AUTH_PENDING, e.g.
void fixup_key(struct key *key, const struct key_type *kt)
static void key_state_soft_reset(struct tls_session *session)
enum ks_auth_state authenticated
#define SSLF_AUTH_USER_PASS_OPTIONAL
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
#define RELIABLE_ACK_SIZE
The maximum number of packet IDs waiting to be acknowledged which can be stored in one reliable_ack s...
bool extra_certs_file_inline
static void gc_free(struct gc_arena *a)
struct tls_root_ctx ssl_ctx
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
Reload the Certificate Revocation List for the SSL channel.
static void frame_add_to_extra_frame(struct frame *frame, const unsigned int increment)
void tls_post_encrypt(struct tls_multi *multi, struct buffer *buf)
Perform some accounting for the key state used.
static int plugin_call(const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es)
const char * auth_user_pass_verify_script
const char * priv_key_file
void session_id_random(struct session_id *sid)
Security parameter state for a single VPN tunnel.
static void handle_data_channel_packet(struct tls_multi *multi, const struct link_socket_actual *from, struct buffer *buf, struct crypto_options **opt, bool floated, const uint8_t **ad_start)
static bool buf_safe(const struct buffer *buf, int len)
struct buffer_list * buffer_list_new(const int max_size)
Allocate an empty buffer list of capacity max_size.
static bool tls_process(struct tls_multi *multi, struct tls_session *session, struct buffer *to_link, struct link_socket_actual **to_link_addr, struct link_socket_info *to_link_socket_info, interval_t *wakeup)
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user's password.
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
void tls_multi_free(struct tls_multi *multi, bool clear)
Cleanup a tls_multi structure and free associated memory allocations.
#define SET_MTU_UPPER_BOUND
const char * auth_user_pass_file
int n
The number of key objects stored in the key2.keys array.
struct reliable_ack * rec_ack
struct buffer alloc_buf(size_t size)
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
const char * config_ncp_ciphers
struct link_socket_actual actual
struct crypto_options opt
Crypto state.
void tls_update_remote_addr(struct tls_multi *multi, const struct link_socket_actual *addr)
Updates remote address in TLS sessions.
#define S_UNDEF
Undefined state, used after a key_state is cleaned up.
bool is_hard_reset_method2(int op)
Given a key_method, return true if opcode represents the one of the hard_reset op codes for key-metho...
struct cert_hash_set * cert_hash_set
static bool lame_duck_must_die(const struct tls_session *session, interval_t *wakeup)
static void init_key_contexts(struct key_ctx_bi *key, const struct key_type *key_type, bool server, struct key2 *key2)
static void perf_pop(void)
Key state is authenticated.
void key_state_rm_auth_control_file(struct key_state *ks)
Remove the given key state's auth control file, if it exists.
bool buf_printf(struct buffer *buf, const char *format,...)
static bool read_string(struct buffer *buf, char *str, const unsigned int capacity)
static void perf_push(int type)
void tls_prepend_opcode_v2(const struct tls_multi *multi, struct buffer *buf)
Prepend an OpenVPN data channel P_DATA_V2 header to the packet.
static bool read_control_auth(struct buffer *buf, struct tls_wrap_ctx *ctx, const struct link_socket_actual *from, const struct tls_options *opt)
time_t crl_last_mtime
CRL last modification time.
struct man_def_auth_context * mda_context
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
#define EXPORT_KEY_DATA_LABEL
void setenv_str(struct env_set *es, const char *name, const char *value)
#define TLS_AUTHENTICATED(multi, ks)
Check whether the ks key_state has finished the key exchange part of the OpenVPN hand shake...
static int buf_read_u8(struct buffer *buf)
const char * win32_version_string(struct gc_arena *gc, bool add_name)
int cipher_kt_iv_size(const cipher_kt_t *cipher_kt)
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
bool cipher_kt_insecure(const cipher_kt_t *cipher)
Returns true if we consider this cipher to be insecure.
const char * protocol_dump(struct buffer *buffer, unsigned int flags, struct gc_arena *gc)
const char * cryptoapi_cert
static void flush_payload_buffer(struct key_state *ks)
bool packet_id_read(struct packet_id_net *pin, struct buffer *buf, bool long_form)
struct buffer * reliable_get_buf(struct reliable *rel)
Get the buffer of a free reliable entry in which to store a packet.
static bool push_peer_info(struct buffer *buf, struct tls_session *session)
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
bool tls_item_in_cipher_list(const char *item, const char *list)
Return true iff item is present in the colon-separated zero-terminated cipher list.
#define TLS_VER_BAD
Parse a TLS version specifier.
enum tls_auth_status tls_authentication_status(struct tls_multi *multi, const int latency)
Return current session authentication state of the tls_multi structure This will return TLS_AUTHENTIC...
#define IV_PROTO_REQUEST_PUSH
Assume client will send a push request and server does not need to wait for a push-request to send a ...
uint8_t random1[32]
Seed used for master secret generation, provided by both client and server.
void tls_free_lib(void)
Free any global SSL library-specific data structures.
bool check_key(struct key *key, const struct key_type *kt)
#define OPENVPN_STATE_AUTH
static bool check_debug_level(unsigned int level)
unsigned int crypto_flags
bool tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, const struct link_socket_actual *from, const struct buffer *buf)
Inspect an incoming packet for which no VPN tunnel is active, and determine whether a new VPN tunnel ...
#define OPENVPN_PLUGIN_FUNC_SUCCESS
struct tls_session session[TM_SIZE]
Array of tls_session objects representing control channel sessions with the remote peer...
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
static struct user_pass auth_user_pass
void ssl_set_auth_token(const char *token)
const char * config_ciphername
bool tls_session_update_crypto_params(struct tls_session *session, struct options *options, struct frame *frame, struct frame *frame_fragment)
Update TLS session crypto parameters (cipher and auth) and derive data channel keys based on the supp...
struct reliable * send_reliable
void hmac_ctx_cleanup(hmac_ctx_t *ctx)
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
char username[USER_PASS_LEN]
#define IV_PROTO_TLS_KEY_EXPORT
Supports key derivation via TLS key material exporter [RFC5705].
void packet_id_free(struct packet_id *p)
static bool buf_read(struct buffer *src, void *dest, int size)
void tls_pre_encrypt(struct tls_multi *multi, struct buffer *buf, struct crypto_options **opt)
Choose the appropriate security parameters with which to process an outgoing packet.
int offset
Offset in bytes of the actual content within the allocated memory.
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
struct link_socket_actual to_link_addr
#define OPENVPN_AEAD_MIN_IV_LEN
Minimal IV length for AEAD mode ciphers (in bytes): 4-byte packet id + 8 bytes implicit IV...
void reliable_mark_active_outgoing(struct reliable *rel, struct buffer *buf, int opcode)
Mark the reliable entry associated with the given buffer as active outgoing.
int len
Length in bytes of the actual content within the allocated memory.
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
void setenv_del(struct env_set *es, const char *name)
#define S_ACTIVE
Operational key_state state immediately after negotiation has completed while still within the handsh...
bool cleanup_key_ctx
opt.key_ctx_bi is owned by this context
static void reliable_set_timeout(struct reliable *rel, interval_t timeout)
static bool buf_write(struct buffer *dest, const void *src, int size)
off_t crl_last_size
size of last loaded CRL
const char * packet_id_net_print(const struct packet_id_net *pin, bool print_timestamp, struct gc_arena *gc)
struct tls_auth_standalone * tls_auth_standalone_init(struct tls_options *tls_options, struct gc_arena *gc)
static char * auth_challenge
static bool key_source2_randomize_write(struct key_source2 *k2, struct buffer *buf, bool server)
struct link_socket_actual remote_addr
char * options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc)
Given an OpenVPN options string, extract the value of an option.
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
bool reliable_ack_write(struct reliable_ack *ack, struct buffer *buf, const struct session_id *sid, int max, bool prepend)
Write a packet ID acknowledgment record to a buffer.
static bool write_empty_string(struct buffer *buf)
void init_ssl(const struct options *options, struct tls_root_ctx *new_ctx)
Build master SSL context object that serves for the whole of OpenVPN instantiation.
#define KEY_DIRECTION_NORMAL
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Control channel wrapping (–tls-auth/–tls-crypt) context.
void get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx)
static void move_session(struct tls_multi *multi, int dest, int src, bool reinit_src)
uint8_t random2[32]
Seed used for key expansion, provided by both client and server.
#define OPENVPN_STATE_WAIT
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
interval_t packet_timeout
void tls_prepend_opcode_v1(const struct tls_multi *multi, struct buffer *buf)
Prepend a one-byte OpenVPN data channel P_DATA_V1 opcode to the packet.
#define S_ERROR
Error state.
static void tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec, int slen, uint8_t *out1, int olen)
interval_t renegotiate_seconds
Key state authentication is being deferred, by async auth.
#define KS_SIZE
Size of the tls_session.key array.
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
unsigned int packet_id_print_type
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
struct session_id session_id_remote
static bool tls_session_generate_data_channel_keys(struct tls_session *session)
Generate data channel keys for the supplied TLS session.
static bool packet_id_close_to_wrapping(const struct packet_id_send *p)
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
void frame_print(const struct frame *frame, int level, const char *prefix)
static struct gc_arena gc_new(void)
Container for one half of random material to be used in key method 2 data channel key generation...
#define KS_PRIMARY
Primary key state index.
Key state is not authenticated.
bool tls_crypt_wrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Wrap a control channel packet (both authenticates and encrypts the data).
void reliable_ack_adjust_frame_parameters(struct frame *frame, int max)
#define P_CONTROL_HARD_RESET_SERVER_V2
#define S_START
Three-way handshake is complete, start of key exchange.
openvpn_net_ctx_t * net_ctx
void show_available_tls_ciphers(const char *cipher_list, const char *cipher_list_tls13, const char *tls_cert_profile)
#define ALLOC_OBJ_CLEAR(dptr, type)
#define TM_UNTRUSTED
As yet un-trusted tls_session being negotiated.
static const char * ks_auth_name(enum ks_auth_state auth)
struct crypto_options crypto_options
#define ENABLE_MANAGEMENT
ks_auth_state
This reflects the (server side) authentication state after the TLS session has been established and k...
struct tls_multi * tls_multi_init(struct tls_options *tls_options)
Allocate and initialize a tls_multi structure.
bool reliable_not_replay(const struct reliable *rel, packet_id_type id)
Check that a received packet's ID is not a replay.
void hmac_ctx_update(hmac_ctx_t *ctx, const uint8_t *src, int src_len)
struct buffer * reliable_get_buf_output_sequenced(struct reliable *rel)
Get the buffer of free reliable entry and check whether the outgoing acknowledgment sequence is still...
static void key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len)
Update the implicit IV for a key_ctx_bi based on TLS session ids and cipher used. ...
int extra_link
Maximum number of bytes in excess of external network interface's MTU that might be read from or writ...
#define FRAME_HEADROOM(f)
const struct static_challenge_info * sci
static bool generate_key_expansion(struct key_ctx_bi *key, struct tls_session *session)
const char * reliable_ack_print(struct buffer *buf, bool verbose, struct gc_arena *gc)
void auth_set_client_reason(struct tls_multi *multi, const char *client_reason)
Sets the reason why authentication of a client failed.
#define KEY_DIRECTION_INVERSE
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
void frame_init_mssfix(struct frame *frame, const struct options *options)
Set the –mssfix option.
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
static struct user_pass passbuf
cipher_ctx_t * cipher
Generic cipher context.
#define TLS_RELIABLE_N_SEND_BUFFERS
#define GET_USER_PASS_PASSWORD_ONLY
unsigned __int32 uint32_t
void wipe_auth_token(struct tls_multi *multi)
Wipes the authentication token out of the memory, frees and cleans up related buffers and flags...
mbedtls_md_info_t md_kt_t
Generic message digest key type context.
#define D_TLS_STATE_ERRORS
#define S_INITIAL
Initial key_state state after initialization by key_state_init() before start of three-way handshake...
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below...
static bool buf_write_u16(struct buffer *dest, int data)
void pem_password_setup(const char *auth_file)
interval_t reliable_send_timeout(const struct reliable *rel)
Determined how many seconds until the earliest resend should be attempted.
void ssl_purge_auth(const bool auth_user_pass_only)
static bool swap_hmac(struct buffer *buf, const struct crypto_options *co, bool incoming)
int key_id
The current active key id, used to keep track of renegotiations.
static bool link_socket_actual_defined(const struct link_socket_actual *act)
static struct user_pass auth_token
Container for one set of cipher and/or HMAC contexts.
#define OPENVPN_PLUGIN_TLS_FINAL
static void reset_session(struct tls_multi *multi, struct tls_session *session)
struct buffer_list * paybuf
mbedtls_cipher_info_t cipher_kt_t
Generic cipher key type context.
static bool reliable_ack_empty(struct reliable_ack *ack)
Check whether an acknowledgment structure contains any packet IDs to be acknowledged.
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher...
#define TLS_RELIABLE_N_REC_BUFFERS
void tls_adjust_frame_parameters(struct frame *frame)
struct key_ctx encrypt
Cipher and/or HMAC contexts for sending direction.
static bool session_id_defined(const struct session_id *sid1)
const char * extra_certs_file
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract plaintext data from the TLS module.
static SERVICE_STATUS status
void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name)
void set_auth_token(struct user_pass *up, struct user_pass *tk, const char *token)
Sets the auth-token to token if a username is available from either up or already present in tk...
const struct buffer * tls_crypt_v2_wkc
Wrapped client key, sent to server.
#define CO_USE_TLS_KEY_MATERIAL_EXPORT
Bit-flag indicating that data channel key derivation is done using TLS keying material export [RFC570...
static bool session_id_read(struct session_id *sid, struct buffer *buf)
#define P_CONTROL_HARD_RESET_CLIENT_V2
struct cert_hash_set * locked_cert_hash_set
struct tls_wrap_ctx tls_wrap
void ssl_set_auth_nocache(void)
int hmac_ctx_size(const hmac_ctx_t *ctx)
struct tls_wrap_ctx tls_wrap
#define PERF_TLS_MULTI_PROCESS
void buf_clear(struct buffer *buf)
void crypto_adjust_frame_parameters(struct frame *frame, const struct key_type *kt, bool packet_id, bool packet_id_long_form)
Calculate crypto overhead and adjust frame to account for that.
const md_kt_t * md_kt_get(const char *digest)
Return message digest parameters, based on the given digest name.
const char * challenge_text
static struct key_state * get_key_scan(struct tls_multi *multi, int index)
gets an item of key_state objects in the order they should be scanned by data channel modules...
const struct plugin_list * plugins
struct buffer plaintext_write_buf
static bool buf_copy(struct buffer *dest, const struct buffer *src)
struct link_socket_actual untrusted_addr
hmac_ctx_t * hmac
Generic HMAC context.
#define S_GOT_KEY
Local OpenVPN process has received the remote's part of the key material.
char * format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc)
#define RGI_HWADDR_DEFINED
#define PAYLOAD_SIZE_DYNAMIC(f)
void free_key_ctx_bi(struct key_ctx_bi *ctx)
#define PD_TLS_AUTH_HMAC_SIZE_MASK
#define CO_IGNORE_PACKET_ID
Bit-flag indicating whether to ignore the packet ID of a received packet.
char * remote_ciphername
cipher specified in peer's config file
bool tls_rec_payload(struct tls_multi *multi, struct buffer *buf)
static void key_source2_print(const struct key_source2 *k)
void tls_multi_init_set_options(struct tls_multi *multi, const char *local, const char *remote)
struct connection_entry ce
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, bool extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
static void openvpn_PRF(const uint8_t *secret, int secret_len, const char *label, const uint8_t *client_seed, int client_seed_len, const uint8_t *server_seed, int server_seed_len, const struct session_id *client_sid, const struct session_id *server_sid, uint8_t *output, int output_len)
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name...
struct packet_id_send send
uint8_t * data
Pointer to the allocated memory.
const char * local_options
#define TM_SIZE
Size of the tls_multi.session array.
struct key_ctx decrypt
cipher and/or HMAC contexts for receiving direction.
struct key_source client
Random provided by client.
#define MAX_HMAC_KEY_LENGTH
void openvpn_encrypt(struct buffer *buf, struct buffer work, struct crypto_options *opt)
Encrypt and HMAC sign a packet so that it can be sent as a data channel VPN tunnel packet to a remote...
Container for bidirectional cipher and HMAC key material.
static void link_socket_set_outgoing_addr(struct link_socket_info *info, const struct link_socket_actual *act, const char *common_name, struct env_set *es)
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
int tls_version_parse(const char *vstr, const char *extra)
static bool tls_session_user_pass_enabled(struct tls_session *session)
Returns whether or not the server should check for username/password.
void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
Set the (elliptic curve) group allowed for signatures and key exchange.
static void tls1_P_hash(const md_kt_t *md_kt, const uint8_t *sec, int sec_len, const uint8_t *seed, int seed_len, uint8_t *out, int olen)
#define CONTROL_SEND_ACK_MAX
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
time_t auth_deferred_expire
struct key_source server
Random provided by server.
static void tls_session_init(struct tls_multi *multi, struct tls_session *session)
Initialize a tls_session structure.
bool reliable_wont_break_sequentiality(const struct reliable *rel, packet_id_type id)
Check that a received packet's ID can safely be stored in the reliable structure's processing window...
void verify_user_pass(struct user_pass *up, struct tls_multi *multi, struct tls_session *session)
Verify the given username and password, using either an external script, a plugin, or the management interface.
unsigned char md_kt_size(const md_kt_t *kt)
Returns the size of the message digest, in bytes.
struct buffer * reliable_get_buf_sequenced(struct reliable *rel)
Get the buffer of the next sequential and active entry.
void auth_user_pass_setup(const char *auth_file, const struct static_challenge_info *sci)
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
int key_id
Key id for this key_state, inherited from struct tls_session.
#define GET_USER_PASS_DYNAMIC_CHALLENGE
bool openvpn_decrypt(struct buffer *buf, struct buffer work, struct crypto_options *opt, const struct frame *frame, const uint8_t *ad_start)
HMAC verify and decrypt a data channel packet received from a remote OpenVPN peer.
#define D_SHOW_KEY_SOURCE
struct buffer * reliable_send(struct reliable *rel, int *opcode)
Get the next packet to send to the remote peer.
void reliable_mark_deleted(struct reliable *rel, struct buffer *buf, bool inc_pid)
Remove an entry from a reliable structure.
struct session_id session_id
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge)
bool tls_pre_decrypt(struct tls_multi *multi, const struct link_socket_actual *from, struct buffer *buf, struct crypto_options **opt, bool floated, const uint8_t **ad_start)
Determine whether an incoming packet is a data channel or control channel packet, and process accordi...
#define ALLOC_ARRAY_CLEAR_GC(dptr, type, n, gc)
void purge_user_pass(struct user_pass *up, const bool force)
enum tls_wrap_ctx::@11 mode
Control channel wrapping mode.
Structure that wraps the TLS context.
static bool buf_write_u32(struct buffer *dest, int data)
void frame_set_mtu_dynamic(struct frame *frame, int mtu, unsigned int flags)
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
static char * read_string_alloc(struct buffer *buf)
#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
bool plugin_defined(const struct plugin_list *pl, const int type)
bool ssl_clean_auth_token(void)
static void key_state_free(struct key_state *ks, bool clear)
Cleanup a key_state structure.
#define KS_LAME_DUCK
Key state index that will retire soon.
static void check_malloc_return(const void *p)
#define P_CONTROL_SOFT_RESET_V1
struct key_source2 * key_src
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Security parameter state of a single session within a VPN tunnel.
#define VALGRIND_MAKE_READABLE(addr, len)
#define S_SENT_KEY
Local OpenVPN process has sent its part of the key material.
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
void output_peer_info_env(struct env_set *es, const char *peer_info)
static void write_control_auth(struct tls_session *session, struct key_state *ks, struct buffer *buf, struct link_socket_actual **to_link_addr, int opcode, int max_ack, bool prepend_ack)
int push_peer_info_detail
The acknowledgment structure in which packet IDs are stored for later acknowledgment.
Wrapper structure for dynamically allocated memory.
bool reliable_ack_read_packet_id(struct buffer *buf, packet_id_type *pid)
Read the packet ID of a received packet.
void tls_multi_init_finalize(struct tls_multi *multi, const struct frame *frame)
Finalize initialization of a tls_multi structure.
#define buf_init(buf, offset)
bool tls_send_payload(struct tls_multi *multi, const uint8_t *data, int size)
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context...
static bool management_enable_def_auth(const struct management *man)
static bool buf_write_prepend(struct buffer *dest, const void *src, int size)
static bool key_method_2_write(struct buffer *buf, struct tls_session *session)
Handle the writing of key data, peer-info, username/password, OCC to the TLS control channel (clearte...
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
void frame_finalize(struct frame *frame, bool link_mtu_defined, int link_mtu, bool tun_mtu_defined, int tun_mtu)
unsigned int mda_key_id_counter
const char * cipher_list_tls13
bool reliable_can_send(const struct reliable *rel)
Check whether a reliable structure has any active entries ready to be (re)sent.
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
void reliable_init(struct reliable *rel, int buf_size, int offset, int array_size, bool hold)
Initialize a reliable structure.
bool tls_crypt_v2_extract_client_key(struct buffer *buf, struct tls_wrap_ctx *ctx, const struct tls_options *opt)
Extract a tls-crypt-v2 client key from a P_CONTROL_HARD_RESET_CLIENT_V3 message, and load the key int...
void crypto_uninit_lib(void)
The reliability layer storage structure for one VPN tunnel's control channel in one direction...
int link_mtu
Maximum packet size to be sent over the external network interface.
#define TM_LAME_DUCK
Old tls_session.
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
static void frame_remove_from_extra_frame(struct frame *frame, const unsigned int decrement)
static const char * state_name(int state)
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Unwrap a control channel packet (decrypts, authenticates and performs replay checks).
void tls_clear_error(void)
Clear the underlying SSL library's error state.
void ssl_purge_auth_challenge(void)
static int min_int(int x, int y)
static int buf_forward_capacity_total(const struct buffer *buf)
bool reliable_can_get(const struct reliable *rel)
Check whether a reliable structure has any free buffers available for use.
void tls_x509_clear_env(struct env_set *es)
Remove any X509_ env variables from env_set es.
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation...
#define P_CONTROL_HARD_RESET_CLIENT_V1
void key2_print(const struct key2 *k, const struct key_type *kt, const char *prefix0, const char *prefix1)
Garbage collection arena used to keep track of dynamically allocated memory.
bool reliable_ack_read(struct reliable_ack *ack, struct buffer *buf, const struct session_id *sid)
Read an acknowledgment record from a received packet.
const char * openssl_name
static bool link_socket_actual_match(const struct link_socket_actual *a1, const struct link_socket_actual *a2)
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
void cert_hash_free(struct cert_hash_set *chs)
Frees the given set of certificate hashes.
static int buf_read_u16(struct buffer *buf)
static struct buffer clear_buf(void)
Return an empty struct buffer.
#define UP_TYPE_PRIVATE_KEY
static void key_source_print(const struct key_source *k, const char *prefix)
struct buffer ack_write_buf
const char * session_id_print(const struct session_id *sid, struct gc_arena *gc)
uint8_t implicit_iv[OPENVPN_MAX_IV_LENGTH]
The implicit part of the IV.
void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, int key_length, const md_kt_t *kt)
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract ciphertext data from the TLS module.
static const tls_cipher_name_pair tls_cipher_name_translation_table[]
SSL/TLS Cipher suite name translation table.
static void key_state_init(struct tls_session *session, struct key_state *ks)
Initialize a key_state structure.
static int key_source2_read(struct key_source2 *k2, struct buffer *buf, bool server)
static bool auth_user_pass_enabled
hmac_ctx_t * hmac_ctx_new(void)
#define TUN_LINK_DELTA(f)
static void tls_session_free(struct tls_session *session, bool clear)
Clean up a tls_session structure.
char password[USER_PASS_LEN]
#define P_CONTROL_HARD_RESET_CLIENT_V3
struct buffer clone_buf(const struct buffer *buf)
void verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session)
Perform final authentication checks, including locking of the cn, the allowed certificate hashes...
static bool random_bytes_to_buf(struct buffer *buf, uint8_t *out, int outlen)
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
void reliable_mark_active_incoming(struct reliable *rel, struct buffer *buf, packet_id_type pid, int opcode)
Mark the reliable entry associated with the given buffer as active incoming.
void hmac_ctx_final(hmac_ctx_t *ctx, uint8_t *dst)
const cipher_kt_t * cipher
Cipher static parameters.
static void update_time(void)
static int auth_deferred_expire_window(const struct tls_options *o)
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
#define TLS_CHANNEL_BUF_SIZE
void buffer_list_pop(struct buffer_list *ol)
void hmac_ctx_free(hmac_ctx_t *ctx)
struct buffer * buffer_list_peek(struct buffer_list *ol)
Retrieve the head buffer.
struct key_ctx tls_crypt_v2_server_key
Decrypts client keys.
static void tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_file_inline)
Load (or possibly reload) the CRL file into the SSL context.
struct buffer_entry * buffer_list_push_data(struct buffer_list *ol, const void *data, size_t size)
Allocates and appends a new buffer containing data of length size.
const char * remote_options
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
void reliable_schedule_now(struct reliable *rel)
Reschedule all entries of a reliable structure to be ready for (re)sending immediately.
void reliable_send_purge(struct reliable *rel, const struct reliable_ack *ack)
Remove acknowledged packets from a reliable structure.
static int packet_id_size(bool long_form)
static struct key2 generate_key_expansion_openvpn_prf(const struct tls_session *session)
void crypto_init_lib(void)
uint8_t pre_master[48]
Random used for master secret generation, provided only by client OpenVPN peer.
void hmac_ctx_reset(hmac_ctx_t *ctx)
bool priv_key_file_inline
static bool session_id_write_prepend(const struct session_id *sid, struct buffer *buf)
static bool key_method_2_read(struct buffer *buf, struct tls_multi *multi, struct tls_session *session)
Handle reading key data, peer-info, username/password, OCC from the TLS control channel (cleartext)...
Container for two sets of OpenSSL cipher and/or HMAC contexts for both sending and receiving directio...
void init_key_type(struct key_type *kt, const char *ciphername, const char *authname, int keysize, bool tls_mode, bool warn)
Initialize a key_type structure with.
Container for unidirectional cipher and HMAC key material.
struct tls_wrap_ctx tls_wrap
TLS handshake wrapping state.
#define GET_USER_PASS_MANAGEMENT
bool reliable_ack_acknowledge_packet_id(struct reliable_ack *ack, packet_id_type pid)
Record a packet ID for later acknowledgment.
int link_mtu_dynamic
Dynamic MTU value for the external network interface.
int tls_multi_process(struct tls_multi *multi, struct buffer *to_link, struct link_socket_actual **to_link_addr, struct link_socket_info *to_link_socket_info, interval_t *wakeup)
bool data_channel_use_ekm