39 #elif defined(_MSC_VER) 68 #ifdef MEASURE_TLS_HANDSHAKE_STATS 70 static int tls_handshake_success;
71 static int tls_handshake_error;
72 static int tls_packets_generated;
73 static int tls_packets_sent;
75 #define INCR_SENT ++tls_packets_sent 76 #define INCR_GENERATED ++tls_packets_generated 77 #define INCR_SUCCESS ++tls_handshake_success 78 #define INCR_ERROR ++tls_handshake_error 81 show_tls_performance_stats(
void)
83 msg(
D_TLS_DEBUG_LOW,
"TLS Handshakes, success=%f%% (good=%d, bad=%d), retransmits=%f%%",
84 (
double) tls_handshake_success / (tls_handshake_success + tls_handshake_error) * 100.0,
85 tls_handshake_success, tls_handshake_error,
86 (
double) (tls_packets_sent - tls_packets_generated) / tls_packets_generated * 100.0);
91 #define INCR_GENERATED 101 {
"ADH-SEED-SHA",
"TLS-DH-anon-WITH-SEED-CBC-SHA"},
102 {
"AES128-GCM-SHA256",
"TLS-RSA-WITH-AES-128-GCM-SHA256"},
103 {
"AES128-SHA256",
"TLS-RSA-WITH-AES-128-CBC-SHA256"},
104 {
"AES128-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA"},
105 {
"AES256-GCM-SHA384",
"TLS-RSA-WITH-AES-256-GCM-SHA384"},
106 {
"AES256-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256"},
107 {
"AES256-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA"},
108 {
"CAMELLIA128-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
109 {
"CAMELLIA128-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"},
110 {
"CAMELLIA256-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
111 {
"CAMELLIA256-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA"},
112 {
"DES-CBC3-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA"},
113 {
"DES-CBC-SHA",
"TLS-RSA-WITH-DES-CBC-SHA"},
114 {
"DH-DSS-SEED-SHA",
"TLS-DH-DSS-WITH-SEED-CBC-SHA"},
115 {
"DHE-DSS-AES128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256"},
116 {
"DHE-DSS-AES128-SHA256",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256"},
117 {
"DHE-DSS-AES128-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA"},
118 {
"DHE-DSS-AES256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384"},
119 {
"DHE-DSS-AES256-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256"},
120 {
"DHE-DSS-AES256-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA"},
121 {
"DHE-DSS-CAMELLIA128-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256"},
122 {
"DHE-DSS-CAMELLIA128-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA"},
123 {
"DHE-DSS-CAMELLIA256-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256"},
124 {
"DHE-DSS-CAMELLIA256-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA"},
125 {
"DHE-DSS-SEED-SHA",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA"},
126 {
"DHE-RSA-AES128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256"},
127 {
"DHE-RSA-AES128-SHA256",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256"},
128 {
"DHE-RSA-AES128-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA"},
129 {
"DHE-RSA-AES256-GCM-SHA384",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384"},
130 {
"DHE-RSA-AES256-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"},
131 {
"DHE-RSA-AES256-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA"},
132 {
"DHE-RSA-CAMELLIA128-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
133 {
"DHE-RSA-CAMELLIA128-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA"},
134 {
"DHE-RSA-CAMELLIA256-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
135 {
"DHE-RSA-CAMELLIA256-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA"},
136 {
"DHE-RSA-CHACHA20-POLY1305",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256"},
137 {
"DHE-RSA-SEED-SHA",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA"},
138 {
"DH-RSA-SEED-SHA",
"TLS-DH-RSA-WITH-SEED-CBC-SHA"},
139 {
"ECDH-ECDSA-AES128-GCM-SHA256",
"TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256"},
140 {
"ECDH-ECDSA-AES128-SHA256",
"TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256"},
141 {
"ECDH-ECDSA-AES128-SHA",
"TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA"},
142 {
"ECDH-ECDSA-AES256-GCM-SHA384",
"TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384"},
143 {
"ECDH-ECDSA-AES256-SHA256",
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA256"},
144 {
"ECDH-ECDSA-AES256-SHA384",
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384"},
145 {
"ECDH-ECDSA-AES256-SHA",
"TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA"},
146 {
"ECDH-ECDSA-CAMELLIA128-SHA256",
"TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256"},
147 {
"ECDH-ECDSA-CAMELLIA128-SHA",
"TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA"},
148 {
"ECDH-ECDSA-CAMELLIA256-SHA256",
"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA256"},
149 {
"ECDH-ECDSA-CAMELLIA256-SHA",
"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA"},
150 {
"ECDH-ECDSA-DES-CBC3-SHA",
"TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA"},
151 {
"ECDH-ECDSA-DES-CBC-SHA",
"TLS-ECDH-ECDSA-WITH-DES-CBC-SHA"},
152 {
"ECDH-ECDSA-RC4-SHA",
"TLS-ECDH-ECDSA-WITH-RC4-128-SHA"},
153 {
"ECDHE-ECDSA-AES128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"},
154 {
"ECDHE-ECDSA-AES128-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256"},
155 {
"ECDHE-ECDSA-AES128-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA384"},
156 {
"ECDHE-ECDSA-AES128-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA"},
157 {
"ECDHE-ECDSA-AES256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"},
158 {
"ECDHE-ECDSA-AES256-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA256"},
159 {
"ECDHE-ECDSA-AES256-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384"},
160 {
"ECDHE-ECDSA-AES256-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA"},
161 {
"ECDHE-ECDSA-CAMELLIA128-SHA256",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256"},
162 {
"ECDHE-ECDSA-CAMELLIA128-SHA",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA"},
163 {
"ECDHE-ECDSA-CAMELLIA256-SHA256",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA256"},
164 {
"ECDHE-ECDSA-CAMELLIA256-SHA",
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA"},
165 {
"ECDHE-ECDSA-CHACHA20-POLY1305",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"},
166 {
"ECDHE-ECDSA-DES-CBC3-SHA",
"TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA"},
167 {
"ECDHE-ECDSA-DES-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-DES-CBC-SHA"},
168 {
"ECDHE-ECDSA-RC4-SHA",
"TLS-ECDHE-ECDSA-WITH-RC4-128-SHA"},
169 {
"ECDHE-RSA-AES128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256"},
170 {
"ECDHE-RSA-AES128-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256"},
171 {
"ECDHE-RSA-AES128-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA384"},
172 {
"ECDHE-RSA-AES128-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA"},
173 {
"ECDHE-RSA-AES256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"},
174 {
"ECDHE-RSA-AES256-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA256"},
175 {
"ECDHE-RSA-AES256-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"},
176 {
"ECDHE-RSA-AES256-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA"},
177 {
"ECDHE-RSA-CAMELLIA128-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
178 {
"ECDHE-RSA-CAMELLIA128-SHA",
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA"},
179 {
"ECDHE-RSA-CAMELLIA256-SHA256",
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
180 {
"ECDHE-RSA-CAMELLIA256-SHA",
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA"},
181 {
"ECDHE-RSA-CHACHA20-POLY1305",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"},
182 {
"ECDHE-RSA-DES-CBC3-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA"},
183 {
"ECDHE-RSA-DES-CBC-SHA",
"TLS-ECDHE-RSA-WITH-DES-CBC-SHA"},
184 {
"ECDHE-RSA-RC4-SHA",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA"},
185 {
"ECDH-RSA-AES128-GCM-SHA256",
"TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256"},
186 {
"ECDH-RSA-AES128-SHA256",
"TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256"},
187 {
"ECDH-RSA-AES128-SHA384",
"TLS-ECDH-RSA-WITH-AES-128-CBC-SHA384"},
188 {
"ECDH-RSA-AES128-SHA",
"TLS-ECDH-RSA-WITH-AES-128-CBC-SHA"},
189 {
"ECDH-RSA-AES256-GCM-SHA384",
"TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384"},
190 {
"ECDH-RSA-AES256-SHA256",
"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA256"},
191 {
"ECDH-RSA-AES256-SHA384",
"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384"},
192 {
"ECDH-RSA-AES256-SHA",
"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA"},
193 {
"ECDH-RSA-CAMELLIA128-SHA256",
"TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
194 {
"ECDH-RSA-CAMELLIA128-SHA",
"TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA"},
195 {
"ECDH-RSA-CAMELLIA256-SHA256",
"TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
196 {
"ECDH-RSA-CAMELLIA256-SHA",
"TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA"},
197 {
"ECDH-RSA-DES-CBC3-SHA",
"TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA"},
198 {
"ECDH-RSA-DES-CBC-SHA",
"TLS-ECDH-RSA-WITH-DES-CBC-SHA"},
199 {
"ECDH-RSA-RC4-SHA",
"TLS-ECDH-RSA-WITH-RC4-128-SHA"},
200 {
"EDH-DSS-DES-CBC3-SHA",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA"},
201 {
"EDH-DSS-DES-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"},
202 {
"EDH-RSA-DES-CBC3-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"},
203 {
"EDH-RSA-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-DES-CBC-SHA"},
204 {
"EXP-DES-CBC-SHA",
"TLS-RSA-EXPORT-WITH-DES40-CBC-SHA"},
205 {
"EXP-EDH-DSS-DES-CBC-SHA",
"TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA"},
206 {
"EXP-EDH-RSA-DES-CBC-SHA",
"TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA"},
207 {
"EXP-RC2-CBC-MD5",
"TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5"},
208 {
"EXP-RC4-MD5",
"TLS-RSA-EXPORT-WITH-RC4-40-MD5"},
209 {
"NULL-MD5",
"TLS-RSA-WITH-NULL-MD5"},
210 {
"NULL-SHA256",
"TLS-RSA-WITH-NULL-SHA256"},
211 {
"NULL-SHA",
"TLS-RSA-WITH-NULL-SHA"},
212 {
"PSK-3DES-EDE-CBC-SHA",
"TLS-PSK-WITH-3DES-EDE-CBC-SHA"},
213 {
"PSK-AES128-CBC-SHA",
"TLS-PSK-WITH-AES-128-CBC-SHA"},
214 {
"PSK-AES256-CBC-SHA",
"TLS-PSK-WITH-AES-256-CBC-SHA"},
215 {
"PSK-RC4-SHA",
"TLS-PSK-WITH-RC4-128-SHA"},
216 {
"RC4-MD5",
"TLS-RSA-WITH-RC4-128-MD5"},
217 {
"RC4-SHA",
"TLS-RSA-WITH-RC4-128-SHA"},
218 {
"SEED-SHA",
"TLS-RSA-WITH-SEED-CBC-SHA"},
219 {
"SRP-DSS-3DES-EDE-CBC-SHA",
"TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA"},
220 {
"SRP-DSS-AES-128-CBC-SHA",
"TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA"},
221 {
"SRP-DSS-AES-256-CBC-SHA",
"TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA"},
222 {
"SRP-RSA-3DES-EDE-CBC-SHA",
"TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA"},
223 {
"SRP-RSA-AES-128-CBC-SHA",
"TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA"},
224 {
"SRP-RSA-AES-256-CBC-SHA",
"TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA"},
225 #ifdef ENABLE_CRYPTO_OPENSSL 227 {
"DEFAULT",
"DEFAULT"},
229 {
"HIGH",
"HIGH"}, {
"!HIGH",
"!HIGH"},
230 {
"MEDIUM",
"MEDIUM"}, {
"!MEDIUM",
"!MEDIUM"},
231 {
"LOW",
"LOW"}, {
"!LOW",
"!LOW"},
232 {
"ECDH",
"ECDH"}, {
"!ECDH",
"!ECDH"},
233 {
"ECDSA",
"ECDSA"}, {
"!ECDSA",
"!ECDSA"},
234 {
"EDH",
"EDH"}, {
"!EDH",
"!EDH"},
235 {
"EXP",
"EXP"}, {
"!EXP",
"!EXP"},
236 {
"RSA",
"RSA"}, {
"!RSA",
"!RSA"},
237 {
"kRSA",
"kRSA"}, {
"!kRSA",
"!kRSA"},
238 {
"SRP",
"SRP"}, {
"!SRP",
"!SRP"},
265 || (strlen(pair->
iana_name) == len && 0 == memcmp(cipher_name, pair->
iana_name, len)))
288 if (*reneg_bytes == -1)
290 msg(
M_WARN,
"WARNING: cipher with small block size in use, " 291 "reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.");
292 *reneg_bytes = 64 * 1024 * 1024;
392 #ifdef ENABLE_MANAGEMENT 399 auth_user_pass_enabled =
true;
402 #ifdef ENABLE_MANAGEMENT 472 if (!auth_user_pass_only)
480 #ifdef ENABLE_MANAGEMENT 485 #ifdef ENABLE_MANAGEMENT 490 free(auth_challenge);
491 auth_challenge = NULL;
512 if (!strcmp(vstr,
"1.0") &&
TLS_VER_1_0 <= max_version)
516 else if (!strcmp(vstr,
"1.1") &&
TLS_VER_1_1 <= max_version)
520 else if (!strcmp(vstr,
"1.2") &&
TLS_VER_1_2 <= max_version)
524 else if (!strcmp(vstr,
"1.3") &&
TLS_VER_1_3 <= max_version)
528 else if (extra && !strcmp(extra,
"or-highest"))
551 bool crl_file_inline)
564 crl_stat.st_mtime = 1;
571 msg(
M_FATAL,
"ERROR: Failed to stat CRL file during initialization, exiting.");
575 msg(
M_WARN,
"WARNING: Failed to stat CRL file, not reloading CRL.");
651 else if (options->pkcs11_providers[0])
653 if (!tls_ctx_use_pkcs11(new_ctx, options->pkcs11_id_management, options->pkcs11_id))
655 msg(
M_WARN,
"Cannot load certificate \"%s\" using PKCS#11 interface",
661 #ifdef ENABLE_CRYPTOAPI 667 #ifdef ENABLE_MANAGEMENT 689 #ifdef ENABLE_MANAGEMENT 694 msg(
M_WARN,
"Cannot initialize mamagement-external-key");
745 #ifdef ENABLE_CRYPTO_MBEDTLS 747 tls_ctx_personalise_random(new_ctx);
774 return "S_PRE_START";
792 return "S_GENERATED_KEYS";
805 return "KS_AUTH_TRUE";
807 return "KS_AUTH_DEFERRED";
809 return "KS_AUTH_FALSE";
821 return "P_CONTROL_HARD_RESET_CLIENT_V1";
824 return "P_CONTROL_HARD_RESET_SERVER_V1";
827 return "P_CONTROL_HARD_RESET_CLIENT_V2";
830 return "P_CONTROL_HARD_RESET_SERVER_V2";
833 return "P_CONTROL_HARD_RESET_CLIENT_V3";
836 return "P_CONTROL_SOFT_RESET_V1";
839 return "P_CONTROL_V1";
864 return "TM_UNTRUSTED";
867 return "TM_LAME_DUCK";
885 buf_printf(&out,
" [key#%d state=%s auth=%s id=%d sid=%s]", i,
990 #ifdef ENABLE_MANAGEMENT 1094 session->
opt = &multi->
opt;
1121 "TLS_WRAP", session->
key_id);
1129 dmsg(
D_TLS_DEBUG,
"TLS: tls_session_init: new session object, sid=%s",
1155 for (
size_t i = 0; i <
KS_SIZE; ++i)
1217 if (seconds_from_now < *earliest)
1219 *earliest = seconds_from_now;
1266 ret->
opt = *tls_options;
1355 for (
int i = 0; i <
TM_SIZE; ++i)
1378 #define SWAP_BUF_SIZE 256 1394 const int osid_size = 1 +
SID_SIZE;
1397 uint8_t *b =
BPTR(buf);
1414 if (buf->
len >= e1 + e2)
1416 memcpy(buf1, b, e1);
1417 memcpy(buf2, b + e1, e2);
1418 memcpy(b, buf2, e2);
1419 memcpy(b + e2, buf1, e1);
1429 #undef SWAP_BUF_SIZE 1510 "TLS Error: can not extract tls-crypt-v2 client key from %s",
1515 if (ctx->
mode == TLS_WRAP_AUTH)
1523 "TLS Error: cannot locate HMAC in incoming packet from %s",
1535 "TLS Error: incoming packet authentication failed from %s",
1541 else if (ctx->
mode == TLS_WRAP_CRYPT)
1567 if (ctx->
mode == TLS_WRAP_NONE || ctx->
mode == TLS_WRAP_AUTH)
1595 "%s pre_master: %s",
1621 const uint8_t *client_seed,
1622 int client_seed_len,
1623 const uint8_t *server_seed,
1624 int server_seed_len,
1652 output, output_len);
1696 uint8_t master[48] = { 0 };
1735 (uint8_t *)key2->
keys,
1736 sizeof(key2->
keys)))
1756 for (
int i = 0; i < 2; ++i)
1802 "Master Encrypt",
"Master Decrypt");
1805 for (
int i = 0; i < 2; ++i)
1830 size_t impl_iv_len = 0;
1834 ASSERT(impl_iv_len <= key_len);
1880 struct frame *frame_fragment)
1906 if (packet_id_long_form)
1914 options->
replay, packet_id_long_form);
1931 options->
replay, packet_id_long_form);
1942 struct frame *frame_fragment)
1948 if (!session->
opt->
server && !cipher_allowed_as_fallback
1951 msg(
D_TLS_ERRORS,
"Error: negotiated cipher not allowed - %s not in %s",
1972 msg(
M_FATAL,
"ERROR: Random number generator cannot obtain entropy for key generation [SSL]");
2062 (reliable_empty(ks->send_reliable) && reliable_ack_empty(ks->rec_ack)) 2100 const int len = strlen(str) + 1;
2101 if (len < 1 || (maxlen >= 0 && len > maxlen))
2120 if (len < 1 || len > (
int)capacity)
2142 str = (
char *)
malloc(len);
2181 #if defined(TARGET_LINUX) 2183 #elif defined(TARGET_SOLARIS) 2185 #elif defined(TARGET_OPENBSD) 2187 #elif defined(TARGET_DARWIN) 2189 #elif defined(TARGET_NETBSD) 2191 #elif defined(TARGET_FREEBSD) 2193 #elif defined(TARGET_ANDROID) 2195 #elif defined(_WIN32) 2234 #ifdef HAVE_EXPORT_KEYING_MATERIAL 2244 comp_generate_peer_info_string(&session->
opt->comp_options, &out);
2271 if ((((strncmp(e->string,
"UV_", 3) == 0
2272 || strncmp(e->string,
"IV_PLAT_VER=",
sizeof(
"IV_PLAT_VER=") - 1) == 0)
2274 || (strncmp(e->string,
"IV_GUI_VER=",
sizeof(
"IV_GUI_VER=") - 1) == 0)
2275 || (strncmp(e->string,
"IV_SSO=",
sizeof(
"IV_SSO=") - 1) == 0)
2277 &&
buf_safe(&out, strlen(e->string) + 1))
2306 write_compat_local_options(
struct buffer *buf,
const char *
options)
2349 && multi->
opt.comp_options.flags & COMP_F_MIGRATE)
2367 #ifdef ENABLE_MANAGEMENT 2454 unsigned int len = (size * 2) + 2;
2456 const char *key =
format_hex_ex(ekm, size, len, 0, NULL, &gc);
2465 msg(
M_WARN,
"WARNING: Export keying material failed!");
2481 bool username_status, password_status;
2493 msg(
D_TLS_ERRORS,
"TLS ERROR: Plaintext buffer too short (%d bytes).",
2503 "TLS ERROR: Unknown key_method/flags=%d received from remote host",
2511 msg(
D_TLS_ERRORS,
"TLS Error: Error reading remote data channel key source entropy from plaintext buffer");
2518 msg(
D_TLS_ERRORS,
"TLS Error: Failed to read required OCC options string");
2556 if (!username_status || !password_status)
2561 msg(
D_TLS_ERRORS,
"TLS Error: Auth Username/Password was not provided by peer");
2574 "TLS Error: Certificate verification failed (key-method 2)");
2597 msg(
D_SHOW_OCC,
"Note: 'compress migrate' detected remote peer " 2598 "with compression enabled.");
2607 msg(
D_TLS_ERRORS,
"Option inconsistency warnings triggering disconnect due to --opt-verify");
2685 bool state_change =
false;
2686 bool active =
false;
2724 dmsg(
D_TLS_DEBUG,
"TLS: tls_process: chg=%d ks=%s lame=%s to_link->len=%d wakeup=%d",
2731 state_change =
false;
2756 state_change =
true;
2760 #ifdef ENABLE_MANAGEMENT 2779 "TLS Error: TLS key negotiation failed to occur within %d seconds (check your network connectivity)",
2788 state_change =
true;
2819 state_change =
true;
2846 #ifdef MEASURE_TLS_HANDSHAKE_STATS 2847 show_tls_performance_stats();
2868 state_change =
true;
2884 "TLS Error: Incoming Ciphertext -> TLS object write error");
2895 state_change =
true;
2911 msg(
D_TLS_ERRORS,
"TLS Error: TLS object -> incoming plaintext read error");
2916 state_change =
true;
2934 state_change =
true;
2950 state_change =
true;
2963 "TLS ERROR: Outgoing Plaintext -> TLS object write error");
2968 state_change =
true;
2983 "TLS Error: Ciphertext -> reliable TCP/UDP transport read error");
2990 state_change =
true;
2996 while (state_change);
3083 for (
int i = 0; i <
TM_SIZE; ++i)
3097 "TLS: tls_multi_process: i=%d state=%s, mysid=%s, stored-sid=%s, stored-ip=%s",
3111 to_link_socket_info, wakeup))
3165 for (
int i = 0; i <
TM_SIZE; ++i)
3214 msg(
D_TLS_DEBUG_LOW,
"TLS: tls_multi_process: untrusted session promoted to %strusted",
3238 const int throw_level = GREMLIN_CONNECTION_FLOOD_LEVEL(multi->
opt.
gremlin);
3270 const uint8_t **ad_start)
3274 uint8_t c = *
BPTR(buf);
3303 "Key %s [%d] not initialized (yet), dropping packet.",
3312 *ad_start =
BPTR(buf);
3317 *ad_start =
BPTR(buf);
3323 msg(
D_TLS_ERRORS,
"Protocol error: received P_DATA_V2 from %s but length is < 4",
3334 "TLS: tls_pre_decrypt, key_id=%d, IP=%s",
3342 "TLS Error: local/remote TLS keys are out of sync: %s " 3343 "(received key id: %d, known key ids: %s)",
3385 const uint8_t **ad_start)
3399 uint8_t pkt_firstbyte = *
BPTR(buf);
3412 bool do_burst =
false;
3413 bool new_link =
false;
3425 "TLS Error: unknown opcode received from %s op=%d",
3439 "TLS Error: client->client or server->server connection attempted from %s",
3453 struct buffer tmp = *buf;
3458 "TLS Error: session-id not found in packet from %s",
3472 "TLS: initial packet test, i=%d state=%s, mysid=%s, rec-sid=%s, rec-ip=%s, stored-sid=%s, stored-ip=%s",
3487 "TLS ERROR: received control packet with stale session-id=%s",
3492 "TLS: found match, session[%d], sid=%s",
3516 "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [1]",
3521 #ifdef ENABLE_MANAGEMENT 3535 "TLS: Initial packet from %s, sid=%s",
3565 "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [2]",
3583 "TLS: new session incoming connection from %s",
3601 "TLS Error: Unroutable control packet received from %s (si=%d op=%s)",
3613 msg(
D_TLS_ERRORS,
"TLS Error: Received control packet from unexpected IP addr: %s",
3632 "TLS: received P_CONTROL_SOFT_RESET_V1 s=%d sid=%s",
3652 "TLS: received control channel packet s#=%d sid=%s",
3685 "TLS Error: Existing session control channel packet from unknown IP address: %s",
3695 if (do_burst && !session->
burst)
3698 session->
burst =
true;
3702 if (ks->
key_id != key_id)
3705 "TLS ERROR: local/remote key IDs out of sync (%d/%d) ID: %s",
3722 "TLS Error: reading acknowledgement record from packet");
3746 "Incoming control channel packet too big, dropping.");
3786 const struct buffer *buf)
3796 uint8_t pkt_firstbyte = *
BPTR(buf);
3810 "TLS State Error: No TLS state for client %s, opcode=%d",
3819 "TLS State Error: Unknown key ID (%d) received from %s -- 0 was expected",
3828 "TLS State Error: Large packet (size %d) received from %s -- a packet no larger than %d bytes was expected",
3961 | (multi->
peer_id & 0xFFFFFF));
3987 const uint8_t *data,
4052 for (
int i = 0; i <
TM_SIZE; ++i)
4056 for (
int j = 0; j <
KS_SIZE; ++j)
4078 const char *cipher_list_tls13,
4079 const char *tls_cert_profile)
4081 printf(
"Available TLS Ciphers, listed in order of preference:\n");
4085 printf(
"\nFor TLS 1.3 and newer (--tls-ciphersuites):\n\n");
4089 printf(
"\nFor TLS 1.2 and older (--tls-cipher):\n\n");
4093 "Be aware that that whether a cipher suite in this list can actually work\n" 4094 "depends on the specific setup of both peers. See the man page entries of\n" 4095 "--tls-cipher and --show-tls for more details.\n\n" 4107 struct buffer buf = *buffer;
4129 if (!
buf_read(&buf, &c,
sizeof(c)))
4161 if (tls_auth_hmac_size)
4168 if (!
buf_read(&buf, tls_auth_hmac, tls_auth_hmac_size))
4199 if (!
buf_read(&buf, &l,
sizeof(l)))
static void tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame, struct frame *frame)
struct reliable * rec_reliable
#define IV_PROTO_NCP_P2P
Support doing NCP in P2P mode.
bool cipher_kt_mode_aead(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported AEAD mode cipher.
char * management_query_cert(struct management *man, const char *cert_name)
static bool buf_write_u8(struct buffer *dest, int data)
void reliable_free(struct reliable *rel)
Free allocated memory associated with a reliable structure and the pointer itself.
static const char * packet_opcode_name(int op)
const cipher_kt_t * cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
Returns the static cipher parameters for this context.
void options_warning(char *actual, const char *expected)
#define EXPANDED_SIZE_DYNAMIC(f)
#define P_CONTROL_HARD_RESET_SERVER_V1
static const char * print_key_id(struct tls_multi *multi, struct gc_arena *gc)
size_t implicit_iv_len
The length of implicit_iv.
static bool key_method_2_write(struct buffer *buf, struct tls_multi *multi, struct tls_session *session)
Handle the writing of key data, peer-info, username/password, OCC to the TLS control channel (clearte...
Security parameter state for processing data channel packets.
struct key_state_ssl ks_ssl
const char * management_certificate
static void tls_wrap_free(struct tls_wrap_ctx *tls_wrap)
Free the elements of a tls_wrap_ctx structure.
#define CO_PACKET_ID_LONG_FORM
Bit-flag indicating whether to use OpenVPN's long packet ID format.
static void strncpynt(char *dest, const char *src, size_t maxlen)
#define TM_ACTIVE
Active tls_session.
static bool openvpn_PRF(const uint8_t *secret, int secret_len, const char *label, const uint8_t *client_seed, int client_seed_len, const uint8_t *server_seed, int server_seed_len, const struct session_id *client_sid, const struct session_id *server_sid, uint8_t *output, int output_len)
Security parameter state of one TLS and data channel key session.
static void compute_earliest_wakeup(interval_t *earliest, interval_t seconds_from_now)
struct buffer work
Work buffer (only for –tls-crypt)
unsigned int management_flags
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
struct key_state key[KS_SIZE]
struct buffer plaintext_read_buf
int n_sessions
Number of sessions negotiated thus far.
unsigned int crypto_max_overhead(void)
Return the worst-case OpenVPN crypto overhead (in bytes)
void tls_auth_standalone_finalize(struct tls_auth_standalone *tas, const struct frame *frame)
#define SSLF_CRL_VERIFY_DIR
void ssl_clean_user_pass(void)
Cleans the saved user/password unless auth-nocache is in use.
void free_buf(struct buffer *buf)
void ssl_put_auth_challenge(const char *cr_str)
static bool write_string(struct buffer *buf, const char *str, const int maxlen)
unsigned int flags
Bit-flags determining behavior of security operation functions.
static void export_user_keying_material(struct key_state_ssl *ssl, struct tls_session *session)
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
char * string_alloc(const char *str, struct gc_arena *gc)
#define S_PRE_START
Waiting for the remote OpenVPN peer to acknowledge during the initial three-way handshake.
static const char * session_index_name(int index)
bool enable_ncp_fallback
If defined fall back to ciphername if NCP fails.
static bool session_id_equal(const struct session_id *sid1, const struct session_id *sid2)
struct link_socket_addr * lsa
struct key keys[2]
Two unidirectional sets of key material.
struct buffer tls_crypt_v2_metadata
Received from client.
#define IV_PROTO_DATA_V2
Support P_DATA_V2.
static void tls_limit_reneg_bytes(const cipher_kt_t *cipher, int *reneg_bytes)
Limit the reneg_bytes value when using a small-block (<128 bytes) cipher.
struct packet_id_persist * pid_persist
Persistent packet ID state for keeping state between successive OpenVPN process startups.
bool options_cmp_equal(char *actual, const char *expected)
const char * tls_cert_profile
#define GET_USER_PASS_STATIC_CHALLENGE
Container for both halves of random material to be used in key method 2 data channel key generation...
static bool session_id_write(const struct session_id *sid, struct buffer *buf)
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
bool tls_session_generate_data_channel_keys(struct tls_session *session)
Generate data channel keys for the supplied TLS session.
bool ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int secret_len, uint8_t *output, int output_len)
Calculates the TLS 1.0-1.1 PRF function.
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
static bool buf_advance(struct buffer *buf, int size)
void packet_id_persist_load_obj(const struct packet_id_persist *p, struct packet_id *pid)
Packet geometry parameters.
struct key_state * save_ks
#define OPENVPN_MAX_IV_LENGTH
Maximum length of an IV.
static bool generate_key_expansion_tls_export(struct tls_session *session, struct key2 *key2)
bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
#define IV_PROTO_AUTH_PENDING_KW
Supports signaling keywords with AUTH_PENDING, e.g.
void fixup_key(struct key *key, const struct key_type *kt)
static void key_state_soft_reset(struct tls_session *session)
enum ks_auth_state authenticated
#define SSLF_AUTH_USER_PASS_OPTIONAL
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
#define RELIABLE_ACK_SIZE
The maximum number of packet IDs waiting to be acknowledged which can be stored in one reliable_ack s...
bool extra_certs_file_inline
static void gc_free(struct gc_arena *a)
struct tls_root_ctx ssl_ctx
void init_key_type(struct key_type *kt, const char *ciphername, const char *authname, bool tls_mode, bool warn)
Initialize a key_type structure with.
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
Reload the Certificate Revocation List for the SSL channel.
client with pull or p2p waiting for first time options import
static void frame_add_to_extra_frame(struct frame *frame, const unsigned int increment)
void tls_post_encrypt(struct tls_multi *multi, struct buffer *buf)
Perform some accounting for the key state used.
static const struct key_state * get_primary_key(const struct tls_multi *multi)
gets an item of key_state objects in the order they should be scanned by data channel modules...
static int plugin_call(const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es)
void ssl_set_auth_token_user(const char *username)
const char * auth_user_pass_verify_script
const char * priv_key_file
enum multi_status multi_state
void session_id_random(struct session_id *sid)
Security parameter state for a single VPN tunnel.
static void handle_data_channel_packet(struct tls_multi *multi, const struct link_socket_actual *from, struct buffer *buf, struct crypto_options **opt, bool floated, const uint8_t **ad_start)
struct buffer_list * buffer_list_new(const int max_size)
Allocate an empty buffer list of capacity max_size.
static bool tls_process(struct tls_multi *multi, struct tls_session *session, struct buffer *to_link, struct link_socket_actual **to_link_addr, struct link_socket_info *to_link_socket_info, interval_t *wakeup)
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user's password.
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
void tls_multi_free(struct tls_multi *multi, bool clear)
Cleanup a tls_multi structure and free associated memory allocations.
#define SET_MTU_UPPER_BOUND
const char * auth_user_pass_file
int n
The number of key objects stored in the key2.keys array.
struct reliable_ack * rec_ack
struct buffer alloc_buf(size_t size)
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
const char * config_ncp_ciphers
void p2p_mode_ncp(struct tls_multi *multi, struct tls_session *session)
Determines if there is common cipher of both peer by looking at the IV_CIPHER peer info...
struct link_socket_actual actual
struct crypto_options opt
Crypto state.
void tls_update_remote_addr(struct tls_multi *multi, const struct link_socket_actual *addr)
Updates remote address in TLS sessions.
#define S_UNDEF
Undefined state, used after a key_state is cleaned up.
bool is_hard_reset_method2(int op)
Given a key_method, return true if opcode represents the one of the hard_reset op codes for key-metho...
struct cert_hash_set * cert_hash_set
static bool lame_duck_must_die(const struct tls_session *session, interval_t *wakeup)
static void init_key_contexts(struct key_ctx_bi *key, const struct key_type *key_type, bool server, struct key2 *key2)
static void perf_pop(void)
Key state is authenticated.
const char * options_string_compat_lzo(const char *options, struct gc_arena *gc)
Takes a locally produced OCC string for TLS server mode and modifies as if the option comp-lzo was en...
bool buf_printf(struct buffer *buf, const char *format,...)
static bool read_string(struct buffer *buf, char *str, const unsigned int capacity)
static void perf_push(int type)
void tls_prepend_opcode_v2(const struct tls_multi *multi, struct buffer *buf)
Prepend an OpenVPN data channel P_DATA_V2 header to the packet.
static bool read_control_auth(struct buffer *buf, struct tls_wrap_ctx *ctx, const struct link_socket_actual *from, const struct tls_options *opt)
time_t crl_last_mtime
CRL last modification time.
struct man_def_auth_context * mda_context
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
#define EXPORT_KEY_DATA_LABEL
void setenv_str(struct env_set *es, const char *name, const char *value)
#define TLS_AUTHENTICATED(multi, ks)
Check whether the ks key_state has finished the key exchange part of the OpenVPN hand shake...
static int buf_read_u8(struct buffer *buf)
const char * win32_version_string(struct gc_arena *gc, bool add_name)
int cipher_kt_iv_size(const cipher_kt_t *cipher_kt)
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
bool cipher_kt_insecure(const cipher_kt_t *cipher)
Returns true if we consider this cipher to be insecure.
const char * protocol_dump(struct buffer *buffer, unsigned int flags, struct gc_arena *gc)
const char * cryptoapi_cert
static void flush_payload_buffer(struct key_state *ks)
bool packet_id_read(struct packet_id_net *pin, struct buffer *buf, bool long_form)
struct buffer * reliable_get_buf(struct reliable *rel)
Get the buffer of a free reliable entry in which to store a packet.
static bool push_peer_info(struct buffer *buf, struct tls_session *session)
Prepares the IV_ and UV_ variables that are part of the exchange to signal the peer's capabilities...
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
bool tls_item_in_cipher_list(const char *item, const char *list)
Return true iff item is present in the colon-separated zero-terminated cipher list.
#define TLS_VER_BAD
Parse a TLS version specifier.
struct key_state * tls_select_encryption_key(struct tls_multi *multi)
Selects the primary encryption that should be used to encrypt data of an outgoing packet...
#define IV_PROTO_REQUEST_PUSH
Assume client will send a push request and server does not need to wait for a push-request to send a ...
uint8_t random1[32]
Seed used for master secret generation, provided by both client and server.
void tls_free_lib(void)
Free any global SSL library-specific data structures.
bool check_key(struct key *key, const struct key_type *kt)
#define OPENVPN_STATE_AUTH
static bool check_debug_level(unsigned int level)
unsigned int crypto_flags
bool tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, const struct link_socket_actual *from, const struct buffer *buf)
Inspect an incoming packet for which no VPN tunnel is active, and determine whether a new VPN tunnel ...
#define OPENVPN_PLUGIN_FUNC_SUCCESS
struct tls_session session[TM_SIZE]
Array of tls_session objects representing control channel sessions with the remote peer...
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
static struct user_pass auth_user_pass
void ssl_set_auth_token(const char *token)
const char * config_ciphername
bool tls_session_update_crypto_params(struct tls_session *session, struct options *options, struct frame *frame, struct frame *frame_fragment)
Update TLS session crypto parameters (cipher and auth) and derive data channel keys based on the supp...
struct reliable * send_reliable
char username[USER_PASS_LEN]
#define IV_PROTO_TLS_KEY_EXPORT
Supports key derivation via TLS key material exporter [RFC5705].
void packet_id_free(struct packet_id *p)
static bool buf_read(struct buffer *src, void *dest, int size)
void tls_pre_encrypt(struct tls_multi *multi, struct buffer *buf, struct crypto_options **opt)
Choose the appropriate security parameters with which to process an outgoing packet.
unsigned int data_channel_crypto_flags
int offset
Offset in bytes of the actual content within the allocated memory.
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
struct link_socket_actual to_link_addr
#define OPENVPN_AEAD_MIN_IV_LEN
Minimal IV length for AEAD mode ciphers (in bytes): 4-byte packet id + 8 bytes implicit IV...
void reliable_mark_active_outgoing(struct reliable *rel, struct buffer *buf, int opcode)
Mark the reliable entry associated with the given buffer as active outgoing.
int len
Length in bytes of the actual content within the allocated memory.
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
void setenv_del(struct env_set *es, const char *name)
#define S_ACTIVE
Operational key_state state immediately after negotiation has completed while still within the handsh...
bool cleanup_key_ctx
opt.key_ctx_bi is owned by this context
static void reliable_set_timeout(struct reliable *rel, interval_t timeout)
off_t crl_last_size
size of last loaded CRL
const char * packet_id_net_print(const struct packet_id_net *pin, bool print_timestamp, struct gc_arena *gc)
struct tls_auth_standalone * tls_auth_standalone_init(struct tls_options *tls_options, struct gc_arena *gc)
static char * auth_challenge
static bool key_source2_randomize_write(struct key_source2 *k2, struct buffer *buf, bool server)
struct link_socket_actual remote_addr
char * options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc)
Given an OpenVPN options string, extract the value of an option.
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
bool reliable_ack_write(struct reliable_ack *ack, struct buffer *buf, const struct session_id *sid, int max, bool prepend)
Write a packet ID acknowledgment record to a buffer.
static bool generate_key_expansion_openvpn_prf(const struct tls_session *session, struct key2 *key2)
static bool write_empty_string(struct buffer *buf)
#define KEY_DIRECTION_NORMAL
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Control channel wrapping (–tls-auth/–tls-crypt) context.
void get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx)
static void move_session(struct tls_multi *multi, int dest, int src, bool reinit_src)
uint8_t random2[32]
Seed used for key expansion, provided by both client and server.
#define OPENVPN_STATE_WAIT
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
interval_t packet_timeout
void resend_auth_token_renegotiation(struct tls_multi *multi, struct tls_session *session)
Checks if a client should be sent a new auth token to update its current auth-token.
void tls_prepend_opcode_v1(const struct tls_multi *multi, struct buffer *buf)
Prepend a one-byte OpenVPN data channel P_DATA_V1 opcode to the packet.
#define S_ERROR
Error state.
interval_t renegotiate_seconds
Key state authentication is being deferred, by async auth.
#define KS_SIZE
Size of the tls_session.key array.
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
unsigned int packet_id_print_type
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
struct session_id session_id_remote
static bool packet_id_close_to_wrapping(const struct packet_id_send *p)
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
void frame_print(const struct frame *frame, int level, const char *prefix)
static struct gc_arena gc_new(void)
Container for one half of random material to be used in key method 2 data channel key generation...
#define KS_PRIMARY
Primary key state index.
Key state is not authenticated.
bool tls_crypt_wrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Wrap a control channel packet (both authenticates and encrypts the data).
void reliable_ack_adjust_frame_parameters(struct frame *frame, int max)
#define P_CONTROL_HARD_RESET_SERVER_V2
#define S_START
Three-way handshake is complete, start of key exchange.
openvpn_net_ctx_t * net_ctx
void show_available_tls_ciphers(const char *cipher_list, const char *cipher_list_tls13, const char *tls_cert_profile)
#define ALLOC_OBJ_CLEAR(dptr, type)
#define TM_UNTRUSTED
As yet un-trusted tls_session being negotiated.
static const char * ks_auth_name(enum ks_auth_state auth)
struct crypto_options crypto_options
#define ENABLE_MANAGEMENT
ks_auth_state
This reflects the (server side) authentication state after the TLS session has been established and k...
struct tls_multi * tls_multi_init(struct tls_options *tls_options)
Allocate and initialize a tls_multi structure.
bool reliable_not_replay(const struct reliable *rel, packet_id_type id)
Check that a received packet's ID is not a replay.
struct buffer * reliable_get_buf_output_sequenced(struct reliable *rel)
Get the buffer of free reliable entry and check whether the outgoing acknowledgment sequence is still...
static void key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len)
Update the implicit IV for a key_ctx_bi based on TLS session ids and cipher used. ...
int extra_link
Maximum number of bytes in excess of external network interface's MTU that might be read from or writ...
#define FRAME_HEADROOM(f)
const struct static_challenge_info * sci
static bool generate_key_expansion(struct key_ctx_bi *key, struct tls_session *session)
const char * reliable_ack_print(struct buffer *buf, bool verbose, struct gc_arena *gc)
void auth_set_client_reason(struct tls_multi *multi, const char *client_reason)
Sets the reason why authentication of a client failed.
#define KEY_DIRECTION_INVERSE
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
enum tls_auth_status tls_authentication_status(struct tls_multi *multi)
Return current session authentication state of the tls_multi structure This will return TLS_AUTHENTIC...
void frame_init_mssfix(struct frame *frame, const struct options *options)
Set the –mssfix option.
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
static struct user_pass passbuf
cipher_ctx_t * cipher
Generic cipher context.
#define TLS_RELIABLE_N_SEND_BUFFERS
#define GET_USER_PASS_PASSWORD_ONLY
void wipe_auth_token(struct tls_multi *multi)
Wipes the authentication token out of the memory, frees and cleans up related buffers and flags...
#define D_TLS_STATE_ERRORS
#define S_INITIAL
Initial key_state state after initialization by key_state_init() before start of three-way handshake...
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below...
static bool buf_write_u16(struct buffer *dest, int data)
void pem_password_setup(const char *auth_file)
interval_t reliable_send_timeout(const struct reliable *rel)
Determined how many seconds until the earliest resend should be attempted.
void ssl_purge_auth(const bool auth_user_pass_only)
static bool swap_hmac(struct buffer *buf, const struct crypto_options *co, bool incoming)
int key_id
The current active key id, used to keep track of renegotiations.
static bool link_socket_actual_defined(const struct link_socket_actual *act)
static struct user_pass auth_token
Container for one set of cipher and/or HMAC contexts.
#define OPENVPN_PLUGIN_TLS_FINAL
static void reset_session(struct tls_multi *multi, struct tls_session *session)
struct buffer_list * paybuf
mbedtls_cipher_info_t cipher_kt_t
Generic cipher key type context.
static bool reliable_ack_empty(struct reliable_ack *ack)
Check whether an acknowledgment structure contains any packet IDs to be acknowledged.
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher...
#define TLS_RELIABLE_N_REC_BUFFERS
void tls_adjust_frame_parameters(struct frame *frame)
struct key_ctx encrypt
Cipher and/or HMAC contexts for sending direction.
static bool session_id_defined(const struct session_id *sid1)
const char * extra_certs_file
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract plaintext data from the TLS module.
void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name)
void set_auth_token(struct user_pass *up, struct user_pass *tk, const char *token)
Sets the auth-token to token.
const struct buffer * tls_crypt_v2_wkc
Wrapped client key, sent to server.
#define CO_USE_TLS_KEY_MATERIAL_EXPORT
Bit-flag indicating that data channel key derivation is done using TLS keying material export [RFC570...
static bool session_id_read(struct session_id *sid, struct buffer *buf)
#define P_CONTROL_HARD_RESET_CLIENT_V2
struct cert_hash_set * locked_cert_hash_set
struct tls_wrap_ctx tls_wrap
void ssl_set_auth_nocache(void)
int hmac_ctx_size(const hmac_ctx_t *ctx)
struct tls_wrap_ctx tls_wrap
#define PERF_TLS_MULTI_PROCESS
void buf_clear(struct buffer *buf)
void crypto_adjust_frame_parameters(struct frame *frame, const struct key_type *kt, bool packet_id, bool packet_id_long_form)
Calculate crypto overhead and adjust frame to account for that.
const char * challenge_text
static struct key_state * get_key_scan(struct tls_multi *multi, int index)
gets an item of key_state objects in the order they should be scanned by data channel modules...
const struct plugin_list * plugins
struct buffer plaintext_write_buf
static bool buf_copy(struct buffer *dest, const struct buffer *src)
struct link_socket_actual untrusted_addr
hmac_ctx_t * hmac
Generic HMAC context.
#define S_GOT_KEY
Local OpenVPN process has received the remote's part of the key material.
char * format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc)
struct auth_deferred_status script_auth
#define RGI_HWADDR_DEFINED
#define PAYLOAD_SIZE_DYNAMIC(f)
void free_key_ctx_bi(struct key_ctx_bi *ctx)
#define PD_TLS_AUTH_HMAC_SIZE_MASK
#define CO_IGNORE_PACKET_ID
Bit-flag indicating whether to ignore the packet ID of a received packet.
char * remote_ciphername
cipher specified in peer's config file
bool tls_rec_payload(struct tls_multi *multi, struct buffer *buf)
static void key_source2_print(const struct key_source2 *k)
void tls_multi_init_set_options(struct tls_multi *multi, const char *local, const char *remote)
struct connection_entry ce
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, bool extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name...
struct packet_id_send send
uint8_t * data
Pointer to the allocated memory.
const char * local_options
#define TM_SIZE
Size of the tls_multi.session array.
struct key_ctx decrypt
cipher and/or HMAC contexts for receiving direction.
struct key_source client
Random provided by client.
bool tls_session_update_crypto_params_do_work(struct tls_session *session, struct options *options, struct frame *frame, struct frame *frame_fragment)
#define MAX_HMAC_KEY_LENGTH
void openvpn_encrypt(struct buffer *buf, struct buffer work, struct crypto_options *opt)
Encrypt and HMAC sign a packet so that it can be sent as a data channel VPN tunnel packet to a remote...
Container for bidirectional cipher and HMAC key material.
static void link_socket_set_outgoing_addr(struct link_socket_info *info, const struct link_socket_actual *act, const char *common_name, struct env_set *es)
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
int tls_version_parse(const char *vstr, const char *extra)
static bool tls_session_user_pass_enabled(struct tls_session *session)
Returns whether or not the server should check for username/password.
void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
Set the (elliptic curve) group allowed for signatures and key exchange.
#define CONTROL_SEND_ACK_MAX
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
time_t auth_deferred_expire
struct key_source server
Random provided by server.
static void tls_session_init(struct tls_multi *multi, struct tls_session *session)
Initialize a tls_session structure.
bool reliable_wont_break_sequentiality(const struct reliable *rel, packet_id_type id)
Check that a received packet's ID can safely be stored in the reliable structure's processing window...
void key_state_rm_auth_control_files(struct auth_deferred_status *ads)
Removes auth_pending and auth_control files from file system and key_state structure.
void verify_user_pass(struct user_pass *up, struct tls_multi *multi, struct tls_session *session)
Main username/password verification entry point.
struct buffer * reliable_get_buf_sequenced(struct reliable *rel)
Get the buffer of the next sequential and active entry.
void auth_user_pass_setup(const char *auth_file, const struct static_challenge_info *sci)
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
int key_id
Key id for this key_state, inherited from struct tls_session.
#define GET_USER_PASS_DYNAMIC_CHALLENGE
bool openvpn_decrypt(struct buffer *buf, struct buffer work, struct crypto_options *opt, const struct frame *frame, const uint8_t *ad_start)
HMAC verify and decrypt a data channel packet received from a remote OpenVPN peer.
#define D_SHOW_KEY_SOURCE
struct buffer * reliable_send(struct reliable *rel, int *opcode)
Get the next packet to send to the remote peer.
void reliable_mark_deleted(struct reliable *rel, struct buffer *buf, bool inc_pid)
Remove an entry from a reliable structure.
struct session_id session_id
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge)
bool tls_pre_decrypt(struct tls_multi *multi, const struct link_socket_actual *from, struct buffer *buf, struct crypto_options **opt, bool floated, const uint8_t **ad_start)
Determine whether an incoming packet is a data channel or control channel packet, and process accordi...
#define ALLOC_ARRAY_CLEAR_GC(dptr, type, n, gc)
void purge_user_pass(struct user_pass *up, const bool force)
enum tls_wrap_ctx::@11 mode
Control channel wrapping mode.
Structure that wraps the TLS context.
static bool buf_write_u32(struct buffer *dest, int data)
void frame_set_mtu_dynamic(struct frame *frame, int mtu, unsigned int flags)
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
static char * read_string_alloc(struct buffer *buf)
#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
void set_auth_token_user(struct user_pass *tk, const char *username)
Sets the auth-token username by base64 decoding the passed username.
void init_ssl(const struct options *options, struct tls_root_ctx *new_ctx, bool in_chroot)
Build master SSL context object that serves for the whole of OpenVPN instantiation.
bool plugin_defined(const struct plugin_list *pl, const int type)
bool ssl_clean_auth_token(void)
static void key_state_free(struct key_state *ks, bool clear)
Cleanup a key_state structure.
#define KS_LAME_DUCK
Key state index that will retire soon.
static void check_malloc_return(const void *p)
#define P_CONTROL_SOFT_RESET_V1
struct key_source2 * key_src
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Security parameter state of a single session within a VPN tunnel.
#define VALGRIND_MAKE_READABLE(addr, len)
#define S_SENT_KEY
Local OpenVPN process has sent its part of the key material.
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
void output_peer_info_env(struct env_set *es, const char *peer_info)
static void write_control_auth(struct tls_session *session, struct key_state *ks, struct buffer *buf, struct link_socket_actual **to_link_addr, int opcode, int max_ack, bool prepend_ack)
#define S_GENERATED_KEYS
The data channel keys have been generated The TLS session is fully authenticated when reaching this s...
static bool buf_safe(const struct buffer *buf, size_t len)
int push_peer_info_detail
The detail of info we push in peer info.
The acknowledgment structure in which packet IDs are stored for later acknowledgment.
Wrapper structure for dynamically allocated memory.
bool reliable_ack_read_packet_id(struct buffer *buf, packet_id_type *pid)
Read the packet ID of a received packet.
void tls_multi_init_finalize(struct tls_multi *multi, const struct frame *frame)
Finalize initialization of a tls_multi structure.
#define buf_init(buf, offset)
bool tls_send_payload(struct tls_multi *multi, const uint8_t *data, int size)
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context...
static bool management_enable_def_auth(const struct management *man)
static bool buf_write_prepend(struct buffer *dest, const void *src, int size)
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
void frame_finalize(struct frame *frame, bool link_mtu_defined, int link_mtu, bool tun_mtu_defined, int tun_mtu)
unsigned int mda_key_id_counter
const char * cipher_list_tls13
bool reliable_can_send(const struct reliable *rel)
Check whether a reliable structure has any active entries ready to be (re)sent.
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
void reliable_init(struct reliable *rel, int buf_size, int offset, int array_size, bool hold)
Initialize a reliable structure.
bool tls_crypt_v2_extract_client_key(struct buffer *buf, struct tls_wrap_ctx *ctx, const struct tls_options *opt)
Extract a tls-crypt-v2 client key from a P_CONTROL_HARD_RESET_CLIENT_V3 message, and load the key int...
void crypto_uninit_lib(void)
The reliability layer storage structure for one VPN tunnel's control channel in one direction...
int link_mtu
Maximum packet size to be sent over the external network interface.
struct auth_deferred_status plugin_auth
#define TM_LAME_DUCK
Old tls_session.
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
static void frame_remove_from_extra_frame(struct frame *frame, const unsigned int decrement)
static const char * state_name(int state)
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Unwrap a control channel packet (decrypts, authenticates and performs replay checks).
void tls_clear_error(void)
Clear the underlying SSL library's error state.
void ssl_purge_auth_challenge(void)
static int min_int(int x, int y)
static int buf_forward_capacity_total(const struct buffer *buf)
bool reliable_can_get(const struct reliable *rel)
Check whether a reliable structure has any free buffers available for use.
void tls_x509_clear_env(struct env_set *es)
Remove any X509_ env variables from env_set es.
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation...
#define P_CONTROL_HARD_RESET_CLIENT_V1
void key2_print(const struct key2 *k, const struct key_type *kt, const char *prefix0, const char *prefix1)
Garbage collection arena used to keep track of dynamically allocated memory.
bool reliable_ack_read(struct reliable_ack *ack, struct buffer *buf, const struct session_id *sid)
Read an acknowledgment record from a received packet.
const char * openssl_name
static bool link_socket_actual_match(const struct link_socket_actual *a1, const struct link_socket_actual *a2)
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
static bool buf_write(struct buffer *dest, const void *src, size_t size)
void cert_hash_free(struct cert_hash_set *chs)
Frees the given set of certificate hashes.
static int buf_read_u16(struct buffer *buf)
static struct buffer clear_buf(void)
Return an empty struct buffer.
#define UP_TYPE_PRIVATE_KEY
static void key_source_print(const struct key_source *k, const char *prefix)
struct buffer ack_write_buf
const char * session_id_print(const struct session_id *sid, struct gc_arena *gc)
uint8_t implicit_iv[OPENVPN_MAX_IV_LENGTH]
The implicit part of the IV.
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf, int maxlen)
Extract ciphertext data from the TLS module.
static const tls_cipher_name_pair tls_cipher_name_translation_table[]
SSL/TLS Cipher suite name translation table.
static void key_state_init(struct tls_session *session, struct key_state *ks)
Initialize a key_state structure.
static int key_source2_read(struct key_source2 *k2, struct buffer *buf, bool server)
static bool auth_user_pass_enabled
#define TUN_LINK_DELTA(f)
TLS connection established but deferred auth not finished.
static void tls_session_free(struct tls_session *session, bool clear)
Clean up a tls_session structure.
char password[USER_PASS_LEN]
#define P_CONTROL_HARD_RESET_CLIENT_V3
struct buffer clone_buf(const struct buffer *buf)
void verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session)
Perform final authentication checks, including locking of the cn, the allowed certificate hashes...
static bool random_bytes_to_buf(struct buffer *buf, uint8_t *out, int outlen)
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
void reliable_mark_active_incoming(struct reliable *rel, struct buffer *buf, packet_id_type pid, int opcode)
Mark the reliable entry associated with the given buffer as active incoming.
const cipher_kt_t * cipher
Cipher static parameters.
static void update_time(void)
static SERVICE_STATUS status
static int auth_deferred_expire_window(const struct tls_options *o)
bool remote_usescomp
remote announced comp-lzo in OCC string
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
#define TLS_CHANNEL_BUF_SIZE
void buffer_list_pop(struct buffer_list *ol)
struct buffer * buffer_list_peek(struct buffer_list *ol)
Retrieve the head buffer.
struct key_ctx tls_crypt_v2_server_key
Decrypts client keys.
struct buffer prepend_dir(const char *dir, const char *path, struct gc_arena *gc)
Prepend a directory to a path.
static void tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_file_inline)
Load (or possibly reload) the CRL file into the SSL context.
struct buffer_entry * buffer_list_push_data(struct buffer_list *ol, const void *data, size_t size)
Allocates and appends a new buffer containing data of length size.
const char * remote_options
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
void reliable_schedule_now(struct reliable *rel)
Reschedule all entries of a reliable structure to be ready for (re)sending immediately.
void reliable_send_purge(struct reliable *rel, const struct reliable_ack *ack)
Remove acknowledged packets from a reliable structure.
static int packet_id_size(bool long_form)
void crypto_init_lib(void)
uint8_t pre_master[48]
Random used for master secret generation, provided only by client OpenVPN peer.
bool priv_key_file_inline
static bool session_id_write_prepend(const struct session_id *sid, struct buffer *buf)
static bool key_method_2_read(struct buffer *buf, struct tls_multi *multi, struct tls_session *session)
Handle reading key data, peer-info, username/password, OCC from the TLS control channel (cleartext)...
Container for two sets of OpenSSL cipher and/or HMAC contexts for both sending and receiving directio...
Container for unidirectional cipher and HMAC key material.
struct tls_wrap_ctx tls_wrap
TLS handshake wrapping state.
#define GET_USER_PASS_MANAGEMENT
bool reliable_ack_acknowledge_packet_id(struct reliable_ack *ack, packet_id_type pid)
Record a packet ID for later acknowledgment.
int link_mtu_dynamic
Dynamic MTU value for the external network interface.
int tls_multi_process(struct tls_multi *multi, struct buffer *to_link, struct link_socket_actual **to_link_addr, struct link_socket_info *to_link_socket_info, interval_t *wakeup)