OpenVPN
ssl_mbedtls.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10  * Copyright (C) 2006-2010, Brainspark B.V.
11  *
12  * This program is free software; you can redistribute it and/or modify
13  * it under the terms of the GNU General Public License version 2
14  * as published by the Free Software Foundation.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 
31 #ifdef HAVE_CONFIG_H
32 #include "config.h"
33 #endif
34 
35 #include "syshead.h"
36 
37 #if defined(ENABLE_CRYPTO_MBEDTLS)
38 
39 #include "errlevel.h"
40 #include "ssl_backend.h"
41 #include "base64.h"
42 #include "buffer.h"
43 #include "misc.h"
44 #include "manage.h"
45 #include "mbedtls_compat.h"
46 #include "pkcs11_backend.h"
47 #include "ssl_common.h"
48 #include "ssl_util.h"
49 
50 #include "ssl_verify_mbedtls.h"
51 #include <mbedtls/debug.h>
52 #include <mbedtls/error.h>
53 #include <mbedtls/version.h>
54 
55 #if MBEDTLS_VERSION_NUMBER >= 0x02040000
56  #include <mbedtls/net_sockets.h>
57 #else
58  #include <mbedtls/net.h>
59 #endif
60 
61 #include <mbedtls/oid.h>
62 #include <mbedtls/pem.h>
63 
64 static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_legacy =
65 {
66  /* Hashes from SHA-1 and above */
67  MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 )
68  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 )
69  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
70  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
71  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
72  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
73  0xFFFFFFF, /* Any PK alg */
74  0xFFFFFFF, /* Any curve */
75  1024, /* RSA-1024 and larger */
76 };
77 
78 static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_preferred =
79 {
80  /* SHA-2 and above */
81  MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
82  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
83  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
84  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
85  0xFFFFFFF, /* Any PK alg */
86  0xFFFFFFF, /* Any curve */
87  2048, /* RSA-2048 and larger */
88 };
89 
90 #define openvpn_x509_crt_profile_suiteb mbedtls_x509_crt_profile_suiteb;
91 
92 void
93 tls_init_lib(void)
94 {
95  mbedtls_compat_psa_crypto_init();
96 }
97 
98 void
99 tls_free_lib(void)
100 {
101 }
102 
103 void
104 tls_ctx_server_new(struct tls_root_ctx *ctx)
105 {
106  ASSERT(NULL != ctx);
107  CLEAR(*ctx);
108 
109  ALLOC_OBJ_CLEAR(ctx->dhm_ctx, mbedtls_dhm_context);
110 
111  ALLOC_OBJ_CLEAR(ctx->ca_chain, mbedtls_x509_crt);
112 
113  ctx->endpoint = MBEDTLS_SSL_IS_SERVER;
114  ctx->initialised = true;
115 }
116 
117 void
118 tls_ctx_client_new(struct tls_root_ctx *ctx)
119 {
120  ASSERT(NULL != ctx);
121  CLEAR(*ctx);
122 
123  ALLOC_OBJ_CLEAR(ctx->dhm_ctx, mbedtls_dhm_context);
124  ALLOC_OBJ_CLEAR(ctx->ca_chain, mbedtls_x509_crt);
125 
126  ctx->endpoint = MBEDTLS_SSL_IS_CLIENT;
127  ctx->initialised = true;
128 }
129 
130 void
131 tls_ctx_free(struct tls_root_ctx *ctx)
132 {
133  if (ctx)
134  {
135  mbedtls_pk_free(ctx->priv_key);
136  free(ctx->priv_key);
137 
138  mbedtls_x509_crt_free(ctx->ca_chain);
139  free(ctx->ca_chain);
140 
141  mbedtls_x509_crt_free(ctx->crt_chain);
142  free(ctx->crt_chain);
143 
144  mbedtls_dhm_free(ctx->dhm_ctx);
145  free(ctx->dhm_ctx);
146 
147  mbedtls_x509_crl_free(ctx->crl);
148  free(ctx->crl);
149 
150 #if defined(ENABLE_PKCS11)
151  /* ...freeCertificate() can handle NULL ptrs, but if pkcs11 helper
152  * has not been initialized, it will ASSERT() - so, do not pass NULL
153  */
154  if (ctx->pkcs11_cert)
155  {
156  pkcs11h_certificate_freeCertificate(ctx->pkcs11_cert);
157  }
158 #endif
159 
160  free(ctx->allowed_ciphers);
161 
162  free(ctx->groups);
163 
164  CLEAR(*ctx);
165 
166  ctx->initialised = false;
167  }
168 }
169 
170 bool
171 tls_ctx_initialised(struct tls_root_ctx *ctx)
172 {
173  ASSERT(NULL != ctx);
174  return ctx->initialised;
175 }
176 
177 #ifdef HAVE_EXPORT_KEYING_MATERIAL
178 
179 #if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
180 /*
181  * Key export callback for older versions of mbed TLS, to be used with
182  * mbedtls_ssl_conf_export_keys_ext_cb(). It is called with the master
183  * secret, client random and server random, and the type of PRF function
184  * to use.
185  *
186  * Mbed TLS stores this callback in the mbedtls_ssl_config struct and it
187  * is used in the mbedtls_ssl_contexts set up from that config. */
188 int
189 mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
190  const unsigned char *kb, size_t maclen,
191  size_t keylen, size_t ivlen,
192  const unsigned char client_random[32],
193  const unsigned char server_random[32],
194  mbedtls_tls_prf_types tls_prf_type)
195 {
196  struct tls_session *session = p_expkey;
197  struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl;
198  struct tls_key_cache *cache = &ks_ssl->tls_key_cache;
199 
200  static_assert(sizeof(ks_ssl->ctx->session->master)
201  == sizeof(cache->master_secret), "master size mismatch");
202 
203  memcpy(cache->client_server_random, client_random, 32);
204  memcpy(cache->client_server_random + 32, server_random, 32);
205  memcpy(cache->master_secret, ms, sizeof(cache->master_secret));
206  cache->tls_prf_type = tls_prf_type;
207 
208  return 0;
209 }
210 #elif HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
211 /*
212  * Key export callback for newer versions of mbed TLS, to be used with
213  * mbedtls_ssl_set_export_keys_cb(). When used with TLS 1.2, the callback
214  * is called with the TLS 1.2 master secret, client random, server random
215  * and the type of PRF to use. With TLS 1.3, it is called with several
216  * different keys (indicated by type), but unfortunately not the exporter
217  * master secret.
218  *
219  * Unlike in older versions, the callback is not stored in the
220  * mbedtls_ssl_config. It is placed in the mbedtls_ssl_context after it
221  * has been set up. */
222 void
223 mbedtls_ssl_export_keys_cb(void *p_expkey,
224  mbedtls_ssl_key_export_type type,
225  const unsigned char *secret,
226  size_t secret_len,
227  const unsigned char client_random[32],
228  const unsigned char server_random[32],
229  mbedtls_tls_prf_types tls_prf_type)
230 {
231  /* Since we can't get the TLS 1.3 exporter master secret, we ignore all key
232  * types except MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET. */
233  if (type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET)
234  {
235  return;
236  }
237 
238  struct tls_session *session = p_expkey;
239  struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl;
240  struct tls_key_cache *cache = &ks_ssl->tls_key_cache;
241 
242  /* The TLS 1.2 master secret has a fixed size, so if secret_len has
243  * a different value, something is wrong with mbed TLS. */
244  if (secret_len != sizeof(cache->master_secret))
245  {
246  msg(M_FATAL,
247  "ERROR: Incorrect TLS 1.2 master secret length: Got %zu, expected %zu",
248  secret_len, sizeof(cache->master_secret));
249  }
250 
251  memcpy(cache->client_server_random, client_random, 32);
252  memcpy(cache->client_server_random + 32, server_random, 32);
253  memcpy(cache->master_secret, secret, sizeof(cache->master_secret));
254  cache->tls_prf_type = tls_prf_type;
255 }
256 #endif /* HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */
257 
258 bool
259 key_state_export_keying_material(struct tls_session *session,
260  const char *label, size_t label_size,
261  void *ekm, size_t ekm_size)
262 {
263  ASSERT(strlen(label) == label_size);
264 
265  struct tls_key_cache *cache = &session->key[KS_PRIMARY].ks_ssl.tls_key_cache;
266 
267  /* If the type is NONE, we either have no cached secrets or
268  * there is no PRF, in both cases we cannot generate key material */
269  if (cache->tls_prf_type == MBEDTLS_SSL_TLS_PRF_NONE)
270  {
271  return false;
272  }
273 
274  int ret = mbedtls_ssl_tls_prf(cache->tls_prf_type, cache->master_secret,
275  sizeof(cache->master_secret),
276  label, cache->client_server_random,
277  sizeof(cache->client_server_random),
278  ekm, ekm_size);
279 
280  if (mbed_ok(ret))
281  {
282  return true;
283  }
284  else
285  {
286  secure_memzero(ekm, session->opt->ekm_size);
287  return false;
288  }
289 }
290 #else /* ifdef HAVE_EXPORT_KEYING_MATERIAL */
291 bool
292 key_state_export_keying_material(struct tls_session *session,
293  const char *label, size_t label_size,
294  void *ekm, size_t ekm_size)
295 {
296  /* Dummy function to avoid ifdefs in the common code */
297  return false;
298 }
299 #endif /* HAVE_EXPORT_KEYING_MATERIAL */
300 
301 bool
302 tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
303 {
304  return true;
305 }
306 
307 static const char *
308 tls_translate_cipher_name(const char *cipher_name)
309 {
310  const tls_cipher_name_pair *pair = tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
311 
312  if (NULL == pair)
313  {
314  /* No translation found, return original */
315  return cipher_name;
316  }
317 
318  if (0 != strcmp(cipher_name, pair->iana_name))
319  {
320  /* Deprecated name found, notify user */
321  msg(M_WARN, "Deprecated cipher suite name '%s', please use IANA name '%s'", pair->openssl_name, pair->iana_name);
322  }
323 
324  return pair->iana_name;
325 }
326 
327 void
328 tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
329 {
330  if (ciphers == NULL)
331  {
332  /* Nothing to do, return without warning message */
333  return;
334  }
335 
336  msg(M_WARN, "mbed TLS does not support setting tls-ciphersuites. "
337  "Ignoring TLS 1.3 cipher list: %s", ciphers);
338 }
339 
340 void
341 tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
342 {
343  char *tmp_ciphers, *tmp_ciphers_orig, *token;
344 
345  if (NULL == ciphers)
346  {
347  return; /* Nothing to do */
348  }
349 
350  ASSERT(NULL != ctx);
351 
352  /* Get number of ciphers */
353  int cipher_count = get_num_elements(ciphers, ':');
354 
355  /* Allocate an array for them */
356  ALLOC_ARRAY_CLEAR(ctx->allowed_ciphers, int, cipher_count+1)
357 
358  /* Parse allowed ciphers, getting IDs */
359  int i = 0;
360  tmp_ciphers_orig = tmp_ciphers = string_alloc(ciphers, NULL);
361 
362  token = strtok(tmp_ciphers, ":");
363  while (token)
364  {
365  ctx->allowed_ciphers[i] = mbedtls_ssl_get_ciphersuite_id(
366  tls_translate_cipher_name(token));
367  if (0 != ctx->allowed_ciphers[i])
368  {
369  i++;
370  }
371  token = strtok(NULL, ":");
372  }
373  free(tmp_ciphers_orig);
374 }
375 
376 void
377 tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
378 {
379  if (!profile || 0 == strcmp(profile, "legacy")
380  || 0 == strcmp(profile, "insecure"))
381  {
382  ctx->cert_profile = openvpn_x509_crt_profile_legacy;
383  }
384  else if (0 == strcmp(profile, "preferred"))
385  {
386  ctx->cert_profile = openvpn_x509_crt_profile_preferred;
387  }
388  else if (0 == strcmp(profile, "suiteb"))
389  {
390  ctx->cert_profile = openvpn_x509_crt_profile_suiteb;
391  }
392  else
393  {
394  msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
395  }
396 }
397 
398 void
399 tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
400 {
401  ASSERT(ctx);
402  struct gc_arena gc = gc_new();
403 
404  /* Get number of groups and allocate an array in ctx */
405  int groups_count = get_num_elements(groups, ':');
406  ALLOC_ARRAY_CLEAR(ctx->groups, mbedtls_compat_group_id, groups_count + 1)
407 
408  /* Parse allowed ciphers, getting IDs */
409  int i = 0;
410  char *tmp_groups = string_alloc(groups, &gc);
411 
412  const char *token;
413  while ((token = strsep(&tmp_groups, ":")))
414  {
415  const mbedtls_ecp_curve_info *ci =
416  mbedtls_ecp_curve_info_from_name(token);
417  if (!ci)
418  {
419  msg(M_WARN, "Warning unknown curve/group specified: %s", token);
420  }
421  else
422  {
423  ctx->groups[i] = mbedtls_compat_get_group_id(ci);
424  i++;
425  }
426  }
427 
428  /* Recent mbedtls versions state that the list of groups must be terminated
429  * with 0. Older versions state that it must be terminated with MBEDTLS_ECP_DP_NONE
430  * which is also 0, so this works either way. */
431  ctx->groups[i] = 0;
432 
433  gc_free(&gc);
434 }
435 
436 
437 void
438 tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
439 {
440  ASSERT(ctx);
441  if (ctx->crt_chain == NULL)
442  {
443  return; /* Nothing to check if there is no certificate */
444  }
445 
446  if (mbedtls_x509_time_is_future(&ctx->crt_chain->valid_from))
447  {
448  msg(M_WARN, "WARNING: Your certificate is not yet valid!");
449  }
450 
451  if (mbedtls_x509_time_is_past(&ctx->crt_chain->valid_to))
452  {
453  msg(M_WARN, "WARNING: Your certificate has expired!");
454  }
455 }
456 
457 void
458 tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
459  bool dh_inline)
460 {
461  if (dh_inline)
462  {
463  if (!mbed_ok(mbedtls_dhm_parse_dhm(ctx->dhm_ctx,
464  (const unsigned char *) dh_file,
465  strlen(dh_file) + 1)))
466  {
467  msg(M_FATAL, "Cannot read inline DH parameters");
468  }
469  }
470  else
471  {
472  if (!mbed_ok(mbedtls_dhm_parse_dhmfile(ctx->dhm_ctx, dh_file)))
473  {
474  msg(M_FATAL, "Cannot read DH parameters from file %s", dh_file);
475  }
476  }
477 
478  msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with " counter_format " bit key",
479  (counter_type) mbedtls_dhm_get_bitlen(ctx->dhm_ctx));
480 }
481 
482 void
483 tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
484  )
485 {
486  if (NULL != curve_name)
487  {
488  msg(M_WARN, "WARNING: mbed TLS builds do not support specifying an "
489  "ECDH curve with --ecdh-curve, using default curves. Use "
490  "--tls-groups to specify curves.");
491  }
492 }
493 
494 int
495 tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
496  bool pkcs12_file_inline, bool load_ca_file)
497 {
498  msg(M_FATAL, "PKCS #12 files not yet supported for mbed TLS.");
499  return 0;
500 }
501 
502 #ifdef ENABLE_CRYPTOAPI
503 void
504 tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
505 {
506  msg(M_FATAL, "Windows CryptoAPI not yet supported for mbed TLS.");
507 }
508 #endif /* _WIN32 */
509 
510 void
511 tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file,
512  bool cert_inline)
513 {
514  ASSERT(NULL != ctx);
515 
516  if (!ctx->crt_chain)
517  {
518  ALLOC_OBJ_CLEAR(ctx->crt_chain, mbedtls_x509_crt);
519  }
520 
521  if (cert_inline)
522  {
523  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->crt_chain,
524  (const unsigned char *)cert_file,
525  strlen(cert_file) + 1)))
526  {
527  msg(M_FATAL, "Cannot load inline certificate file");
528  }
529  }
530  else
531  {
532  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->crt_chain, cert_file)))
533  {
534  msg(M_FATAL, "Cannot load certificate file %s", cert_file);
535  }
536  }
537 }
538 
539 int
540 tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
541  bool priv_key_inline)
542 {
543  int status;
544  ASSERT(NULL != ctx);
545 
546  if (!ctx->priv_key)
547  {
548  ALLOC_OBJ_CLEAR(ctx->priv_key, mbedtls_pk_context);
549  }
550 
551  if (priv_key_inline)
552  {
553  status = mbedtls_compat_pk_parse_key(ctx->priv_key,
554  (const unsigned char *) priv_key_file,
555  strlen(priv_key_file) + 1, NULL, 0,
556  mbedtls_ctr_drbg_random,
557  rand_ctx_get());
558 
559  if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED == status)
560  {
561  char passbuf[512] = {0};
562  pem_password_callback(passbuf, 512, 0, NULL);
563  status = mbedtls_compat_pk_parse_key(ctx->priv_key,
564  (const unsigned char *) priv_key_file,
565  strlen(priv_key_file) + 1,
566  (unsigned char *) passbuf,
567  strlen(passbuf),
568  mbedtls_ctr_drbg_random,
569  rand_ctx_get());
570  }
571  }
572  else
573  {
574  status = mbedtls_compat_pk_parse_keyfile(ctx->priv_key,
575  priv_key_file,
576  NULL,
577  mbedtls_ctr_drbg_random,
578  rand_ctx_get());
579  if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED == status)
580  {
581  char passbuf[512] = {0};
582  pem_password_callback(passbuf, 512, 0, NULL);
583  status = mbedtls_compat_pk_parse_keyfile(ctx->priv_key,
584  priv_key_file, passbuf,
585  mbedtls_ctr_drbg_random,
586  rand_ctx_get());
587  }
588  }
589  if (!mbed_ok(status))
590  {
591 #ifdef ENABLE_MANAGEMENT
592  if (management && (MBEDTLS_ERR_PK_PASSWORD_MISMATCH == status))
593  {
594  management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
595  }
596 #endif
597  msg(M_WARN, "Cannot load private key file %s",
598  print_key_filename(priv_key_file, priv_key_inline));
599  return 1;
600  }
601 
602  if (!mbed_ok(mbedtls_compat_pk_check_pair(&ctx->crt_chain->pk,
603  ctx->priv_key,
604  mbedtls_ctr_drbg_random,
605  rand_ctx_get())))
606  {
607  msg(M_WARN, "Private key does not match the certificate");
608  return 1;
609  }
610 
611  return 0;
612 }
613 
632 static inline int
633 external_pkcs1_sign( void *ctx_voidptr,
634  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
635 #if MBEDTLS_VERSION_NUMBER < 0x03020100
636  int mode,
637 #endif
638  mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash,
639  unsigned char *sig )
640 {
641  struct external_context *const ctx = ctx_voidptr;
642  int rv;
643  uint8_t *to_sign = NULL;
644  size_t asn_len = 0, oid_size = 0;
645  const char *oid = NULL;
646 
647  if (NULL == ctx)
648  {
649  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
650  }
651 
652 #if MBEDTLS_VERSION_NUMBER < 0x03020100
653  if (MBEDTLS_RSA_PRIVATE != mode)
654  {
655  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
656  }
657 #endif
658 
659  /*
660  * Support a wide range of hashes. TLSv1.1 and before only need SIG_RSA_RAW,
661  * but TLSv1.2 needs the full suite of hashes.
662  *
663  * This code has been taken from mbed TLS pkcs11_sign(), under the GPLv2.0+.
664  */
665  if (md_alg != MBEDTLS_MD_NONE)
666  {
667  const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
668  if (md_info == NULL)
669  {
670  return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
671  }
672 
673  if (!mbed_ok(mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size )))
674  {
675  return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
676  }
677 
678  hashlen = mbedtls_md_get_size( md_info );
679  asn_len = 10 + oid_size;
680  }
681 
682  if ((SIZE_MAX - hashlen) < asn_len
683  || ctx->signature_length < (asn_len + hashlen))
684  {
685  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
686  }
687 
688  ALLOC_ARRAY_CLEAR(to_sign, uint8_t, asn_len + hashlen);
689  uint8_t *p = to_sign;
690  if (md_alg != MBEDTLS_MD_NONE)
691  {
692  /*
693  * DigestInfo ::= SEQUENCE {
694  * digestAlgorithm DigestAlgorithmIdentifier,
695  * digest Digest }
696  *
697  * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
698  *
699  * Digest ::= OCTET STRING
700  */
701  *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
702  *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
703  *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
704  *p++ = (unsigned char) ( 0x04 + oid_size );
705  *p++ = MBEDTLS_ASN1_OID;
706  *p++ = oid_size & 0xFF;
707  memcpy( p, oid, oid_size );
708  p += oid_size;
709  *p++ = MBEDTLS_ASN1_NULL;
710  *p++ = 0x00;
711  *p++ = MBEDTLS_ASN1_OCTET_STRING;
712  *p++ = hashlen;
713 
714  /* Double-check ASN length */
715  ASSERT(asn_len == p - to_sign);
716  }
717 
718  /* Copy the hash to be signed */
719  memcpy(p, hash, hashlen);
720 
721  /* Call external signature function */
722  if (!ctx->sign(ctx->sign_ctx, to_sign, asn_len + hashlen, sig,
723  ctx->signature_length))
724  {
725  rv = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
726  goto done;
727  }
728 
729  rv = 0;
730 
731 done:
732  free(to_sign);
733  return rv;
734 }
735 
736 static inline size_t
737 external_key_len(void *vctx)
738 {
739  struct external_context *const ctx = vctx;
740 
741  return ctx->signature_length;
742 }
743 
744 int
745 tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx,
746  external_sign_func sign_func, void *sign_ctx)
747 {
748  ASSERT(NULL != ctx);
749 
750  if (ctx->crt_chain == NULL)
751  {
752  msg(M_WARN, "ERROR: external key requires a certificate.");
753  return 1;
754  }
755 
756  if (mbedtls_pk_get_type(&ctx->crt_chain->pk) != MBEDTLS_PK_RSA)
757  {
758  msg(M_WARN, "ERROR: external key with mbed TLS requires a "
759  "certificate with an RSA key.");
760  return 1;
761  }
762 
763  ctx->external_key.signature_length = mbedtls_pk_get_len(&ctx->crt_chain->pk);
764  ctx->external_key.sign = sign_func;
765  ctx->external_key.sign_ctx = sign_ctx;
766 
767  ALLOC_OBJ_CLEAR(ctx->priv_key, mbedtls_pk_context);
768  if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, &ctx->external_key,
769  NULL, external_pkcs1_sign, external_key_len)))
770  {
771  return 1;
772  }
773 
774  return 0;
775 }
776 
777 #ifdef ENABLE_MANAGEMENT
778 
779 static bool
780 management_sign_func(void *sign_ctx, const void *src, size_t src_len,
781  void *dst, size_t dst_len)
782 {
783  bool ret = false;
784  char *src_b64 = NULL;
785  char *dst_b64 = NULL;
786 
787  if (!management || (openvpn_base64_encode(src, src_len, &src_b64) <= 0))
788  {
789  goto cleanup;
790  }
791 
792  /*
793  * We only support RSA external keys and PKCS1 signatures at the moment
794  * in mbed TLS, so the signature parameter is hardcoded to this encoding
795  */
796  if (!(dst_b64 = management_query_pk_sig(management, src_b64,
797  "RSA_PKCS1_PADDING")))
798  {
799  goto cleanup;
800  }
801 
802  if (openvpn_base64_decode(dst_b64, dst, dst_len) != dst_len)
803  {
804  goto cleanup;
805  }
806 
807  ret = true;
808 cleanup:
809  free(src_b64);
810  free(dst_b64);
811 
812  return ret;
813 }
814 
815 int
816 tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
817 {
818  return tls_ctx_use_external_signing_func(ctx, management_sign_func, NULL);
819 }
820 
821 #endif /* ifdef ENABLE_MANAGEMENT */
822 
823 void
824 tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file,
825  bool ca_inline, const char *ca_path, bool tls_server)
826 {
827  if (ca_path)
828  {
829  msg(M_FATAL, "ERROR: mbed TLS cannot handle the capath directive");
830  }
831 
832  if (ca_file && ca_inline)
833  {
834  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->ca_chain,
835  (const unsigned char *) ca_file,
836  strlen(ca_file) + 1)))
837  {
838  msg(M_FATAL, "Cannot load inline CA certificates");
839  }
840  }
841  else
842  {
843  /* Load CA file for verifying peer supplied certificate */
844  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->ca_chain, ca_file)))
845  {
846  msg(M_FATAL, "Cannot load CA certificate file %s", ca_file);
847  }
848  }
849 }
850 
851 void
852 tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
853  bool extra_certs_inline)
854 {
855  ASSERT(NULL != ctx);
856 
857  if (!ctx->crt_chain)
858  {
859  ALLOC_OBJ_CLEAR(ctx->crt_chain, mbedtls_x509_crt);
860  }
861 
862  if (extra_certs_inline)
863  {
864  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->crt_chain,
865  (const unsigned char *) extra_certs_file,
866  strlen(extra_certs_file) + 1)))
867  {
868  msg(M_FATAL, "Cannot load inline extra-certs file");
869  }
870  }
871  else
872  {
873  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->crt_chain, extra_certs_file)))
874  {
875  msg(M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file);
876  }
877  }
878 }
879 
880 /* **************************************
881  *
882  * Key-state specific functions
883  *
884  ***************************************/
885 
886 /*
887  * "Endless buffer"
888  */
889 
890 static inline void
891 buf_free_entry(buffer_entry *entry)
892 {
893  if (NULL != entry)
894  {
895  free(entry->data);
896  free(entry);
897  }
898 }
899 
900 static void
901 buf_free_entries(endless_buffer *buf)
902 {
903  while (buf->first_block)
904  {
905  buffer_entry *cur_block = buf->first_block;
906  buf->first_block = cur_block->next_block;
907  buf_free_entry(cur_block);
908  }
909  buf->last_block = NULL;
910 }
911 
912 static int
913 endless_buf_read( endless_buffer *in, unsigned char *out, size_t out_len )
914 {
915  size_t read_len = 0;
916 
917  if (in->first_block == NULL)
918  {
919  return MBEDTLS_ERR_SSL_WANT_READ;
920  }
921 
922  while (in->first_block != NULL && read_len < out_len)
923  {
924  int block_len = in->first_block->length - in->data_start;
925  if (block_len <= out_len - read_len)
926  {
927  buffer_entry *cur_entry = in->first_block;
928  memcpy(out + read_len, cur_entry->data + in->data_start,
929  block_len);
930 
931  read_len += block_len;
932 
933  in->first_block = cur_entry->next_block;
934  in->data_start = 0;
935 
936  if (in->first_block == NULL)
937  {
938  in->last_block = NULL;
939  }
940 
941  buf_free_entry(cur_entry);
942  }
943  else
944  {
945  memcpy(out + read_len, in->first_block->data + in->data_start,
946  out_len - read_len);
947  in->data_start += out_len - read_len;
948  read_len = out_len;
949  }
950  }
951 
952  return read_len;
953 }
954 
955 static int
956 endless_buf_write( endless_buffer *out, const unsigned char *in, size_t len )
957 {
958  buffer_entry *new_block = malloc(sizeof(buffer_entry));
959  if (NULL == new_block)
960  {
961  return MBEDTLS_ERR_NET_SEND_FAILED;
962  }
963 
964  new_block->data = malloc(len);
965  if (NULL == new_block->data)
966  {
967  free(new_block);
968  return MBEDTLS_ERR_NET_SEND_FAILED;
969  }
970 
971  new_block->length = len;
972  new_block->next_block = NULL;
973 
974  memcpy(new_block->data, in, len);
975 
976  if (NULL == out->first_block)
977  {
978  out->first_block = new_block;
979  }
980 
981  if (NULL != out->last_block)
982  {
983  out->last_block->next_block = new_block;
984  }
985 
986  out->last_block = new_block;
987 
988  return len;
989 }
990 
991 static int
992 ssl_bio_read( void *ctx, unsigned char *out, size_t out_len)
993 {
994  bio_ctx *my_ctx = (bio_ctx *) ctx;
995  return endless_buf_read(&my_ctx->in, out, out_len);
996 }
997 
998 static int
999 ssl_bio_write( void *ctx, const unsigned char *in, size_t in_len)
1000 {
1001  bio_ctx *my_ctx = (bio_ctx *) ctx;
1002  return endless_buf_write(&my_ctx->out, in, in_len);
1003 }
1004 
1005 static void
1006 my_debug( void *ctx, int level, const char *file, int line,
1007  const char *str )
1008 {
1009  int my_loglevel = (level < 3) ? D_TLS_DEBUG_MED : D_TLS_DEBUG;
1010  msg(my_loglevel, "mbed TLS msg (%s:%d): %s", file, line, str);
1011 }
1012 
1013 /*
1014  * Further personalise the RNG using a hash of the public key
1015  */
1016 void
1017 tls_ctx_personalise_random(struct tls_root_ctx *ctx)
1018 {
1019  static char old_sha256_hash[32] = {0};
1020  unsigned char sha256_hash[32] = {0};
1021  mbedtls_ctr_drbg_context *cd_ctx = rand_ctx_get();
1022 
1023  if (NULL != ctx->crt_chain)
1024  {
1025  mbedtls_x509_crt *cert = ctx->crt_chain;
1026 
1027  if (!md_full("SHA256", cert->tbs.p, cert->tbs.len, sha256_hash))
1028  {
1029  msg(M_WARN, "WARNING: failed to personalise random");
1030  }
1031 
1032  if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
1033  {
1034  if (!mbed_ok(mbedtls_compat_ctr_drbg_update(cd_ctx, sha256_hash, 32)))
1035  {
1036  msg(M_WARN, "WARNING: failed to personalise random, could not update CTR_DRBG");
1037  }
1038  memcpy(old_sha256_hash, sha256_hash, sizeof(old_sha256_hash));
1039  }
1040  }
1041 }
1042 
1043 int
1044 tls_version_max(void)
1045 {
1046 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
1047  return TLS_VER_1_2;
1048 #else /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */
1049  #error "mbedtls is compiled without support for TLS 1.2."
1050 #endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */
1051 }
1052 
1060 mbedtls_ssl_protocol_version
1061 tls_version_to_ssl_version(int tls_ver)
1062 {
1063  switch (tls_ver)
1064  {
1065 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
1066  case TLS_VER_1_2:
1067  return MBEDTLS_SSL_VERSION_TLS1_2;
1068 #endif
1069 
1070 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1071  case TLS_VER_1_3:
1072  return MBEDTLS_SSL_VERSION_TLS1_3;
1073 #endif
1074 
1075  default:
1076  msg(M_FATAL, "%s: invalid or unsupported TLS version %d", __func__, tls_ver);
1077  return MBEDTLS_SSL_VERSION_UNKNOWN;
1078  }
1079 }
1080 
1081 void
1082 backend_tls_ctx_reload_crl(struct tls_root_ctx *ctx, const char *crl_file,
1083  bool crl_inline)
1084 {
1085  ASSERT(crl_file);
1086 
1087  if (ctx->crl == NULL)
1088  {
1089  ALLOC_OBJ_CLEAR(ctx->crl, mbedtls_x509_crl);
1090  }
1091  mbedtls_x509_crl_free(ctx->crl);
1092 
1093  if (crl_inline)
1094  {
1095  if (!mbed_ok(mbedtls_x509_crl_parse(ctx->crl,
1096  (const unsigned char *)crl_file,
1097  strlen(crl_file) + 1)))
1098  {
1099  msg(M_WARN, "CRL: cannot parse inline CRL");
1100  goto err;
1101  }
1102  }
1103  else
1104  {
1105  if (!mbed_ok(mbedtls_x509_crl_parse_file(ctx->crl, crl_file)))
1106  {
1107  msg(M_WARN, "CRL: cannot read CRL from file %s", crl_file);
1108  goto err;
1109  }
1110  }
1111  return;
1112 
1113 err:
1114  mbedtls_x509_crl_free(ctx->crl);
1115 }
1116 
1117 void
1118 key_state_ssl_init(struct key_state_ssl *ks_ssl,
1119  const struct tls_root_ctx *ssl_ctx, bool is_server,
1120  struct tls_session *session)
1121 {
1122  ASSERT(NULL != ssl_ctx);
1123  ASSERT(ks_ssl);
1124  CLEAR(*ks_ssl);
1125 
1126  /* Initialise SSL config */
1127  ALLOC_OBJ_CLEAR(ks_ssl->ssl_config, mbedtls_ssl_config);
1128  mbedtls_ssl_config_init(ks_ssl->ssl_config);
1129  mbedtls_ssl_config_defaults(ks_ssl->ssl_config, ssl_ctx->endpoint,
1130  MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1131 #ifdef MBEDTLS_DEBUG_C
1132  /* We only want to have mbed TLS generate debug level logging when we would
1133  * also display it.
1134  * In fact mbed TLS 2.25.0 crashes generating debug log if Curve25591 is
1135  * selected for DH (https://github.com/ARMmbed/mbedtls/issues/4208) */
1136  if (session->opt->ssl_flags & SSLF_TLS_DEBUG_ENABLED)
1137  {
1138  mbedtls_debug_set_threshold(3);
1139  }
1140  else
1141  {
1142  mbedtls_debug_set_threshold(2);
1143  }
1144 #endif
1145  mbedtls_ssl_conf_dbg(ks_ssl->ssl_config, my_debug, NULL);
1146  mbedtls_ssl_conf_rng(ks_ssl->ssl_config, mbedtls_ctr_drbg_random,
1147  rand_ctx_get());
1148 
1149  mbedtls_ssl_conf_cert_profile(ks_ssl->ssl_config, &ssl_ctx->cert_profile);
1150 
1151  if (ssl_ctx->allowed_ciphers)
1152  {
1153  mbedtls_ssl_conf_ciphersuites(ks_ssl->ssl_config, ssl_ctx->allowed_ciphers);
1154  }
1155 
1156  if (ssl_ctx->groups)
1157  {
1158  mbedtls_ssl_conf_groups(ks_ssl->ssl_config, ssl_ctx->groups);
1159  }
1160 
1161  /* Disable TLS renegotiations if the mbedtls library supports that feature.
1162  * OpenVPN's renegotiation creates new SSL sessions and does not depend on
1163  * this feature and TLS renegotiations have been problematic in the past. */
1164 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1165  mbedtls_ssl_conf_renegotiation(ks_ssl->ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1166 #endif /* MBEDTLS_SSL_RENEGOTIATION */
1167 
1168  /* Disable record splitting (for now). OpenVPN assumes records are sent
1169  * unfragmented, and changing that will require thorough review and
1170  * testing. Since OpenVPN is not susceptible to BEAST, we can just
1171  * disable record splitting as a quick fix. */
1172 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
1173  mbedtls_ssl_conf_cbc_record_splitting(ks_ssl->ssl_config,
1174  MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED);
1175 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
1176 
1177  /* Initialise authentication information */
1178  if (is_server)
1179  {
1180  mbed_ok(mbedtls_ssl_conf_dh_param_ctx(ks_ssl->ssl_config,
1181  ssl_ctx->dhm_ctx));
1182  }
1183 
1184  mbed_ok(mbedtls_ssl_conf_own_cert(ks_ssl->ssl_config, ssl_ctx->crt_chain,
1185  ssl_ctx->priv_key));
1186 
1187  /* Initialise SSL verification */
1188  if (session->opt->ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
1189  {
1190  mbedtls_ssl_conf_authmode(ks_ssl->ssl_config, MBEDTLS_SSL_VERIFY_OPTIONAL);
1191  }
1192  else if (!(session->opt->ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED))
1193  {
1194  mbedtls_ssl_conf_authmode(ks_ssl->ssl_config, MBEDTLS_SSL_VERIFY_REQUIRED);
1195  }
1196  mbedtls_ssl_conf_verify(ks_ssl->ssl_config, verify_callback, session);
1197 
1198  /* TODO: mbed TLS does not currently support sending the CA chain to the client */
1199  mbedtls_ssl_conf_ca_chain(ks_ssl->ssl_config, ssl_ctx->ca_chain, ssl_ctx->crl);
1200 
1201  /* Initialize minimum TLS version */
1202  {
1203  const int configured_tls_version_min =
1204  (session->opt->ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT)
1205  &SSLF_TLS_VERSION_MIN_MASK;
1206 
1207  /* default to TLS 1.2 */
1208  mbedtls_ssl_protocol_version version = MBEDTLS_SSL_VERSION_TLS1_2;
1209 
1210  if (configured_tls_version_min > TLS_VER_UNSPEC)
1211  {
1212  version = tls_version_to_ssl_version(configured_tls_version_min);
1213  }
1214 
1215  mbedtls_ssl_conf_min_tls_version(ks_ssl->ssl_config, version);
1216  }
1217 
1218  /* Initialize maximum TLS version */
1219  {
1220  const int configured_tls_version_max =
1221  (session->opt->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT)
1222  &SSLF_TLS_VERSION_MAX_MASK;
1223 
1224  mbedtls_ssl_protocol_version version = MBEDTLS_SSL_VERSION_UNKNOWN;
1225 
1226  if (configured_tls_version_max > TLS_VER_UNSPEC)
1227  {
1228  version = tls_version_to_ssl_version(configured_tls_version_max);
1229  }
1230  else
1231  {
1232  /* Default to tls_version_max(). */
1233  version = tls_version_to_ssl_version(tls_version_max());
1234  }
1235 
1236  mbedtls_ssl_conf_max_tls_version(ks_ssl->ssl_config, version);
1237  }
1238 
1239 #if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
1240  /* Initialize keying material exporter, old style. */
1241  mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config,
1242  mbedtls_ssl_export_keys_cb, session);
1243 #endif
1244 
1245  /* Initialise SSL context */
1246  ALLOC_OBJ_CLEAR(ks_ssl->ctx, mbedtls_ssl_context);
1247  mbedtls_ssl_init(ks_ssl->ctx);
1248  mbed_ok(mbedtls_ssl_setup(ks_ssl->ctx, ks_ssl->ssl_config));
1249  /* We do verification in our own callback depending on the
1250  * exact configuration. We do not rely on the default hostname
1251  * verification. */
1252  ASSERT(mbed_ok(mbedtls_ssl_set_hostname(ks_ssl->ctx, NULL)));
1253 
1254 #if HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
1255  /* Initialize keying material exporter, new style. */
1256  mbedtls_ssl_set_export_keys_cb(ks_ssl->ctx, mbedtls_ssl_export_keys_cb, session);
1257 #endif
1258 
1259  /* Initialise BIOs */
1260  ALLOC_OBJ_CLEAR(ks_ssl->bio_ctx, bio_ctx);
1261  mbedtls_ssl_set_bio(ks_ssl->ctx, ks_ssl->bio_ctx, ssl_bio_write,
1262  ssl_bio_read, NULL);
1263 }
1264 
1265 
1266 void
1267 key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
1268 {
1269  mbedtls_ssl_send_alert_message(ks_ssl->ctx, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1270  MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY);
1271 }
1272 
1273 void
1274 key_state_ssl_free(struct key_state_ssl *ks_ssl)
1275 {
1276  if (ks_ssl)
1277  {
1278  CLEAR(ks_ssl->tls_key_cache);
1279 
1280  if (ks_ssl->ctx)
1281  {
1282  mbedtls_ssl_free(ks_ssl->ctx);
1283  free(ks_ssl->ctx);
1284  }
1285  if (ks_ssl->ssl_config)
1286  {
1287  mbedtls_ssl_config_free(ks_ssl->ssl_config);
1288  free(ks_ssl->ssl_config);
1289  }
1290  if (ks_ssl->bio_ctx)
1291  {
1292  buf_free_entries(&ks_ssl->bio_ctx->in);
1293  buf_free_entries(&ks_ssl->bio_ctx->out);
1294  free(ks_ssl->bio_ctx);
1295  }
1296  CLEAR(*ks_ssl);
1297  }
1298 }
1299 
1300 int
1301 key_state_write_plaintext(struct key_state_ssl *ks, struct buffer *buf)
1302 {
1303  int retval = 0;
1304 
1305  ASSERT(buf);
1306 
1307  retval = key_state_write_plaintext_const(ks, BPTR(buf), BLEN(buf));
1308 
1309  if (1 == retval)
1310  {
1311  memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
1312  buf->len = 0;
1313  }
1314 
1315  return retval;
1316 }
1317 
1318 int
1319 key_state_write_plaintext_const(struct key_state_ssl *ks, const uint8_t *data, int len)
1320 {
1321  int retval = 0;
1322  perf_push(PERF_BIO_WRITE_PLAINTEXT);
1323 
1324  ASSERT(NULL != ks);
1325  ASSERT(len >= 0);
1326 
1327  if (0 == len)
1328  {
1329  perf_pop();
1330  return 0;
1331  }
1332 
1333  ASSERT(data);
1334 
1335  retval = mbedtls_ssl_write(ks->ctx, data, len);
1336 
1337  if (retval < 0)
1338  {
1339  perf_pop();
1340  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1341  {
1342  return 0;
1343  }
1344  mbed_log_err(D_TLS_ERRORS, retval,
1345  "TLS ERROR: write tls_write_plaintext_const error");
1346  return -1;
1347  }
1348 
1349  if (retval != len)
1350  {
1351  msg(D_TLS_ERRORS,
1352  "TLS ERROR: write tls_write_plaintext_const incomplete %d/%d",
1353  retval, len);
1354  perf_pop();
1355  return -1;
1356  }
1357 
1358  /* successful write */
1359  dmsg(D_HANDSHAKE_VERBOSE, "write tls_write_plaintext_const %d bytes", retval);
1360 
1361  perf_pop();
1362  return 1;
1363 }
1364 
1365 int
1366 key_state_read_ciphertext(struct key_state_ssl *ks, struct buffer *buf)
1367 {
1368  int retval = 0;
1369  int len = 0;
1370 
1371  perf_push(PERF_BIO_READ_CIPHERTEXT);
1372 
1373  ASSERT(NULL != ks);
1374  ASSERT(buf);
1375  ASSERT(buf->len >= 0);
1376 
1377  if (buf->len)
1378  {
1379  perf_pop();
1380  return 0;
1381  }
1382 
1383  len = buf_forward_capacity(buf);
1384 
1385  retval = endless_buf_read(&ks->bio_ctx->out, BPTR(buf), len);
1386 
1387  /* Error during read, check for retry error */
1388  if (retval < 0)
1389  {
1390  perf_pop();
1391  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1392  {
1393  return 0;
1394  }
1395  mbed_log_err(D_TLS_ERRORS, retval, "TLS_ERROR: read tls_read_ciphertext error");
1396  buf->len = 0;
1397  return -1;
1398  }
1399  /* Nothing read, try again */
1400  if (0 == retval)
1401  {
1402  buf->len = 0;
1403  perf_pop();
1404  return 0;
1405  }
1406 
1407  /* successful read */
1408  dmsg(D_HANDSHAKE_VERBOSE, "read tls_read_ciphertext %d bytes", retval);
1409  buf->len = retval;
1410  perf_pop();
1411  return 1;
1412 }
1413 
1414 int
1415 key_state_write_ciphertext(struct key_state_ssl *ks, struct buffer *buf)
1416 {
1417  int retval = 0;
1418  perf_push(PERF_BIO_WRITE_CIPHERTEXT);
1419 
1420  ASSERT(NULL != ks);
1421  ASSERT(buf);
1422  ASSERT(buf->len >= 0);
1423 
1424  if (0 == buf->len)
1425  {
1426  perf_pop();
1427  return 0;
1428  }
1429 
1430  retval = endless_buf_write(&ks->bio_ctx->in, BPTR(buf), buf->len);
1431 
1432  if (retval < 0)
1433  {
1434  perf_pop();
1435 
1436  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1437  {
1438  return 0;
1439  }
1440  mbed_log_err(D_TLS_ERRORS, retval,
1441  "TLS ERROR: write tls_write_ciphertext error");
1442  return -1;
1443  }
1444 
1445  if (retval != buf->len)
1446  {
1447  msg(D_TLS_ERRORS, "TLS ERROR: write tls_write_ciphertext incomplete %d/%d",
1448  retval, buf->len);
1449  perf_pop();
1450  return -1;
1451  }
1452 
1453  /* successful write */
1454  dmsg(D_HANDSHAKE_VERBOSE, "write tls_write_ciphertext %d bytes", retval);
1455 
1456  memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
1457  buf->len = 0;
1458 
1459  perf_pop();
1460  return 1;
1461 }
1462 
1463 int
1464 key_state_read_plaintext(struct key_state_ssl *ks, struct buffer *buf)
1465 {
1466  int retval = 0;
1467  int len = 0;
1468 
1469  perf_push(PERF_BIO_READ_PLAINTEXT);
1470 
1471  ASSERT(NULL != ks);
1472  ASSERT(buf);
1473  ASSERT(buf->len >= 0);
1474 
1475  if (buf->len)
1476  {
1477  perf_pop();
1478  return 0;
1479  }
1480 
1481  len = buf_forward_capacity(buf);
1482 
1483  retval = mbedtls_ssl_read(ks->ctx, BPTR(buf), len);
1484 
1485  /* Error during read, check for retry error */
1486  if (retval < 0)
1487  {
1488  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1489  {
1490  return 0;
1491  }
1492  mbed_log_err(D_TLS_ERRORS, retval, "TLS_ERROR: read tls_read_plaintext error");
1493  buf->len = 0;
1494  perf_pop();
1495  return -1;
1496  }
1497  /* Nothing read, try again */
1498  if (0 == retval)
1499  {
1500  buf->len = 0;
1501  perf_pop();
1502  return 0;
1503  }
1504 
1505  /* successful read */
1506  dmsg(D_HANDSHAKE_VERBOSE, "read tls_read_plaintext %d bytes", retval);
1507  buf->len = retval;
1508 
1509  perf_pop();
1510  return 1;
1511 }
1512 
1513 /* **************************************
1514  *
1515  * Information functions
1516  *
1517  * Print information for the end user.
1518  *
1519  ***************************************/
1520 void
1521 print_details(struct key_state_ssl *ks_ssl, const char *prefix)
1522 {
1523  const mbedtls_x509_crt *cert;
1524  char s1[256];
1525  char s2[256];
1526 
1527  s1[0] = s2[0] = 0;
1528  snprintf(s1, sizeof(s1), "%s %s, cipher %s",
1529  prefix,
1530  mbedtls_ssl_get_version(ks_ssl->ctx),
1531  mbedtls_ssl_get_ciphersuite(ks_ssl->ctx));
1532 
1533  cert = mbedtls_ssl_get_peer_cert(ks_ssl->ctx);
1534  if (cert != NULL)
1535  {
1536  snprintf(s2, sizeof(s2), ", %u bit key",
1537  (unsigned int) mbedtls_pk_get_bitlen(&cert->pk));
1538  }
1539 
1540  msg(D_HANDSHAKE, "%s%s", s1, s2);
1541 }
1542 
1543 void
1544 show_available_tls_ciphers_list(const char *cipher_list,
1545  const char *tls_cert_profile,
1546  bool tls13)
1547 {
1548  if (tls13)
1549  {
1550  /* mbed TLS has no TLS 1.3 support currently */
1551  return;
1552  }
1553  struct tls_root_ctx tls_ctx;
1554  const int *ciphers = mbedtls_ssl_list_ciphersuites();
1555 
1556  tls_ctx_server_new(&tls_ctx);
1557  tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
1558  tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
1559 
1560  if (tls_ctx.allowed_ciphers)
1561  {
1562  ciphers = tls_ctx.allowed_ciphers;
1563  }
1564 
1565  while (*ciphers != 0)
1566  {
1567  printf("%s\n", mbedtls_ssl_get_ciphersuite_name(*ciphers));
1568  ciphers++;
1569  }
1570  tls_ctx_free(&tls_ctx);
1571 }
1572 
1573 void
1574 show_available_curves(void)
1575 {
1576  const mbedtls_ecp_curve_info *pcurve = mbedtls_ecp_curve_list();
1577 
1578  if (NULL == pcurve)
1579  {
1580  msg(M_FATAL, "Cannot retrieve curve list from mbed TLS");
1581  }
1582 
1583  /* Print curve list */
1584  printf("Available Elliptic curves, listed in order of preference:\n\n");
1585  while (MBEDTLS_ECP_DP_NONE != pcurve->grp_id)
1586  {
1587  printf("%s\n", pcurve->name);
1588  pcurve++;
1589  }
1590 }
1591 
1592 const char *
1593 get_ssl_library_version(void)
1594 {
1595  static char mbedtls_version[30];
1596  unsigned int pv = mbedtls_version_get_number();
1597  snprintf(mbedtls_version, sizeof(mbedtls_version), "mbed TLS %d.%d.%d",
1598  (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
1599  return mbedtls_version;
1600 }
1601 
1602 void
1603 load_xkey_provider(void)
1604 {
1605  return; /* no external key provider in mbedTLS build */
1606 }
1607 
1608 #endif /* defined(ENABLE_CRYPTO_MBEDTLS) */
SSLF_TLS_VERSION_MIN_SHIFT
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition: ssl_common.h:421
load_xkey_provider
void load_xkey_provider(void)
Load ovpn.xkey provider used for external key signing.
Definition: ssl_openssl.c:2679
md_full
int md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst)
Calculates the message digest for the given buffer.
Definition: crypto_openssl.c:1115
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition: base64.c:158
D_TLS_DEBUG
#define D_TLS_DEBUG
Definition: errlevel.h:165
key_state_ssl_free
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition: ssl_openssl.c:2212
tls_ctx_load_cert_file
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Load certificate file into the given TLS context.
Definition: ssl_openssl.c:1257
key_state_ssl
Definition: ssl_mbedtls.h:128
ALLOC_ARRAY_CLEAR
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition: buffer.h:1076
ssl_backend.h
tls_root_ctx::external_key
struct external_context external_key
External key context.
Definition: ssl_mbedtls.h:122
external_context
Context used by external_pkcs1_sign()
Definition: ssl_mbedtls.h:82
mbedtls_compat_get_group_id
static mbedtls_compat_group_id mbedtls_compat_get_group_id(const mbedtls_ecp_curve_info *curve_info)
Definition: mbedtls_compat.h:75
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:1025
PERF_BIO_READ_PLAINTEXT
#define PERF_BIO_READ_PLAINTEXT
Definition: perf.h:38
SSLF_TLS_VERSION_MAX_MASK
#define SSLF_TLS_VERSION_MAX_MASK
Definition: ssl_common.h:424
tls_init_lib
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition: ssl_openssl.c:92
mbedtls_compat_pk_parse_key
static int mbedtls_compat_pk_parse_key(mbedtls_pk_context *ctx, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:119
rand_ctx_get
mbedtls_ctr_drbg_context * rand_ctx_get(void)
Returns a singleton instance of the mbed TLS random number generator.
tls_ctx_load_priv_file
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
Definition: ssl_openssl.c:1271
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
M_FATAL
#define M_FATAL
Definition: error.h:89
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition: manage.c:3092
manage.h
D_HANDSHAKE_VERBOSE
#define D_HANDSHAKE_VERBOSE
Definition: errlevel.h:156
KS_PRIMARY
#define KS_PRIMARY
Primary key state index.
Definition: ssl_common.h:456
tls_ctx_load_ecdh_params
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:717
hash
Definition: list.h:56
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition: errlevel.h:77
static_assert
#define static_assert(expr, diagnostic)
Definition: error.h:212
tls_root_ctx::cert_profile
mbedtls_x509_crt_profile cert_profile
Allowed certificate types.
Definition: ssl_mbedtls.h:125
get_ssl_library_version
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition: ssl_openssl.c:2646
print_details
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Print a one line summary of SSL/TLS session handshake.
Definition: ssl_openssl.c:2502
tls_ctx_load_extra_certs
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, bool extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1947
D_HANDSHAKE
#define D_HANDSHAKE
Definition: errlevel.h:72
tls_ctx_client_new
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition: ssl_openssl.c:122
tls_ctx_server_new
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition: ssl_openssl.c:104
mbedtls_compat_ctr_drbg_update
static int mbedtls_compat_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len)
Definition: mbedtls_compat.h:93
get_num_elements
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number e...
Definition: ssl_util.c:284
show_available_tls_ciphers_list
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
Show the TLS ciphers that are available for us to use in the library depending on the TLS version.
Definition: ssl_openssl.c:2531
session::key
char key[48]
Definition: keyingmaterialexporter.c:58
tls_ctx_set_options
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition: ssl_openssl.c:310
openvpn_base64_encode
int openvpn_base64_encode(const void *data, int size, char **str)
Definition: base64.c:52
bio_ctx::out
endless_buffer out
Definition: ssl_mbedtls.h:61
print_key_filename
const char * print_key_filename(const char *str, bool is_inline)
To be used when printing a string that may contain inline data.
Definition: crypto.c:1310
tls_ctx_load_cryptoapi
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition: ssl_openssl.c:1038
dmsg
#define dmsg(flags,...)
Definition: error.h:148
tls_free_lib
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition: ssl_openssl.c:99
ssl_verify_mbedtls.h
backend_tls_ctx_reload_crl
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition: ssl_openssl.c:1326
tls_ctx_use_management_external_key
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
Definition: ssl_openssl.c:1718
mbedtls_compat_pk_check_pair
static int mbedtls_compat_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:108
PERF_BIO_WRITE_PLAINTEXT
#define PERF_BIO_WRITE_PLAINTEXT
Definition: perf.h:39
tls_root_ctx::ca_chain
mbedtls_x509_crt * ca_chain
CA chain for remote verification.
Definition: ssl_mbedtls.h:114
mbedtls_ssl_conf_min_tls_version
static void mbedtls_ssl_conf_min_tls_version(mbedtls_ssl_config *conf, mbedtls_ssl_protocol_version tls_version)
Definition: mbedtls_compat.h:151
endless_buffer
Definition: ssl_mbedtls.h:53
mbed_ok
#define mbed_ok(errval)
Check errval and log on error.
Definition: crypto_mbedtls.h:149
external_context::signature_length
size_t signature_length
Definition: ssl_mbedtls.h:83
external_context::sign_ctx
void * sign_ctx
Definition: ssl_mbedtls.h:85
tls_root_ctx::groups
mbedtls_compat_group_id * groups
List of allowed groups for this connection.
Definition: ssl_mbedtls.h:124
key_state_write_ciphertext
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition: ssl_openssl.c:2271
CLEAR
#define CLEAR(x)
Definition: basic.h:33
tls_root_ctx::dhm_ctx
mbedtls_dhm_context * dhm_ctx
Diffie-Helmann-Merkle context.
Definition: ssl_mbedtls.h:112
ssl_util.h
passbuf
static struct user_pass passbuf
Definition: ssl.c:248
key_state_read_plaintext
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract plaintext data from the TLS module.
Definition: ssl_openssl.c:2286
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:649
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:414
ASSERT
#define ASSERT(x)
Definition: error.h:195
tls_get_cipher_name_pair
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition: ssl_util.c:265
key_state_ssl::ssl_config
mbedtls_ssl_config * ssl_config
mbedTLS global ssl config
Definition: ssl_mbedtls.h:129
counter_type
uint64_t counter_type
Definition: common.h:30
SSLF_TLS_VERSION_MIN_MASK
#define SSLF_TLS_VERSION_MIN_MASK
Definition: ssl_common.h:422
external_sign_func
bool(* external_sign_func)(void *sign_ctx, const void *src, size_t src_size, void *dst, size_t dst_size)
External signing function prototype.
Definition: ssl_mbedtls.h:77
BLEN
#define BLEN(buf)
Definition: buffer.h:127
SSLF_TLS_DEBUG_ENABLED
#define SSLF_TLS_DEBUG_ENABLED
Definition: ssl_common.h:425
tls_root_ctx::priv_key
mbedtls_pk_context * priv_key
Local private key.
Definition: ssl_mbedtls.h:115
PERF_BIO_WRITE_CIPHERTEXT
#define PERF_BIO_WRITE_CIPHERTEXT
Definition: perf.h:41
tls_ctx_initialised
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition: ssl_openssl.c:149
misc.h
mbedtls_ssl_conf_max_tls_version
static void mbedtls_ssl_conf_max_tls_version(mbedtls_ssl_config *conf, mbedtls_ssl_protocol_version tls_version)
Definition: mbedtls_compat.h:159
endless_buffer::first_block
buffer_entry * first_block
Definition: ssl_mbedtls.h:55
M_WARN
#define M_WARN
Definition: error.h:91
perf_pop
static void perf_pop(void)
Definition: perf.h:82
tls_version_max
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation.
Definition: ssl_openssl.c:207
tls_ctx_free
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition: ssl_openssl.c:140
tls_ctx_set_cert_profile
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition: ssl_openssl.c:521
pkcs11_backend.h
external_context::sign
external_sign_func sign
Definition: ssl_mbedtls.h:84
base64.h
tls_root_ctx::crt_chain
mbedtls_x509_crt * crt_chain
Local Certificate chain.
Definition: ssl_mbedtls.h:113
errlevel.h
SSLF_CLIENT_CERT_NOT_REQUIRED
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition: ssl_common.h:415
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition: manage.c:3760
mbedtls_dhm_get_bitlen
static size_t mbedtls_dhm_get_bitlen(const mbedtls_dhm_context *ctx)
Definition: mbedtls_compat.h:209
key_state_ssl_init
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition: ssl_openssl.c:2166
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition: ssl_openssl.c:156
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
key_state_write_plaintext
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition: ssl_openssl.c:2227
mbedtls_compat_psa_crypto_init
static void mbedtls_compat_psa_crypto_init(void)
Definition: mbedtls_compat.h:62
D_TLS_ERRORS
#define D_TLS_ERRORS
Definition: errlevel.h:59
tls_ctx_set_tls_groups
void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
Set the (elliptic curve) group allowed for signatures and key exchange.
Definition: ssl_openssl.c:560
mbedtls_compat.h
TLS_VER_1_2
#define TLS_VER_1_2
Definition: ssl_backend.h:108
tls_root_ctx::initialised
bool initialised
True if the context has been initialised.
Definition: ssl_mbedtls.h:108
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:479
buffer.h
tls_key_cache
Definition: ssl_mbedtls.h:98
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
tls_root_ctx::endpoint
int endpoint
Whether or not this is a server or a client.
Definition: ssl_mbedtls.h:110
tls_ctx_restrict_ciphers_tls13
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher.
Definition: ssl_openssl.c:492
SSLF_TLS_VERSION_MAX_SHIFT
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition: ssl_common.h:423
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
tls_ctx_check_cert_time
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition: ssl_openssl.c:620
endless_buffer::last_block
buffer_entry * last_block
Definition: ssl_mbedtls.h:56
PERF_BIO_READ_CIPHERTEXT
#define PERF_BIO_READ_CIPHERTEXT
Definition: perf.h:40
tls_root_ctx::crl
mbedtls_x509_crl * crl
Certificate Revocation List.
Definition: ssl_mbedtls.h:116
counter_format
#define counter_format
Definition: common.h:31
tls_cipher_name_pair::openssl_name
const char * openssl_name
Definition: ssl_util.h:77
tls_ctx_load_ca
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1798
bio_ctx
Definition: ssl_mbedtls.h:59
verify_callback
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer's certificate allows setting up a VPN tunnel.
D_TLS_DEBUG_MED
#define D_TLS_DEBUG_MED
Definition: errlevel.h:157
tls_root_ctx
Structure that wraps the TLS context.
Definition: ssl_mbedtls.h:107
status
static SERVICE_STATUS status
Definition: interactive.c:53
mbedtls_ssl_conf_groups
static void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, mbedtls_compat_group_id *groups)
Definition: mbedtls_compat.h:167
management
Definition: manage.h:335
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1033
show_available_curves
void show_available_curves(void)
Show the available elliptic curves in the crypto library.
Definition: ssl_openssl.c:2606
TLS_VER_1_3
#define TLS_VER_1_3
Definition: ssl_backend.h:109
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1060
strsep
char * strsep(char **stringp, const char *delim)
Definition: compat-strsep.c:36
config.h
mbedtls_ssl_protocol_version
mbedtls_ssl_protocol_version
Definition: mbedtls_compat.h:144
pem_password_callback
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user's password.
Definition: ssl.c:261
ssl_common.h
mbed_log_err
bool mbed_log_err(unsigned int flags, int errval, const char *prefix)
Log the supplied mbed TLS error, prefixed by supplied prefix.
MBEDTLS_SSL_VERSION_TLS1_2
@ MBEDTLS_SSL_VERSION_TLS1_2
Definition: mbedtls_compat.h:146
key_state_ssl::bio_ctx
bio_ctx * bio_ctx
Definition: ssl_mbedtls.h:131
session
Definition: keyingmaterialexporter.c:56
tls_root_ctx::allowed_ciphers
int * allowed_ciphers
List of allowed ciphers for this connection.
Definition: ssl_mbedtls.h:123
key_state_ssl::tls_key_cache
struct tls_key_cache tls_key_cache
Definition: ssl_mbedtls.h:133
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:541
key_state_write_plaintext_const
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition: ssl_openssl.c:2243
tls_ctx_load_pkcs12
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context.
Definition: ssl_openssl.c:908
MBEDTLS_SSL_VERSION_TLS1_3
@ MBEDTLS_SSL_VERSION_TLS1_3
Definition: mbedtls_compat.h:147
tls_cipher_name_pair::iana_name
const char * iana_name
Definition: ssl_util.h:77
MBEDTLS_SSL_VERSION_UNKNOWN
@ MBEDTLS_SSL_VERSION_UNKNOWN
Definition: mbedtls_compat.h:145
UP_TYPE_PRIVATE_KEY
#define UP_TYPE_PRIVATE_KEY
Definition: ssl_common.h:43
TLS_VER_UNSPEC
#define TLS_VER_UNSPEC
Definition: ssl_backend.h:105
mbedtls_compat_pk_parse_keyfile
static int mbedtls_compat_pk_parse_keyfile(mbedtls_pk_context *ctx, const char *path, const char *password, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:132
msg
#define msg(flags,...)
Definition: error.h:144
key_state_ssl::ctx
mbedtls_ssl_context * ctx
mbedTLS connection context
Definition: ssl_mbedtls.h:130
SSLF_CLIENT_CERT_OPTIONAL
#define SSLF_CLIENT_CERT_OPTIONAL
Definition: ssl_common.h:416
tls_ctx_load_dh_params
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:656
buffer_entry
Definition: buffer.h:1114
endless_buffer::data_start
size_t data_start
Definition: ssl_mbedtls.h:54
tls_ctx_use_external_signing_func
int tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx, external_sign_func sign_func, void *sign_ctx)
Call the supplied signing function to create a TLS signature during the TLS handshake.
perf_push
static void perf_push(int type)
Definition: perf.h:78
tls_ctx_restrict_ciphers
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below.
Definition: ssl_openssl.c:430
mbedtls_compat_group_id
mbedtls_ecp_group_id mbedtls_compat_group_id
Definition: mbedtls_compat.h:58
key_state_read_ciphertext
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract ciphertext data from the TLS module.
Definition: ssl_openssl.c:2257
bio_ctx::in
endless_buffer in
Definition: ssl_mbedtls.h:60
tls_cipher_name_pair
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name.
Definition: ssl_util.h:77
gc
struct gc_arena gc
Definition: test_ssl.c:155
key_state_ssl_shutdown
void key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
Sets a TLS session to be shutdown state, so the TLS library will generate a shutdown alert.
Definition: ssl_openssl.c:2206
cleanup
static int cleanup(void **state)
Definition: test_pkcs11.c:290
Generated by   doxygen 1.8.17