OpenVPN
ssl_mbedtls.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10  * Copyright (C) 2006-2010, Brainspark B.V.
11  *
12  * This program is free software; you can redistribute it and/or modify
13  * it under the terms of the GNU General Public License version 2
14  * as published by the Free Software Foundation.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 
30 #ifdef HAVE_CONFIG_H
31 #include "config.h"
32 #endif
33 
34 #include "syshead.h"
35 
36 #if defined(ENABLE_CRYPTO_MBEDTLS)
37 
38 #include "errlevel.h"
39 #include "ssl_backend.h"
40 #include "base64.h"
41 #include "buffer.h"
42 #include "misc.h"
43 #include "manage.h"
44 #include "mbedtls_compat.h"
45 #include "pkcs11_backend.h"
46 #include "ssl_common.h"
47 #include "ssl_util.h"
48 
49 #include "ssl_verify_mbedtls.h"
50 #include <mbedtls/debug.h>
51 #include <mbedtls/error.h>
52 #include <mbedtls/version.h>
53 
54 #if MBEDTLS_VERSION_NUMBER >= 0x02040000
55  #include <mbedtls/net_sockets.h>
56 #else
57  #include <mbedtls/net.h>
58 #endif
59 
60 #include <mbedtls/oid.h>
61 #include <mbedtls/pem.h>
62 
63 static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_legacy =
64 {
65  /* Hashes from SHA-1 and above */
66  MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 )
67  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 )
68  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
69  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
70  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
71  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
72  0xFFFFFFF, /* Any PK alg */
73  0xFFFFFFF, /* Any curve */
74  1024, /* RSA-1024 and larger */
75 };
76 
77 static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_preferred =
78 {
79  /* SHA-2 and above */
80  MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
81  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
82  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
83  |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
84  0xFFFFFFF, /* Any PK alg */
85  0xFFFFFFF, /* Any curve */
86  2048, /* RSA-2048 and larger */
87 };
88 
89 #define openvpn_x509_crt_profile_suiteb mbedtls_x509_crt_profile_suiteb;
90 
91 void
92 tls_init_lib(void)
93 {
94  mbedtls_compat_psa_crypto_init();
95 }
96 
97 void
98 tls_free_lib(void)
99 {
100 }
101 
102 void
103 tls_ctx_server_new(struct tls_root_ctx *ctx)
104 {
105  ASSERT(NULL != ctx);
106  CLEAR(*ctx);
107 
108  ALLOC_OBJ_CLEAR(ctx->dhm_ctx, mbedtls_dhm_context);
109 
110  ALLOC_OBJ_CLEAR(ctx->ca_chain, mbedtls_x509_crt);
111 
112  ctx->endpoint = MBEDTLS_SSL_IS_SERVER;
113  ctx->initialised = true;
114 }
115 
116 void
117 tls_ctx_client_new(struct tls_root_ctx *ctx)
118 {
119  ASSERT(NULL != ctx);
120  CLEAR(*ctx);
121 
122  ALLOC_OBJ_CLEAR(ctx->dhm_ctx, mbedtls_dhm_context);
123  ALLOC_OBJ_CLEAR(ctx->ca_chain, mbedtls_x509_crt);
124 
125  ctx->endpoint = MBEDTLS_SSL_IS_CLIENT;
126  ctx->initialised = true;
127 }
128 
129 void
130 tls_ctx_free(struct tls_root_ctx *ctx)
131 {
132  if (ctx)
133  {
134  mbedtls_pk_free(ctx->priv_key);
135  free(ctx->priv_key);
136 
137  mbedtls_x509_crt_free(ctx->ca_chain);
138  free(ctx->ca_chain);
139 
140  mbedtls_x509_crt_free(ctx->crt_chain);
141  free(ctx->crt_chain);
142 
143  mbedtls_dhm_free(ctx->dhm_ctx);
144  free(ctx->dhm_ctx);
145 
146  mbedtls_x509_crl_free(ctx->crl);
147  free(ctx->crl);
148 
149 #if defined(ENABLE_PKCS11)
150  /* ...freeCertificate() can handle NULL ptrs, but if pkcs11 helper
151  * has not been initialized, it will ASSERT() - so, do not pass NULL
152  */
153  if (ctx->pkcs11_cert)
154  {
155  pkcs11h_certificate_freeCertificate(ctx->pkcs11_cert);
156  }
157 #endif
158 
159  free(ctx->allowed_ciphers);
160 
161  free(ctx->groups);
162 
163  CLEAR(*ctx);
164 
165  ctx->initialised = false;
166  }
167 }
168 
169 bool
170 tls_ctx_initialised(struct tls_root_ctx *ctx)
171 {
172  ASSERT(NULL != ctx);
173  return ctx->initialised;
174 }
175 
176 #ifdef HAVE_EXPORT_KEYING_MATERIAL
177 
178 #if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
179 /*
180  * Key export callback for older versions of mbed TLS, to be used with
181  * mbedtls_ssl_conf_export_keys_ext_cb(). It is called with the master
182  * secret, client random and server random, and the type of PRF function
183  * to use.
184  *
185  * Mbed TLS stores this callback in the mbedtls_ssl_config struct and it
186  * is used in the mbedtls_ssl_contexts set up from that config. */
187 int
188 mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
189  const unsigned char *kb, size_t maclen,
190  size_t keylen, size_t ivlen,
191  const unsigned char client_random[32],
192  const unsigned char server_random[32],
193  mbedtls_tls_prf_types tls_prf_type)
194 {
195  struct tls_session *session = p_expkey;
196  struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl;
197  struct tls_key_cache *cache = &ks_ssl->tls_key_cache;
198 
199  static_assert(sizeof(ks_ssl->ctx->session->master)
200  == sizeof(cache->master_secret), "master size mismatch");
201 
202  memcpy(cache->client_server_random, client_random, 32);
203  memcpy(cache->client_server_random + 32, server_random, 32);
204  memcpy(cache->master_secret, ms, sizeof(cache->master_secret));
205  cache->tls_prf_type = tls_prf_type;
206 
207  return 0;
208 }
209 #elif HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
210 /*
211  * Key export callback for newer versions of mbed TLS, to be used with
212  * mbedtls_ssl_set_export_keys_cb(). When used with TLS 1.2, the callback
213  * is called with the TLS 1.2 master secret, client random, server random
214  * and the type of PRF to use. With TLS 1.3, it is called with several
215  * different keys (indicated by type), but unfortunately not the exporter
216  * master secret.
217  *
218  * Unlike in older versions, the callback is not stored in the
219  * mbedtls_ssl_config. It is placed in the mbedtls_ssl_context after it
220  * has been set up. */
221 void
222 mbedtls_ssl_export_keys_cb(void *p_expkey,
223  mbedtls_ssl_key_export_type type,
224  const unsigned char *secret,
225  size_t secret_len,
226  const unsigned char client_random[32],
227  const unsigned char server_random[32],
228  mbedtls_tls_prf_types tls_prf_type)
229 {
230  /* Since we can't get the TLS 1.3 exporter master secret, we ignore all key
231  * types except MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET. */
232  if (type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET)
233  {
234  return;
235  }
236 
237  struct tls_session *session = p_expkey;
238  struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl;
239  struct tls_key_cache *cache = &ks_ssl->tls_key_cache;
240 
241  /* The TLS 1.2 master secret has a fixed size, so if secret_len has
242  * a different value, something is wrong with mbed TLS. */
243  if (secret_len != sizeof(cache->master_secret))
244  {
245  msg(M_FATAL,
246  "ERROR: Incorrect TLS 1.2 master secret length: Got %zu, expected %zu",
247  secret_len, sizeof(cache->master_secret));
248  }
249 
250  memcpy(cache->client_server_random, client_random, 32);
251  memcpy(cache->client_server_random + 32, server_random, 32);
252  memcpy(cache->master_secret, secret, sizeof(cache->master_secret));
253  cache->tls_prf_type = tls_prf_type;
254 }
255 #endif /* HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */
256 
257 bool
258 key_state_export_keying_material(struct tls_session *session,
259  const char *label, size_t label_size,
260  void *ekm, size_t ekm_size)
261 {
262  ASSERT(strlen(label) == label_size);
263 
264  struct tls_key_cache *cache = &session->key[KS_PRIMARY].ks_ssl.tls_key_cache;
265 
266  /* If the type is NONE, we either have no cached secrets or
267  * there is no PRF, in both cases we cannot generate key material */
268  if (cache->tls_prf_type == MBEDTLS_SSL_TLS_PRF_NONE)
269  {
270  return false;
271  }
272 
273  int ret = mbedtls_ssl_tls_prf(cache->tls_prf_type, cache->master_secret,
274  sizeof(cache->master_secret),
275  label, cache->client_server_random,
276  sizeof(cache->client_server_random),
277  ekm, ekm_size);
278 
279  if (mbed_ok(ret))
280  {
281  return true;
282  }
283  else
284  {
285  secure_memzero(ekm, session->opt->ekm_size);
286  return false;
287  }
288 }
289 #else /* ifdef HAVE_EXPORT_KEYING_MATERIAL */
290 bool
291 key_state_export_keying_material(struct tls_session *session,
292  const char *label, size_t label_size,
293  void *ekm, size_t ekm_size)
294 {
295  /* Dummy function to avoid ifdefs in the common code */
296  return false;
297 }
298 #endif /* HAVE_EXPORT_KEYING_MATERIAL */
299 
300 bool
301 tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
302 {
303  return true;
304 }
305 
306 static const char *
307 tls_translate_cipher_name(const char *cipher_name)
308 {
309  const tls_cipher_name_pair *pair = tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
310 
311  if (NULL == pair)
312  {
313  /* No translation found, return original */
314  return cipher_name;
315  }
316 
317  if (0 != strcmp(cipher_name, pair->iana_name))
318  {
319  /* Deprecated name found, notify user */
320  msg(M_WARN, "Deprecated cipher suite name '%s', please use IANA name '%s'", pair->openssl_name, pair->iana_name);
321  }
322 
323  return pair->iana_name;
324 }
325 
326 void
327 tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
328 {
329  if (ciphers == NULL)
330  {
331  /* Nothing to do, return without warning message */
332  return;
333  }
334 
335  msg(M_WARN, "mbed TLS does not support setting tls-ciphersuites. "
336  "Ignoring TLS 1.3 cipher list: %s", ciphers);
337 }
338 
339 void
340 tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
341 {
342  char *tmp_ciphers, *tmp_ciphers_orig, *token;
343 
344  if (NULL == ciphers)
345  {
346  return; /* Nothing to do */
347  }
348 
349  ASSERT(NULL != ctx);
350 
351  /* Get number of ciphers */
352  int cipher_count = get_num_elements(ciphers, ':');
353 
354  /* Allocate an array for them */
355  ALLOC_ARRAY_CLEAR(ctx->allowed_ciphers, int, cipher_count+1)
356 
357  /* Parse allowed ciphers, getting IDs */
358  int i = 0;
359  tmp_ciphers_orig = tmp_ciphers = string_alloc(ciphers, NULL);
360 
361  token = strtok(tmp_ciphers, ":");
362  while (token)
363  {
364  ctx->allowed_ciphers[i] = mbedtls_ssl_get_ciphersuite_id(
365  tls_translate_cipher_name(token));
366  if (0 != ctx->allowed_ciphers[i])
367  {
368  i++;
369  }
370  token = strtok(NULL, ":");
371  }
372  free(tmp_ciphers_orig);
373 }
374 
375 void
376 tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
377 {
378  if (!profile || 0 == strcmp(profile, "legacy")
379  || 0 == strcmp(profile, "insecure"))
380  {
381  ctx->cert_profile = openvpn_x509_crt_profile_legacy;
382  }
383  else if (0 == strcmp(profile, "preferred"))
384  {
385  ctx->cert_profile = openvpn_x509_crt_profile_preferred;
386  }
387  else if (0 == strcmp(profile, "suiteb"))
388  {
389  ctx->cert_profile = openvpn_x509_crt_profile_suiteb;
390  }
391  else
392  {
393  msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
394  }
395 }
396 
397 void
398 tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
399 {
400  ASSERT(ctx);
401  struct gc_arena gc = gc_new();
402 
403  /* Get number of groups and allocate an array in ctx */
404  int groups_count = get_num_elements(groups, ':');
405  ALLOC_ARRAY_CLEAR(ctx->groups, mbedtls_compat_group_id, groups_count + 1)
406 
407  /* Parse allowed ciphers, getting IDs */
408  int i = 0;
409  char *tmp_groups = string_alloc(groups, &gc);
410 
411  const char *token;
412  while ((token = strsep(&tmp_groups, ":")))
413  {
414  const mbedtls_ecp_curve_info *ci =
415  mbedtls_ecp_curve_info_from_name(token);
416  if (!ci)
417  {
418  msg(M_WARN, "Warning unknown curve/group specified: %s", token);
419  }
420  else
421  {
422  ctx->groups[i] = mbedtls_compat_get_group_id(ci);
423  i++;
424  }
425  }
426 
427  /* Recent mbedtls versions state that the list of groups must be terminated
428  * with 0. Older versions state that it must be terminated with MBEDTLS_ECP_DP_NONE
429  * which is also 0, so this works either way. */
430  ctx->groups[i] = 0;
431 
432  gc_free(&gc);
433 }
434 
435 
436 void
437 tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
438 {
439  ASSERT(ctx);
440  if (ctx->crt_chain == NULL)
441  {
442  return; /* Nothing to check if there is no certificate */
443  }
444 
445  if (mbedtls_x509_time_is_future(&ctx->crt_chain->valid_from))
446  {
447  msg(M_WARN, "WARNING: Your certificate is not yet valid!");
448  }
449 
450  if (mbedtls_x509_time_is_past(&ctx->crt_chain->valid_to))
451  {
452  msg(M_WARN, "WARNING: Your certificate has expired!");
453  }
454 }
455 
456 void
457 tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
458  bool dh_inline)
459 {
460  if (dh_inline)
461  {
462  if (!mbed_ok(mbedtls_dhm_parse_dhm(ctx->dhm_ctx,
463  (const unsigned char *) dh_file,
464  strlen(dh_file) + 1)))
465  {
466  msg(M_FATAL, "Cannot read inline DH parameters");
467  }
468  }
469  else
470  {
471  if (!mbed_ok(mbedtls_dhm_parse_dhmfile(ctx->dhm_ctx, dh_file)))
472  {
473  msg(M_FATAL, "Cannot read DH parameters from file %s", dh_file);
474  }
475  }
476 
477  msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with " counter_format " bit key",
478  (counter_type) mbedtls_dhm_get_bitlen(ctx->dhm_ctx));
479 }
480 
481 void
482 tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
483  )
484 {
485  if (NULL != curve_name)
486  {
487  msg(M_WARN, "WARNING: mbed TLS builds do not support specifying an "
488  "ECDH curve with --ecdh-curve, using default curves. Use "
489  "--tls-groups to specify curves.");
490  }
491 }
492 
493 int
494 tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
495  bool pkcs12_file_inline, bool load_ca_file)
496 {
497  msg(M_FATAL, "PKCS #12 files not yet supported for mbed TLS.");
498  return 0;
499 }
500 
501 #ifdef ENABLE_CRYPTOAPI
502 void
503 tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
504 {
505  msg(M_FATAL, "Windows CryptoAPI not yet supported for mbed TLS.");
506 }
507 #endif /* _WIN32 */
508 
509 void
510 tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file,
511  bool cert_inline)
512 {
513  ASSERT(NULL != ctx);
514 
515  if (!ctx->crt_chain)
516  {
517  ALLOC_OBJ_CLEAR(ctx->crt_chain, mbedtls_x509_crt);
518  }
519 
520  if (cert_inline)
521  {
522  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->crt_chain,
523  (const unsigned char *)cert_file,
524  strlen(cert_file) + 1)))
525  {
526  msg(M_FATAL, "Cannot load inline certificate file");
527  }
528  }
529  else
530  {
531  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->crt_chain, cert_file)))
532  {
533  msg(M_FATAL, "Cannot load certificate file %s", cert_file);
534  }
535  }
536 }
537 
538 int
539 tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
540  bool priv_key_inline)
541 {
542  int status;
543  ASSERT(NULL != ctx);
544 
545  if (!ctx->priv_key)
546  {
547  ALLOC_OBJ_CLEAR(ctx->priv_key, mbedtls_pk_context);
548  }
549 
550  if (priv_key_inline)
551  {
552  status = mbedtls_compat_pk_parse_key(ctx->priv_key,
553  (const unsigned char *) priv_key_file,
554  strlen(priv_key_file) + 1, NULL, 0,
555  mbedtls_ctr_drbg_random,
556  rand_ctx_get());
557 
558  if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED == status)
559  {
560  char passbuf[512] = {0};
561  pem_password_callback(passbuf, 512, 0, NULL);
562  status = mbedtls_compat_pk_parse_key(ctx->priv_key,
563  (const unsigned char *) priv_key_file,
564  strlen(priv_key_file) + 1,
565  (unsigned char *) passbuf,
566  strlen(passbuf),
567  mbedtls_ctr_drbg_random,
568  rand_ctx_get());
569  }
570  }
571  else
572  {
573  status = mbedtls_compat_pk_parse_keyfile(ctx->priv_key,
574  priv_key_file,
575  NULL,
576  mbedtls_ctr_drbg_random,
577  rand_ctx_get());
578  if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED == status)
579  {
580  char passbuf[512] = {0};
581  pem_password_callback(passbuf, 512, 0, NULL);
582  status = mbedtls_compat_pk_parse_keyfile(ctx->priv_key,
583  priv_key_file, passbuf,
584  mbedtls_ctr_drbg_random,
585  rand_ctx_get());
586  }
587  }
588  if (!mbed_ok(status))
589  {
590 #ifdef ENABLE_MANAGEMENT
591  if (management && (MBEDTLS_ERR_PK_PASSWORD_MISMATCH == status))
592  {
593  management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
594  }
595 #endif
596  msg(M_WARN, "Cannot load private key file %s",
597  print_key_filename(priv_key_file, priv_key_inline));
598  return 1;
599  }
600 
601  if (!mbed_ok(mbedtls_compat_pk_check_pair(&ctx->crt_chain->pk,
602  ctx->priv_key,
603  mbedtls_ctr_drbg_random,
604  rand_ctx_get())))
605  {
606  msg(M_WARN, "Private key does not match the certificate");
607  return 1;
608  }
609 
610  return 0;
611 }
612 
631 static inline int
632 external_pkcs1_sign( void *ctx_voidptr,
633  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
634 #if MBEDTLS_VERSION_NUMBER < 0x03020100
635  int mode,
636 #endif
637  mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash,
638  unsigned char *sig )
639 {
640  struct external_context *const ctx = ctx_voidptr;
641  int rv;
642  uint8_t *to_sign = NULL;
643  size_t asn_len = 0, oid_size = 0;
644  const char *oid = NULL;
645 
646  if (NULL == ctx)
647  {
648  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
649  }
650 
651 #if MBEDTLS_VERSION_NUMBER < 0x03020100
652  if (MBEDTLS_RSA_PRIVATE != mode)
653  {
654  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
655  }
656 #endif
657 
658  /*
659  * Support a wide range of hashes. TLSv1.1 and before only need SIG_RSA_RAW,
660  * but TLSv1.2 needs the full suite of hashes.
661  *
662  * This code has been taken from mbed TLS pkcs11_sign(), under the GPLv2.0+.
663  */
664  if (md_alg != MBEDTLS_MD_NONE)
665  {
666  const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
667  if (md_info == NULL)
668  {
669  return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
670  }
671 
672  if (!mbed_ok(mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size )))
673  {
674  return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
675  }
676 
677  hashlen = mbedtls_md_get_size( md_info );
678  asn_len = 10 + oid_size;
679  }
680 
681  if ((SIZE_MAX - hashlen) < asn_len
682  || ctx->signature_length < (asn_len + hashlen))
683  {
684  return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
685  }
686 
687  ALLOC_ARRAY_CLEAR(to_sign, uint8_t, asn_len + hashlen);
688  uint8_t *p = to_sign;
689  if (md_alg != MBEDTLS_MD_NONE)
690  {
691  /*
692  * DigestInfo ::= SEQUENCE {
693  * digestAlgorithm DigestAlgorithmIdentifier,
694  * digest Digest }
695  *
696  * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
697  *
698  * Digest ::= OCTET STRING
699  */
700  *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
701  *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
702  *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
703  *p++ = (unsigned char) ( 0x04 + oid_size );
704  *p++ = MBEDTLS_ASN1_OID;
705  *p++ = oid_size & 0xFF;
706  memcpy( p, oid, oid_size );
707  p += oid_size;
708  *p++ = MBEDTLS_ASN1_NULL;
709  *p++ = 0x00;
710  *p++ = MBEDTLS_ASN1_OCTET_STRING;
711  *p++ = hashlen;
712 
713  /* Double-check ASN length */
714  ASSERT(asn_len == p - to_sign);
715  }
716 
717  /* Copy the hash to be signed */
718  memcpy(p, hash, hashlen);
719 
720  /* Call external signature function */
721  if (!ctx->sign(ctx->sign_ctx, to_sign, asn_len + hashlen, sig,
722  ctx->signature_length))
723  {
724  rv = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
725  goto done;
726  }
727 
728  rv = 0;
729 
730 done:
731  free(to_sign);
732  return rv;
733 }
734 
735 static inline size_t
736 external_key_len(void *vctx)
737 {
738  struct external_context *const ctx = vctx;
739 
740  return ctx->signature_length;
741 }
742 
743 int
744 tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx,
745  external_sign_func sign_func, void *sign_ctx)
746 {
747  ASSERT(NULL != ctx);
748 
749  if (ctx->crt_chain == NULL)
750  {
751  msg(M_WARN, "ERROR: external key requires a certificate.");
752  return 1;
753  }
754 
755  if (mbedtls_pk_get_type(&ctx->crt_chain->pk) != MBEDTLS_PK_RSA)
756  {
757  msg(M_WARN, "ERROR: external key with mbed TLS requires a "
758  "certificate with an RSA key.");
759  return 1;
760  }
761 
762  ctx->external_key.signature_length = mbedtls_pk_get_len(&ctx->crt_chain->pk);
763  ctx->external_key.sign = sign_func;
764  ctx->external_key.sign_ctx = sign_ctx;
765 
766  ALLOC_OBJ_CLEAR(ctx->priv_key, mbedtls_pk_context);
767  if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, &ctx->external_key,
768  NULL, external_pkcs1_sign, external_key_len)))
769  {
770  return 1;
771  }
772 
773  return 0;
774 }
775 
776 #ifdef ENABLE_MANAGEMENT
777 
778 static bool
779 management_sign_func(void *sign_ctx, const void *src, size_t src_len,
780  void *dst, size_t dst_len)
781 {
782  bool ret = false;
783  char *src_b64 = NULL;
784  char *dst_b64 = NULL;
785 
786  if (!management || (openvpn_base64_encode(src, src_len, &src_b64) <= 0))
787  {
788  goto cleanup;
789  }
790 
791  /*
792  * We only support RSA external keys and PKCS1 signatures at the moment
793  * in mbed TLS, so the signature parameter is hardcoded to this encoding
794  */
795  if (!(dst_b64 = management_query_pk_sig(management, src_b64,
796  "RSA_PKCS1_PADDING")))
797  {
798  goto cleanup;
799  }
800 
801  if (openvpn_base64_decode(dst_b64, dst, dst_len) != dst_len)
802  {
803  goto cleanup;
804  }
805 
806  ret = true;
807 cleanup:
808  free(src_b64);
809  free(dst_b64);
810 
811  return ret;
812 }
813 
814 int
815 tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
816 {
817  return tls_ctx_use_external_signing_func(ctx, management_sign_func, NULL);
818 }
819 
820 #endif /* ifdef ENABLE_MANAGEMENT */
821 
822 void
823 tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file,
824  bool ca_inline, const char *ca_path, bool tls_server)
825 {
826  if (ca_path)
827  {
828  msg(M_FATAL, "ERROR: mbed TLS cannot handle the capath directive");
829  }
830 
831  if (ca_file && ca_inline)
832  {
833  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->ca_chain,
834  (const unsigned char *) ca_file,
835  strlen(ca_file) + 1)))
836  {
837  msg(M_FATAL, "Cannot load inline CA certificates");
838  }
839  }
840  else
841  {
842  /* Load CA file for verifying peer supplied certificate */
843  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->ca_chain, ca_file)))
844  {
845  msg(M_FATAL, "Cannot load CA certificate file %s", ca_file);
846  }
847  }
848 }
849 
850 void
851 tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
852  bool extra_certs_inline)
853 {
854  ASSERT(NULL != ctx);
855 
856  if (!ctx->crt_chain)
857  {
858  ALLOC_OBJ_CLEAR(ctx->crt_chain, mbedtls_x509_crt);
859  }
860 
861  if (extra_certs_inline)
862  {
863  if (!mbed_ok(mbedtls_x509_crt_parse(ctx->crt_chain,
864  (const unsigned char *) extra_certs_file,
865  strlen(extra_certs_file) + 1)))
866  {
867  msg(M_FATAL, "Cannot load inline extra-certs file");
868  }
869  }
870  else
871  {
872  if (!mbed_ok(mbedtls_x509_crt_parse_file(ctx->crt_chain, extra_certs_file)))
873  {
874  msg(M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file);
875  }
876  }
877 }
878 
879 /* **************************************
880  *
881  * Key-state specific functions
882  *
883  ***************************************/
884 
885 /*
886  * "Endless buffer"
887  */
888 
889 static inline void
890 buf_free_entry(buffer_entry *entry)
891 {
892  if (NULL != entry)
893  {
894  free(entry->data);
895  free(entry);
896  }
897 }
898 
899 static void
900 buf_free_entries(endless_buffer *buf)
901 {
902  while (buf->first_block)
903  {
904  buffer_entry *cur_block = buf->first_block;
905  buf->first_block = cur_block->next_block;
906  buf_free_entry(cur_block);
907  }
908  buf->last_block = NULL;
909 }
910 
911 static int
912 endless_buf_read( endless_buffer *in, unsigned char *out, size_t out_len )
913 {
914  size_t read_len = 0;
915 
916  if (in->first_block == NULL)
917  {
918  return MBEDTLS_ERR_SSL_WANT_READ;
919  }
920 
921  while (in->first_block != NULL && read_len < out_len)
922  {
923  int block_len = in->first_block->length - in->data_start;
924  if (block_len <= out_len - read_len)
925  {
926  buffer_entry *cur_entry = in->first_block;
927  memcpy(out + read_len, cur_entry->data + in->data_start,
928  block_len);
929 
930  read_len += block_len;
931 
932  in->first_block = cur_entry->next_block;
933  in->data_start = 0;
934 
935  if (in->first_block == NULL)
936  {
937  in->last_block = NULL;
938  }
939 
940  buf_free_entry(cur_entry);
941  }
942  else
943  {
944  memcpy(out + read_len, in->first_block->data + in->data_start,
945  out_len - read_len);
946  in->data_start += out_len - read_len;
947  read_len = out_len;
948  }
949  }
950 
951  return read_len;
952 }
953 
954 static int
955 endless_buf_write( endless_buffer *out, const unsigned char *in, size_t len )
956 {
957  buffer_entry *new_block = malloc(sizeof(buffer_entry));
958  if (NULL == new_block)
959  {
960  return MBEDTLS_ERR_NET_SEND_FAILED;
961  }
962 
963  new_block->data = malloc(len);
964  if (NULL == new_block->data)
965  {
966  free(new_block);
967  return MBEDTLS_ERR_NET_SEND_FAILED;
968  }
969 
970  new_block->length = len;
971  new_block->next_block = NULL;
972 
973  memcpy(new_block->data, in, len);
974 
975  if (NULL == out->first_block)
976  {
977  out->first_block = new_block;
978  }
979 
980  if (NULL != out->last_block)
981  {
982  out->last_block->next_block = new_block;
983  }
984 
985  out->last_block = new_block;
986 
987  return len;
988 }
989 
990 static int
991 ssl_bio_read( void *ctx, unsigned char *out, size_t out_len)
992 {
993  bio_ctx *my_ctx = (bio_ctx *) ctx;
994  return endless_buf_read(&my_ctx->in, out, out_len);
995 }
996 
997 static int
998 ssl_bio_write( void *ctx, const unsigned char *in, size_t in_len)
999 {
1000  bio_ctx *my_ctx = (bio_ctx *) ctx;
1001  return endless_buf_write(&my_ctx->out, in, in_len);
1002 }
1003 
1004 static void
1005 my_debug( void *ctx, int level, const char *file, int line,
1006  const char *str )
1007 {
1008  int my_loglevel = (level < 3) ? D_TLS_DEBUG_MED : D_TLS_DEBUG;
1009  msg(my_loglevel, "mbed TLS msg (%s:%d): %s", file, line, str);
1010 }
1011 
1012 /*
1013  * Further personalise the RNG using a hash of the public key
1014  */
1015 void
1016 tls_ctx_personalise_random(struct tls_root_ctx *ctx)
1017 {
1018  static char old_sha256_hash[32] = {0};
1019  unsigned char sha256_hash[32] = {0};
1020  mbedtls_ctr_drbg_context *cd_ctx = rand_ctx_get();
1021 
1022  if (NULL != ctx->crt_chain)
1023  {
1024  mbedtls_x509_crt *cert = ctx->crt_chain;
1025 
1026  if (!md_full("SHA256", cert->tbs.p, cert->tbs.len, sha256_hash))
1027  {
1028  msg(M_WARN, "WARNING: failed to personalise random");
1029  }
1030 
1031  if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
1032  {
1033  if (!mbed_ok(mbedtls_compat_ctr_drbg_update(cd_ctx, sha256_hash, 32)))
1034  {
1035  msg(M_WARN, "WARNING: failed to personalise random, could not update CTR_DRBG");
1036  }
1037  memcpy(old_sha256_hash, sha256_hash, sizeof(old_sha256_hash));
1038  }
1039  }
1040 }
1041 
1042 int
1043 tls_version_max(void)
1044 {
1045 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
1046  return TLS_VER_1_2;
1047 #else /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */
1048  #error "mbedtls is compiled without support for TLS 1.2."
1049 #endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */
1050 }
1051 
1059 mbedtls_ssl_protocol_version
1060 tls_version_to_ssl_version(int tls_ver)
1061 {
1062  switch (tls_ver)
1063  {
1064 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
1065  case TLS_VER_1_2:
1066  return MBEDTLS_SSL_VERSION_TLS1_2;
1067 #endif
1068 
1069 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1070  case TLS_VER_1_3:
1071  return MBEDTLS_SSL_VERSION_TLS1_3;
1072 #endif
1073 
1074  default:
1075  msg(M_FATAL, "%s: invalid or unsupported TLS version %d", __func__, tls_ver);
1076  return MBEDTLS_SSL_VERSION_UNKNOWN;
1077  }
1078 }
1079 
1080 void
1081 backend_tls_ctx_reload_crl(struct tls_root_ctx *ctx, const char *crl_file,
1082  bool crl_inline)
1083 {
1084  ASSERT(crl_file);
1085 
1086  if (ctx->crl == NULL)
1087  {
1088  ALLOC_OBJ_CLEAR(ctx->crl, mbedtls_x509_crl);
1089  }
1090  mbedtls_x509_crl_free(ctx->crl);
1091 
1092  if (crl_inline)
1093  {
1094  if (!mbed_ok(mbedtls_x509_crl_parse(ctx->crl,
1095  (const unsigned char *)crl_file,
1096  strlen(crl_file) + 1)))
1097  {
1098  msg(M_WARN, "CRL: cannot parse inline CRL");
1099  goto err;
1100  }
1101  }
1102  else
1103  {
1104  if (!mbed_ok(mbedtls_x509_crl_parse_file(ctx->crl, crl_file)))
1105  {
1106  msg(M_WARN, "CRL: cannot read CRL from file %s", crl_file);
1107  goto err;
1108  }
1109  }
1110  return;
1111 
1112 err:
1113  mbedtls_x509_crl_free(ctx->crl);
1114 }
1115 
1116 void
1117 key_state_ssl_init(struct key_state_ssl *ks_ssl,
1118  const struct tls_root_ctx *ssl_ctx, bool is_server,
1119  struct tls_session *session)
1120 {
1121  ASSERT(NULL != ssl_ctx);
1122  ASSERT(ks_ssl);
1123  CLEAR(*ks_ssl);
1124 
1125  /* Initialise SSL config */
1126  ALLOC_OBJ_CLEAR(ks_ssl->ssl_config, mbedtls_ssl_config);
1127  mbedtls_ssl_config_init(ks_ssl->ssl_config);
1128  mbedtls_ssl_config_defaults(ks_ssl->ssl_config, ssl_ctx->endpoint,
1129  MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1130 #ifdef MBEDTLS_DEBUG_C
1131  /* We only want to have mbed TLS generate debug level logging when we would
1132  * also display it.
1133  * In fact mbed TLS 2.25.0 crashes generating debug log if Curve25591 is
1134  * selected for DH (https://github.com/ARMmbed/mbedtls/issues/4208) */
1135  if (session->opt->ssl_flags & SSLF_TLS_DEBUG_ENABLED)
1136  {
1137  mbedtls_debug_set_threshold(3);
1138  }
1139  else
1140  {
1141  mbedtls_debug_set_threshold(2);
1142  }
1143 #endif
1144  mbedtls_ssl_conf_dbg(ks_ssl->ssl_config, my_debug, NULL);
1145  mbedtls_ssl_conf_rng(ks_ssl->ssl_config, mbedtls_ctr_drbg_random,
1146  rand_ctx_get());
1147 
1148  mbedtls_ssl_conf_cert_profile(ks_ssl->ssl_config, &ssl_ctx->cert_profile);
1149 
1150  if (ssl_ctx->allowed_ciphers)
1151  {
1152  mbedtls_ssl_conf_ciphersuites(ks_ssl->ssl_config, ssl_ctx->allowed_ciphers);
1153  }
1154 
1155  if (ssl_ctx->groups)
1156  {
1157  mbedtls_ssl_conf_groups(ks_ssl->ssl_config, ssl_ctx->groups);
1158  }
1159 
1160  /* Disable TLS renegotiations if the mbedtls library supports that feature.
1161  * OpenVPN's renegotiation creates new SSL sessions and does not depend on
1162  * this feature and TLS renegotiations have been problematic in the past. */
1163 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1164  mbedtls_ssl_conf_renegotiation(ks_ssl->ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1165 #endif /* MBEDTLS_SSL_RENEGOTIATION */
1166 
1167  /* Disable record splitting (for now). OpenVPN assumes records are sent
1168  * unfragmented, and changing that will require thorough review and
1169  * testing. Since OpenVPN is not susceptible to BEAST, we can just
1170  * disable record splitting as a quick fix. */
1171 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
1172  mbedtls_ssl_conf_cbc_record_splitting(ks_ssl->ssl_config,
1173  MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED);
1174 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
1175 
1176  /* Initialise authentication information */
1177  if (is_server)
1178  {
1179  mbed_ok(mbedtls_ssl_conf_dh_param_ctx(ks_ssl->ssl_config,
1180  ssl_ctx->dhm_ctx));
1181  }
1182 
1183  mbed_ok(mbedtls_ssl_conf_own_cert(ks_ssl->ssl_config, ssl_ctx->crt_chain,
1184  ssl_ctx->priv_key));
1185 
1186  /* Initialise SSL verification */
1187  if (session->opt->ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
1188  {
1189  mbedtls_ssl_conf_authmode(ks_ssl->ssl_config, MBEDTLS_SSL_VERIFY_OPTIONAL);
1190  }
1191  else if (!(session->opt->ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED))
1192  {
1193  mbedtls_ssl_conf_authmode(ks_ssl->ssl_config, MBEDTLS_SSL_VERIFY_REQUIRED);
1194  }
1195  mbedtls_ssl_conf_verify(ks_ssl->ssl_config, verify_callback, session);
1196 
1197  /* TODO: mbed TLS does not currently support sending the CA chain to the client */
1198  mbedtls_ssl_conf_ca_chain(ks_ssl->ssl_config, ssl_ctx->ca_chain, ssl_ctx->crl);
1199 
1200  /* Initialize minimum TLS version */
1201  {
1202  const int configured_tls_version_min =
1203  (session->opt->ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT)
1204  &SSLF_TLS_VERSION_MIN_MASK;
1205 
1206  /* default to TLS 1.2 */
1207  mbedtls_ssl_protocol_version version = MBEDTLS_SSL_VERSION_TLS1_2;
1208 
1209  if (configured_tls_version_min > TLS_VER_UNSPEC)
1210  {
1211  version = tls_version_to_ssl_version(configured_tls_version_min);
1212  }
1213 
1214  mbedtls_ssl_conf_min_tls_version(ks_ssl->ssl_config, version);
1215  }
1216 
1217  /* Initialize maximum TLS version */
1218  {
1219  const int configured_tls_version_max =
1220  (session->opt->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT)
1221  &SSLF_TLS_VERSION_MAX_MASK;
1222 
1223  mbedtls_ssl_protocol_version version = MBEDTLS_SSL_VERSION_UNKNOWN;
1224 
1225  if (configured_tls_version_max > TLS_VER_UNSPEC)
1226  {
1227  version = tls_version_to_ssl_version(configured_tls_version_max);
1228  }
1229  else
1230  {
1231  /* Default to tls_version_max(). */
1232  version = tls_version_to_ssl_version(tls_version_max());
1233  }
1234 
1235  mbedtls_ssl_conf_max_tls_version(ks_ssl->ssl_config, version);
1236  }
1237 
1238 #if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
1239  /* Initialize keying material exporter, old style. */
1240  mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config,
1241  mbedtls_ssl_export_keys_cb, session);
1242 #endif
1243 
1244  /* Initialise SSL context */
1245  ALLOC_OBJ_CLEAR(ks_ssl->ctx, mbedtls_ssl_context);
1246  mbedtls_ssl_init(ks_ssl->ctx);
1247  mbed_ok(mbedtls_ssl_setup(ks_ssl->ctx, ks_ssl->ssl_config));
1248 
1249 #if HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
1250  /* Initialize keying material exporter, new style. */
1251  mbedtls_ssl_set_export_keys_cb(ks_ssl->ctx, mbedtls_ssl_export_keys_cb, session);
1252 #endif
1253 
1254  /* Initialise BIOs */
1255  ALLOC_OBJ_CLEAR(ks_ssl->bio_ctx, bio_ctx);
1256  mbedtls_ssl_set_bio(ks_ssl->ctx, ks_ssl->bio_ctx, ssl_bio_write,
1257  ssl_bio_read, NULL);
1258 }
1259 
1260 
1261 void
1262 key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
1263 {
1264  mbedtls_ssl_send_alert_message(ks_ssl->ctx, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1265  MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY);
1266 }
1267 
1268 void
1269 key_state_ssl_free(struct key_state_ssl *ks_ssl)
1270 {
1271  if (ks_ssl)
1272  {
1273  CLEAR(ks_ssl->tls_key_cache);
1274 
1275  if (ks_ssl->ctx)
1276  {
1277  mbedtls_ssl_free(ks_ssl->ctx);
1278  free(ks_ssl->ctx);
1279  }
1280  if (ks_ssl->ssl_config)
1281  {
1282  mbedtls_ssl_config_free(ks_ssl->ssl_config);
1283  free(ks_ssl->ssl_config);
1284  }
1285  if (ks_ssl->bio_ctx)
1286  {
1287  buf_free_entries(&ks_ssl->bio_ctx->in);
1288  buf_free_entries(&ks_ssl->bio_ctx->out);
1289  free(ks_ssl->bio_ctx);
1290  }
1291  CLEAR(*ks_ssl);
1292  }
1293 }
1294 
1295 int
1296 key_state_write_plaintext(struct key_state_ssl *ks, struct buffer *buf)
1297 {
1298  int retval = 0;
1299 
1300  ASSERT(buf);
1301 
1302  retval = key_state_write_plaintext_const(ks, BPTR(buf), BLEN(buf));
1303 
1304  if (1 == retval)
1305  {
1306  memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
1307  buf->len = 0;
1308  }
1309 
1310  return retval;
1311 }
1312 
1313 int
1314 key_state_write_plaintext_const(struct key_state_ssl *ks, const uint8_t *data, int len)
1315 {
1316  int retval = 0;
1317  perf_push(PERF_BIO_WRITE_PLAINTEXT);
1318 
1319  ASSERT(NULL != ks);
1320  ASSERT(len >= 0);
1321 
1322  if (0 == len)
1323  {
1324  perf_pop();
1325  return 0;
1326  }
1327 
1328  ASSERT(data);
1329 
1330  retval = mbedtls_ssl_write(ks->ctx, data, len);
1331 
1332  if (retval < 0)
1333  {
1334  perf_pop();
1335  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1336  {
1337  return 0;
1338  }
1339  mbed_log_err(D_TLS_ERRORS, retval,
1340  "TLS ERROR: write tls_write_plaintext_const error");
1341  return -1;
1342  }
1343 
1344  if (retval != len)
1345  {
1346  msg(D_TLS_ERRORS,
1347  "TLS ERROR: write tls_write_plaintext_const incomplete %d/%d",
1348  retval, len);
1349  perf_pop();
1350  return -1;
1351  }
1352 
1353  /* successful write */
1354  dmsg(D_HANDSHAKE_VERBOSE, "write tls_write_plaintext_const %d bytes", retval);
1355 
1356  perf_pop();
1357  return 1;
1358 }
1359 
1360 int
1361 key_state_read_ciphertext(struct key_state_ssl *ks, struct buffer *buf)
1362 {
1363  int retval = 0;
1364  int len = 0;
1365 
1366  perf_push(PERF_BIO_READ_CIPHERTEXT);
1367 
1368  ASSERT(NULL != ks);
1369  ASSERT(buf);
1370  ASSERT(buf->len >= 0);
1371 
1372  if (buf->len)
1373  {
1374  perf_pop();
1375  return 0;
1376  }
1377 
1378  len = buf_forward_capacity(buf);
1379 
1380  retval = endless_buf_read(&ks->bio_ctx->out, BPTR(buf), len);
1381 
1382  /* Error during read, check for retry error */
1383  if (retval < 0)
1384  {
1385  perf_pop();
1386  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1387  {
1388  return 0;
1389  }
1390  mbed_log_err(D_TLS_ERRORS, retval, "TLS_ERROR: read tls_read_ciphertext error");
1391  buf->len = 0;
1392  return -1;
1393  }
1394  /* Nothing read, try again */
1395  if (0 == retval)
1396  {
1397  buf->len = 0;
1398  perf_pop();
1399  return 0;
1400  }
1401 
1402  /* successful read */
1403  dmsg(D_HANDSHAKE_VERBOSE, "read tls_read_ciphertext %d bytes", retval);
1404  buf->len = retval;
1405  perf_pop();
1406  return 1;
1407 }
1408 
1409 int
1410 key_state_write_ciphertext(struct key_state_ssl *ks, struct buffer *buf)
1411 {
1412  int retval = 0;
1413  perf_push(PERF_BIO_WRITE_CIPHERTEXT);
1414 
1415  ASSERT(NULL != ks);
1416  ASSERT(buf);
1417  ASSERT(buf->len >= 0);
1418 
1419  if (0 == buf->len)
1420  {
1421  perf_pop();
1422  return 0;
1423  }
1424 
1425  retval = endless_buf_write(&ks->bio_ctx->in, BPTR(buf), buf->len);
1426 
1427  if (retval < 0)
1428  {
1429  perf_pop();
1430 
1431  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1432  {
1433  return 0;
1434  }
1435  mbed_log_err(D_TLS_ERRORS, retval,
1436  "TLS ERROR: write tls_write_ciphertext error");
1437  return -1;
1438  }
1439 
1440  if (retval != buf->len)
1441  {
1442  msg(D_TLS_ERRORS, "TLS ERROR: write tls_write_ciphertext incomplete %d/%d",
1443  retval, buf->len);
1444  perf_pop();
1445  return -1;
1446  }
1447 
1448  /* successful write */
1449  dmsg(D_HANDSHAKE_VERBOSE, "write tls_write_ciphertext %d bytes", retval);
1450 
1451  memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
1452  buf->len = 0;
1453 
1454  perf_pop();
1455  return 1;
1456 }
1457 
1458 int
1459 key_state_read_plaintext(struct key_state_ssl *ks, struct buffer *buf)
1460 {
1461  int retval = 0;
1462  int len = 0;
1463 
1464  perf_push(PERF_BIO_READ_PLAINTEXT);
1465 
1466  ASSERT(NULL != ks);
1467  ASSERT(buf);
1468  ASSERT(buf->len >= 0);
1469 
1470  if (buf->len)
1471  {
1472  perf_pop();
1473  return 0;
1474  }
1475 
1476  len = buf_forward_capacity(buf);
1477 
1478  retval = mbedtls_ssl_read(ks->ctx, BPTR(buf), len);
1479 
1480  /* Error during read, check for retry error */
1481  if (retval < 0)
1482  {
1483  if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
1484  {
1485  return 0;
1486  }
1487  mbed_log_err(D_TLS_ERRORS, retval, "TLS_ERROR: read tls_read_plaintext error");
1488  buf->len = 0;
1489  perf_pop();
1490  return -1;
1491  }
1492  /* Nothing read, try again */
1493  if (0 == retval)
1494  {
1495  buf->len = 0;
1496  perf_pop();
1497  return 0;
1498  }
1499 
1500  /* successful read */
1501  dmsg(D_HANDSHAKE_VERBOSE, "read tls_read_plaintext %d bytes", retval);
1502  buf->len = retval;
1503 
1504  perf_pop();
1505  return 1;
1506 }
1507 
1508 /* **************************************
1509  *
1510  * Information functions
1511  *
1512  * Print information for the end user.
1513  *
1514  ***************************************/
1515 void
1516 print_details(struct key_state_ssl *ks_ssl, const char *prefix)
1517 {
1518  const mbedtls_x509_crt *cert;
1519  char s1[256];
1520  char s2[256];
1521 
1522  s1[0] = s2[0] = 0;
1523  snprintf(s1, sizeof(s1), "%s %s, cipher %s",
1524  prefix,
1525  mbedtls_ssl_get_version(ks_ssl->ctx),
1526  mbedtls_ssl_get_ciphersuite(ks_ssl->ctx));
1527 
1528  cert = mbedtls_ssl_get_peer_cert(ks_ssl->ctx);
1529  if (cert != NULL)
1530  {
1531  snprintf(s2, sizeof(s2), ", %u bit key",
1532  (unsigned int) mbedtls_pk_get_bitlen(&cert->pk));
1533  }
1534 
1535  msg(D_HANDSHAKE, "%s%s", s1, s2);
1536 }
1537 
1538 void
1539 show_available_tls_ciphers_list(const char *cipher_list,
1540  const char *tls_cert_profile,
1541  bool tls13)
1542 {
1543  if (tls13)
1544  {
1545  /* mbed TLS has no TLS 1.3 support currently */
1546  return;
1547  }
1548  struct tls_root_ctx tls_ctx;
1549  const int *ciphers = mbedtls_ssl_list_ciphersuites();
1550 
1551  tls_ctx_server_new(&tls_ctx);
1552  tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
1553  tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
1554 
1555  if (tls_ctx.allowed_ciphers)
1556  {
1557  ciphers = tls_ctx.allowed_ciphers;
1558  }
1559 
1560  while (*ciphers != 0)
1561  {
1562  printf("%s\n", mbedtls_ssl_get_ciphersuite_name(*ciphers));
1563  ciphers++;
1564  }
1565  tls_ctx_free(&tls_ctx);
1566 }
1567 
1568 void
1569 show_available_curves(void)
1570 {
1571  const mbedtls_ecp_curve_info *pcurve = mbedtls_ecp_curve_list();
1572 
1573  if (NULL == pcurve)
1574  {
1575  msg(M_FATAL, "Cannot retrieve curve list from mbed TLS");
1576  }
1577 
1578  /* Print curve list */
1579  printf("Available Elliptic curves, listed in order of preference:\n\n");
1580  while (MBEDTLS_ECP_DP_NONE != pcurve->grp_id)
1581  {
1582  printf("%s\n", pcurve->name);
1583  pcurve++;
1584  }
1585 }
1586 
1587 void
1588 get_highest_preference_tls_cipher(char *buf, int size)
1589 {
1590  const char *cipher_name;
1591  const int *ciphers = mbedtls_ssl_list_ciphersuites();
1592  if (*ciphers == 0)
1593  {
1594  msg(M_FATAL, "Cannot retrieve list of supported SSL ciphers.");
1595  }
1596 
1597  cipher_name = mbedtls_ssl_get_ciphersuite_name(*ciphers);
1598  strncpynt(buf, cipher_name, size);
1599 }
1600 
1601 const char *
1602 get_ssl_library_version(void)
1603 {
1604  static char mbedtls_version[30];
1605  unsigned int pv = mbedtls_version_get_number();
1606  snprintf(mbedtls_version, sizeof(mbedtls_version), "mbed TLS %d.%d.%d",
1607  (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
1608  return mbedtls_version;
1609 }
1610 
1611 void
1612 load_xkey_provider(void)
1613 {
1614  return; /* no external key provider in mbedTLS build */
1615 }
1616 
1617 #endif /* defined(ENABLE_CRYPTO_MBEDTLS) */
SSLF_TLS_VERSION_MIN_SHIFT
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition: ssl_common.h:413
load_xkey_provider
void load_xkey_provider(void)
Load ovpn.xkey provider used for external key signing.
Definition: ssl_openssl.c:2442
md_full
int md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst)
Calculates the message digest for the given buffer.
Definition: crypto_openssl.c:1114
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition: base64.c:158
D_TLS_DEBUG
#define D_TLS_DEBUG
Definition: errlevel.h:165
key_state_ssl_free
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition: ssl_openssl.c:1950
tls_ctx_load_cert_file
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Load certificate file into the given TLS context.
Definition: ssl_openssl.c:949
key_state_ssl
Definition: ssl_mbedtls.h:127
ALLOC_ARRAY_CLEAR
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition: buffer.h:1081
ssl_backend.h
tls_root_ctx::external_key
struct external_context external_key
External key context.
Definition: ssl_mbedtls.h:121
external_context
Context used by external_pkcs1_sign()
Definition: ssl_mbedtls.h:81
mbedtls_compat_get_group_id
static mbedtls_compat_group_id mbedtls_compat_get_group_id(const mbedtls_ecp_curve_info *curve_info)
Definition: mbedtls_compat.h:75
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:1030
PERF_BIO_READ_PLAINTEXT
#define PERF_BIO_READ_PLAINTEXT
Definition: perf.h:38
SSLF_TLS_VERSION_MAX_MASK
#define SSLF_TLS_VERSION_MAX_MASK
Definition: ssl_common.h:416
tls_init_lib
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition: ssl_openssl.c:85
mbedtls_compat_pk_parse_key
static int mbedtls_compat_pk_parse_key(mbedtls_pk_context *ctx, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:119
rand_ctx_get
mbedtls_ctr_drbg_context * rand_ctx_get(void)
Returns a singleton instance of the mbed TLS random number generator.
tls_ctx_load_priv_file
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
Definition: ssl_openssl.c:1011
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
M_FATAL
#define M_FATAL
Definition: error.h:89
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition: manage.c:3080
manage.h
D_HANDSHAKE_VERBOSE
#define D_HANDSHAKE_VERBOSE
Definition: errlevel.h:156
KS_PRIMARY
#define KS_PRIMARY
Primary key state index.
Definition: ssl_common.h:448
tls_ctx_load_ecdh_params
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:710
hash
Definition: list.h:56
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition: errlevel.h:77
static_assert
#define static_assert(expr, diagnostic)
Definition: error.h:212
tls_root_ctx::cert_profile
mbedtls_x509_crt_profile cert_profile
Allowed certificate types.
Definition: ssl_mbedtls.h:124
get_ssl_library_version
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition: ssl_openssl.c:2409
print_details
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Definition: ssl_openssl.c:2240
tls_ctx_load_extra_certs
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, bool extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1685
D_HANDSHAKE
#define D_HANDSHAKE
Definition: errlevel.h:72
tls_ctx_client_new
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition: ssl_openssl.c:115
tls_ctx_server_new
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition: ssl_openssl.c:97
mbedtls_compat_ctr_drbg_update
static int mbedtls_compat_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len)
Definition: mbedtls_compat.h:93
get_num_elements
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number e...
Definition: ssl_util.c:284
show_available_tls_ciphers_list
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
Definition: ssl_openssl.c:2269
session::key
char key[48]
Definition: keyingmaterialexporter.c:58
tls_ctx_set_options
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition: ssl_openssl.c:303
openvpn_base64_encode
int openvpn_base64_encode(const void *data, int size, char **str)
Definition: base64.c:52
bio_ctx::out
endless_buffer out
Definition: ssl_mbedtls.h:60
print_key_filename
const char * print_key_filename(const char *str, bool is_inline)
To be used when printing a string that may contain inline data.
Definition: crypto.c:1083
tls_ctx_load_cryptoapi
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition: ssl_openssl.c:902
dmsg
#define dmsg(flags,...)
Definition: error.h:148
tls_free_lib
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition: ssl_openssl.c:92
ssl_verify_mbedtls.h
backend_tls_ctx_reload_crl
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition: ssl_openssl.c:1068
tls_ctx_use_management_external_key
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
Definition: ssl_openssl.c:1456
mbedtls_compat_pk_check_pair
static int mbedtls_compat_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:108
PERF_BIO_WRITE_PLAINTEXT
#define PERF_BIO_WRITE_PLAINTEXT
Definition: perf.h:39
tls_root_ctx::ca_chain
mbedtls_x509_crt * ca_chain
CA chain for remote verification.
Definition: ssl_mbedtls.h:113
mbedtls_ssl_conf_min_tls_version
static void mbedtls_ssl_conf_min_tls_version(mbedtls_ssl_config *conf, mbedtls_ssl_protocol_version tls_version)
Definition: mbedtls_compat.h:151
endless_buffer
Definition: ssl_mbedtls.h:52
mbed_ok
#define mbed_ok(errval)
Check errval and log on error.
Definition: crypto_mbedtls.h:148
external_context::signature_length
size_t signature_length
Definition: ssl_mbedtls.h:82
external_context::sign_ctx
void * sign_ctx
Definition: ssl_mbedtls.h:84
tls_root_ctx::groups
mbedtls_compat_group_id * groups
List of allowed groups for this connection.
Definition: ssl_mbedtls.h:123
key_state_write_ciphertext
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition: ssl_openssl.c:2009
CLEAR
#define CLEAR(x)
Definition: basic.h:33
tls_root_ctx::dhm_ctx
mbedtls_dhm_context * dhm_ctx
Diffie-Helmann-Merkle context.
Definition: ssl_mbedtls.h:111
ssl_util.h
passbuf
static struct user_pass passbuf
Definition: ssl.c:241
key_state_read_plaintext
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract plaintext data from the TLS module.
Definition: ssl_openssl.c:2024
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:667
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:414
ASSERT
#define ASSERT(x)
Definition: error.h:195
tls_get_cipher_name_pair
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition: ssl_util.c:265
key_state_ssl::ssl_config
mbedtls_ssl_config * ssl_config
mbedTLS global ssl config
Definition: ssl_mbedtls.h:128
counter_type
uint64_t counter_type
Definition: common.h:30
SSLF_TLS_VERSION_MIN_MASK
#define SSLF_TLS_VERSION_MIN_MASK
Definition: ssl_common.h:414
external_sign_func
bool(* external_sign_func)(void *sign_ctx, const void *src, size_t src_size, void *dst, size_t dst_size)
External signing function prototype.
Definition: ssl_mbedtls.h:76
BLEN
#define BLEN(buf)
Definition: buffer.h:127
SSLF_TLS_DEBUG_ENABLED
#define SSLF_TLS_DEBUG_ENABLED
Definition: ssl_common.h:417
tls_root_ctx::priv_key
mbedtls_pk_context * priv_key
Local private key.
Definition: ssl_mbedtls.h:114
PERF_BIO_WRITE_CIPHERTEXT
#define PERF_BIO_WRITE_CIPHERTEXT
Definition: perf.h:41
tls_ctx_initialised
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition: ssl_openssl.c:142
misc.h
mbedtls_ssl_conf_max_tls_version
static void mbedtls_ssl_conf_max_tls_version(mbedtls_ssl_config *conf, mbedtls_ssl_protocol_version tls_version)
Definition: mbedtls_compat.h:159
endless_buffer::first_block
buffer_entry * first_block
Definition: ssl_mbedtls.h:54
M_WARN
#define M_WARN
Definition: error.h:91
perf_pop
static void perf_pop(void)
Definition: perf.h:82
tls_version_max
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation.
Definition: ssl_openssl.c:200
tls_ctx_free
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition: ssl_openssl.c:133
tls_ctx_set_cert_profile
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition: ssl_openssl.c:514
pkcs11_backend.h
external_context::sign
external_sign_func sign
Definition: ssl_mbedtls.h:83
base64.h
tls_root_ctx::crt_chain
mbedtls_x509_crt * crt_chain
Local Certificate chain.
Definition: ssl_mbedtls.h:112
errlevel.h
SSLF_CLIENT_CERT_NOT_REQUIRED
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition: ssl_common.h:407
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition: manage.c:3747
mbedtls_dhm_get_bitlen
static size_t mbedtls_dhm_get_bitlen(const mbedtls_dhm_context *ctx)
Definition: mbedtls_compat.h:209
key_state_ssl_init
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition: ssl_openssl.c:1904
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition: ssl_openssl.c:149
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
key_state_write_plaintext
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition: ssl_openssl.c:1965
get_highest_preference_tls_cipher
void get_highest_preference_tls_cipher(char *buf, int size)
Definition: ssl_openssl.c:2384
mbedtls_compat_psa_crypto_init
static void mbedtls_compat_psa_crypto_init(void)
Definition: mbedtls_compat.h:62
D_TLS_ERRORS
#define D_TLS_ERRORS
Definition: errlevel.h:59
tls_ctx_set_tls_groups
void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
Set the (elliptic curve) group allowed for signatures and key exchange.
Definition: ssl_openssl.c:553
mbedtls_compat.h
TLS_VER_1_2
#define TLS_VER_1_2
Definition: ssl_backend.h:107
tls_root_ctx::initialised
bool initialised
True if the context has been initialised.
Definition: ssl_mbedtls.h:107
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:471
buffer.h
tls_key_cache
Definition: ssl_mbedtls.h:97
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
tls_root_ctx::endpoint
int endpoint
Whether or not this is a server or a client.
Definition: ssl_mbedtls.h:109
tls_ctx_restrict_ciphers_tls13
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher.
Definition: ssl_openssl.c:485
SSLF_TLS_VERSION_MAX_SHIFT
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition: ssl_common.h:415
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
tls_ctx_check_cert_time
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition: ssl_openssl.c:613
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:361
endless_buffer::last_block
buffer_entry * last_block
Definition: ssl_mbedtls.h:55
PERF_BIO_READ_CIPHERTEXT
#define PERF_BIO_READ_CIPHERTEXT
Definition: perf.h:40
tls_root_ctx::crl
mbedtls_x509_crl * crl
Certificate Revocation List.
Definition: ssl_mbedtls.h:115
counter_format
#define counter_format
Definition: common.h:31
tls_cipher_name_pair::openssl_name
const char * openssl_name
Definition: ssl_util.h:75
tls_ctx_load_ca
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition: ssl_openssl.c:1536
bio_ctx
Definition: ssl_mbedtls.h:58
verify_callback
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer's certificate allows setting up a VPN tunnel.
D_TLS_DEBUG_MED
#define D_TLS_DEBUG_MED
Definition: errlevel.h:157
tls_root_ctx
Structure that wraps the TLS context.
Definition: ssl_mbedtls.h:106
status
static SERVICE_STATUS status
Definition: interactive.c:53
mbedtls_ssl_conf_groups
static void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, mbedtls_compat_group_id *groups)
Definition: mbedtls_compat.h:167
management
Definition: manage.h:335
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1038
show_available_curves
void show_available_curves(void)
Definition: ssl_openssl.c:2344
TLS_VER_1_3
#define TLS_VER_1_3
Definition: ssl_backend.h:108
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1065
strsep
char * strsep(char **stringp, const char *delim)
Definition: compat-strsep.c:36
config.h
mbedtls_ssl_protocol_version
mbedtls_ssl_protocol_version
Definition: mbedtls_compat.h:144
pem_password_callback
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user's password.
Definition: ssl.c:253
ssl_common.h
mbed_log_err
bool mbed_log_err(unsigned int flags, int errval, const char *prefix)
Log the supplied mbed TLS error, prefixed by supplied prefix.
MBEDTLS_SSL_VERSION_TLS1_2
@ MBEDTLS_SSL_VERSION_TLS1_2
Definition: mbedtls_compat.h:146
key_state_ssl::bio_ctx
bio_ctx * bio_ctx
Definition: ssl_mbedtls.h:130
session
Definition: keyingmaterialexporter.c:56
tls_root_ctx::allowed_ciphers
int * allowed_ciphers
List of allowed ciphers for this connection.
Definition: ssl_mbedtls.h:122
key_state_ssl::tls_key_cache
struct tls_key_cache tls_key_cache
Definition: ssl_mbedtls.h:132
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:546
key_state_write_plaintext_const
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition: ssl_openssl.c:1981
tls_ctx_load_pkcs12
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context.
Definition: ssl_openssl.c:772
MBEDTLS_SSL_VERSION_TLS1_3
@ MBEDTLS_SSL_VERSION_TLS1_3
Definition: mbedtls_compat.h:147
tls_cipher_name_pair::iana_name
const char * iana_name
Definition: ssl_util.h:75
MBEDTLS_SSL_VERSION_UNKNOWN
@ MBEDTLS_SSL_VERSION_UNKNOWN
Definition: mbedtls_compat.h:145
UP_TYPE_PRIVATE_KEY
#define UP_TYPE_PRIVATE_KEY
Definition: ssl_common.h:42
TLS_VER_UNSPEC
#define TLS_VER_UNSPEC
Definition: ssl_backend.h:104
mbedtls_compat_pk_parse_keyfile
static int mbedtls_compat_pk_parse_keyfile(mbedtls_pk_context *ctx, const char *path, const char *password, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:132
msg
#define msg(flags,...)
Definition: error.h:144
key_state_ssl::ctx
mbedtls_ssl_context * ctx
mbedTLS connection context
Definition: ssl_mbedtls.h:129
SSLF_CLIENT_CERT_OPTIONAL
#define SSLF_CLIENT_CERT_OPTIONAL
Definition: ssl_common.h:408
tls_ctx_load_dh_params
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition: ssl_openssl.c:649
buffer_entry
Definition: buffer.h:1119
endless_buffer::data_start
size_t data_start
Definition: ssl_mbedtls.h:53
tls_ctx_use_external_signing_func
int tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx, external_sign_func sign_func, void *sign_ctx)
Call the supplied signing function to create a TLS signature during the TLS handshake.
perf_push
static void perf_push(int type)
Definition: perf.h:78
tls_ctx_restrict_ciphers
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below.
Definition: ssl_openssl.c:423
mbedtls_compat_group_id
mbedtls_ecp_group_id mbedtls_compat_group_id
Definition: mbedtls_compat.h:58
key_state_read_ciphertext
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract ciphertext data from the TLS module.
Definition: ssl_openssl.c:1995
bio_ctx::in
endless_buffer in
Definition: ssl_mbedtls.h:59
tls_cipher_name_pair
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name.
Definition: ssl_util.h:75
key_state_ssl_shutdown
void key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
Sets a TLS session to be shutdown state, so the TLS library will generate a shutdown alert.
Definition: ssl_openssl.c:1944
cleanup
static int cleanup(void **state)
Definition: test_pkcs11.c:280
Generated by   doxygen 1.8.17