OpenVPN
ssl_openssl.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
9 * Copyright (C) 2010-2026 Sentyron B.V. <openvpn@sentyron.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <https://www.gnu.org/licenses/>.
22 */
23
29#ifdef HAVE_CONFIG_H
30#include "config.h"
31#endif
32
33#include "syshead.h"
34
35#if defined(ENABLE_CRYPTO_OPENSSL)
36
37#include "errlevel.h"
38#include "buffer.h"
39#include "misc.h"
40#include "manage.h"
41#include "memdbg.h"
42#include "ssl_backend.h"
43#include "ssl_common.h"
44#include "base64.h"
45#include "openssl_compat.h"
46#include "xkey_common.h"
47
48#ifdef ENABLE_CRYPTOAPI
49#include "cryptoapi.h"
50#endif
51
52#include "ssl_verify_openssl.h"
53#include "ssl_util.h"
54
55#include <openssl/bn.h>
56#include <openssl/crypto.h>
57#include <openssl/dh.h>
58#include <openssl/dsa.h>
59#include <openssl/err.h>
60#include <openssl/pkcs12.h>
61#include <openssl/rsa.h>
62#include <openssl/x509.h>
63#include <openssl/ssl.h>
64#ifndef OPENSSL_NO_EC
65#include <openssl/ec.h>
66#endif
67
68#if OPENSSL_VERSION_NUMBER >= 0x30000000L
69#define HAVE_OPENSSL_STORE_API
70#include <openssl/ui.h>
71#include <openssl/store.h>
72#endif
73
74#if defined(_MSC_VER) && !defined(_M_ARM64)
75#include <openssl/applink.c>
76#endif
77
78OSSL_LIB_CTX *tls_libctx; /* Global */
79
80static void unload_xkey_provider(void);
81
82/*
83 * Allocate space in SSL objects in which to store a struct tls_session
84 * pointer back to parent.
85 *
86 */
87
88int mydata_index; /* GLOBAL */
89
90void
91tls_init_lib(void)
92{
93 mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
94 ASSERT(mydata_index >= 0);
95}
96
97void
98tls_free_lib(void)
99{
100}
101
102void
103tls_ctx_server_new(struct tls_root_ctx *ctx)
104{
105 ASSERT(NULL != ctx);
106
107 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_server_method());
108
109 if (ctx->ctx == NULL)
110 {
111 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
112 }
113 if (ERR_peek_error() != 0)
114 {
115 crypto_msg(M_WARN, "Warning: TLS server context initialisation "
116 "has warnings.");
117 }
118}
119
120void
121tls_ctx_client_new(struct tls_root_ctx *ctx)
122{
123 ASSERT(NULL != ctx);
124
125 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_client_method());
126
127 if (ctx->ctx == NULL)
128 {
129 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
130 }
131 if (ERR_peek_error() != 0)
132 {
133 crypto_msg(M_WARN, "Warning: TLS client context initialisation "
134 "has warnings.");
135 }
136}
137
138void
139tls_ctx_free(struct tls_root_ctx *ctx)
140{
141 ASSERT(NULL != ctx);
142 SSL_CTX_free(ctx->ctx);
143 ctx->ctx = NULL;
144 unload_xkey_provider(); /* in case it is loaded */
145}
146
147bool
148tls_ctx_initialised(struct tls_root_ctx *ctx)
149{
150 /* either this should be NULL or should be non-null and then have a
151 * valid TLS ctx inside as well */
152 ASSERT(ctx == NULL || ctx->ctx != NULL);
153 return ctx != NULL;
154}
155
156bool
157key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size,
158 void *ekm, size_t ekm_size)
159
160{
161 SSL *ssl = session->key[KS_PRIMARY].ks_ssl.ssl;
162
163 if (SSL_export_keying_material(ssl, ekm, ekm_size, label, label_size, NULL, 0, 0) == 1)
164 {
165 return true;
166 }
167 else
168 {
169 secure_memzero(ekm, ekm_size);
170 return false;
171 }
172}
173
174/*
175 * Print debugging information on SSL/TLS session negotiation.
176 */
177
178#ifndef INFO_CALLBACK_SSL_CONST
179#define INFO_CALLBACK_SSL_CONST const
180#endif
181static void
182info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
183{
184 if (where & SSL_CB_LOOP)
185 {
186 dmsg(D_HANDSHAKE_VERBOSE, "SSL state (%s): %s",
187 where & SSL_ST_CONNECT ? "connect"
188 : where & SSL_ST_ACCEPT ? "accept"
189 : "undefined",
190 SSL_state_string_long(s));
191 }
192 else if (where & SSL_CB_ALERT)
193 {
194 dmsg(D_TLS_DEBUG_LOW, "%s %s SSL alert: %s", where & SSL_CB_READ ? "Received" : "Sent",
195 SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
196 }
197}
198
199/*
200 * Return maximum TLS version supported by local OpenSSL library.
201 * Assume that presence of SSL_OP_NO_TLSvX macro indicates that
202 * TLSvX is supported.
203 */
204int
205tls_version_max(void)
206{
207#if defined(TLS1_3_VERSION)
208 /* If this is defined we can safely assume TLS 1.3 support */
209 return TLS_VER_1_3;
210#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
211 /*
212 * If TLS_VER_1_3 is not defined, we were compiled against a version that
213 * did not support TLS 1.3.
214 *
215 * However, the library we are *linked* against might be OpenSSL 1.1.1
216 * and therefore supports TLS 1.3. This needs to be checked at runtime
217 * since we can be compiled against 1.1.0 and then the library can be
218 * upgraded to 1.1.1.
219 * We only need to check this for OpenSSL versions that can be
220 * upgraded to 1.1.1 without recompile (>= 1.1.0)
221 */
222 if (OpenSSL_version_num() >= 0x1010100fL)
223 {
224 return TLS_VER_1_3;
225 }
226 else
227 {
228 return TLS_VER_1_2;
229 }
230#elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2)
231 return TLS_VER_1_2;
232#elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1)
233 return TLS_VER_1_1;
234#else /* if defined(TLS1_3_VERSION) */
235 return TLS_VER_1_0;
236#endif
237}
238
240static uint16_t
241openssl_tls_version(unsigned int ver)
242{
243 if (ver == TLS_VER_1_0)
244 {
245 return TLS1_VERSION;
246 }
247 else if (ver == TLS_VER_1_1)
248 {
249 return TLS1_1_VERSION;
250 }
251 else if (ver == TLS_VER_1_2)
252 {
253 return TLS1_2_VERSION;
254 }
255 else if (ver == TLS_VER_1_3)
256 {
257 /*
258 * Supporting the library upgraded to TLS1.3 without recompile
259 * is enough to support here with a simple constant that the same
260 * as in the TLS 1.3, so spec it is very unlikely that OpenSSL
261 * will change this constant
262 */
263#ifndef TLS1_3_VERSION
264 /*
265 * We do not want to define TLS_VER_1_3 if not defined
266 * since other parts of the code use the existance of this macro
267 * as proxy for TLS 1.3 support
268 */
269 return 0x0304;
270#else
271 return TLS1_3_VERSION;
272#endif
273 }
274 return 0;
275}
276
277static bool
278tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
279{
280 uint16_t tls_ver_min =
281 openssl_tls_version((ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) & SSLF_TLS_VERSION_MIN_MASK);
282 uint16_t tls_ver_max =
283 openssl_tls_version((ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK);
284
285 if (!tls_ver_min)
286 {
287 /* Enforce at least TLS 1.0 */
288 uint16_t cur_min = (uint16_t)SSL_CTX_get_min_proto_version(ctx->ctx);
289 tls_ver_min = cur_min < TLS1_VERSION ? TLS1_VERSION : cur_min;
290 }
291
292 if (!SSL_CTX_set_min_proto_version(ctx->ctx, tls_ver_min))
293 {
294 msg(D_TLS_ERRORS, "%s: failed to set minimum TLS version", __func__);
295 return false;
296 }
297
298 if (tls_ver_max && !SSL_CTX_set_max_proto_version(ctx->ctx, tls_ver_max))
299 {
300 msg(D_TLS_ERRORS, "%s: failed to set maximum TLS version", __func__);
301 return false;
302 }
303
304 return true;
305}
306
307bool
308tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
309{
310 ASSERT(NULL != ctx);
311
312 /* process SSL options */
313 uint64_t sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET;
314#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
315 sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE;
316#endif
317 sslopt |= SSL_OP_NO_COMPRESSION;
318 /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL
319 * session and does not depend on this feature. And TLS renegotiations have
320 * been problematic in the past */
321#ifdef SSL_OP_NO_RENEGOTIATION
322 sslopt |= SSL_OP_NO_RENEGOTIATION;
323#endif
324
325 SSL_CTX_set_options(ctx->ctx, sslopt);
326
327 if (!tls_ctx_set_tls_versions(ctx, ssl_flags))
328 {
329 return false;
330 }
331
332#ifdef SSL_MODE_RELEASE_BUFFERS
333 SSL_CTX_set_mode(ctx->ctx, SSL_MODE_RELEASE_BUFFERS);
334#endif
335 SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_OFF);
336 SSL_CTX_set_default_passwd_cb(ctx->ctx, pem_password_callback);
337
338 /* Require peer certificate verification */
339 int verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
340 if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
341 {
342 verify_flags = 0;
343 }
344 else if (ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
345 {
346 verify_flags = SSL_VERIFY_PEER;
347 }
348 SSL_CTX_set_verify(ctx->ctx, verify_flags, verify_callback);
349
350 SSL_CTX_set_info_callback(ctx->ctx, info_callback);
351
352 return true;
353}
354
355static void
356convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
357{
358 /* Parse supplied cipher list and pass on to OpenSSL */
359 size_t begin_of_cipher, end_of_cipher;
360
361 const char *current_cipher;
362 size_t current_cipher_len;
363
364 const tls_cipher_name_pair *cipher_pair;
365
366 size_t openssl_ciphers_len = 0;
367 openssl_ciphers[0] = '\0';
368
369 /* Translate IANA cipher suite names to OpenSSL names */
370 begin_of_cipher = end_of_cipher = 0;
371 for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
372 {
373 end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
374 cipher_pair =
375 tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
376
377 if (NULL == cipher_pair)
378 {
379 /* No translation found, use original */
380 current_cipher = &ciphers[begin_of_cipher];
381 current_cipher_len = end_of_cipher - begin_of_cipher;
382
383 /* Issue warning on missing translation */
384 /* %.*s format specifier expects length of type int, so guarantee */
385 /* that length is small enough and cast to int. */
386 msg(D_LOW, "No valid translation found for TLS cipher '%.*s'",
387 constrain_int((int)current_cipher_len, 0, 256), current_cipher);
388 }
389 else
390 {
391 /* Use OpenSSL name */
392 current_cipher = cipher_pair->openssl_name;
393 current_cipher_len = strlen(current_cipher);
394
395 if (end_of_cipher - begin_of_cipher == current_cipher_len
396 && 0
397 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name,
398 end_of_cipher - begin_of_cipher))
399 {
400 /* Non-IANA name used, show warning */
401 msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'",
402 cipher_pair->openssl_name, cipher_pair->iana_name);
403 }
404 }
405
406 /* Make sure new cipher name fits in cipher string */
407 if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
408 || (len - 1) < (openssl_ciphers_len + current_cipher_len))
409 {
410 msg(M_FATAL, "Failed to set restricted TLS cipher list, too long (>%d).",
411 (int)(len - 1));
412 }
413
414 /* Concatenate cipher name to OpenSSL cipher string */
415 memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
416 openssl_ciphers_len += current_cipher_len;
417 openssl_ciphers[openssl_ciphers_len] = ':';
418 openssl_ciphers_len++;
419
420 end_of_cipher++;
421 }
422
423 if (openssl_ciphers_len > 0)
424 {
425 openssl_ciphers[openssl_ciphers_len - 1] = '\0';
426 }
427}
428
429void
430tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
431{
432 if (ciphers == NULL)
433 {
434 /* Use sane default TLS cipher list */
435 if (!SSL_CTX_set_cipher_list(
436 ctx->ctx,
437 /* Use openssl's default list as a basis */
438 "DEFAULT"
439 /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */
440 ":!EXP:!LOW:!MEDIUM"
441 /* Disable static (EC)DH keys (no forward secrecy) */
442 ":!kDH:!kECDH"
443 /* Disable DSA private keys */
444 ":!DSS"
445 /* Disable unsupported TLS modes */
446 ":!PSK:!SRP:!kRSA"))
447 {
448 crypto_msg(M_FATAL, "Failed to set default TLS cipher list.");
449 }
450 return;
451 }
452
453 char openssl_ciphers[4096];
454 convert_tls_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
455
456 ASSERT(NULL != ctx);
457
458 /* Set OpenSSL cipher list */
459 if (!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers))
460 {
461 crypto_msg(M_FATAL, "Failed to set restricted TLS cipher list: %s", openssl_ciphers);
462 }
463}
464
465static void
466convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
467{
468 /*
469 * OpenSSL (and official IANA) cipher names have _ in them. We
470 * historically used names with - in them. Silently convert names
471 * with - to names with _ to support both
472 */
473 if (strlen(ciphers) >= (len - 1))
474 {
475 msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list, too long (>%d).",
476 (int)(len - 1));
477 }
478
479 strncpy(openssl_ciphers, ciphers, len);
480
481 for (size_t i = 0; i < strlen(openssl_ciphers); i++)
482 {
483 if (openssl_ciphers[i] == '-')
484 {
485 openssl_ciphers[i] = '_';
486 }
487 }
488}
489
490void
491tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
492{
493 if (ciphers == NULL)
494 {
495 /* default cipher list of OpenSSL 1.1.1 is sane, do not set own
496 * default as we do with tls-cipher */
497 return;
498 }
499
500#if !defined(TLS1_3_VERSION)
501 crypto_msg(M_WARN,
502 "Not compiled with OpenSSL 1.1.1 or higher. "
503 "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
504 ciphers);
505#else
506 ASSERT(NULL != ctx);
507
508 char openssl_ciphers[4096];
509 convert_tls13_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
510
511 if (!SSL_CTX_set_ciphersuites(ctx->ctx, openssl_ciphers))
512 {
513 crypto_msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list: %s", openssl_ciphers);
514 }
515#endif
516}
517
518void
519tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
520{
521#if OPENSSL_VERSION_NUMBER > 0x10100000L \
522 && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3060000fL) \
523 && !defined(OPENSSL_IS_AWSLC)
524 /* OpenSSL does not have certificate profiles, but a complex set of
525 * callbacks that we could try to implement to achieve something similar.
526 * For now, use OpenSSL's security levels to achieve similar (but not equal)
527 * behaviour. */
528 if (!profile || 0 == strcmp(profile, "legacy"))
529 {
530 SSL_CTX_set_security_level(ctx->ctx, 1);
531 }
532 else if (0 == strcmp(profile, "insecure"))
533 {
534 SSL_CTX_set_security_level(ctx->ctx, 0);
535 }
536 else if (0 == strcmp(profile, "preferred"))
537 {
538 SSL_CTX_set_security_level(ctx->ctx, 2);
539 }
540 else if (0 == strcmp(profile, "suiteb"))
541 {
542 SSL_CTX_set_security_level(ctx->ctx, 3);
543 SSL_CTX_set_cipher_list(ctx->ctx, "SUITEB128");
544 }
545 else
546 {
547 msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
548 }
549#else /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
550 if (profile)
551 {
552 msg(M_WARN,
553 "WARNING: OpenSSL 1.1.0, AWS-LC and LibreSSL < 3.6.0 do not "
554 "support --tls-cert-profile, ignoring user-set profile: '%s'",
555 profile);
556 }
557#endif /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
558}
559
560void
561tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
562{
563 ASSERT(ctx);
564#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(ENABLE_CRYPTO_WOLFSSL)
565 struct gc_arena gc = gc_new();
566 /* This method could be as easy as
567 * SSL_CTX_set1_groups_list(ctx->ctx, groups)
568 * but OpenSSL (< 3.0) does not like the name secp256r1 for prime256v1
569 * This is one of the important curves.
570 * To support the same name for OpenSSL and mbedTLS, we do
571 * this dance.
572 * Also note that the code is wrong in the presence of OpenSSL3 providers.
573 */
574
575 int groups_count = get_num_elements(groups, ':');
576
577 int *glist;
578 /* Allocate an array for them */
579 ALLOC_ARRAY_CLEAR_GC(glist, int, groups_count, &gc);
580
581 /* Parse allowed ciphers, getting IDs */
582 int glistlen = 0;
583 char *tmp_groups = string_alloc(groups, &gc);
584
585 const char *token;
586 while ((token = strsep(&tmp_groups, ":")))
587 {
588 if (streq(token, "secp256r1"))
589 {
590 token = "prime256v1";
591 }
592 int nid = OBJ_sn2nid(token);
593
594 if (nid == 0)
595 {
596 msg(M_WARN, "Warning unknown curve/group specified: %s", token);
597 }
598 else
599 {
600 glist[glistlen] = nid;
601 glistlen++;
602 }
603 }
604
605 if (!SSL_CTX_set1_groups(ctx->ctx, glist, glistlen))
606 {
607 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s", groups);
608 }
609 gc_free(&gc);
610#else /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
611 if (!SSL_CTX_set1_groups_list(ctx->ctx, groups))
612 {
613 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s", groups);
614 }
615#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
616}
617
618void
619tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
620{
621 int ret;
622 const X509 *cert;
623
624 ASSERT(ctx);
625
626 cert = SSL_CTX_get0_certificate(ctx->ctx);
627
628 if (cert == NULL)
629 {
630 return; /* Nothing to check if there is no certificate */
631 }
632
633 ret = X509_cmp_time(X509_get0_notBefore(cert), NULL);
634 if (ret == 0)
635 {
636 msg(D_TLS_DEBUG_MED, "Failed to read certificate notBefore field.");
637 }
638 if (ret > 0)
639 {
640 msg(M_WARN, "WARNING: Your certificate is not yet valid!");
641 }
642
643 ret = X509_cmp_time(X509_get0_notAfter(cert), NULL);
644 if (ret == 0)
645 {
646 msg(D_TLS_DEBUG_MED, "Failed to read certificate notAfter field.");
647 }
648 if (ret < 0)
649 {
650 msg(M_WARN, "WARNING: Your certificate has expired!");
651 }
652}
653
654void
655tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
656{
657 BIO *bio;
658
659 ASSERT(NULL != ctx);
660
661 if (dh_file_inline)
662 {
663 if (!(bio = BIO_new_mem_buf((char *)dh_file, -1)))
664 {
665 crypto_msg(M_FATAL, "Cannot open memory BIO for inline DH parameters");
666 }
667 }
668 else
669 {
670 /* Get Diffie Hellman Parameters */
671 if (!(bio = BIO_new_file(dh_file, "r")))
672 {
673 crypto_msg(M_FATAL, "Cannot open %s for DH parameters", dh_file);
674 }
675 }
676
677#if OPENSSL_VERSION_NUMBER >= 0x30000000L
678 EVP_PKEY *dh = PEM_read_bio_Parameters(bio, NULL);
679 BIO_free(bio);
680
681 if (!dh)
682 {
683 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
684 print_key_filename(dh_file, dh_file_inline));
685 }
686 if (!SSL_CTX_set0_tmp_dh_pkey(ctx->ctx, dh))
687 {
688 crypto_msg(M_FATAL, "SSL_CTX_set0_tmp_dh_pkey");
689 }
690
691 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", 8 * EVP_PKEY_get_size(dh));
692#else /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
693 DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
694 BIO_free(bio);
695
696 if (!dh)
697 {
698 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
699 print_key_filename(dh_file, dh_file_inline));
700 }
701 if (!SSL_CTX_set_tmp_dh(ctx->ctx, dh))
702 {
703 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_dh");
704 }
705
706 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", 8 * DH_size(dh));
707
708 DH_free(dh);
709#endif /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
710}
711
712void
713tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
714{
715#if OPENSSL_VERSION_NUMBER >= 0x30000000L
716 if (curve_name != NULL)
717 {
718 msg(M_WARN, "WARNING: OpenSSL 3.0+ builds do not support specifying an "
719 "ECDH curve with --ecdh-curve, using default curves. Use "
720 "--tls-groups to specify groups.");
721 }
722#elif !defined(OPENSSL_NO_EC)
723 int nid = NID_undef;
724 EC_KEY *ecdh = NULL;
725 const char *sname = NULL;
726
727 /* Generate a new ECDH key for each SSL session (for non-ephemeral ECDH) */
728 SSL_CTX_set_options(ctx->ctx, SSL_OP_SINGLE_ECDH_USE);
729
730 if (curve_name != NULL)
731 {
732 /* Use user supplied curve if given */
733 msg(D_TLS_DEBUG, "Using user specified ECDH curve (%s)", curve_name);
734 nid = OBJ_sn2nid(curve_name);
735 }
736 else
737 {
738 return;
739 }
740
741 /* Translate NID back to name , just for kicks */
742 sname = OBJ_nid2sn(nid);
743 if (sname == NULL)
744 {
745 sname = "(Unknown)";
746 }
747
748 /* Create new EC key and set as ECDH key */
749 if (NID_undef == nid || NULL == (ecdh = EC_KEY_new_by_curve_name(nid)))
750 {
751 /* Creating key failed, fall back on sane default */
752 ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
753 const char *source =
754 (NULL == curve_name) ? "extract curve from certificate" : "use supplied curve";
755 msg(D_TLS_DEBUG_LOW, "Failed to %s (%s), using secp384r1 instead.", source, sname);
756 sname = OBJ_nid2sn(NID_secp384r1);
757 }
758
759 if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
760 {
761 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_ecdh: cannot add curve");
762 }
763
764 msg(D_TLS_DEBUG_LOW, "ECDH curve %s added", sname);
765
766 EC_KEY_free(ecdh);
767#else /* ifndef OPENSSL_NO_EC */
768 msg(D_LOW, "Your OpenSSL library was built without elliptic curve support."
769 " Skipping ECDH parameter loading.");
770#endif /* OPENSSL_NO_EC */
771}
772
773#if defined(HAVE_OPENSSL_STORE_API)
779static int
780ui_reader(UI *ui, UI_STRING *uis)
781{
782 SSL_CTX *ctx = UI_get0_user_data(ui);
783
784 if (UI_get_string_type(uis) == UIT_PROMPT)
785 {
786 const char *prompt = UI_get0_output_string(uis);
787
788 /* If pkcs#11 Use custom prompt similar to pkcs11-helper */
789 if (strstr(prompt, "PKCS#11"))
790 {
791 struct user_pass up;
792 CLEAR(up);
793 get_user_pass(&up, NULL, "PKCS#11 token",
794 GET_USER_PASS_MANAGEMENT | GET_USER_PASS_PASSWORD_ONLY);
795 UI_set_result(ui, uis, up.password);
796 purge_user_pass(&up, true);
797 }
798 else /* use our generic 'Private Key' passphrase callback */
799 {
800 char password[USER_PASS_LEN];
801 pem_password_cb *cb = SSL_CTX_get_default_passwd_cb(ctx);
802 void *d = SSL_CTX_get_default_passwd_cb_userdata(ctx);
803
804 cb(password, sizeof(password), 0, d);
805 UI_set_result(ui, uis, password);
806 secure_memzero(password, sizeof(password));
807 }
808
809 return 1;
810 }
811 return 0;
812}
813
814static void
815clear_ossl_store_error(OSSL_STORE_CTX *store_ctx)
816{
817 if (OSSL_STORE_error(store_ctx))
818 {
819 ERR_clear_error();
820 }
821}
822#endif /* defined(HAVE_OPENSSL_STORE_API) */
823
832static void *
833load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
834{
835 EVP_PKEY *pkey = NULL;
836
837#if !defined(HAVE_OPENSSL_STORE_API)
838
839 /* Treat the uri as file name */
840 BIO *in = BIO_new_file(uri, "r");
841 if (!in)
842 {
843 return NULL;
844 }
845 pkey = PEM_read_bio_PrivateKey(in, NULL, SSL_CTX_get_default_passwd_cb(ssl_ctx),
846 SSL_CTX_get_default_passwd_cb_userdata(ssl_ctx));
847 BIO_free(in);
848
849#else /* defined(HAVE_OPENSSL_STORE_API) */
850
851 OSSL_STORE_CTX *store_ctx = NULL;
852 OSSL_STORE_INFO *info = NULL;
853
854 UI_METHOD *ui_method = UI_create_method("openvpn");
855 if (!ui_method)
856 {
857 msg(M_WARN, "OpenSSL UI creation failed");
858 return NULL;
859 }
860 UI_method_set_reader(ui_method, ui_reader);
861
862 store_ctx = OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, ssl_ctx, NULL, NULL, NULL);
863 if (!store_ctx)
864 {
865 goto end;
866 }
867 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_PKEY) != 1)
868 {
869 goto end;
870 }
871 while (1)
872 {
873 info = OSSL_STORE_load(store_ctx);
874 if (info || OSSL_STORE_eof(store_ctx))
875 {
876 break;
877 }
878 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
879 * ref: man OPENSSL_STORE_open
880 * Clear error and recurse through the file if info = NULL and eof not reached
881 */
882 clear_ossl_store_error(store_ctx);
883 }
884 if (!info)
885 {
886 goto end;
887 }
888 pkey = OSSL_STORE_INFO_get1_PKEY(info);
889 OSSL_STORE_INFO_free(info);
890 msg(D_TLS_DEBUG_MED, "Found pkey in store using URI: %s", uri);
891
892end:
893 OSSL_STORE_close(store_ctx);
894 UI_destroy_method(ui_method);
895
896#endif /* defined(HAVE_OPENSSL_STORE_API) */
897
898 return pkey;
899}
900
901int
902tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline,
903 bool load_ca_file)
904{
905 FILE *fp;
906 EVP_PKEY *pkey;
907 X509 *cert;
908 STACK_OF(X509) *ca = NULL;
909 PKCS12 *p12;
910 int i;
911 char password[256];
912
913 ASSERT(NULL != ctx);
914
915 if (pkcs12_file_inline)
916 {
917 BIO *b64 = BIO_new(BIO_f_base64());
918 BIO *bio = BIO_new_mem_buf((void *)pkcs12_file, (int)strlen(pkcs12_file));
919 ASSERT(b64 && bio);
920 BIO_push(b64, bio);
921 p12 = d2i_PKCS12_bio(b64, NULL);
922 if (!p12)
923 {
924 crypto_msg(M_FATAL, "Error reading inline PKCS#12 file");
925 }
926 BIO_free(b64);
927 BIO_free(bio);
928 }
929 else
930 {
931 /* Load the PKCS #12 file */
932 if (!(fp = platform_fopen(pkcs12_file, "rb")))
933 {
934 crypto_msg(M_FATAL, "Error opening file %s", pkcs12_file);
935 }
936 p12 = d2i_PKCS12_fp(fp, NULL);
937 fclose(fp);
938 if (!p12)
939 {
940 crypto_msg(M_FATAL, "Error reading PKCS#12 file %s", pkcs12_file);
941 }
942 }
943
944 /* Parse the PKCS #12 file */
945 if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
946 {
947 pem_password_callback(password, sizeof(password) - 1, 0, NULL);
948 /* Reparse the PKCS #12 file with password */
949 ca = NULL;
950 if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
951 {
952 crypto_msg(M_WARN, "Decoding PKCS12 failed. Probably wrong password "
953 "or unsupported/legacy encryption");
954#ifdef ENABLE_MANAGEMENT
955 if (management && (ERR_GET_REASON(ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
956 {
957 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
958 }
959#endif
960 PKCS12_free(p12);
961 return 1;
962 }
963 }
964 PKCS12_free(p12);
965
966 /* Load Certificate */
967 if (!SSL_CTX_use_certificate(ctx->ctx, cert))
968 {
969 crypto_print_openssl_errors(M_WARN);
970 crypto_msg(M_FATAL, "Cannot use certificate");
971 }
972
973 /* Load Private Key */
974 if (!SSL_CTX_use_PrivateKey(ctx->ctx, pkey))
975 {
976 crypto_msg(M_FATAL, "Cannot use private key");
977 }
978
979 /* Check Private Key */
980 if (!SSL_CTX_check_private_key(ctx->ctx))
981 {
982 crypto_msg(M_FATAL, "Private key does not match the certificate");
983 }
984
985 /* Set Certificate Verification chain */
986 if (load_ca_file)
987 {
988 /* Add CAs from PKCS12 to the cert store and mark them as trusted.
989 * They're also used to fill in the chain of intermediate certs as
990 * necessary.
991 */
992 if (ca && sk_X509_num(ca))
993 {
994 for (i = 0; i < sk_X509_num(ca); i++)
995 {
996 X509_STORE *cert_store = SSL_CTX_get_cert_store(ctx->ctx);
997 if (!X509_STORE_add_cert(cert_store, sk_X509_value(ca, i)))
998 {
999 crypto_msg(M_FATAL,
1000 "Cannot add certificate to certificate chain (X509_STORE_add_cert)");
1001 }
1002 if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))
1003 {
1004 crypto_msg(M_FATAL,
1005 "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
1006 }
1007 }
1008 }
1009 }
1010 else
1011 {
1012 /* If trusted CA certs were loaded from a PEM file, and we ignore the
1013 * ones in PKCS12, do load PKCS12-provided certs to the client extra
1014 * certs chain just in case they include intermediate CAs needed to
1015 * prove my identity to the other end. This does not make them trusted.
1016 */
1017 if (ca && sk_X509_num(ca))
1018 {
1019 for (i = 0; i < sk_X509_num(ca); i++)
1020 {
1021 if (!SSL_CTX_add_extra_chain_cert(ctx->ctx, sk_X509_value(ca, i)))
1022 {
1023 crypto_msg(
1024 M_FATAL,
1025 "Cannot add extra certificate to chain (SSL_CTX_add_extra_chain_cert)");
1026 }
1027 }
1028 }
1029 }
1030 return 0;
1031}
1032
1033#ifdef ENABLE_CRYPTOAPI
1034void
1035tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
1036{
1037 ASSERT(NULL != ctx);
1038
1039 /* Load Certificate and Private Key */
1040 if (!SSL_CTX_use_CryptoAPI_certificate(ctx->ctx, cryptoapi_cert))
1041 {
1042 crypto_msg(M_FATAL, "Cannot load certificate \"%s\" from Microsoft Certificate Store",
1043 cryptoapi_cert);
1044 }
1045}
1046#endif /* ENABLE_CRYPTOAPI */
1047
1048static void
1049tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
1050{
1051 X509 *cert;
1052 while (true)
1053 {
1054 cert = NULL;
1055 if (!PEM_read_bio_X509(bio, &cert, NULL, NULL))
1056 {
1057 /* a PEM_R_NO_START_LINE "Error" indicates that no certificate
1058 * is found in the buffer. If loading more certificates is
1059 * optional, break without raising an error
1060 */
1061 if (optional && ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
1062 {
1063 /* remove that error from error stack */
1064 (void)ERR_get_error();
1065 break;
1066 }
1067
1068 /* Otherwise, bail out with error */
1069 crypto_msg(M_FATAL, "Error reading extra certificate");
1070 }
1071 /* takes ownership of cert like a set1 method */
1072 if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
1073 {
1074 crypto_msg(M_FATAL, "Error adding extra certificate");
1075 }
1076 /* We loaded at least one certificate, so loading more is optional */
1077 optional = true;
1078 }
1079}
1080
1081static bool
1082cert_uri_supported(void)
1083{
1084#if defined(HAVE_OPENSSL_STORE_API)
1085 return 1;
1086#else
1087 return 0;
1088#endif
1089}
1090
1091static void
1092tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
1093{
1094#if defined(HAVE_OPENSSL_STORE_API)
1095 X509 *x = NULL;
1096 int ret = 0;
1097 OSSL_STORE_CTX *store_ctx = NULL;
1098 OSSL_STORE_INFO *info = NULL;
1099
1100 ASSERT(NULL != tls_ctx);
1101
1102 UI_METHOD *ui_method = UI_create_method("openvpn");
1103 if (!ui_method)
1104 {
1105 msg(M_WARN, "OpenSSL UI method creation failed");
1106 goto end;
1107 }
1108 UI_method_set_reader(ui_method, ui_reader);
1109
1110 store_ctx =
1111 OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, tls_ctx->ctx, NULL, NULL, NULL);
1112 if (!store_ctx)
1113 {
1114 goto end;
1115 }
1116 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_CERT) != 1)
1117 {
1118 goto end;
1119 }
1120
1121 while (1)
1122 {
1123 info = OSSL_STORE_load(store_ctx);
1124 if (info || OSSL_STORE_eof(store_ctx))
1125 {
1126 break;
1127 }
1128 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
1129 * ref: man OPENSSL_STORE_open
1130 * Clear error and recurse through the file if info = NULL and eof not reached.
1131 */
1132 clear_ossl_store_error(store_ctx);
1133 }
1134 if (!info)
1135 {
1136 goto end;
1137 }
1138
1139 x = OSSL_STORE_INFO_get0_CERT(info);
1140 if (x == NULL)
1141 {
1142 goto end;
1143 }
1144 msg(D_TLS_DEBUG_MED, "Found cert in store using URI: %s", uri);
1145
1146 ret = SSL_CTX_use_certificate(tls_ctx->ctx, x);
1147 if (!ret)
1148 {
1149 goto end;
1150 }
1151 OSSL_STORE_INFO_free(info);
1152 info = NULL;
1153
1154 /* iterate through the store and add extra certificates if any to the chain */
1155 while (!OSSL_STORE_eof(store_ctx))
1156 {
1157 info = OSSL_STORE_load(store_ctx);
1158 if (!info)
1159 {
1160 clear_ossl_store_error(store_ctx);
1161 continue;
1162 }
1163 x = OSSL_STORE_INFO_get1_CERT(info);
1164 if (x && SSL_CTX_add_extra_chain_cert(tls_ctx->ctx, x) != 1)
1165 {
1166 X509_free(x);
1167 crypto_msg(M_FATAL, "Error adding extra certificate");
1168 break;
1169 }
1170 OSSL_STORE_INFO_free(info);
1171 info = NULL;
1172 }
1173
1174end:
1175 if (!ret)
1176 {
1177 crypto_print_openssl_errors(M_WARN);
1178 crypto_msg(M_FATAL, "Cannot load certificate from URI <%s>", uri);
1179 }
1180 else
1181 {
1182 crypto_print_openssl_errors(M_DEBUG);
1183 }
1184
1185 UI_destroy_method(ui_method);
1186 OSSL_STORE_INFO_free(info);
1187 OSSL_STORE_close(store_ctx);
1188#else /* defined(HAVE_OPENSSL_STORE_API */
1189 ASSERT(0);
1190#endif /* defined(HAVE_OPENSSL_STORE_API */
1191}
1192
1193static void
1194tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
1195{
1196 BIO *in = NULL;
1197 X509 *x = NULL;
1198 int ret = 0;
1199
1200 ASSERT(NULL != ctx);
1201
1202 if (cert_file_inline)
1203 {
1204 in = BIO_new_mem_buf((char *)cert_file, -1);
1205 }
1206 else
1207 {
1208 in = BIO_new_file((char *)cert_file, "r");
1209 }
1210
1211 if (in == NULL)
1212 {
1213 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
1214 goto end;
1215 }
1216
1217 x = PEM_read_bio_X509(in, NULL, SSL_CTX_get_default_passwd_cb(ctx->ctx),
1218 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1219 if (x == NULL)
1220 {
1221 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
1222 goto end;
1223 }
1224
1225 ret = SSL_CTX_use_certificate(ctx->ctx, x);
1226 if (ret)
1227 {
1228 tls_ctx_add_extra_certs(ctx, in, true);
1229 }
1230
1231end:
1232 if (!ret)
1233 {
1234 crypto_print_openssl_errors(M_WARN);
1235 if (cert_file_inline)
1236 {
1237 crypto_msg(M_FATAL, "Cannot load inline certificate file");
1238 }
1239 else
1240 {
1241 crypto_msg(M_FATAL, "Cannot load certificate file %s", cert_file);
1242 }
1243 }
1244 else
1245 {
1246 crypto_print_openssl_errors(M_DEBUG);
1247 }
1248
1249 BIO_free(in);
1250 X509_free(x);
1251}
1252
1253void
1254tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
1255{
1256 if (cert_uri_supported() && !cert_file_inline)
1257 {
1258 tls_ctx_load_cert_uri(ctx, cert_file);
1259 }
1260 else
1261 {
1262 tls_ctx_load_cert_pem_file(ctx, cert_file, cert_file_inline);
1263 }
1264}
1265
1266int
1267tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
1268 bool priv_key_file_inline)
1269{
1270 SSL_CTX *ssl_ctx = NULL;
1271 BIO *in = NULL;
1272 EVP_PKEY *pkey = NULL;
1273 int ret = 1;
1274
1275 ASSERT(NULL != ctx);
1276
1277 ssl_ctx = ctx->ctx;
1278
1279 if (priv_key_file_inline)
1280 {
1281 in = BIO_new_mem_buf((char *)priv_key_file, -1);
1282 if (in == NULL)
1283 {
1284 goto end;
1285 }
1286 pkey = PEM_read_bio_PrivateKey(in, NULL, SSL_CTX_get_default_passwd_cb(ctx->ctx),
1287 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1288 }
1289 else
1290 {
1291 pkey = load_pkey_from_uri(priv_key_file, ssl_ctx);
1292 }
1293
1294 if (!pkey || !SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1295 {
1296#ifdef ENABLE_MANAGEMENT
1297 if (management && (ERR_GET_REASON(ERR_peek_error()) == EVP_R_BAD_DECRYPT))
1298 {
1299 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
1300 }
1301#endif
1302 crypto_msg(M_WARN, "Cannot load private key file %s",
1303 print_key_filename(priv_key_file, priv_key_file_inline));
1304 goto end;
1305 }
1306
1307 /* Check Private Key */
1308 if (!SSL_CTX_check_private_key(ssl_ctx))
1309 {
1310 crypto_msg(M_FATAL, "Private key does not match the certificate");
1311 }
1312 ret = 0;
1313
1314end:
1315 EVP_PKEY_free(pkey);
1316 BIO_free(in);
1317 return ret;
1318}
1319
1320void
1321backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
1322{
1323 BIO *in = NULL;
1324
1325 X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx->ctx);
1326 if (!store)
1327 {
1328 crypto_msg(M_FATAL, "Cannot get certificate store");
1329 }
1330
1331 /* Always start with a cleared CRL list, for that we
1332 * we need to manually find the CRL object from the stack
1333 * and remove it */
1334 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
1335 for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
1336 {
1337 X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
1338 ASSERT(obj);
1339 if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
1340 {
1341 sk_X509_OBJECT_delete(objs, i);
1342 X509_OBJECT_free(obj);
1343 }
1344 }
1345
1346 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1347
1348 if (crl_inline)
1349 {
1350 in = BIO_new_mem_buf((char *)crl_file, -1);
1351 }
1352 else
1353 {
1354 in = BIO_new_file(crl_file, "r");
1355 }
1356
1357 if (in == NULL)
1358 {
1359 msg(M_WARN, "CRL: cannot read: %s", print_key_filename(crl_file, crl_inline));
1360 goto end;
1361 }
1362
1363 int num_crls_loaded = 0;
1364 while (true)
1365 {
1366 X509_CRL *crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
1367 if (crl == NULL)
1368 {
1369 /*
1370 * PEM_R_NO_START_LINE can be considered equivalent to EOF.
1371 */
1372 bool eof = ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE;
1373 /* but warn if no CRLs have been loaded */
1374 if (num_crls_loaded > 0 && eof)
1375 {
1376 /* remove that error from error stack */
1377 (void)ERR_get_error();
1378 break;
1379 }
1380
1381 crypto_msg(M_WARN, "CRL: cannot read CRL from file %s",
1382 print_key_filename(crl_file, crl_inline));
1383 break;
1384 }
1385
1386 if (!X509_STORE_add_crl(store, crl))
1387 {
1388 X509_CRL_free(crl);
1389 crypto_msg(M_WARN, "CRL: cannot add %s to store",
1390 print_key_filename(crl_file, crl_inline));
1391 break;
1392 }
1393 X509_CRL_free(crl);
1394 num_crls_loaded++;
1395 }
1396 msg(M_INFO, "CRL: loaded %d CRLs from file %s", num_crls_loaded, crl_file);
1397end:
1398 BIO_free(in);
1399}
1400
1401
1402#if defined(ENABLE_MANAGEMENT) && !defined(HAVE_XKEY_PROVIDER)
1403
1404/* encrypt */
1405static int
1406rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1407{
1408 ASSERT(0);
1409 return -1;
1410}
1411
1412/* verify arbitrary data */
1413static int
1414rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1415{
1416 ASSERT(0);
1417 return -1;
1418}
1419
1420/* decrypt */
1421static int
1422rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1423{
1424 ASSERT(0);
1425 return -1;
1426}
1427
1428/* called at RSA_free */
1429static int
1430openvpn_extkey_rsa_finish(RSA *rsa)
1431{
1432 /* meth was allocated in tls_ctx_use_management_external_key() ; since
1433 * this function is called when the parent RSA object is destroyed,
1434 * it is no longer used after this point so kill it. */
1435 const RSA_METHOD *meth = RSA_get_method(rsa);
1436 RSA_meth_free((RSA_METHOD *)meth);
1437 return 1;
1438}
1439
1440/*
1441 * Convert OpenSSL's constant to the strings used in the management
1442 * interface query
1443 */
1444const char *
1445get_rsa_padding_name(const int padding)
1446{
1447 switch (padding)
1448 {
1449 case RSA_PKCS1_PADDING:
1450 return "RSA_PKCS1_PADDING";
1451
1452 case RSA_NO_PADDING:
1453 return "RSA_NO_PADDING";
1454
1455 default:
1456 return "UNKNOWN";
1457 }
1458}
1459
1471static int
1472get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig,
1473 unsigned int siglen, const char *algorithm)
1474{
1475 char *in_b64 = NULL;
1476 char *out_b64 = NULL;
1477 int len = -1;
1478
1479 int bencret = openvpn_base64_encode(dgst, dgstlen, &in_b64);
1480
1481 if (management && bencret > 0)
1482 {
1483 out_b64 = management_query_pk_sig(management, in_b64, algorithm);
1484 }
1485 if (out_b64)
1486 {
1487 len = openvpn_base64_decode(out_b64, sig, siglen);
1488 }
1489
1490 free(in_b64);
1491 free(out_b64);
1492 return len;
1493}
1494
1495/* sign arbitrary data */
1496static int
1497rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1498{
1499 int len = RSA_size(rsa);
1500
1501 if (padding != RSA_PKCS1_PADDING && padding != RSA_NO_PADDING)
1502 {
1503 RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
1504 return -1;
1505 }
1506
1507 int ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name(padding));
1508
1509 return (ret == len) ? ret : -1;
1510}
1511
1512static int
1513tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1514{
1515 RSA *rsa = NULL;
1516 RSA_METHOD *rsa_meth;
1517
1518 ASSERT(NULL != ctx);
1519
1520 const RSA *pub_rsa = EVP_PKEY_get0_RSA(pkey);
1521 ASSERT(NULL != pub_rsa);
1522
1523 /* allocate custom RSA method object */
1524 rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method", RSA_METHOD_FLAG_NO_CHECK);
1525 check_malloc_return(rsa_meth);
1526 RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc);
1527 RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec);
1528 RSA_meth_set_priv_enc(rsa_meth, rsa_priv_enc);
1529 RSA_meth_set_priv_dec(rsa_meth, rsa_priv_dec);
1530 RSA_meth_set_init(rsa_meth, NULL);
1531 RSA_meth_set_finish(rsa_meth, openvpn_extkey_rsa_finish);
1532 RSA_meth_set0_app_data(rsa_meth, NULL);
1533
1534 /* allocate RSA object */
1535 rsa = RSA_new();
1536 if (rsa == NULL)
1537 {
1538 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
1539 goto err;
1540 }
1541
1542 /* initialize RSA object */
1543 const BIGNUM *n = NULL;
1544 const BIGNUM *e = NULL;
1545 RSA_get0_key(pub_rsa, &n, &e, NULL);
1546 RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL);
1547 RSA_set_flags(rsa, RSA_flags(rsa) | RSA_FLAG_EXT_PKEY);
1548 if (!RSA_set_method(rsa, rsa_meth))
1549 {
1550 RSA_meth_free(rsa_meth);
1551 goto err;
1552 }
1553 /* from this point rsa_meth will get freed with rsa */
1554
1555 /* bind our custom RSA object to ssl_ctx */
1556 if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
1557 {
1558 goto err;
1559 }
1560
1561 RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
1562 return 1;
1563
1564err:
1565 if (rsa)
1566 {
1567 RSA_free(rsa);
1568 }
1569 else if (rsa_meth)
1570 {
1571 RSA_meth_free(rsa_meth);
1572 }
1573 return 0;
1574}
1575
1576#if !defined(OPENSSL_NO_EC)
1577
1578/* called when EC_KEY is destroyed */
1579static void
1580openvpn_extkey_ec_finish(EC_KEY *ec)
1581{
1582 /* release the method structure */
1583 const EC_KEY_METHOD *ec_meth = EC_KEY_get_method(ec);
1584 EC_KEY_METHOD_free((EC_KEY_METHOD *)ec_meth);
1585}
1586
1587/* EC_KEY_METHOD callback: sign().
1588 * Sign the hash using EC key and return DER encoded signature in sig,
1589 * its length in siglen. Return value is 1 on success, 0 on error.
1590 */
1591static int
1592ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig,
1593 unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
1594{
1595 int capacity = ECDSA_size(ec);
1596 /*
1597 * ECDSA does not seem to have proper constants for paddings since
1598 * there are only signatures without padding at the moment, use
1599 * a generic ECDSA for the moment
1600 */
1601 int len = get_sig_from_man(dgst, dgstlen, sig, capacity, "ECDSA");
1602
1603 if (len > 0)
1604 {
1605 *siglen = len;
1606 return 1;
1607 }
1608 return 0;
1609}
1610
1611/* EC_KEY_METHOD callback: sign_setup(). We do no precomputations */
1612static int
1613ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
1614{
1615 return 1;
1616}
1617
1618/* EC_KEY_METHOD callback: sign_sig().
1619 * Sign the hash and return the result as a newly allocated ECDS_SIG
1620 * struct or NULL on error.
1621 */
1622static ECDSA_SIG *
1623ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv, const BIGNUM *in_r,
1624 EC_KEY *ec)
1625{
1626 ECDSA_SIG *ecsig = NULL;
1627 unsigned int len = ECDSA_size(ec);
1628 struct gc_arena gc = gc_new();
1629
1630 unsigned char *buf = gc_malloc(len, false, &gc);
1631 if (ecdsa_sign(0, dgst, dgstlen, buf, &len, NULL, NULL, ec) != 1)
1632 {
1633 goto out;
1634 }
1635 /* const char ** should be avoided: not up to us, so we cast our way through */
1636 ecsig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&buf, len);
1637
1638out:
1639 gc_free(&gc);
1640 return ecsig;
1641}
1642
1643static int
1644tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1645{
1646 EC_KEY *ec = NULL;
1647 EVP_PKEY *privkey = NULL;
1648 EC_KEY_METHOD *ec_method;
1649
1650 ASSERT(ctx);
1651
1652 ec_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
1653 if (!ec_method)
1654 {
1655 goto err;
1656 }
1657
1658 /* Among init methods, we only need the finish method */
1659 EC_KEY_METHOD_set_init(ec_method, NULL, openvpn_extkey_ec_finish, NULL, NULL, NULL, NULL);
1660#ifdef OPENSSL_IS_AWSLC
1661 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, NULL, ecdsa_sign_sig);
1662#else
1663 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, ecdsa_sign_setup, ecdsa_sign_sig);
1664#endif
1665
1666 ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pkey));
1667 if (!ec)
1668 {
1669 EC_KEY_METHOD_free(ec_method);
1670 goto err;
1671 }
1672 if (!EC_KEY_set_method(ec, ec_method))
1673 {
1674 EC_KEY_METHOD_free(ec_method);
1675 goto err;
1676 }
1677 /* from this point ec_method will get freed when ec is freed */
1678
1679 privkey = EVP_PKEY_new();
1680 if (!EVP_PKEY_assign_EC_KEY(privkey, ec))
1681 {
1682 goto err;
1683 }
1684 /* from this point ec will get freed when privkey is freed */
1685
1686 if (!SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1687 {
1688 ec = NULL; /* avoid double freeing it below */
1689 goto err;
1690 }
1691
1692 EVP_PKEY_free(privkey); /* this will down ref privkey and ec */
1693 return 1;
1694
1695err:
1696 /* Reach here only when ec and privkey can be independenly freed */
1697 EVP_PKEY_free(privkey);
1698 EC_KEY_free(ec);
1699 return 0;
1700}
1701#endif /* !defined(OPENSSL_NO_EC) */
1702#endif /* ENABLE_MANAGEMENT && !HAVE_XKEY_PROVIDER */
1703
1704#ifdef ENABLE_MANAGEMENT
1705int
1706tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
1707{
1708 int ret = 1;
1709
1710 ASSERT(NULL != ctx);
1711
1712 X509 *cert = SSL_CTX_get0_certificate(ctx->ctx);
1713
1714 ASSERT(NULL != cert);
1715
1716 /* get the public key */
1717 EVP_PKEY *pkey = X509_get0_pubkey(cert);
1718 ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */
1719
1720#ifdef HAVE_XKEY_PROVIDER
1721 EVP_PKEY *privkey = xkey_load_management_key(tls_libctx, pkey);
1722 if (!privkey || !SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1723 {
1724 EVP_PKEY_free(privkey);
1725 goto cleanup;
1726 }
1727 EVP_PKEY_free(privkey);
1728#else /* ifdef HAVE_XKEY_PROVIDER */
1729#if OPENSSL_VERSION_NUMBER < 0x30000000L
1730 if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
1731#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1732 if (EVP_PKEY_is_a(pkey, "RSA"))
1733#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1734 {
1735 if (!tls_ctx_use_external_rsa_key(ctx, pkey))
1736 {
1737 goto cleanup;
1738 }
1739 }
1740#if !defined(OPENSSL_NO_EC)
1741#if OPENSSL_VERSION_NUMBER < 0x30000000L
1742 else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
1743#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1744 else if (EVP_PKEY_is_a(pkey, "EC"))
1745#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1746 {
1747 if (!tls_ctx_use_external_ec_key(ctx, pkey))
1748 {
1749 goto cleanup;
1750 }
1751 }
1752 else
1753 {
1754 crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate");
1755 goto cleanup;
1756 }
1757#else /* !defined(OPENSSL_NO_EC) */
1758 else
1759 {
1760 crypto_msg(M_WARN, "management-external-key requires an RSA certificate");
1761 goto cleanup;
1762 }
1763#endif /* !defined(OPENSSL_NO_EC) */
1764
1765#endif /* HAVE_XKEY_PROVIDER */
1766
1767 ret = 0;
1768cleanup:
1769 if (ret)
1770 {
1771 crypto_msg(M_FATAL, "Cannot enable SSL external private key capability");
1772 }
1773 return ret;
1774}
1775
1776#endif /* ifdef ENABLE_MANAGEMENT */
1777
1778static int
1779sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
1780{
1781 return X509_NAME_cmp(*a, *b);
1782}
1783
1784void
1785tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline,
1786 const char *ca_path, bool tls_server)
1787{
1788 STACK_OF(X509_INFO) *info_stack = NULL;
1789 STACK_OF(X509_NAME) *cert_names = NULL;
1790 X509_LOOKUP *lookup = NULL;
1791 X509_STORE *store = NULL;
1792 X509_NAME *xn = NULL;
1793 BIO *in = NULL;
1794 int i, added = 0, prev = 0;
1795
1796 ASSERT(NULL != ctx);
1797
1798 store = SSL_CTX_get_cert_store(ctx->ctx);
1799 if (!store)
1800 {
1801 crypto_msg(M_FATAL, "Cannot get certificate store");
1802 }
1803
1804 /* Try to add certificates and CRLs from ca_file */
1805 if (ca_file)
1806 {
1807 if (ca_file_inline)
1808 {
1809 in = BIO_new_mem_buf((char *)ca_file, -1);
1810 }
1811 else
1812 {
1813 in = BIO_new_file(ca_file, "r");
1814 }
1815
1816 if (in)
1817 {
1818 info_stack = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
1819 }
1820
1821 if (info_stack)
1822 {
1823 for (i = 0; i < sk_X509_INFO_num(info_stack); i++)
1824 {
1825 X509_INFO *info = sk_X509_INFO_value(info_stack, i);
1826 if (info->crl)
1827 {
1828 X509_STORE_add_crl(store, info->crl);
1829 }
1830
1831 if (tls_server && !info->x509)
1832 {
1833 crypto_msg(M_FATAL, "X509 name was missing in TLS mode");
1834 }
1835
1836 if (info->x509)
1837 {
1838 X509_STORE_add_cert(store, info->x509);
1839 added++;
1840
1841 if (!tls_server)
1842 {
1843 continue;
1844 }
1845
1846 /* Use names of CAs as a client CA list */
1847 if (cert_names == NULL)
1848 {
1849 cert_names = sk_X509_NAME_new(sk_x509_name_cmp);
1850 if (!cert_names)
1851 {
1852 continue;
1853 }
1854 }
1855
1856 xn = X509_get_subject_name(info->x509);
1857 if (!xn)
1858 {
1859 continue;
1860 }
1861
1862 /* Don't add duplicate CA names */
1863 if (sk_X509_NAME_find(cert_names, xn) == -1)
1864 {
1865 xn = X509_NAME_dup(xn);
1866 if (!xn)
1867 {
1868 continue;
1869 }
1870 sk_X509_NAME_push(cert_names, xn);
1871 }
1872 }
1873
1874 if (tls_server)
1875 {
1876 int cnum = sk_X509_NAME_num(cert_names);
1877 if (cnum != (prev + 1))
1878 {
1879 crypto_msg(M_WARN,
1880 "Cannot load CA certificate file %s (entry %d did not validate)",
1881 print_key_filename(ca_file, ca_file_inline), added);
1882 }
1883 prev = cnum;
1884 }
1885 }
1886 sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
1887 }
1888 int cnum;
1889 if (tls_server)
1890 {
1891 cnum = sk_X509_NAME_num(cert_names);
1892 SSL_CTX_set_client_CA_list(ctx->ctx, cert_names);
1893 }
1894
1895 if (!added)
1896 {
1897 crypto_msg(M_FATAL, "Cannot load CA certificate file %s (no entries were read)",
1898 print_key_filename(ca_file, ca_file_inline));
1899 }
1900
1901 if (tls_server)
1902 {
1903 if (cnum != added)
1904 {
1905 crypto_msg(M_FATAL,
1906 "Cannot load CA certificate file %s (only %d "
1907 "of %d entries were valid X509 names)",
1908 print_key_filename(ca_file, ca_file_inline), cnum, added);
1909 }
1910 }
1911
1912 BIO_free(in);
1913 }
1914
1915 /* Set a store for certs (CA & CRL) with a lookup on the "capath" hash directory */
1916 if (ca_path)
1917 {
1918 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
1919 if (lookup && X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM))
1920 {
1921 msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);
1922 }
1923 else
1924 {
1925 crypto_msg(M_FATAL, "Cannot add lookup at --capath %s", ca_path);
1926 }
1927 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1928 }
1929}
1930
1931void
1932tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
1933 bool extra_certs_file_inline)
1934{
1935 BIO *in;
1936 if (extra_certs_file_inline)
1937 {
1938 in = BIO_new_mem_buf((char *)extra_certs_file, -1);
1939 }
1940 else
1941 {
1942 in = BIO_new_file(extra_certs_file, "r");
1943 }
1944
1945 if (in == NULL)
1946 {
1947 crypto_msg(M_FATAL, "Cannot load extra-certs file: %s",
1948 print_key_filename(extra_certs_file, extra_certs_file_inline));
1949 }
1950 else
1951 {
1952 tls_ctx_add_extra_certs(ctx, in, false);
1953 }
1954
1955 BIO_free(in);
1956}
1957
1958/* **************************************
1959 *
1960 * Key-state specific functions
1961 *
1962 ***************************************/
1963/*
1964 *
1965 * BIO functions
1966 *
1967 */
1968
1969#ifdef BIO_DEBUG
1970
1971#warning BIO_DEBUG defined
1972
1973static FILE *biofp; /* GLOBAL */
1974static bool biofp_toggle; /* GLOBAL */
1975static time_t biofp_last_open; /* GLOBAL */
1976static const int biofp_reopen_interval = 600; /* GLOBAL */
1977
1978static void
1979close_biofp(void)
1980{
1981 if (biofp)
1982 {
1983 ASSERT(!fclose(biofp));
1984 biofp = NULL;
1985 }
1986}
1987
1988static void
1989open_biofp(void)
1990{
1991 const time_t current = time(NULL);
1992 const pid_t pid = getpid();
1993
1994 if (biofp_last_open + biofp_reopen_interval < current)
1995 {
1996 close_biofp();
1997 }
1998 if (!biofp)
1999 {
2000 char fn[256];
2001 snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
2002 biofp = fopen(fn, "w");
2003 ASSERT(biofp);
2004 biofp_last_open = time(NULL);
2005 biofp_toggle ^= 1;
2006 }
2007}
2008
2009static void
2010bio_debug_data(const char *mode, BIO *bio, const uint8_t *buf, int len, const char *desc)
2011{
2012 struct gc_arena gc = gc_new();
2013 if (len > 0)
2014 {
2015 open_biofp();
2016 fprintf(biofp, "BIO_%s %s time=%" PRIi64 " bio=" ptr_format " len=%d data=%s\n", mode, desc,
2017 (int64_t)time(NULL), (ptr_type)bio, len, format_hex(buf, len, 0, &gc));
2018 fflush(biofp);
2019 }
2020 gc_free(&gc);
2021}
2022
2023static void
2024bio_debug_oc(const char *mode, BIO *bio)
2025{
2026 open_biofp();
2027 fprintf(biofp, "BIO %s time=%" PRIi64 " bio=" ptr_format "\n", mode, (int64_t)time(NULL),
2028 (ptr_type)bio);
2029 fflush(biofp);
2030}
2031
2032#endif /* ifdef BIO_DEBUG */
2033
2034/*
2035 * Write to an OpenSSL BIO in non-blocking mode.
2036 */
2037static int
2038bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
2039{
2040 int i;
2041 int ret = 0;
2042 ASSERT(size >= 0);
2043 if (size)
2044 {
2045 /*
2046 * Free the L_TLS lock prior to calling BIO routines
2047 * so that foreground thread can still call
2048 * tls_pre_decrypt or tls_pre_encrypt,
2049 * allowing tunnel packet forwarding to continue.
2050 */
2051#ifdef BIO_DEBUG
2052 bio_debug_data("write", bio, data, size, desc);
2053#endif
2054 i = BIO_write(bio, data, size);
2055
2056 if (i < 0)
2057 {
2058 if (!BIO_should_retry(bio))
2059 {
2060 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s error", desc);
2061 ret = -1;
2062 ERR_clear_error();
2063 }
2064 }
2065 else if (i != size)
2066 {
2067 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s incomplete %d/%d", desc, i, size);
2068 ret = -1;
2069 ERR_clear_error();
2070 }
2071 else
2072 { /* successful write */
2073 dmsg(D_HANDSHAKE_VERBOSE, "BIO write %s %d bytes", desc, i);
2074 ret = 1;
2075 }
2076 }
2077 return ret;
2078}
2079
2080/*
2081 * Inline functions for reading from and writing
2082 * to BIOs.
2083 */
2084
2085static void
2086bio_write_post(const int status, struct buffer *buf)
2087{
2088 /* success status return from bio_write? */
2089 if (status == 1)
2090 {
2091 memset(BPTR(buf), 0, BLENZ(buf)); /* erase data just written */
2092 buf->len = 0;
2093 }
2094}
2095
2096/*
2097 * Read from an OpenSSL BIO in non-blocking mode.
2098 */
2099static int
2100bio_read(BIO *bio, struct buffer *buf, const char *desc)
2101{
2102 ASSERT(buf->len >= 0);
2103 if (buf->len)
2104 {
2105 /* we only want to write empty buffers, ignore read request
2106 * if the buffer is not empty */
2107 return 0;
2108 }
2109 int len = buf_forward_capacity(buf);
2110
2111 /*
2112 * BIO_read brackets most of the serious RSA
2113 * key negotiation number crunching.
2114 */
2115 int i = BIO_read(bio, BPTR(buf), len);
2116
2117 VALGRIND_MAKE_READABLE((void *)&i, sizeof(i));
2118
2119#ifdef BIO_DEBUG
2120 bio_debug_data("read", bio, BPTR(buf), i, desc);
2121#endif
2122
2123 int ret = 0;
2124 if (i < 0)
2125 {
2126 if (!BIO_should_retry(bio))
2127 {
2128 crypto_msg(D_TLS_ERRORS, "TLS_ERROR: BIO read %s error", desc);
2129 buf->len = 0;
2130 ret = -1;
2131 ERR_clear_error();
2132 }
2133 }
2134 else if (!i)
2135 {
2136 buf->len = 0;
2137 }
2138 else
2139 { /* successful read */
2140 dmsg(D_HANDSHAKE_VERBOSE, "BIO read %s %d bytes", desc, i);
2141 buf->len = i;
2142 ret = 1;
2143 VALGRIND_MAKE_READABLE((void *)BPTR(buf), BLEN(buf));
2144 }
2145 return ret;
2146}
2147
2148void
2149key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server,
2150 struct tls_session *session)
2151{
2152 ASSERT(NULL != ssl_ctx);
2153 ASSERT(ks_ssl);
2154 CLEAR(*ks_ssl);
2155
2156 ks_ssl->ssl = SSL_new(ssl_ctx->ctx);
2157 if (!ks_ssl->ssl)
2158 {
2159 crypto_msg(M_FATAL, "SSL_new failed");
2160 }
2161
2162 /* put session * in ssl object so we can access it
2163 * from verify callback*/
2164 SSL_set_ex_data(ks_ssl->ssl, mydata_index, session);
2165
2166 ASSERT((ks_ssl->ssl_bio = BIO_new(BIO_f_ssl())));
2167 ASSERT((ks_ssl->ct_in = BIO_new(BIO_s_mem())));
2168 ASSERT((ks_ssl->ct_out = BIO_new(BIO_s_mem())));
2169
2170#ifdef BIO_DEBUG
2171 bio_debug_oc("open ssl_bio", ks_ssl->ssl_bio);
2172 bio_debug_oc("open ct_in", ks_ssl->ct_in);
2173 bio_debug_oc("open ct_out", ks_ssl->ct_out);
2174#endif
2175
2176 if (is_server)
2177 {
2178 SSL_set_accept_state(ks_ssl->ssl);
2179 }
2180 else
2181 {
2182 SSL_set_connect_state(ks_ssl->ssl);
2183 }
2184
2185 SSL_set_bio(ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
2186 BIO_set_ssl(ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
2187}
2188
2189void
2190key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
2191{
2192 SSL_set_shutdown(ks_ssl->ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2193}
2194
2195void
2196key_state_ssl_free(struct key_state_ssl *ks_ssl)
2197{
2198 if (ks_ssl->ssl)
2199 {
2200#ifdef BIO_DEBUG
2201 bio_debug_oc("close ssl_bio", ks_ssl->ssl_bio);
2202 bio_debug_oc("close ct_in", ks_ssl->ct_in);
2203 bio_debug_oc("close ct_out", ks_ssl->ct_out);
2204#endif
2205 BIO_free_all(ks_ssl->ssl_bio);
2206 SSL_free(ks_ssl->ssl);
2207 }
2208}
2209
2210int
2211key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2212{
2213 int ret = 0;
2214
2215 ASSERT(NULL != ks_ssl);
2216
2217 ret = bio_write(ks_ssl->ssl_bio, BPTR(buf), BLEN(buf), "tls_write_plaintext");
2218 bio_write_post(ret, buf);
2219
2220 return ret;
2221}
2222
2223int
2224key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
2225{
2226 int ret = 0;
2227
2228 ASSERT(NULL != ks_ssl);
2229
2230 ret = bio_write(ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
2231
2232 return ret;
2233}
2234
2235int
2236key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2237{
2238 int ret = 0;
2239
2240 ASSERT(NULL != ks_ssl);
2241
2242 ret = bio_read(ks_ssl->ct_out, buf, "tls_read_ciphertext");
2243
2244 return ret;
2245}
2246
2247int
2248key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2249{
2250 int ret = 0;
2251
2252 ASSERT(NULL != ks_ssl);
2253
2254 ret = bio_write(ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
2255 bio_write_post(ret, buf);
2256
2257 return ret;
2258}
2259
2260int
2261key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2262{
2263 int ret = 0;
2264
2265 ASSERT(NULL != ks_ssl);
2266
2267 ret = bio_read(ks_ssl->ssl_bio, buf, "tls_read_plaintext");
2268
2269 return ret;
2270}
2271
2272static void
2273print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
2274{
2275 const char *curve = "";
2276 const char *type = "(error getting type)";
2277
2278 if (pkey == NULL)
2279 {
2280 buf[0] = 0;
2281 return;
2282 }
2283
2284 int typeid = EVP_PKEY_id(pkey);
2285#if OPENSSL_VERSION_NUMBER < 0x30000000L
2286 bool is_ec = typeid == EVP_PKEY_EC;
2287#else
2288 bool is_ec = EVP_PKEY_is_a(pkey, "EC");
2289#endif
2290
2291#ifndef OPENSSL_NO_EC
2292 char groupname[64];
2293 if (is_ec)
2294 {
2295 size_t len;
2296 if (EVP_PKEY_get_group_name(pkey, groupname, sizeof(groupname), &len))
2297 {
2298 curve = groupname;
2299 }
2300 else
2301 {
2302 curve = "(error getting curve name)";
2303 }
2304 }
2305#endif
2306 if (typeid != 0)
2307 {
2308#if OPENSSL_VERSION_NUMBER < 0x30000000L
2309 type = OBJ_nid2sn(typeid);
2310
2311 /* OpenSSL reports rsaEncryption, dsaEncryption and
2312 * id-ecPublicKey, map these values to nicer ones */
2313 if (typeid == EVP_PKEY_RSA)
2314 {
2315 type = "RSA";
2316 }
2317 else if (typeid == EVP_PKEY_DSA)
2318 {
2319 type = "DSA";
2320 }
2321 else if (typeid == EVP_PKEY_EC)
2322 {
2323 /* EC gets the curve appended after the type */
2324 type = "EC, curve ";
2325 }
2326 else if (type == NULL)
2327 {
2328 type = "unknown type";
2329 }
2330#else /* OpenSSL >= 3 */
2331 type = EVP_PKEY_get0_type_name(pkey);
2332 if (type == NULL)
2333 {
2334 type = "(error getting public key type)";
2335 }
2336#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
2337 }
2338
2339 snprintf(buf, buflen, "%d bits %s%s", EVP_PKEY_bits(pkey), type, curve);
2340}
2341
2348static void
2349print_cert_details(X509 *cert, char *buf, size_t buflen)
2350{
2351 EVP_PKEY *pkey = X509_get_pubkey(cert);
2352 char pkeybuf[64] = { 0 };
2353 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2354
2355 char sig[128] = { 0 };
2356 int signature_nid = X509_get_signature_nid(cert);
2357 if (signature_nid != 0)
2358 {
2359 snprintf(sig, sizeof(sig), ", signature: %s", OBJ_nid2sn(signature_nid));
2360 }
2361
2362 snprintf(buf, buflen, ", peer certificate: %s%s", pkeybuf, sig);
2363
2364 EVP_PKEY_free(pkey);
2365}
2366
2367static void
2368print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
2369{
2370 EVP_PKEY *pkey = NULL;
2371 SSL_get_peer_tmp_key(ssl, &pkey);
2372 if (!pkey)
2373 {
2374 return;
2375 }
2376
2377 char pkeybuf[128] = { 0 };
2378 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2379
2380 snprintf(buf, buflen, ", peer temporary key: %s", pkeybuf);
2381
2382 EVP_PKEY_free(pkey);
2383}
2384
2385#if !defined(LIBRESSL_VERSION_NUMBER) \
2386 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2392static const char *
2393get_sigtype(int nid)
2394{
2395 /* Fix a few OpenSSL names to be better understandable */
2396 switch (nid)
2397 {
2398 case EVP_PKEY_RSA:
2399 /* will otherwise say rsaEncryption */
2400 return "RSA";
2401
2402 case EVP_PKEY_DSA:
2403 /* dsaEncryption otherwise */
2404 return "DSA";
2405
2406 case EVP_PKEY_EC:
2407 /* will say id-ecPublicKey */
2408 return "ECDSA";
2409
2410 case -1:
2411 return "(error getting name)";
2412
2413 default:
2414 {
2415 const char *type = OBJ_nid2sn(nid);
2416 if (!type)
2417 {
2418 /* This is unlikely to ever happen as OpenSSL is unlikely to
2419 * return an NID it cannot resolve itself but we silence
2420 * linter/code checkers here */
2421 type = "(error getting name, OBJ_nid2sn failed)";
2422 }
2423 return type;
2424 }
2425 }
2426}
2427#endif /* ifndef LIBRESSL_VERSION_NUMBER */
2428
2433static void
2434print_peer_signature(SSL *ssl, char *buf, size_t buflen)
2435{
2436 int peer_sig_type_nid = NID_undef;
2437 const char *peer_sig_unknown = "unknown";
2438 const char *peer_sig = peer_sig_unknown;
2439 const char *peer_sig_type = "unknown type";
2440
2441 const char *signame = NULL;
2442 SSL_get0_peer_signature_name(ssl, &signame);
2443 if (signame)
2444 {
2445 peer_sig = signame;
2446 }
2447
2448#if !defined(LIBRESSL_VERSION_NUMBER) \
2449 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2450 /* LibreSSL 3.7.x and 3.8.x implement this function but do not export it
2451 * and fail linking with an unresolved symbol */
2452 if (SSL_get_peer_signature_type_nid(ssl, &peer_sig_type_nid) && peer_sig_type_nid != NID_undef)
2453 {
2454 peer_sig_type = get_sigtype(peer_sig_type_nid);
2455 }
2456#endif
2457
2458 if (peer_sig == peer_sig_unknown && peer_sig_type_nid == NID_undef)
2459 {
2460 return;
2461 }
2462
2463 snprintf(buf, buflen, ", peer signing digest/type: %s %s", peer_sig, peer_sig_type);
2464}
2465
2466#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2467void
2468print_tls_key_agreement_group(SSL *ssl, char *buf, size_t buflen)
2469{
2470 const char *groupname = SSL_get0_group_name(ssl);
2471 if (!groupname)
2472 {
2473 snprintf(buf, buflen, ", key agreement: (error fetching group)");
2474 }
2475 else
2476 {
2477 snprintf(buf, buflen, ", key agreement: %s", groupname);
2478 }
2479}
2480#endif
2481
2482/* **************************************
2483 *
2484 * Information functions
2485 *
2486 * Print information for the end user.
2487 *
2488 ***************************************/
2489void
2490print_details(struct key_state_ssl *ks_ssl, const char *prefix)
2491{
2492 const SSL_CIPHER *ciph;
2493 char s1[256];
2494 char s2[256];
2495 char s3[256];
2496 char s4[256];
2497 char s5[256];
2498
2499 s1[0] = s2[0] = s3[0] = s4[0] = s5[0] = 0;
2500 ciph = SSL_get_current_cipher(ks_ssl->ssl);
2501 snprintf(s1, sizeof(s1), "%s %s, cipher %s %s", prefix, SSL_get_version(ks_ssl->ssl),
2502 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
2503 X509 *cert = SSL_get_peer_certificate(ks_ssl->ssl);
2504
2505 if (cert)
2506 {
2507 print_cert_details(cert, s2, sizeof(s2));
2508 X509_free(cert);
2509 }
2510 print_server_tempkey(ks_ssl->ssl, s3, sizeof(s3));
2511 print_peer_signature(ks_ssl->ssl, s4, sizeof(s4));
2512#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2513 print_tls_key_agreement_group(ks_ssl->ssl, s5, sizeof(s5));
2514#endif
2515
2516 msg(D_HANDSHAKE, "%s%s%s%s%s", s1, s2, s3, s4, s5);
2517}
2518
2519void
2520show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
2521{
2522 struct tls_root_ctx tls_ctx;
2523
2524 tls_ctx.ctx = SSL_CTX_new(SSLv23_method());
2525 if (!tls_ctx.ctx)
2526 {
2527 crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
2528 }
2529
2530#if defined(TLS1_3_VERSION)
2531 if (tls13)
2532 {
2533 SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
2534 tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list);
2535 }
2536 else
2537#endif
2538 {
2539 SSL_CTX_set_max_proto_version(tls_ctx.ctx, TLS1_2_VERSION);
2540 tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
2541 }
2542
2543 tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
2544
2545 SSL *ssl = SSL_new(tls_ctx.ctx);
2546 if (!ssl)
2547 {
2548 crypto_msg(M_FATAL, "Cannot create SSL object");
2549 }
2550
2551#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC) || defined(ENABLE_CRYPTO_WOLFSSL)
2552 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
2553#else
2554 STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
2555#endif
2556 for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++)
2557 {
2558 const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
2559
2560 const char *cipher_name = SSL_CIPHER_get_name(c);
2561
2562 const tls_cipher_name_pair *pair =
2563 tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
2564
2565 if (tls13)
2566 {
2567 printf("%s\n", cipher_name);
2568 }
2569 else if (NULL == pair)
2570 {
2571 /* No translation found, print warning */
2572 printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n", cipher_name);
2573 }
2574 else
2575 {
2576 printf("%s\n", pair->iana_name);
2577 }
2578 }
2579#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
2580 sk_SSL_CIPHER_free(sk);
2581#endif
2582 SSL_free(ssl);
2583 SSL_CTX_free(tls_ctx.ctx);
2584}
2585
2586/*
2587 * Show the Elliptic curves that are available for us to use
2588 * in the OpenSSL library.
2589 */
2590void
2591show_available_curves(void)
2592{
2593 printf("Consider using 'openssl ecparam -list_curves' as alternative to running\n"
2594 "this command.\n"
2595 "Note this output does only list curves/groups that OpenSSL considers as\n"
2596 "builtin EC curves. It does not list additional curves nor X448 or X25519\n");
2597#ifndef OPENSSL_NO_EC
2598 EC_builtin_curve *curves = NULL;
2599 size_t crv_len = 0;
2600 size_t n = 0;
2601
2602 crv_len = EC_get_builtin_curves(NULL, 0);
2603 ALLOC_ARRAY(curves, EC_builtin_curve, crv_len);
2604 if (EC_get_builtin_curves(curves, crv_len))
2605 {
2606 printf("\nAvailable Elliptic curves/groups:\n");
2607 for (n = 0; n < crv_len; n++)
2608 {
2609 const char *sname;
2610 sname = OBJ_nid2sn(curves[n].nid);
2611 if (sname == NULL)
2612 {
2613 sname = "";
2614 }
2615
2616 printf("%s\n", sname);
2617 }
2618 }
2619 else
2620 {
2621 crypto_msg(M_FATAL, "Cannot get list of builtin curves");
2622 }
2623 free(curves);
2624#else /* ifndef OPENSSL_NO_EC */
2625 msg(M_WARN, "Your OpenSSL library was built without elliptic curve support. "
2626 "No curves available.");
2627#endif /* ifndef OPENSSL_NO_EC */
2628}
2629
2630const char *
2631get_ssl_library_version(void)
2632{
2633 return OpenSSL_version(OPENSSL_VERSION);
2634}
2635
2636
2638#ifdef HAVE_XKEY_PROVIDER
2639static int
2640provider_load(OSSL_PROVIDER *prov, void *dest_libctx)
2641{
2642 const char *name = OSSL_PROVIDER_get0_name(prov);
2643 OSSL_PROVIDER_load(dest_libctx, name);
2644 return 1;
2645}
2646
2647static int
2648provider_unload(OSSL_PROVIDER *prov, void *unused)
2649{
2650 (void)unused;
2651 OSSL_PROVIDER_unload(prov);
2652 return 1;
2653}
2654#endif /* HAVE_XKEY_PROVIDER */
2655
2663void
2664load_xkey_provider(void)
2665{
2666#ifdef HAVE_XKEY_PROVIDER
2667
2668 /* Make a new library context for use in TLS context */
2669 if (!tls_libctx)
2670 {
2671 tls_libctx = OSSL_LIB_CTX_new();
2672 check_malloc_return(tls_libctx);
2673
2674 /* Load all providers in default LIBCTX into this libctx.
2675 * OpenSSL has a child libctx functionality to automate this,
2676 * but currently that is usable only from within providers.
2677 * So we do something close to it manually here.
2678 */
2679 OSSL_PROVIDER_do_all(NULL, provider_load, tls_libctx);
2680 }
2681
2682 if (!OSSL_PROVIDER_available(tls_libctx, "ovpn.xkey"))
2683 {
2684 OSSL_PROVIDER_add_builtin(tls_libctx, "ovpn.xkey", xkey_provider_init);
2685 if (!OSSL_PROVIDER_load(tls_libctx, "ovpn.xkey"))
2686 {
2687 msg(M_NONFATAL, "ERROR: failed loading external key provider: "
2688 "Signing with external keys will not work.");
2689 }
2690 }
2691
2692 /* We only implement minimal functionality in ovpn.xkey, so we do not want
2693 * methods in xkey to be picked unless absolutely required (i.e, when the key
2694 * is external). Ensure this by setting a default propquery for the custom
2695 * libctx that unprefers, but does not forbid, ovpn.xkey. See also man page
2696 * of "property" in OpenSSL 3.0.
2697 */
2698 EVP_set_default_properties(tls_libctx, "?provider!=ovpn.xkey");
2699
2700#endif /* HAVE_XKEY_PROVIDER */
2701}
2702
2706static void
2707unload_xkey_provider(void)
2708{
2709#ifdef HAVE_XKEY_PROVIDER
2710 if (tls_libctx)
2711 {
2712 OSSL_PROVIDER_do_all(tls_libctx, provider_unload, NULL);
2713 OSSL_LIB_CTX_free(tls_libctx);
2714 }
2715#endif /* HAVE_XKEY_PROVIDER */
2716 tls_libctx = NULL;
2717}
2718
2719#endif /* defined(ENABLE_CRYPTO_OPENSSL) */
gc_malloc
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition buffer.c:336
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:648
BPTR
#define BPTR(buf)
Definition buffer.h:123
ALLOC_ARRAY_CLEAR_GC
#define ALLOC_ARRAY_CLEAR_GC(dptr, type, n, gc)
Definition buffer.h:1110
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition buffer.h:540
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:415
BLEN
#define BLEN(buf)
Definition buffer.h:126
format_hex
static char * format_hex(const uint8_t *data, size_t size, size_t maxoutput, struct gc_arena *gc)
Definition buffer.h:504
BLENZ
#define BLENZ(buf)
Definition buffer.h:127
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1131
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1049
ALLOC_ARRAY
#define ALLOC_ARRAY(dptr, type, n)
Definition buffer.h:1094
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1041
ptr_type
unsigned long ptr_type
Definition common.h:59
ptr_format
#define ptr_format
Definition common.h:50
strsep
char * strsep(char **stringp, const char *delim)
Definition compat-strsep.c:35
print_key_filename
const char * print_key_filename(const char *str, bool is_inline)
To be used when printing a string that may contain inline data.
Definition crypto.c:1279
crypto_print_openssl_errors
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
Definition crypto_openssl.c:230
crypto_msg
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
Definition crypto_openssl.h:116
SSL_CTX_use_CryptoAPI_certificate
int SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
Definition cryptoapi.c:58
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition errlevel.h:76
D_TLS_DEBUG_MED
#define D_TLS_DEBUG_MED
Definition errlevel.h:156
D_HANDSHAKE_VERBOSE
#define D_HANDSHAKE_VERBOSE
Definition errlevel.h:155
D_HANDSHAKE
#define D_HANDSHAKE
Definition errlevel.h:71
D_TLS_ERRORS
#define D_TLS_ERRORS
Definition errlevel.h:58
D_LOW
#define D_LOW
Definition errlevel.h:96
M_INFO
#define M_INFO
Definition errlevel.h:54
D_TLS_DEBUG
#define D_TLS_DEBUG
Definition errlevel.h:164
KS_PRIMARY
#define KS_PRIMARY
Primary key state index.
Definition ssl_common.h:465
key_state_read_plaintext
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract plaintext data from the TLS module.
Definition ssl_openssl.c:2261
key_state_write_ciphertext
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition ssl_openssl.c:2248
key_state_read_ciphertext
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract ciphertext data from the TLS module.
Definition ssl_openssl.c:2236
key_state_write_plaintext_const
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition ssl_openssl.c:2224
key_state_write_plaintext
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition ssl_openssl.c:2211
verify_callback
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer's certificate allows setting up a VPN tunnel.
constrain_int
static int constrain_int(int x, int min, int max)
Definition integer.h:118
status
static SERVICE_STATUS status
Definition interactive.c:51
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3130
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3797
VALGRIND_MAKE_READABLE
#define VALGRIND_MAKE_READABLE(addr, len)
Definition memdbg.h:53
purge_user_pass
void purge_user_pass(struct user_pass *up, const bool force)
Definition misc.c:475
USER_PASS_LEN
#define USER_PASS_LEN
Definition misc.h:67
GET_USER_PASS_MANAGEMENT
#define GET_USER_PASS_MANAGEMENT
Definition misc.h:113
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:115
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:155
openssl_compat.h
OpenSSL compatibility stub.
OSSL_PROVIDER
void OSSL_PROVIDER
Definition openssl_compat.h:137
SSL_get0_peer_signature_name
static int SSL_get0_peer_signature_name(SSL *ssl, const char **sigalg)
Definition openssl_compat.h:183
OSSL_LIB_CTX
void OSSL_LIB_CTX
Definition openssl_compat.h:136
EVP_PKEY_get_group_name
static int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, size_t *gname_len)
Definition openssl_compat.h:99
SSL_CTX_set1_groups
#define SSL_CTX_set1_groups
Definition openssl_compat.h:59
SSL_CTX_new_ex
#define SSL_CTX_new_ex(libctx, propq, method)
Reduce SSL_CTX_new_ex() to SSL_CTX_new() for OpenSSL < 3.
Definition openssl_compat.h:133
CLEAR
#define CLEAR(x)
Definition basic.h:32
M_FATAL
#define M_FATAL
Definition error.h:90
M_NONFATAL
#define M_NONFATAL
Definition error.h:91
dmsg
#define dmsg(flags,...)
Definition error.h:172
msg
#define msg(flags,...)
Definition error.h:152
ASSERT
#define ASSERT(x)
Definition error.h:219
M_DEBUG
#define M_DEBUG
Definition error.h:93
M_WARN
#define M_WARN
Definition error.h:92
streq
#define streq(x, y)
Definition options.h:721
platform_fopen
FILE * platform_fopen(const char *path, const char *mode)
Definition platform.c:500
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition base64.c:160
openvpn_base64_encode
int openvpn_base64_encode(const void *data, int size, char **str)
Definition base64.c:51
pem_password_callback
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user's password.
Definition ssl.c:259
ssl_backend.h
Control Channel SSL library backend module.
TLS_VER_1_0
#define TLS_VER_1_0
Definition ssl_backend.h:105
TLS_VER_1_2
#define TLS_VER_1_2
Definition ssl_backend.h:107
TLS_VER_1_3
#define TLS_VER_1_3
Definition ssl_backend.h:108
TLS_VER_1_1
#define TLS_VER_1_1
Definition ssl_backend.h:106
ssl_common.h
Control Channel Common Data Structures.
SSLF_TLS_VERSION_MAX_SHIFT
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition ssl_common.h:432
UP_TYPE_PRIVATE_KEY
#define UP_TYPE_PRIVATE_KEY
Definition ssl_common.h:42
SSLF_CLIENT_CERT_OPTIONAL
#define SSLF_CLIENT_CERT_OPTIONAL
Definition ssl_common.h:425
SSLF_CLIENT_CERT_NOT_REQUIRED
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition ssl_common.h:424
SSLF_TLS_VERSION_MAX_MASK
#define SSLF_TLS_VERSION_MAX_MASK
Definition ssl_common.h:433
SSLF_TLS_VERSION_MIN_SHIFT
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition ssl_common.h:430
SSLF_TLS_VERSION_MIN_MASK
#define SSLF_TLS_VERSION_MIN_MASK
Definition ssl_common.h:431
tls_ctx_set_tls_groups
void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
Set the (elliptic curve) group allowed for signatures and key exchange.
Definition ssl_openssl.c:561
tls_ctx_free
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition ssl_openssl.c:139
bio_read
static int bio_read(BIO *bio, struct buffer *buf, const char *desc)
Definition ssl_openssl.c:2100
get_ssl_library_version
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition ssl_openssl.c:2631
openvpn_extkey_ec_finish
static void openvpn_extkey_ec_finish(EC_KEY *ec)
Definition ssl_openssl.c:1580
tls_ctx_set_tls_versions
static bool tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Definition ssl_openssl.c:278
bio_write
static int bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
Definition ssl_openssl.c:2038
openvpn_extkey_rsa_finish
static int openvpn_extkey_rsa_finish(RSA *rsa)
Definition ssl_openssl.c:1430
tls_ctx_use_external_ec_key
static int tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1644
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition ssl_openssl.c:157
load_xkey_provider
void load_xkey_provider(void)
Some helper routines for provider load/unload.
Definition ssl_openssl.c:2664
print_pkey_details
static void print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
Definition ssl_openssl.c:2273
print_server_tempkey
static void print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
Definition ssl_openssl.c:2368
rsa_pub_enc
static int rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1406
tls_ctx_add_extra_certs
static void tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
Definition ssl_openssl.c:1049
show_available_tls_ciphers_list
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
Show the TLS ciphers that are available for us to use in the library depending on the TLS version.
Definition ssl_openssl.c:2520
load_pkey_from_uri
static void * load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
Load private key from OSSL_STORE URI or file uri : URI of object or filename ssl_ctx : SSL_CTX for UI...
Definition ssl_openssl.c:833
tls_ctx_server_new
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition ssl_openssl.c:103
show_available_curves
void show_available_curves(void)
Show the available elliptic curves in the crypto library.
Definition ssl_openssl.c:2591
openssl_tls_version
static uint16_t openssl_tls_version(unsigned int ver)
Convert internal version number to openssl version number.
Definition ssl_openssl.c:241
key_state_ssl_free
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition ssl_openssl.c:2196
ecdsa_sign
static int ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
Definition ssl_openssl.c:1592
tls_ctx_load_priv_file
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
Definition ssl_openssl.c:1267
key_state_ssl_shutdown
void key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
Sets a TLS session to be shutdown state, so the TLS library will generate a shutdown alert.
Definition ssl_openssl.c:2190
tls_ctx_load_extra_certs
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, bool extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1932
print_peer_signature
static void print_peer_signature(SSL *ssl, char *buf, size_t buflen)
Get the type of the signature that is used by the peer during the TLS handshake.
Definition ssl_openssl.c:2434
tls_libctx
OSSL_LIB_CTX * tls_libctx
Definition ssl_openssl.c:78
get_sigtype
static const char * get_sigtype(int nid)
Translate an OpenSSL NID into a more human readable name.
Definition ssl_openssl.c:2393
mydata_index
int mydata_index
Allocate space in SSL objects in which to store a struct tls_session pointer back to parent.
Definition ssl_openssl.c:88
print_cert_details
static void print_cert_details(X509 *cert, char *buf, size_t buflen)
Print human readable information about the certificate into buf.
Definition ssl_openssl.c:2349
ecdsa_sign_setup
static int ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
Definition ssl_openssl.c:1613
tls_ctx_check_cert_time
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition ssl_openssl.c:619
tls_ctx_restrict_ciphers_tls13
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher.
Definition ssl_openssl.c:491
cert_uri_supported
static bool cert_uri_supported(void)
Definition ssl_openssl.c:1082
rsa_priv_dec
static int rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1422
INFO_CALLBACK_SSL_CONST
#define INFO_CALLBACK_SSL_CONST
Definition ssl_openssl.c:179
rsa_pub_dec
static int rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1414
bio_write_post
static void bio_write_post(const int status, struct buffer *buf)
Definition ssl_openssl.c:2086
tls_ctx_load_pkcs12
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context.
Definition ssl_openssl.c:902
tls_ctx_initialised
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition ssl_openssl.c:148
key_state_ssl_init
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition ssl_openssl.c:2149
tls_free_lib
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition ssl_openssl.c:98
unload_xkey_provider
static void unload_xkey_provider(void)
Undo steps in load_xkey_provider.
Definition ssl_openssl.c:2707
get_rsa_padding_name
const char * get_rsa_padding_name(const int padding)
Definition ssl_openssl.c:1445
tls_ctx_load_ecdh_params
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:713
get_sig_from_man
static int get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig, unsigned int siglen, const char *algorithm)
Pass the input hash in 'dgst' to management and get the signature back.
Definition ssl_openssl.c:1472
tls_ctx_load_cert_uri
static void tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
Definition ssl_openssl.c:1092
rsa_priv_enc
static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1497
convert_tls_list_to_openssl
static void convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:356
tls_ctx_load_cert_pem_file
static void tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Definition ssl_openssl.c:1194
tls_init_lib
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition ssl_openssl.c:91
print_details
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Print a one line summary of SSL/TLS session handshake.
Definition ssl_openssl.c:2490
info_callback
static void info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
Definition ssl_openssl.c:182
tls_version_max
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation.
Definition ssl_openssl.c:205
backend_tls_ctx_reload_crl
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition ssl_openssl.c:1321
tls_ctx_restrict_ciphers
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below.
Definition ssl_openssl.c:430
tls_ctx_load_ca
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1785
tls_ctx_set_cert_profile
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition ssl_openssl.c:519
tls_ctx_use_management_external_key
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
Definition ssl_openssl.c:1706
tls_ctx_use_external_rsa_key
static int tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1513
ecdsa_sign_sig
static ECDSA_SIG * ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *ec)
Definition ssl_openssl.c:1623
tls_ctx_load_cryptoapi
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition ssl_openssl.c:1035
convert_tls13_list_to_openssl
static void convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:466
tls_ctx_set_options
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition ssl_openssl.c:308
tls_ctx_load_dh_params
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:655
tls_ctx_client_new
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition ssl_openssl.c:121
sk_x509_name_cmp
static int sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
Definition ssl_openssl.c:1779
tls_ctx_load_cert_file
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Load certificate file into the given TLS context.
Definition ssl_openssl.c:1254
get_num_elements
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number e...
Definition ssl_util.c:294
tls_get_cipher_name_pair
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition ssl_util.c:275
ssl_util.h
SSL utility functions.
ssl_verify_openssl.h
Control Channel Verification Module OpenSSL backend.
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
key_state_ssl
Definition ssl_mbedtls.h:138
key_state_ssl::ct_in
BIO * ct_in
Definition ssl_openssl.h:50
key_state_ssl::ssl
SSL * ssl
Definition ssl_openssl.h:48
key_state_ssl::ssl_bio
BIO * ssl_bio
Definition ssl_openssl.h:49
key_state_ssl::ct_out
BIO * ct_out
Definition ssl_openssl.h:51
signame
Definition sig.c:47
tls_cipher_name_pair
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name.
Definition ssl_util.h:77
tls_cipher_name_pair::iana_name
const char * iana_name
Definition ssl_util.h:79
tls_cipher_name_pair::openssl_name
const char * openssl_name
Definition ssl_util.h:78
tls_root_ctx
Structure that wraps the TLS context.
Definition ssl_mbedtls.h:114
tls_root_ctx::ctx
SSL_CTX * ctx
Definition ssl_openssl.h:41
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:490
user_pass
Definition misc.h:55
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:71
cleanup
static int cleanup(void **state)
Definition test_pkcs11.c:289
gc
struct gc_arena gc
Definition test_ssl.c:131
xkey_common.h
Generated by doxygen 1.9.8