OpenVPN
ssl_openssl.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9 * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
24
30#ifdef HAVE_CONFIG_H
31#include "config.h"
32#endif
33
34#include "syshead.h"
35
36#if defined(ENABLE_CRYPTO_OPENSSL)
37
38#include "errlevel.h"
39#include "buffer.h"
40#include "misc.h"
41#include "manage.h"
42#include "memdbg.h"
43#include "ssl_backend.h"
44#include "ssl_common.h"
45#include "base64.h"
46#include "openssl_compat.h"
47#include "xkey_common.h"
48
49#ifdef ENABLE_CRYPTOAPI
50#include "cryptoapi.h"
51#endif
52
53#include "ssl_verify_openssl.h"
54#include "ssl_util.h"
55
56#include <openssl/bn.h>
57#include <openssl/crypto.h>
58#include <openssl/dh.h>
59#include <openssl/dsa.h>
60#include <openssl/err.h>
61#include <openssl/pkcs12.h>
62#include <openssl/rsa.h>
63#include <openssl/x509.h>
64#include <openssl/ssl.h>
65#ifndef OPENSSL_NO_EC
66#include <openssl/ec.h>
67#endif
68
69#if OPENSSL_VERSION_NUMBER >= 0x30000000L
70#define HAVE_OPENSSL_STORE_API
71#include <openssl/ui.h>
72#include <openssl/store.h>
73#endif
74
75#if defined(_MSC_VER) && !defined(_M_ARM64)
76#include <openssl/applink.c>
77#endif
78
79OSSL_LIB_CTX *tls_libctx; /* Global */
80
81static void unload_xkey_provider(void);
82
83/*
84 * Allocate space in SSL objects in which to store a struct tls_session
85 * pointer back to parent.
86 *
87 */
88
89int mydata_index; /* GLOBAL */
90
91void
92tls_init_lib(void)
93{
94 mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
95 ASSERT(mydata_index >= 0);
96}
97
98void
99tls_free_lib(void)
100{
101}
102
103void
104tls_ctx_server_new(struct tls_root_ctx *ctx)
105{
106 ASSERT(NULL != ctx);
107
108 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_server_method());
109
110 if (ctx->ctx == NULL)
111 {
112 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
113 }
114 if (ERR_peek_error() != 0)
115 {
116 crypto_msg(M_WARN, "Warning: TLS server context initialisation "
117 "has warnings.");
118 }
119}
120
121void
122tls_ctx_client_new(struct tls_root_ctx *ctx)
123{
124 ASSERT(NULL != ctx);
125
126 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_client_method());
127
128 if (ctx->ctx == NULL)
129 {
130 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
131 }
132 if (ERR_peek_error() != 0)
133 {
134 crypto_msg(M_WARN, "Warning: TLS client context initialisation "
135 "has warnings.");
136 }
137}
138
139void
140tls_ctx_free(struct tls_root_ctx *ctx)
141{
142 ASSERT(NULL != ctx);
143 SSL_CTX_free(ctx->ctx);
144 ctx->ctx = NULL;
145 unload_xkey_provider(); /* in case it is loaded */
146}
147
148bool
149tls_ctx_initialised(struct tls_root_ctx *ctx)
150{
151 ASSERT(NULL != ctx);
152 return NULL != ctx->ctx;
153}
154
155bool
156key_state_export_keying_material(struct tls_session *session,
157 const char *label, size_t label_size,
158 void *ekm, size_t ekm_size)
159
160{
161 SSL *ssl = session->key[KS_PRIMARY].ks_ssl.ssl;
162
163 if (SSL_export_keying_material(ssl, ekm, ekm_size, label,
164 label_size, NULL, 0, 0) == 1)
165 {
166 return true;
167 }
168 else
169 {
170 secure_memzero(ekm, ekm_size);
171 return false;
172 }
173}
174
175/*
176 * Print debugging information on SSL/TLS session negotiation.
177 */
178
179#ifndef INFO_CALLBACK_SSL_CONST
180#define INFO_CALLBACK_SSL_CONST const
181#endif
182static void
183info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
184{
185 if (where & SSL_CB_LOOP)
186 {
187 dmsg(D_HANDSHAKE_VERBOSE, "SSL state (%s): %s",
188 where & SSL_ST_CONNECT ? "connect" :
189 where &SSL_ST_ACCEPT ? "accept" :
190 "undefined", SSL_state_string_long(s));
191 }
192 else if (where & SSL_CB_ALERT)
193 {
194 dmsg(D_TLS_DEBUG_LOW, "%s %s SSL alert: %s",
195 where & SSL_CB_READ ? "Received" : "Sent",
196 SSL_alert_type_string_long(ret),
197 SSL_alert_desc_string_long(ret));
198 }
199}
200
201/*
202 * Return maximum TLS version supported by local OpenSSL library.
203 * Assume that presence of SSL_OP_NO_TLSvX macro indicates that
204 * TLSvX is supported.
205 */
206int
207tls_version_max(void)
208{
209#if defined(TLS1_3_VERSION)
210 /* If this is defined we can safely assume TLS 1.3 support */
211 return TLS_VER_1_3;
212#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
213 /*
214 * If TLS_VER_1_3 is not defined, we were compiled against a version that
215 * did not support TLS 1.3.
216 *
217 * However, the library we are *linked* against might be OpenSSL 1.1.1
218 * and therefore supports TLS 1.3. This needs to be checked at runtime
219 * since we can be compiled against 1.1.0 and then the library can be
220 * upgraded to 1.1.1.
221 * We only need to check this for OpenSSL versions that can be
222 * upgraded to 1.1.1 without recompile (>= 1.1.0)
223 */
224 if (OpenSSL_version_num() >= 0x1010100fL)
225 {
226 return TLS_VER_1_3;
227 }
228 else
229 {
230 return TLS_VER_1_2;
231 }
232#elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2)
233 return TLS_VER_1_2;
234#elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1)
235 return TLS_VER_1_1;
236#else /* if defined(TLS1_3_VERSION) */
237 return TLS_VER_1_0;
238#endif
239}
240
242static int
243openssl_tls_version(int ver)
244{
245 if (ver == TLS_VER_1_0)
246 {
247 return TLS1_VERSION;
248 }
249 else if (ver == TLS_VER_1_1)
250 {
251 return TLS1_1_VERSION;
252 }
253 else if (ver == TLS_VER_1_2)
254 {
255 return TLS1_2_VERSION;
256 }
257 else if (ver == TLS_VER_1_3)
258 {
259 /*
260 * Supporting the library upgraded to TLS1.3 without recompile
261 * is enough to support here with a simple constant that the same
262 * as in the TLS 1.3, so spec it is very unlikely that OpenSSL
263 * will change this constant
264 */
265#ifndef TLS1_3_VERSION
266 /*
267 * We do not want to define TLS_VER_1_3 if not defined
268 * since other parts of the code use the existance of this macro
269 * as proxy for TLS 1.3 support
270 */
271 return 0x0304;
272#else
273 return TLS1_3_VERSION;
274#endif
275 }
276 return 0;
277}
278
279static bool
280tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
281{
282 int tls_ver_min = openssl_tls_version(
283 (ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) & SSLF_TLS_VERSION_MIN_MASK);
284 int tls_ver_max = openssl_tls_version(
285 (ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK);
286
287 if (!tls_ver_min)
288 {
289 /* Enforce at least TLS 1.0 */
290 int cur_min = SSL_CTX_get_min_proto_version(ctx->ctx);
291 tls_ver_min = cur_min < TLS1_VERSION ? TLS1_VERSION : cur_min;
292 }
293
294 if (!SSL_CTX_set_min_proto_version(ctx->ctx, tls_ver_min))
295 {
296 msg(D_TLS_ERRORS, "%s: failed to set minimum TLS version", __func__);
297 return false;
298 }
299
300 if (tls_ver_max && !SSL_CTX_set_max_proto_version(ctx->ctx, tls_ver_max))
301 {
302 msg(D_TLS_ERRORS, "%s: failed to set maximum TLS version", __func__);
303 return false;
304 }
305
306 return true;
307}
308
309bool
310tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
311{
312 ASSERT(NULL != ctx);
313
314 /* process SSL options */
315 long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET;
316#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
317 sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE;
318#endif
319 sslopt |= SSL_OP_NO_COMPRESSION;
320 /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL
321 * session and does not depend on this feature. And TLS renegotiations have
322 * been problematic in the past */
323#ifdef SSL_OP_NO_RENEGOTIATION
324 sslopt |= SSL_OP_NO_RENEGOTIATION;
325#endif
326
327 SSL_CTX_set_options(ctx->ctx, sslopt);
328
329 if (!tls_ctx_set_tls_versions(ctx, ssl_flags))
330 {
331 return false;
332 }
333
334#ifdef SSL_MODE_RELEASE_BUFFERS
335 SSL_CTX_set_mode(ctx->ctx, SSL_MODE_RELEASE_BUFFERS);
336#endif
337 SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_OFF);
338 SSL_CTX_set_default_passwd_cb(ctx->ctx, pem_password_callback);
339
340 /* Require peer certificate verification */
341 int verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
342 if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
343 {
344 verify_flags = 0;
345 }
346 else if (ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
347 {
348 verify_flags = SSL_VERIFY_PEER;
349 }
350 SSL_CTX_set_verify(ctx->ctx, verify_flags, verify_callback);
351
352 SSL_CTX_set_info_callback(ctx->ctx, info_callback);
353
354 return true;
355}
356
357static void
358convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
359{
360 /* Parse supplied cipher list and pass on to OpenSSL */
361 size_t begin_of_cipher, end_of_cipher;
362
363 const char *current_cipher;
364 size_t current_cipher_len;
365
366 const tls_cipher_name_pair *cipher_pair;
367
368 size_t openssl_ciphers_len = 0;
369 openssl_ciphers[0] = '\0';
370
371 /* Translate IANA cipher suite names to OpenSSL names */
372 begin_of_cipher = end_of_cipher = 0;
373 for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
374 {
375 end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
376 cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
377
378 if (NULL == cipher_pair)
379 {
380 /* No translation found, use original */
381 current_cipher = &ciphers[begin_of_cipher];
382 current_cipher_len = end_of_cipher - begin_of_cipher;
383
384 /* Issue warning on missing translation */
385 /* %.*s format specifier expects length of type int, so guarantee */
386 /* that length is small enough and cast to int. */
387 msg(D_LOW, "No valid translation found for TLS cipher '%.*s'",
388 constrain_int(current_cipher_len, 0, 256), current_cipher);
389 }
390 else
391 {
392 /* Use OpenSSL name */
393 current_cipher = cipher_pair->openssl_name;
394 current_cipher_len = strlen(current_cipher);
395
396 if (end_of_cipher - begin_of_cipher == current_cipher_len
397 && 0 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name,
398 end_of_cipher - begin_of_cipher))
399 {
400 /* Non-IANA name used, show warning */
401 msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'", cipher_pair->openssl_name, cipher_pair->iana_name);
402 }
403 }
404
405 /* Make sure new cipher name fits in cipher string */
406 if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
407 || (len - 1) < (openssl_ciphers_len + current_cipher_len))
408 {
409 msg(M_FATAL,
410 "Failed to set restricted TLS cipher list, too long (>%d).",
411 (int)(len - 1));
412 }
413
414 /* Concatenate cipher name to OpenSSL cipher string */
415 memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
416 openssl_ciphers_len += current_cipher_len;
417 openssl_ciphers[openssl_ciphers_len] = ':';
418 openssl_ciphers_len++;
419
420 end_of_cipher++;
421 }
422
423 if (openssl_ciphers_len > 0)
424 {
425 openssl_ciphers[openssl_ciphers_len-1] = '\0';
426 }
427}
428
429void
430tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
431{
432 if (ciphers == NULL)
433 {
434 /* Use sane default TLS cipher list */
435 if (!SSL_CTX_set_cipher_list(ctx->ctx,
436 /* Use openssl's default list as a basis */
437 "DEFAULT"
438 /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */
439 ":!EXP:!LOW:!MEDIUM"
440 /* Disable static (EC)DH keys (no forward secrecy) */
441 ":!kDH:!kECDH"
442 /* Disable DSA private keys */
443 ":!DSS"
444 /* Disable unsupported TLS modes */
445 ":!PSK:!SRP:!kRSA"))
446 {
447 crypto_msg(M_FATAL, "Failed to set default TLS cipher list.");
448 }
449 return;
450 }
451
452 char openssl_ciphers[4096];
453 convert_tls_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
454
455 ASSERT(NULL != ctx);
456
457 /* Set OpenSSL cipher list */
458 if (!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers))
459 {
460 crypto_msg(M_FATAL, "Failed to set restricted TLS cipher list: %s", openssl_ciphers);
461 }
462}
463
464static void
465convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len,
466 const char *ciphers)
467{
468 /*
469 * OpenSSL (and official IANA) cipher names have _ in them. We
470 * historically used names with - in them. Silently convert names
471 * with - to names with _ to support both
472 */
473 if (strlen(ciphers) >= (len - 1))
474 {
475 msg(M_FATAL,
476 "Failed to set restricted TLS 1.3 cipher list, too long (>%d).",
477 (int) (len - 1));
478 }
479
480 strncpy(openssl_ciphers, ciphers, len);
481
482 for (size_t i = 0; i < strlen(openssl_ciphers); i++)
483 {
484 if (openssl_ciphers[i] == '-')
485 {
486 openssl_ciphers[i] = '_';
487 }
488 }
489}
490
491void
492tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
493{
494 if (ciphers == NULL)
495 {
496 /* default cipher list of OpenSSL 1.1.1 is sane, do not set own
497 * default as we do with tls-cipher */
498 return;
499 }
500
501#if !defined(TLS1_3_VERSION)
502 crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
503 "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
504 ciphers);
505#else
506 ASSERT(NULL != ctx);
507
508 char openssl_ciphers[4096];
509 convert_tls13_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers),
510 ciphers);
511
512 if (!SSL_CTX_set_ciphersuites(ctx->ctx, openssl_ciphers))
513 {
514 crypto_msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list: %s",
515 openssl_ciphers);
516 }
517#endif
518}
519
520void
521tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
522{
523#if OPENSSL_VERSION_NUMBER > 0x10100000L \
524 && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3060000fL)
525 /* OpenSSL does not have certificate profiles, but a complex set of
526 * callbacks that we could try to implement to achieve something similar.
527 * For now, use OpenSSL's security levels to achieve similar (but not equal)
528 * behaviour. */
529 if (!profile || 0 == strcmp(profile, "legacy"))
530 {
531 SSL_CTX_set_security_level(ctx->ctx, 1);
532 }
533 else if (0 == strcmp(profile, "insecure"))
534 {
535 SSL_CTX_set_security_level(ctx->ctx, 0);
536 }
537 else if (0 == strcmp(profile, "preferred"))
538 {
539 SSL_CTX_set_security_level(ctx->ctx, 2);
540 }
541 else if (0 == strcmp(profile, "suiteb"))
542 {
543 SSL_CTX_set_security_level(ctx->ctx, 3);
544 SSL_CTX_set_cipher_list(ctx->ctx, "SUITEB128");
545 }
546 else
547 {
548 msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
549 }
550#else /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
551 if (profile)
552 {
553 msg(M_WARN, "WARNING: OpenSSL 1.1.0 and LibreSSL do not support "
554 "--tls-cert-profile, ignoring user-set profile: '%s'", profile);
555 }
556#endif /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
557}
558
559void
560tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
561{
562 ASSERT(ctx);
563#if OPENSSL_VERSION_NUMBER < 0x30000000L
564 struct gc_arena gc = gc_new();
565 /* This method could be as easy as
566 * SSL_CTX_set1_groups_list(ctx->ctx, groups)
567 * but OpenSSL (< 3.0) does not like the name secp256r1 for prime256v1
568 * This is one of the important curves.
569 * To support the same name for OpenSSL and mbedTLS, we do
570 * this dance.
571 * Also note that the code is wrong in the presence of OpenSSL3 providers.
572 */
573
574 int groups_count = get_num_elements(groups, ':');
575
576 int *glist;
577 /* Allocate an array for them */
578 ALLOC_ARRAY_CLEAR_GC(glist, int, groups_count, &gc);
579
580 /* Parse allowed ciphers, getting IDs */
581 int glistlen = 0;
582 char *tmp_groups = string_alloc(groups, &gc);
583
584 const char *token;
585 while ((token = strsep(&tmp_groups, ":")))
586 {
587 if (streq(token, "secp256r1"))
588 {
589 token = "prime256v1";
590 }
591 int nid = OBJ_sn2nid(token);
592
593 if (nid == 0)
594 {
595 msg(M_WARN, "Warning unknown curve/group specified: %s", token);
596 }
597 else
598 {
599 glist[glistlen] = nid;
600 glistlen++;
601 }
602 }
603
604 if (!SSL_CTX_set1_groups(ctx->ctx, glist, glistlen))
605 {
606 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s",
607 groups);
608 }
609 gc_free(&gc);
610#else /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
611 if (!SSL_CTX_set1_groups_list(ctx->ctx, groups))
612 {
613 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s",
614 groups);
615 }
616#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
617}
618
619void
620tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
621{
622 int ret;
623 const X509 *cert;
624
625 ASSERT(ctx);
626
627 cert = SSL_CTX_get0_certificate(ctx->ctx);
628
629 if (cert == NULL)
630 {
631 return; /* Nothing to check if there is no certificate */
632 }
633
634 ret = X509_cmp_time(X509_get0_notBefore(cert), NULL);
635 if (ret == 0)
636 {
637 msg(D_TLS_DEBUG_MED, "Failed to read certificate notBefore field.");
638 }
639 if (ret > 0)
640 {
641 msg(M_WARN, "WARNING: Your certificate is not yet valid!");
642 }
643
644 ret = X509_cmp_time(X509_get0_notAfter(cert), NULL);
645 if (ret == 0)
646 {
647 msg(D_TLS_DEBUG_MED, "Failed to read certificate notAfter field.");
648 }
649 if (ret < 0)
650 {
651 msg(M_WARN, "WARNING: Your certificate has expired!");
652 }
653}
654
655void
656tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
657 bool dh_file_inline)
658{
659 BIO *bio;
660
661 ASSERT(NULL != ctx);
662
663 if (dh_file_inline)
664 {
665 if (!(bio = BIO_new_mem_buf((char *)dh_file, -1)))
666 {
667 crypto_msg(M_FATAL, "Cannot open memory BIO for inline DH parameters");
668 }
669 }
670 else
671 {
672 /* Get Diffie Hellman Parameters */
673 if (!(bio = BIO_new_file(dh_file, "r")))
674 {
675 crypto_msg(M_FATAL, "Cannot open %s for DH parameters", dh_file);
676 }
677 }
678
679#if OPENSSL_VERSION_NUMBER >= 0x30000000L
680 EVP_PKEY *dh = PEM_read_bio_Parameters(bio, NULL);
681 BIO_free(bio);
682
683 if (!dh)
684 {
685 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
686 print_key_filename(dh_file, dh_file_inline));
687 }
688 if (!SSL_CTX_set0_tmp_dh_pkey(ctx->ctx, dh))
689 {
690 crypto_msg(M_FATAL, "SSL_CTX_set0_tmp_dh_pkey");
691 }
692
693 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
694 8 * EVP_PKEY_get_size(dh));
695#else /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
696 DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
697 BIO_free(bio);
698
699 if (!dh)
700 {
701 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
702 print_key_filename(dh_file, dh_file_inline));
703 }
704 if (!SSL_CTX_set_tmp_dh(ctx->ctx, dh))
705 {
706 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_dh");
707 }
708
709 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
710 8 * DH_size(dh));
711
712 DH_free(dh);
713#endif /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
714}
715
716void
717tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
718{
719#if OPENSSL_VERSION_NUMBER >= 0x30000000L
720 if (curve_name != NULL)
721 {
722 msg(M_WARN, "WARNING: OpenSSL 3.0+ builds do not support specifying an "
723 "ECDH curve with --ecdh-curve, using default curves. Use "
724 "--tls-groups to specify groups.");
725 }
726#elif !defined(OPENSSL_NO_EC)
727 int nid = NID_undef;
728 EC_KEY *ecdh = NULL;
729 const char *sname = NULL;
730
731 /* Generate a new ECDH key for each SSL session (for non-ephemeral ECDH) */
732 SSL_CTX_set_options(ctx->ctx, SSL_OP_SINGLE_ECDH_USE);
733
734 if (curve_name != NULL)
735 {
736 /* Use user supplied curve if given */
737 msg(D_TLS_DEBUG, "Using user specified ECDH curve (%s)", curve_name);
738 nid = OBJ_sn2nid(curve_name);
739 }
740 else
741 {
742 return;
743 }
744
745 /* Translate NID back to name , just for kicks */
746 sname = OBJ_nid2sn(nid);
747 if (sname == NULL)
748 {
749 sname = "(Unknown)";
750 }
751
752 /* Create new EC key and set as ECDH key */
753 if (NID_undef == nid || NULL == (ecdh = EC_KEY_new_by_curve_name(nid)))
754 {
755 /* Creating key failed, fall back on sane default */
756 ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
757 const char *source = (NULL == curve_name) ?
758 "extract curve from certificate" : "use supplied curve";
759 msg(D_TLS_DEBUG_LOW,
760 "Failed to %s (%s), using secp384r1 instead.", source, sname);
761 sname = OBJ_nid2sn(NID_secp384r1);
762 }
763
764 if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
765 {
766 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_ecdh: cannot add curve");
767 }
768
769 msg(D_TLS_DEBUG_LOW, "ECDH curve %s added", sname);
770
771 EC_KEY_free(ecdh);
772#else /* ifndef OPENSSL_NO_EC */
773 msg(D_LOW, "Your OpenSSL library was built without elliptic curve support."
774 " Skipping ECDH parameter loading.");
775#endif /* OPENSSL_NO_EC */
776}
777
778#if defined(HAVE_OPENSSL_STORE_API)
784static int
785ui_reader(UI *ui, UI_STRING *uis)
786{
787 SSL_CTX *ctx = UI_get0_user_data(ui);
788
789 if (UI_get_string_type(uis) == UIT_PROMPT)
790 {
791 const char *prompt = UI_get0_output_string(uis);
792
793 /* If pkcs#11 Use custom prompt similar to pkcs11-helper */
794 if (strstr(prompt, "PKCS#11"))
795 {
796 struct user_pass up;
797 CLEAR(up);
798 get_user_pass(&up, NULL, "PKCS#11 token", GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY);
799 UI_set_result(ui, uis, up.password);
800 purge_user_pass(&up, true);
801 }
802 else /* use our generic 'Private Key' passphrase callback */
803 {
804 char password[64];
805 pem_password_cb *cb = SSL_CTX_get_default_passwd_cb(ctx);
806 void *d = SSL_CTX_get_default_passwd_cb_userdata(ctx);
807
808 cb(password, sizeof(password), 0, d);
809 UI_set_result(ui, uis, password);
810 secure_memzero(password, sizeof(password));
811 }
812
813 return 1;
814 }
815 return 0;
816}
817
818static void
819clear_ossl_store_error(OSSL_STORE_CTX *store_ctx)
820{
821 if (OSSL_STORE_error(store_ctx))
822 {
823 ERR_clear_error();
824 }
825}
826#endif /* defined(HAVE_OPENSSL_STORE_API) */
827
836static void *
837load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
838{
839 EVP_PKEY *pkey = NULL;
840
841#if !defined(HAVE_OPENSSL_STORE_API)
842
843 /* Treat the uri as file name */
844 BIO *in = BIO_new_file(uri, "r");
845 if (!in)
846 {
847 return NULL;
848 }
849 pkey = PEM_read_bio_PrivateKey(in, NULL,
850 SSL_CTX_get_default_passwd_cb(ssl_ctx),
851 SSL_CTX_get_default_passwd_cb_userdata(ssl_ctx));
852 BIO_free(in);
853
854#else /* defined(HAVE_OPENSSL_STORE_API) */
855
856 OSSL_STORE_CTX *store_ctx = NULL;
857 OSSL_STORE_INFO *info = NULL;
858
859 UI_METHOD *ui_method = UI_create_method("openvpn");
860 if (!ui_method)
861 {
862 msg(M_WARN, "OpenSSL UI creation failed");
863 return NULL;
864 }
865 UI_method_set_reader(ui_method, ui_reader);
866
867 store_ctx = OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, ssl_ctx,
868 NULL, NULL, NULL);
869 if (!store_ctx)
870 {
871 goto end;
872 }
873 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_PKEY) != 1)
874 {
875 goto end;
876 }
877 while (1)
878 {
879 info = OSSL_STORE_load(store_ctx);
880 if (info || OSSL_STORE_eof(store_ctx))
881 {
882 break;
883 }
884 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
885 * ref: man OPENSSL_STORE_open
886 * Clear error and recurse through the file if info = NULL and eof not reached
887 */
888 clear_ossl_store_error(store_ctx);
889 }
890 if (!info)
891 {
892 goto end;
893 }
894 pkey = OSSL_STORE_INFO_get1_PKEY(info);
895 OSSL_STORE_INFO_free(info);
896 msg(D_TLS_DEBUG_MED, "Found pkey in store using URI: %s", uri);
897
898end:
899 OSSL_STORE_close(store_ctx);
900 UI_destroy_method(ui_method);
901
902#endif /* defined(HAVE_OPENSSL_STORE_API) */
903
904 return pkey;
905}
906
907int
908tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
909 bool pkcs12_file_inline, bool load_ca_file)
910{
911 FILE *fp;
912 EVP_PKEY *pkey;
913 X509 *cert;
914 STACK_OF(X509) *ca = NULL;
915 PKCS12 *p12;
916 int i;
917 char password[256];
918
919 ASSERT(NULL != ctx);
920
921 if (pkcs12_file_inline)
922 {
923 BIO *b64 = BIO_new(BIO_f_base64());
924 BIO *bio = BIO_new_mem_buf((void *) pkcs12_file,
925 (int) strlen(pkcs12_file));
926 ASSERT(b64 && bio);
927 BIO_push(b64, bio);
928 p12 = d2i_PKCS12_bio(b64, NULL);
929 if (!p12)
930 {
931 crypto_msg(M_FATAL, "Error reading inline PKCS#12 file");
932 }
933 BIO_free(b64);
934 BIO_free(bio);
935 }
936 else
937 {
938 /* Load the PKCS #12 file */
939 if (!(fp = platform_fopen(pkcs12_file, "rb")))
940 {
941 crypto_msg(M_FATAL, "Error opening file %s", pkcs12_file);
942 }
943 p12 = d2i_PKCS12_fp(fp, NULL);
944 fclose(fp);
945 if (!p12)
946 {
947 crypto_msg(M_FATAL, "Error reading PKCS#12 file %s", pkcs12_file);
948 }
949 }
950
951 /* Parse the PKCS #12 file */
952 if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
953 {
954 pem_password_callback(password, sizeof(password) - 1, 0, NULL);
955 /* Reparse the PKCS #12 file with password */
956 ca = NULL;
957 if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
958 {
959 crypto_msg(M_WARN, "Decoding PKCS12 failed. Probably wrong password "
960 "or unsupported/legacy encryption");
961#ifdef ENABLE_MANAGEMENT
962 if (management && (ERR_GET_REASON(ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
963 {
964 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
965 }
966#endif
967 PKCS12_free(p12);
968 return 1;
969 }
970 }
971 PKCS12_free(p12);
972
973 /* Load Certificate */
974 if (!SSL_CTX_use_certificate(ctx->ctx, cert))
975 {
976 crypto_print_openssl_errors(M_WARN);
977 crypto_msg(M_FATAL, "Cannot use certificate");
978 }
979
980 /* Load Private Key */
981 if (!SSL_CTX_use_PrivateKey(ctx->ctx, pkey))
982 {
983 crypto_msg(M_FATAL, "Cannot use private key");
984 }
985
986 /* Check Private Key */
987 if (!SSL_CTX_check_private_key(ctx->ctx))
988 {
989 crypto_msg(M_FATAL, "Private key does not match the certificate");
990 }
991
992 /* Set Certificate Verification chain */
993 if (load_ca_file)
994 {
995 /* Add CAs from PKCS12 to the cert store and mark them as trusted.
996 * They're also used to fill in the chain of intermediate certs as
997 * necessary.
998 */
999 if (ca && sk_X509_num(ca))
1000 {
1001 for (i = 0; i < sk_X509_num(ca); i++)
1002 {
1003 X509_STORE *cert_store = SSL_CTX_get_cert_store(ctx->ctx);
1004 if (!X509_STORE_add_cert(cert_store, sk_X509_value(ca, i)))
1005 {
1006 crypto_msg(M_FATAL, "Cannot add certificate to certificate chain (X509_STORE_add_cert)");
1007 }
1008 if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))
1009 {
1010 crypto_msg(M_FATAL, "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
1011 }
1012 }
1013 }
1014 }
1015 else
1016 {
1017 /* If trusted CA certs were loaded from a PEM file, and we ignore the
1018 * ones in PKCS12, do load PKCS12-provided certs to the client extra
1019 * certs chain just in case they include intermediate CAs needed to
1020 * prove my identity to the other end. This does not make them trusted.
1021 */
1022 if (ca && sk_X509_num(ca))
1023 {
1024 for (i = 0; i < sk_X509_num(ca); i++)
1025 {
1026 if (!SSL_CTX_add_extra_chain_cert(ctx->ctx, sk_X509_value(ca, i)))
1027 {
1028 crypto_msg(M_FATAL, "Cannot add extra certificate to chain (SSL_CTX_add_extra_chain_cert)");
1029 }
1030 }
1031 }
1032 }
1033 return 0;
1034}
1035
1036#ifdef ENABLE_CRYPTOAPI
1037void
1038tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
1039{
1040 ASSERT(NULL != ctx);
1041
1042 /* Load Certificate and Private Key */
1043 if (!SSL_CTX_use_CryptoAPI_certificate(ctx->ctx, cryptoapi_cert))
1044 {
1045 crypto_msg(M_FATAL, "Cannot load certificate \"%s\" from Microsoft Certificate Store", cryptoapi_cert);
1046 }
1047}
1048#endif /* ENABLE_CRYPTOAPI */
1049
1050static void
1051tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
1052{
1053 X509 *cert;
1054 while (true)
1055 {
1056 cert = NULL;
1057 if (!PEM_read_bio_X509(bio, &cert, NULL, NULL))
1058 {
1059 /* a PEM_R_NO_START_LINE "Error" indicates that no certificate
1060 * is found in the buffer. If loading more certificates is
1061 * optional, break without raising an error
1062 */
1063 if (optional
1064 && ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
1065 {
1066 /* remove that error from error stack */
1067 (void)ERR_get_error();
1068 break;
1069 }
1070
1071 /* Otherwise, bail out with error */
1072 crypto_msg(M_FATAL, "Error reading extra certificate");
1073 }
1074 /* takes ownership of cert like a set1 method */
1075 if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
1076 {
1077 crypto_msg(M_FATAL, "Error adding extra certificate");
1078 }
1079 /* We loaded at least one certificate, so loading more is optional */
1080 optional = true;
1081 }
1082}
1083
1084static bool
1085cert_uri_supported(void)
1086{
1087#if defined(HAVE_OPENSSL_STORE_API)
1088 return 1;
1089#else
1090 return 0;
1091#endif
1092}
1093
1094static void
1095tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
1096{
1097#if defined(HAVE_OPENSSL_STORE_API)
1098 X509 *x = NULL;
1099 int ret = 0;
1100 OSSL_STORE_CTX *store_ctx = NULL;
1101 OSSL_STORE_INFO *info = NULL;
1102
1103 ASSERT(NULL != tls_ctx);
1104
1105 UI_METHOD *ui_method = UI_create_method("openvpn");
1106 if (!ui_method)
1107 {
1108 msg(M_WARN, "OpenSSL UI method creation failed");
1109 goto end;
1110 }
1111 UI_method_set_reader(ui_method, ui_reader);
1112
1113 store_ctx = OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, tls_ctx->ctx,
1114 NULL, NULL, NULL);
1115 if (!store_ctx)
1116 {
1117 goto end;
1118 }
1119 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_CERT) != 1)
1120 {
1121 goto end;
1122 }
1123
1124 while (1)
1125 {
1126 info = OSSL_STORE_load(store_ctx);
1127 if (info || OSSL_STORE_eof(store_ctx))
1128 {
1129 break;
1130 }
1131 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
1132 * ref: man OPENSSL_STORE_open
1133 * Clear error and recurse through the file if info = NULL and eof not reached.
1134 */
1135 clear_ossl_store_error(store_ctx);
1136 }
1137 if (!info)
1138 {
1139 goto end;
1140 }
1141
1142 x = OSSL_STORE_INFO_get0_CERT(info);
1143 if (x == NULL)
1144 {
1145 goto end;
1146 }
1147 msg(D_TLS_DEBUG_MED, "Found cert in store using URI: %s", uri);
1148
1149 ret = SSL_CTX_use_certificate(tls_ctx->ctx, x);
1150 if (!ret)
1151 {
1152 goto end;
1153 }
1154 OSSL_STORE_INFO_free(info);
1155 info = NULL;
1156
1157 /* iterate through the store and add extra certificates if any to the chain */
1158 while (!OSSL_STORE_eof(store_ctx))
1159 {
1160 info = OSSL_STORE_load(store_ctx);
1161 if (!info)
1162 {
1163 clear_ossl_store_error(store_ctx);
1164 continue;
1165 }
1166 x = OSSL_STORE_INFO_get1_CERT(info);
1167 if (x && SSL_CTX_add_extra_chain_cert(tls_ctx->ctx, x) != 1)
1168 {
1169 X509_free(x);
1170 crypto_msg(M_FATAL, "Error adding extra certificate");
1171 break;
1172 }
1173 OSSL_STORE_INFO_free(info);
1174 info = NULL;
1175 }
1176
1177end:
1178 if (!ret)
1179 {
1180 crypto_print_openssl_errors(M_WARN);
1181 crypto_msg(M_FATAL, "Cannot load certificate from URI <%s>", uri);
1182 }
1183 else
1184 {
1185 crypto_print_openssl_errors(M_DEBUG);
1186 }
1187
1188 UI_destroy_method(ui_method);
1189 OSSL_STORE_INFO_free(info);
1190 OSSL_STORE_close(store_ctx);
1191#else /* defined(HAVE_OPENSSL_STORE_API */
1192 ASSERT(0);
1193#endif /* defined(HAVE_OPENSSL_STORE_API */
1194}
1195
1196static void
1197tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file,
1198 bool cert_file_inline)
1199{
1200 BIO *in = NULL;
1201 X509 *x = NULL;
1202 int ret = 0;
1203
1204 ASSERT(NULL != ctx);
1205
1206 if (cert_file_inline)
1207 {
1208 in = BIO_new_mem_buf((char *) cert_file, -1);
1209 }
1210 else
1211 {
1212 in = BIO_new_file((char *) cert_file, "r");
1213 }
1214
1215 if (in == NULL)
1216 {
1217 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
1218 goto end;
1219 }
1220
1221 x = PEM_read_bio_X509(in, NULL,
1222 SSL_CTX_get_default_passwd_cb(ctx->ctx),
1223 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1224 if (x == NULL)
1225 {
1226 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
1227 goto end;
1228 }
1229
1230 ret = SSL_CTX_use_certificate(ctx->ctx, x);
1231 if (ret)
1232 {
1233 tls_ctx_add_extra_certs(ctx, in, true);
1234 }
1235
1236end:
1237 if (!ret)
1238 {
1239 crypto_print_openssl_errors(M_WARN);
1240 if (cert_file_inline)
1241 {
1242 crypto_msg(M_FATAL, "Cannot load inline certificate file");
1243 }
1244 else
1245 {
1246 crypto_msg(M_FATAL, "Cannot load certificate file %s", cert_file);
1247 }
1248 }
1249 else
1250 {
1251 crypto_print_openssl_errors(M_DEBUG);
1252 }
1253
1254 BIO_free(in);
1255 X509_free(x);
1256}
1257
1258void
1259tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file,
1260 bool cert_file_inline)
1261{
1262 if (cert_uri_supported() && !cert_file_inline)
1263 {
1264 tls_ctx_load_cert_uri(ctx, cert_file);
1265 }
1266 else
1267 {
1268 tls_ctx_load_cert_pem_file(ctx, cert_file, cert_file_inline);
1269 }
1270}
1271
1272int
1273tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
1274 bool priv_key_file_inline)
1275{
1276 SSL_CTX *ssl_ctx = NULL;
1277 BIO *in = NULL;
1278 EVP_PKEY *pkey = NULL;
1279 int ret = 1;
1280
1281 ASSERT(NULL != ctx);
1282
1283 ssl_ctx = ctx->ctx;
1284
1285 if (priv_key_file_inline)
1286 {
1287 in = BIO_new_mem_buf((char *) priv_key_file, -1);
1288 if (in == NULL)
1289 {
1290 goto end;
1291 }
1292 pkey = PEM_read_bio_PrivateKey(in, NULL,
1293 SSL_CTX_get_default_passwd_cb(ctx->ctx),
1294 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1295 }
1296 else
1297 {
1298 pkey = load_pkey_from_uri(priv_key_file, ssl_ctx);
1299 }
1300
1301 if (!pkey || !SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1302 {
1303#ifdef ENABLE_MANAGEMENT
1304 if (management && (ERR_GET_REASON(ERR_peek_error()) == EVP_R_BAD_DECRYPT))
1305 {
1306 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
1307 }
1308#endif
1309 crypto_msg(M_WARN, "Cannot load private key file %s",
1310 print_key_filename(priv_key_file, priv_key_file_inline));
1311 goto end;
1312 }
1313
1314 /* Check Private Key */
1315 if (!SSL_CTX_check_private_key(ssl_ctx))
1316 {
1317 crypto_msg(M_FATAL, "Private key does not match the certificate");
1318 }
1319 ret = 0;
1320
1321end:
1322 EVP_PKEY_free(pkey);
1323 BIO_free(in);
1324 return ret;
1325}
1326
1327void
1328backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file,
1329 bool crl_inline)
1330{
1331 BIO *in = NULL;
1332
1333 X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx->ctx);
1334 if (!store)
1335 {
1336 crypto_msg(M_FATAL, "Cannot get certificate store");
1337 }
1338
1339 /* Always start with a cleared CRL list, for that we
1340 * we need to manually find the CRL object from the stack
1341 * and remove it */
1342 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
1343 for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
1344 {
1345 X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
1346 ASSERT(obj);
1347 if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
1348 {
1349 sk_X509_OBJECT_delete(objs, i);
1350 X509_OBJECT_free(obj);
1351 }
1352 }
1353
1354 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1355
1356 if (crl_inline)
1357 {
1358 in = BIO_new_mem_buf((char *) crl_file, -1);
1359 }
1360 else
1361 {
1362 in = BIO_new_file(crl_file, "r");
1363 }
1364
1365 if (in == NULL)
1366 {
1367 msg(M_WARN, "CRL: cannot read: %s",
1368 print_key_filename(crl_file, crl_inline));
1369 goto end;
1370 }
1371
1372 int num_crls_loaded = 0;
1373 while (true)
1374 {
1375 X509_CRL *crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
1376 if (crl == NULL)
1377 {
1378 /*
1379 * PEM_R_NO_START_LINE can be considered equivalent to EOF.
1380 */
1381 bool eof = ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE;
1382 /* but warn if no CRLs have been loaded */
1383 if (num_crls_loaded > 0 && eof)
1384 {
1385 /* remove that error from error stack */
1386 (void)ERR_get_error();
1387 break;
1388 }
1389
1390 crypto_msg(M_WARN, "CRL: cannot read CRL from file %s",
1391 print_key_filename(crl_file, crl_inline));
1392 break;
1393 }
1394
1395 if (!X509_STORE_add_crl(store, crl))
1396 {
1397 X509_CRL_free(crl);
1398 crypto_msg(M_WARN, "CRL: cannot add %s to store",
1399 print_key_filename(crl_file, crl_inline));
1400 break;
1401 }
1402 X509_CRL_free(crl);
1403 num_crls_loaded++;
1404 }
1405 msg(M_INFO, "CRL: loaded %d CRLs from file %s", num_crls_loaded, crl_file);
1406end:
1407 BIO_free(in);
1408}
1409
1410
1411#if defined(ENABLE_MANAGEMENT) && !defined(HAVE_XKEY_PROVIDER)
1412
1413/* encrypt */
1414static int
1415rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1416{
1417 ASSERT(0);
1418 return -1;
1419}
1420
1421/* verify arbitrary data */
1422static int
1423rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1424{
1425 ASSERT(0);
1426 return -1;
1427}
1428
1429/* decrypt */
1430static int
1431rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1432{
1433 ASSERT(0);
1434 return -1;
1435}
1436
1437/* called at RSA_free */
1438static int
1439openvpn_extkey_rsa_finish(RSA *rsa)
1440{
1441 /* meth was allocated in tls_ctx_use_management_external_key() ; since
1442 * this function is called when the parent RSA object is destroyed,
1443 * it is no longer used after this point so kill it. */
1444 const RSA_METHOD *meth = RSA_get_method(rsa);
1445 RSA_meth_free((RSA_METHOD *)meth);
1446 return 1;
1447}
1448
1449/*
1450 * Convert OpenSSL's constant to the strings used in the management
1451 * interface query
1452 */
1453const char *
1454get_rsa_padding_name(const int padding)
1455{
1456 switch (padding)
1457 {
1458 case RSA_PKCS1_PADDING:
1459 return "RSA_PKCS1_PADDING";
1460
1461 case RSA_NO_PADDING:
1462 return "RSA_NO_PADDING";
1463
1464 default:
1465 return "UNKNOWN";
1466 }
1467}
1468
1480static int
1481get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen,
1482 unsigned char *sig, unsigned int siglen,
1483 const char *algorithm)
1484{
1485 char *in_b64 = NULL;
1486 char *out_b64 = NULL;
1487 int len = -1;
1488
1489 int bencret = openvpn_base64_encode(dgst, dgstlen, &in_b64);
1490
1491 if (management && bencret > 0)
1492 {
1493 out_b64 = management_query_pk_sig(management, in_b64, algorithm);
1494
1495 }
1496 if (out_b64)
1497 {
1498 len = openvpn_base64_decode(out_b64, sig, siglen);
1499 }
1500
1501 free(in_b64);
1502 free(out_b64);
1503 return len;
1504}
1505
1506/* sign arbitrary data */
1507static int
1508rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
1509 int padding)
1510{
1511 unsigned int len = RSA_size(rsa);
1512 int ret = -1;
1513
1514 if (padding != RSA_PKCS1_PADDING && padding != RSA_NO_PADDING)
1515 {
1516 RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
1517 return -1;
1518 }
1519
1520 ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name(padding));
1521
1522 return (ret == len) ? ret : -1;
1523}
1524
1525static int
1526tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1527{
1528 RSA *rsa = NULL;
1529 RSA_METHOD *rsa_meth;
1530
1531 ASSERT(NULL != ctx);
1532
1533 const RSA *pub_rsa = EVP_PKEY_get0_RSA(pkey);
1534 ASSERT(NULL != pub_rsa);
1535
1536 /* allocate custom RSA method object */
1537 rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method",
1538 RSA_METHOD_FLAG_NO_CHECK);
1539 check_malloc_return(rsa_meth);
1540 RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc);
1541 RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec);
1542 RSA_meth_set_priv_enc(rsa_meth, rsa_priv_enc);
1543 RSA_meth_set_priv_dec(rsa_meth, rsa_priv_dec);
1544 RSA_meth_set_init(rsa_meth, NULL);
1545 RSA_meth_set_finish(rsa_meth, openvpn_extkey_rsa_finish);
1546 RSA_meth_set0_app_data(rsa_meth, NULL);
1547
1548 /* allocate RSA object */
1549 rsa = RSA_new();
1550 if (rsa == NULL)
1551 {
1552 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
1553 goto err;
1554 }
1555
1556 /* initialize RSA object */
1557 const BIGNUM *n = NULL;
1558 const BIGNUM *e = NULL;
1559 RSA_get0_key(pub_rsa, &n, &e, NULL);
1560 RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL);
1561 RSA_set_flags(rsa, RSA_flags(rsa) | RSA_FLAG_EXT_PKEY);
1562 if (!RSA_set_method(rsa, rsa_meth))
1563 {
1564 RSA_meth_free(rsa_meth);
1565 goto err;
1566 }
1567 /* from this point rsa_meth will get freed with rsa */
1568
1569 /* bind our custom RSA object to ssl_ctx */
1570 if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
1571 {
1572 goto err;
1573 }
1574
1575 RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
1576 return 1;
1577
1578err:
1579 if (rsa)
1580 {
1581 RSA_free(rsa);
1582 }
1583 else if (rsa_meth)
1584 {
1585 RSA_meth_free(rsa_meth);
1586 }
1587 return 0;
1588}
1589
1590#if !defined(OPENSSL_NO_EC)
1591
1592/* called when EC_KEY is destroyed */
1593static void
1594openvpn_extkey_ec_finish(EC_KEY *ec)
1595{
1596 /* release the method structure */
1597 const EC_KEY_METHOD *ec_meth = EC_KEY_get_method(ec);
1598 EC_KEY_METHOD_free((EC_KEY_METHOD *) ec_meth);
1599}
1600
1601/* EC_KEY_METHOD callback: sign().
1602 * Sign the hash using EC key and return DER encoded signature in sig,
1603 * its length in siglen. Return value is 1 on success, 0 on error.
1604 */
1605static int
1606ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig,
1607 unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
1608{
1609 int capacity = ECDSA_size(ec);
1610 /*
1611 * ECDSA does not seem to have proper constants for paddings since
1612 * there are only signatures without padding at the moment, use
1613 * a generic ECDSA for the moment
1614 */
1615 int len = get_sig_from_man(dgst, dgstlen, sig, capacity, "ECDSA");
1616
1617 if (len > 0)
1618 {
1619 *siglen = len;
1620 return 1;
1621 }
1622 return 0;
1623}
1624
1625/* EC_KEY_METHOD callback: sign_setup(). We do no precomputations */
1626static int
1627ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
1628{
1629 return 1;
1630}
1631
1632/* EC_KEY_METHOD callback: sign_sig().
1633 * Sign the hash and return the result as a newly allocated ECDS_SIG
1634 * struct or NULL on error.
1635 */
1636static ECDSA_SIG *
1637ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv,
1638 const BIGNUM *in_r, EC_KEY *ec)
1639{
1640 ECDSA_SIG *ecsig = NULL;
1641 unsigned int len = ECDSA_size(ec);
1642 struct gc_arena gc = gc_new();
1643
1644 unsigned char *buf = gc_malloc(len, false, &gc);
1645 if (ecdsa_sign(0, dgst, dgstlen, buf, &len, NULL, NULL, ec) != 1)
1646 {
1647 goto out;
1648 }
1649 /* const char ** should be avoided: not up to us, so we cast our way through */
1650 ecsig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&buf, len);
1651
1652out:
1653 gc_free(&gc);
1654 return ecsig;
1655}
1656
1657static int
1658tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1659{
1660 EC_KEY *ec = NULL;
1661 EVP_PKEY *privkey = NULL;
1662 EC_KEY_METHOD *ec_method;
1663
1664 ASSERT(ctx);
1665
1666 ec_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
1667 if (!ec_method)
1668 {
1669 goto err;
1670 }
1671
1672 /* Among init methods, we only need the finish method */
1673 EC_KEY_METHOD_set_init(ec_method, NULL, openvpn_extkey_ec_finish, NULL, NULL, NULL, NULL);
1674#ifdef OPENSSL_IS_AWSLC
1675 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, NULL, ecdsa_sign_sig);
1676#else
1677 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, ecdsa_sign_setup, ecdsa_sign_sig);
1678#endif
1679
1680 ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pkey));
1681 if (!ec)
1682 {
1683 EC_KEY_METHOD_free(ec_method);
1684 goto err;
1685 }
1686 if (!EC_KEY_set_method(ec, ec_method))
1687 {
1688 EC_KEY_METHOD_free(ec_method);
1689 goto err;
1690 }
1691 /* from this point ec_method will get freed when ec is freed */
1692
1693 privkey = EVP_PKEY_new();
1694 if (!EVP_PKEY_assign_EC_KEY(privkey, ec))
1695 {
1696 goto err;
1697 }
1698 /* from this point ec will get freed when privkey is freed */
1699
1700 if (!SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1701 {
1702 ec = NULL; /* avoid double freeing it below */
1703 goto err;
1704 }
1705
1706 EVP_PKEY_free(privkey); /* this will down ref privkey and ec */
1707 return 1;
1708
1709err:
1710 /* Reach here only when ec and privkey can be independenly freed */
1711 EVP_PKEY_free(privkey);
1712 EC_KEY_free(ec);
1713 return 0;
1714}
1715#endif /* !defined(OPENSSL_NO_EC) */
1716#endif /* ENABLE_MANAGEMENT && !HAVE_XKEY_PROVIDER */
1717
1718#ifdef ENABLE_MANAGEMENT
1719int
1720tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
1721{
1722 int ret = 1;
1723
1724 ASSERT(NULL != ctx);
1725
1726 X509 *cert = SSL_CTX_get0_certificate(ctx->ctx);
1727
1728 ASSERT(NULL != cert);
1729
1730 /* get the public key */
1731 EVP_PKEY *pkey = X509_get0_pubkey(cert);
1732 ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */
1733
1734#ifdef HAVE_XKEY_PROVIDER
1735 EVP_PKEY *privkey = xkey_load_management_key(tls_libctx, pkey);
1736 if (!privkey
1737 || !SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1738 {
1739 EVP_PKEY_free(privkey);
1740 goto cleanup;
1741 }
1742 EVP_PKEY_free(privkey);
1743#else /* ifdef HAVE_XKEY_PROVIDER */
1744#if OPENSSL_VERSION_NUMBER < 0x30000000L
1745 if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
1746#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1747 if (EVP_PKEY_is_a(pkey, "RSA"))
1748#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1749 {
1750 if (!tls_ctx_use_external_rsa_key(ctx, pkey))
1751 {
1752 goto cleanup;
1753 }
1754 }
1755#if !defined(OPENSSL_NO_EC)
1756#if OPENSSL_VERSION_NUMBER < 0x30000000L
1757 else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
1758#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1759 else if (EVP_PKEY_is_a(pkey, "EC"))
1760#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1761 {
1762 if (!tls_ctx_use_external_ec_key(ctx, pkey))
1763 {
1764 goto cleanup;
1765 }
1766 }
1767 else
1768 {
1769 crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate");
1770 goto cleanup;
1771 }
1772#else /* !defined(OPENSSL_NO_EC) */
1773 else
1774 {
1775 crypto_msg(M_WARN, "management-external-key requires an RSA certificate");
1776 goto cleanup;
1777 }
1778#endif /* !defined(OPENSSL_NO_EC) */
1779
1780#endif /* HAVE_XKEY_PROVIDER */
1781
1782 ret = 0;
1783cleanup:
1784 if (ret)
1785 {
1786 crypto_msg(M_FATAL, "Cannot enable SSL external private key capability");
1787 }
1788 return ret;
1789}
1790
1791#endif /* ifdef ENABLE_MANAGEMENT */
1792
1793static int
1794sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
1795{
1796 return X509_NAME_cmp(*a, *b);
1797}
1798
1799void
1800tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file,
1801 bool ca_file_inline, const char *ca_path, bool tls_server)
1802{
1803 STACK_OF(X509_INFO) *info_stack = NULL;
1804 STACK_OF(X509_NAME) *cert_names = NULL;
1805 X509_LOOKUP *lookup = NULL;
1806 X509_STORE *store = NULL;
1807 X509_NAME *xn = NULL;
1808 BIO *in = NULL;
1809 int i, added = 0, prev = 0;
1810
1811 ASSERT(NULL != ctx);
1812
1813 store = SSL_CTX_get_cert_store(ctx->ctx);
1814 if (!store)
1815 {
1816 crypto_msg(M_FATAL, "Cannot get certificate store");
1817 }
1818
1819 /* Try to add certificates and CRLs from ca_file */
1820 if (ca_file)
1821 {
1822 if (ca_file_inline)
1823 {
1824 in = BIO_new_mem_buf((char *)ca_file, -1);
1825 }
1826 else
1827 {
1828 in = BIO_new_file(ca_file, "r");
1829 }
1830
1831 if (in)
1832 {
1833 info_stack = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
1834 }
1835
1836 if (info_stack)
1837 {
1838 for (i = 0; i < sk_X509_INFO_num(info_stack); i++)
1839 {
1840 X509_INFO *info = sk_X509_INFO_value(info_stack, i);
1841 if (info->crl)
1842 {
1843 X509_STORE_add_crl(store, info->crl);
1844 }
1845
1846 if (tls_server && !info->x509)
1847 {
1848 crypto_msg(M_FATAL, "X509 name was missing in TLS mode");
1849 }
1850
1851 if (info->x509)
1852 {
1853 X509_STORE_add_cert(store, info->x509);
1854 added++;
1855
1856 if (!tls_server)
1857 {
1858 continue;
1859 }
1860
1861 /* Use names of CAs as a client CA list */
1862 if (cert_names == NULL)
1863 {
1864 cert_names = sk_X509_NAME_new(sk_x509_name_cmp);
1865 if (!cert_names)
1866 {
1867 continue;
1868 }
1869 }
1870
1871 xn = X509_get_subject_name(info->x509);
1872 if (!xn)
1873 {
1874 continue;
1875 }
1876
1877 /* Don't add duplicate CA names */
1878 if (sk_X509_NAME_find(cert_names, xn) == -1)
1879 {
1880 xn = X509_NAME_dup(xn);
1881 if (!xn)
1882 {
1883 continue;
1884 }
1885 sk_X509_NAME_push(cert_names, xn);
1886 }
1887 }
1888
1889 if (tls_server)
1890 {
1891 int cnum = sk_X509_NAME_num(cert_names);
1892 if (cnum != (prev + 1))
1893 {
1894 crypto_msg(M_WARN,
1895 "Cannot load CA certificate file %s (entry %d did not validate)",
1896 print_key_filename(ca_file, ca_file_inline),
1897 added);
1898 }
1899 prev = cnum;
1900 }
1901 }
1902 sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
1903 }
1904 int cnum;
1905 if (tls_server)
1906 {
1907 cnum = sk_X509_NAME_num(cert_names);
1908 SSL_CTX_set_client_CA_list(ctx->ctx, cert_names);
1909 }
1910
1911 if (!added)
1912 {
1913 crypto_msg(M_FATAL,
1914 "Cannot load CA certificate file %s (no entries were read)",
1915 print_key_filename(ca_file, ca_file_inline));
1916 }
1917
1918 if (tls_server)
1919 {
1920 if (cnum != added)
1921 {
1922 crypto_msg(M_FATAL, "Cannot load CA certificate file %s (only %d "
1923 "of %d entries were valid X509 names)",
1924 print_key_filename(ca_file, ca_file_inline), cnum,
1925 added);
1926 }
1927 }
1928
1929 BIO_free(in);
1930 }
1931
1932 /* Set a store for certs (CA & CRL) with a lookup on the "capath" hash directory */
1933 if (ca_path)
1934 {
1935 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
1936 if (lookup && X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM))
1937 {
1938 msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);
1939 }
1940 else
1941 {
1942 crypto_msg(M_FATAL, "Cannot add lookup at --capath %s", ca_path);
1943 }
1944 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1945 }
1946}
1947
1948void
1949tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
1950 bool extra_certs_file_inline)
1951{
1952 BIO *in;
1953 if (extra_certs_file_inline)
1954 {
1955 in = BIO_new_mem_buf((char *)extra_certs_file, -1);
1956 }
1957 else
1958 {
1959 in = BIO_new_file(extra_certs_file, "r");
1960 }
1961
1962 if (in == NULL)
1963 {
1964 crypto_msg(M_FATAL, "Cannot load extra-certs file: %s",
1965 print_key_filename(extra_certs_file,
1966 extra_certs_file_inline));
1967
1968 }
1969 else
1970 {
1971 tls_ctx_add_extra_certs(ctx, in, false);
1972 }
1973
1974 BIO_free(in);
1975}
1976
1977/* **************************************
1978 *
1979 * Key-state specific functions
1980 *
1981 ***************************************/
1982/*
1983 *
1984 * BIO functions
1985 *
1986 */
1987
1988#ifdef BIO_DEBUG
1989
1990#warning BIO_DEBUG defined
1991
1992static FILE *biofp; /* GLOBAL */
1993static bool biofp_toggle; /* GLOBAL */
1994static time_t biofp_last_open; /* GLOBAL */
1995static const int biofp_reopen_interval = 600; /* GLOBAL */
1996
1997static void
1998close_biofp(void)
1999{
2000 if (biofp)
2001 {
2002 ASSERT(!fclose(biofp));
2003 biofp = NULL;
2004 }
2005}
2006
2007static void
2008open_biofp(void)
2009{
2010 const time_t current = time(NULL);
2011 const pid_t pid = getpid();
2012
2013 if (biofp_last_open + biofp_reopen_interval < current)
2014 {
2015 close_biofp();
2016 }
2017 if (!biofp)
2018 {
2019 char fn[256];
2020 snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
2021 biofp = fopen(fn, "w");
2022 ASSERT(biofp);
2023 biofp_last_open = time(NULL);
2024 biofp_toggle ^= 1;
2025 }
2026}
2027
2028static void
2029bio_debug_data(const char *mode, BIO *bio, const uint8_t *buf, int len, const char *desc)
2030{
2031 struct gc_arena gc = gc_new();
2032 if (len > 0)
2033 {
2034 open_biofp();
2035 fprintf(biofp, "BIO_%s %s time=%" PRIi64 " bio=" ptr_format " len=%d data=%s\n",
2036 mode, desc, (int64_t)time(NULL), (ptr_type)bio, len, format_hex(buf, len, 0, &gc));
2037 fflush(biofp);
2038 }
2039 gc_free(&gc);
2040}
2041
2042static void
2043bio_debug_oc(const char *mode, BIO *bio)
2044{
2045 open_biofp();
2046 fprintf(biofp, "BIO %s time=%" PRIi64 " bio=" ptr_format "\n",
2047 mode, (int64_t)time(NULL), (ptr_type)bio);
2048 fflush(biofp);
2049}
2050
2051#endif /* ifdef BIO_DEBUG */
2052
2053/*
2054 * Write to an OpenSSL BIO in non-blocking mode.
2055 */
2056static int
2057bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
2058{
2059 int i;
2060 int ret = 0;
2061 ASSERT(size >= 0);
2062 if (size)
2063 {
2064 /*
2065 * Free the L_TLS lock prior to calling BIO routines
2066 * so that foreground thread can still call
2067 * tls_pre_decrypt or tls_pre_encrypt,
2068 * allowing tunnel packet forwarding to continue.
2069 */
2070#ifdef BIO_DEBUG
2071 bio_debug_data("write", bio, data, size, desc);
2072#endif
2073 i = BIO_write(bio, data, size);
2074
2075 if (i < 0)
2076 {
2077 if (!BIO_should_retry(bio))
2078 {
2079 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s error", desc);
2080 ret = -1;
2081 ERR_clear_error();
2082 }
2083 }
2084 else if (i != size)
2085 {
2086 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s incomplete %d/%d",
2087 desc, i, size);
2088 ret = -1;
2089 ERR_clear_error();
2090 }
2091 else
2092 { /* successful write */
2093 dmsg(D_HANDSHAKE_VERBOSE, "BIO write %s %d bytes", desc, i);
2094 ret = 1;
2095 }
2096 }
2097 return ret;
2098}
2099
2100/*
2101 * Inline functions for reading from and writing
2102 * to BIOs.
2103 */
2104
2105static void
2106bio_write_post(const int status, struct buffer *buf)
2107{
2108 if (status == 1) /* success status return from bio_write? */
2109 {
2110 memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
2111 buf->len = 0;
2112 }
2113}
2114
2115/*
2116 * Read from an OpenSSL BIO in non-blocking mode.
2117 */
2118static int
2119bio_read(BIO *bio, struct buffer *buf, const char *desc)
2120{
2121 ASSERT(buf->len >= 0);
2122 if (buf->len)
2123 {
2124 /* we only want to write empty buffers, ignore read request
2125 * if the buffer is not empty */
2126 return 0;
2127 }
2128 int len = buf_forward_capacity(buf);
2129
2130 /*
2131 * BIO_read brackets most of the serious RSA
2132 * key negotiation number crunching.
2133 */
2134 int i = BIO_read(bio, BPTR(buf), len);
2135
2136 VALGRIND_MAKE_READABLE((void *) &i, sizeof(i));
2137
2138#ifdef BIO_DEBUG
2139 bio_debug_data("read", bio, BPTR(buf), i, desc);
2140#endif
2141
2142 int ret = 0;
2143 if (i < 0)
2144 {
2145 if (!BIO_should_retry(bio))
2146 {
2147 crypto_msg(D_TLS_ERRORS, "TLS_ERROR: BIO read %s error", desc);
2148 buf->len = 0;
2149 ret = -1;
2150 ERR_clear_error();
2151 }
2152 }
2153 else if (!i)
2154 {
2155 buf->len = 0;
2156 }
2157 else
2158 { /* successful read */
2159 dmsg(D_HANDSHAKE_VERBOSE, "BIO read %s %d bytes", desc, i);
2160 buf->len = i;
2161 ret = 1;
2162 VALGRIND_MAKE_READABLE((void *) BPTR(buf), BLEN(buf));
2163 }
2164 return ret;
2165}
2166
2167void
2168key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
2169{
2170 ASSERT(NULL != ssl_ctx);
2171 ASSERT(ks_ssl);
2172 CLEAR(*ks_ssl);
2173
2174 ks_ssl->ssl = SSL_new(ssl_ctx->ctx);
2175 if (!ks_ssl->ssl)
2176 {
2177 crypto_msg(M_FATAL, "SSL_new failed");
2178 }
2179
2180 /* put session * in ssl object so we can access it
2181 * from verify callback*/
2182 SSL_set_ex_data(ks_ssl->ssl, mydata_index, session);
2183
2184 ASSERT((ks_ssl->ssl_bio = BIO_new(BIO_f_ssl())));
2185 ASSERT((ks_ssl->ct_in = BIO_new(BIO_s_mem())));
2186 ASSERT((ks_ssl->ct_out = BIO_new(BIO_s_mem())));
2187
2188#ifdef BIO_DEBUG
2189 bio_debug_oc("open ssl_bio", ks_ssl->ssl_bio);
2190 bio_debug_oc("open ct_in", ks_ssl->ct_in);
2191 bio_debug_oc("open ct_out", ks_ssl->ct_out);
2192#endif
2193
2194 if (is_server)
2195 {
2196 SSL_set_accept_state(ks_ssl->ssl);
2197 }
2198 else
2199 {
2200 SSL_set_connect_state(ks_ssl->ssl);
2201 }
2202
2203 SSL_set_bio(ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
2204 BIO_set_ssl(ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
2205}
2206
2207void
2208key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
2209{
2210 SSL_set_shutdown(ks_ssl->ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2211}
2212
2213void
2214key_state_ssl_free(struct key_state_ssl *ks_ssl)
2215{
2216 if (ks_ssl->ssl)
2217 {
2218#ifdef BIO_DEBUG
2219 bio_debug_oc("close ssl_bio", ks_ssl->ssl_bio);
2220 bio_debug_oc("close ct_in", ks_ssl->ct_in);
2221 bio_debug_oc("close ct_out", ks_ssl->ct_out);
2222#endif
2223 BIO_free_all(ks_ssl->ssl_bio);
2224 SSL_free(ks_ssl->ssl);
2225 }
2226}
2227
2228int
2229key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2230{
2231 int ret = 0;
2232 perf_push(PERF_BIO_WRITE_PLAINTEXT);
2233
2234 ASSERT(NULL != ks_ssl);
2235
2236 ret = bio_write(ks_ssl->ssl_bio, BPTR(buf), BLEN(buf),
2237 "tls_write_plaintext");
2238 bio_write_post(ret, buf);
2239
2240 perf_pop();
2241 return ret;
2242}
2243
2244int
2245key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
2246{
2247 int ret = 0;
2248 perf_push(PERF_BIO_WRITE_PLAINTEXT);
2249
2250 ASSERT(NULL != ks_ssl);
2251
2252 ret = bio_write(ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
2253
2254 perf_pop();
2255 return ret;
2256}
2257
2258int
2259key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2260{
2261 int ret = 0;
2262 perf_push(PERF_BIO_READ_CIPHERTEXT);
2263
2264 ASSERT(NULL != ks_ssl);
2265
2266 ret = bio_read(ks_ssl->ct_out, buf, "tls_read_ciphertext");
2267
2268 perf_pop();
2269 return ret;
2270}
2271
2272int
2273key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2274{
2275 int ret = 0;
2276 perf_push(PERF_BIO_WRITE_CIPHERTEXT);
2277
2278 ASSERT(NULL != ks_ssl);
2279
2280 ret = bio_write(ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
2281 bio_write_post(ret, buf);
2282
2283 perf_pop();
2284 return ret;
2285}
2286
2287int
2288key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2289{
2290 int ret = 0;
2291 perf_push(PERF_BIO_READ_PLAINTEXT);
2292
2293 ASSERT(NULL != ks_ssl);
2294
2295 ret = bio_read(ks_ssl->ssl_bio, buf, "tls_read_plaintext");
2296
2297 perf_pop();
2298 return ret;
2299}
2300
2301static void
2302print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
2303{
2304 const char *curve = "";
2305 const char *type = "(error getting type)";
2306
2307 if (pkey == NULL)
2308 {
2309 buf[0] = 0;
2310 return;
2311 }
2312
2313 int typeid = EVP_PKEY_id(pkey);
2314#if OPENSSL_VERSION_NUMBER < 0x30000000L
2315 bool is_ec = typeid == EVP_PKEY_EC;
2316#else
2317 bool is_ec = EVP_PKEY_is_a(pkey, "EC");
2318#endif
2319
2320#ifndef OPENSSL_NO_EC
2321 char groupname[64];
2322 if (is_ec)
2323 {
2324 size_t len;
2325 if (EVP_PKEY_get_group_name(pkey, groupname, sizeof(groupname), &len))
2326 {
2327 curve = groupname;
2328 }
2329 else
2330 {
2331 curve = "(error getting curve name)";
2332 }
2333 }
2334#endif
2335 if (typeid != 0)
2336 {
2337#if OPENSSL_VERSION_NUMBER < 0x30000000L
2338 type = OBJ_nid2sn(typeid);
2339
2340 /* OpenSSL reports rsaEncryption, dsaEncryption and
2341 * id-ecPublicKey, map these values to nicer ones */
2342 if (typeid == EVP_PKEY_RSA)
2343 {
2344 type = "RSA";
2345 }
2346 else if (typeid == EVP_PKEY_DSA)
2347 {
2348 type = "DSA";
2349 }
2350 else if (typeid == EVP_PKEY_EC)
2351 {
2352 /* EC gets the curve appended after the type */
2353 type = "EC, curve ";
2354 }
2355 else if (type == NULL)
2356 {
2357 type = "unknown type";
2358 }
2359#else /* OpenSSL >= 3 */
2360 type = EVP_PKEY_get0_type_name(pkey);
2361 if (type == NULL)
2362 {
2363 type = "(error getting public key type)";
2364 }
2365#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
2366 }
2367
2368 snprintf(buf, buflen, "%d bits %s%s",
2369 EVP_PKEY_bits(pkey), type, curve);
2370}
2371
2378static void
2379print_cert_details(X509 *cert, char *buf, size_t buflen)
2380{
2381 EVP_PKEY *pkey = X509_get_pubkey(cert);
2382 char pkeybuf[64] = { 0 };
2383 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2384
2385 char sig[128] = { 0 };
2386 int signature_nid = X509_get_signature_nid(cert);
2387 if (signature_nid != 0)
2388 {
2389 snprintf(sig, sizeof(sig), ", signature: %s",
2390 OBJ_nid2sn(signature_nid));
2391 }
2392
2393 snprintf(buf, buflen, ", peer certificate: %s%s",
2394 pkeybuf, sig);
2395
2396 EVP_PKEY_free(pkey);
2397}
2398
2399static void
2400print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
2401{
2402 EVP_PKEY *pkey = NULL;
2403 SSL_get_peer_tmp_key(ssl, &pkey);
2404 if (!pkey)
2405 {
2406 return;
2407 }
2408
2409 char pkeybuf[128] = { 0 };
2410 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2411
2412 snprintf(buf, buflen, ", peer temporary key: %s",
2413 pkeybuf);
2414
2415 EVP_PKEY_free(pkey);
2416}
2417
2418#if !defined(LIBRESSL_VERSION_NUMBER) \
2419 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2425static const char *
2426get_sigtype(int nid)
2427{
2428 /* Fix a few OpenSSL names to be better understandable */
2429 switch (nid)
2430 {
2431 case EVP_PKEY_RSA:
2432 /* will otherwise say rsaEncryption */
2433 return "RSA";
2434
2435 case EVP_PKEY_DSA:
2436 /* dsaEncryption otherwise */
2437 return "DSA";
2438
2439 case EVP_PKEY_EC:
2440 /* will say id-ecPublicKey */
2441 return "ECDSA";
2442
2443 case -1:
2444 return "(error getting name)";
2445
2446 default:
2447 return OBJ_nid2sn(nid);
2448 }
2449}
2450#endif /* ifndef LIBRESSL_VERSION_NUMBER */
2451
2456static void
2457print_peer_signature(SSL *ssl, char *buf, size_t buflen)
2458{
2459 int peer_sig_type_nid = NID_undef;
2460 const char *peer_sig_unknown = "unknown";
2461 const char *peer_sig = peer_sig_unknown;
2462 const char *peer_sig_type = "unknown type";
2463
2464 const char *signame = NULL;
2465 SSL_get0_peer_signature_name(ssl, &signame);
2466 if (signame)
2467 {
2468 peer_sig = signame;
2469 }
2470
2471#if !defined(LIBRESSL_VERSION_NUMBER) \
2472 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2473 /* LibreSSL 3.7.x and 3.8.x implement this function but do not export it
2474 * and fail linking with an unresolved symbol */
2475 if (SSL_get_peer_signature_type_nid(ssl, &peer_sig_type_nid)
2476 && peer_sig_type_nid != NID_undef)
2477 {
2478 peer_sig_type = get_sigtype(peer_sig_type_nid);
2479 }
2480#endif
2481
2482 if (peer_sig == peer_sig_unknown && peer_sig_type_nid == NID_undef)
2483 {
2484 return;
2485 }
2486
2487 snprintf(buf, buflen, ", peer signing digest/type: %s %s",
2488 peer_sig, peer_sig_type);
2489}
2490
2491#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2492void
2493print_tls_key_agreement_group(SSL *ssl, char *buf, size_t buflen)
2494{
2495 const char *groupname = SSL_get0_group_name(ssl);
2496 if (!groupname)
2497 {
2498 snprintf(buf, buflen, ", key agreement: (error fetching group)");
2499 }
2500 else
2501 {
2502 snprintf(buf, buflen, ", key agreement: %s", groupname);
2503 }
2504}
2505#endif
2506
2507/* **************************************
2508 *
2509 * Information functions
2510 *
2511 * Print information for the end user.
2512 *
2513 ***************************************/
2514void
2515print_details(struct key_state_ssl *ks_ssl, const char *prefix)
2516{
2517 const SSL_CIPHER *ciph;
2518 char s1[256];
2519 char s2[256];
2520 char s3[256];
2521 char s4[256];
2522 char s5[256];
2523
2524 s1[0] = s2[0] = s3[0] = s4[0] = s5[0] = 0;
2525 ciph = SSL_get_current_cipher(ks_ssl->ssl);
2526 snprintf(s1, sizeof(s1), "%s %s, cipher %s %s",
2527 prefix,
2528 SSL_get_version(ks_ssl->ssl),
2529 SSL_CIPHER_get_version(ciph),
2530 SSL_CIPHER_get_name(ciph));
2531 X509 *cert = SSL_get_peer_certificate(ks_ssl->ssl);
2532
2533 if (cert)
2534 {
2535 print_cert_details(cert, s2, sizeof(s2));
2536 X509_free(cert);
2537 }
2538 print_server_tempkey(ks_ssl->ssl, s3, sizeof(s3));
2539 print_peer_signature(ks_ssl->ssl, s4, sizeof(s4));
2540#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2541 print_tls_key_agreement_group(ks_ssl->ssl, s5, sizeof(s5));
2542#endif
2543
2544 msg(D_HANDSHAKE, "%s%s%s%s%s", s1, s2, s3, s4, s5);
2545}
2546
2547void
2548show_available_tls_ciphers_list(const char *cipher_list,
2549 const char *tls_cert_profile,
2550 bool tls13)
2551{
2552 struct tls_root_ctx tls_ctx;
2553
2554 tls_ctx.ctx = SSL_CTX_new(SSLv23_method());
2555 if (!tls_ctx.ctx)
2556 {
2557 crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
2558 }
2559
2560#if defined(TLS1_3_VERSION)
2561 if (tls13)
2562 {
2563 SSL_CTX_set_min_proto_version(tls_ctx.ctx,
2564 openssl_tls_version(TLS_VER_1_3));
2565 tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list);
2566 }
2567 else
2568#endif
2569 {
2570 SSL_CTX_set_max_proto_version(tls_ctx.ctx, TLS1_2_VERSION);
2571 tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
2572 }
2573
2574 tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
2575
2576 SSL *ssl = SSL_new(tls_ctx.ctx);
2577 if (!ssl)
2578 {
2579 crypto_msg(M_FATAL, "Cannot create SSL object");
2580 }
2581
2582#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC)
2583 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
2584#else
2585 STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
2586#endif
2587 for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++)
2588 {
2589 const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
2590
2591 const char *cipher_name = SSL_CIPHER_get_name(c);
2592
2593 const tls_cipher_name_pair *pair =
2594 tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
2595
2596 if (tls13)
2597 {
2598 printf("%s\n", cipher_name);
2599 }
2600 else if (NULL == pair)
2601 {
2602 /* No translation found, print warning */
2603 printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n",
2604 cipher_name);
2605 }
2606 else
2607 {
2608 printf("%s\n", pair->iana_name);
2609 }
2610 }
2611#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
2612 sk_SSL_CIPHER_free(sk);
2613#endif
2614 SSL_free(ssl);
2615 SSL_CTX_free(tls_ctx.ctx);
2616}
2617
2618/*
2619 * Show the Elliptic curves that are available for us to use
2620 * in the OpenSSL library.
2621 */
2622void
2623show_available_curves(void)
2624{
2625 printf("Consider using 'openssl ecparam -list_curves' as alternative to running\n"
2626 "this command.\n"
2627 "Note this output does only list curves/groups that OpenSSL considers as\n"
2628 "builtin EC curves. It does not list additional curves nor X448 or X25519\n");
2629#ifndef OPENSSL_NO_EC
2630 EC_builtin_curve *curves = NULL;
2631 size_t crv_len = 0;
2632 size_t n = 0;
2633
2634 crv_len = EC_get_builtin_curves(NULL, 0);
2635 ALLOC_ARRAY(curves, EC_builtin_curve, crv_len);
2636 if (EC_get_builtin_curves(curves, crv_len))
2637 {
2638 printf("\nAvailable Elliptic curves/groups:\n");
2639 for (n = 0; n < crv_len; n++)
2640 {
2641 const char *sname;
2642 sname = OBJ_nid2sn(curves[n].nid);
2643 if (sname == NULL)
2644 {
2645 sname = "";
2646 }
2647
2648 printf("%s\n", sname);
2649 }
2650 }
2651 else
2652 {
2653 crypto_msg(M_FATAL, "Cannot get list of builtin curves");
2654 }
2655 free(curves);
2656#else /* ifndef OPENSSL_NO_EC */
2657 msg(M_WARN, "Your OpenSSL library was built without elliptic curve support. "
2658 "No curves available.");
2659#endif /* ifndef OPENSSL_NO_EC */
2660}
2661
2662const char *
2663get_ssl_library_version(void)
2664{
2665 return OpenSSL_version(OPENSSL_VERSION);
2666}
2667
2668
2670#ifdef HAVE_XKEY_PROVIDER
2671static int
2672provider_load(OSSL_PROVIDER *prov, void *dest_libctx)
2673{
2674 const char *name = OSSL_PROVIDER_get0_name(prov);
2675 OSSL_PROVIDER_load(dest_libctx, name);
2676 return 1;
2677}
2678
2679static int
2680provider_unload(OSSL_PROVIDER *prov, void *unused)
2681{
2682 (void) unused;
2683 OSSL_PROVIDER_unload(prov);
2684 return 1;
2685}
2686#endif /* HAVE_XKEY_PROVIDER */
2687
2695void
2696load_xkey_provider(void)
2697{
2698#ifdef HAVE_XKEY_PROVIDER
2699
2700 /* Make a new library context for use in TLS context */
2701 if (!tls_libctx)
2702 {
2703 tls_libctx = OSSL_LIB_CTX_new();
2704 check_malloc_return(tls_libctx);
2705
2706 /* Load all providers in default LIBCTX into this libctx.
2707 * OpenSSL has a child libctx functionality to automate this,
2708 * but currently that is usable only from within providers.
2709 * So we do something close to it manually here.
2710 */
2711 OSSL_PROVIDER_do_all(NULL, provider_load, tls_libctx);
2712 }
2713
2714 if (!OSSL_PROVIDER_available(tls_libctx, "ovpn.xkey"))
2715 {
2716 OSSL_PROVIDER_add_builtin(tls_libctx, "ovpn.xkey", xkey_provider_init);
2717 if (!OSSL_PROVIDER_load(tls_libctx, "ovpn.xkey"))
2718 {
2719 msg(M_NONFATAL, "ERROR: failed loading external key provider: "
2720 "Signing with external keys will not work.");
2721 }
2722 }
2723
2724 /* We only implement minimal functionality in ovpn.xkey, so we do not want
2725 * methods in xkey to be picked unless absolutely required (i.e, when the key
2726 * is external). Ensure this by setting a default propquery for the custom
2727 * libctx that unprefers, but does not forbid, ovpn.xkey. See also man page
2728 * of "property" in OpenSSL 3.0.
2729 */
2730 EVP_set_default_properties(tls_libctx, "?provider!=ovpn.xkey");
2731
2732#endif /* HAVE_XKEY_PROVIDER */
2733}
2734
2738static void
2739unload_xkey_provider(void)
2740{
2741#ifdef HAVE_XKEY_PROVIDER
2742 if (tls_libctx)
2743 {
2744 OSSL_PROVIDER_do_all(tls_libctx, provider_unload, NULL);
2745 OSSL_LIB_CTX_free(tls_libctx);
2746 }
2747#endif /* HAVE_XKEY_PROVIDER */
2748 tls_libctx = NULL;
2749}
2750
2751#endif /* defined(ENABLE_CRYPTO_OPENSSL) */
gc_malloc
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition buffer.c:336
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:649
format_hex
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
Definition buffer.h:505
BPTR
#define BPTR(buf)
Definition buffer.h:124
ALLOC_ARRAY_CLEAR_GC
#define ALLOC_ARRAY_CLEAR_GC(dptr, type, n, gc)
Definition buffer.h:1082
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition buffer.h:541
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:414
BLEN
#define BLEN(buf)
Definition buffer.h:127
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1103
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1033
ALLOC_ARRAY
#define ALLOC_ARRAY(dptr, type, n)
Definition buffer.h:1066
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1025
ptr_type
unsigned long ptr_type
Definition common.h:58
ptr_format
#define ptr_format
Definition common.h:49
strsep
char * strsep(char **stringp, const char *delim)
Definition compat-strsep.c:36
print_key_filename
const char * print_key_filename(const char *str, bool is_inline)
To be used when printing a string that may contain inline data.
Definition crypto.c:1310
crypto_print_openssl_errors
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
Definition crypto_openssl.c:236
crypto_msg
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
Definition crypto_openssl.h:116
SSL_CTX_use_CryptoAPI_certificate
int SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
Definition cryptoapi.c:59
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition errlevel.h:77
D_TLS_DEBUG_MED
#define D_TLS_DEBUG_MED
Definition errlevel.h:157
D_HANDSHAKE_VERBOSE
#define D_HANDSHAKE_VERBOSE
Definition errlevel.h:156
D_HANDSHAKE
#define D_HANDSHAKE
Definition errlevel.h:72
D_TLS_ERRORS
#define D_TLS_ERRORS
Definition errlevel.h:59
D_LOW
#define D_LOW
Definition errlevel.h:97
M_INFO
#define M_INFO
Definition errlevel.h:55
D_TLS_DEBUG
#define D_TLS_DEBUG
Definition errlevel.h:165
KS_PRIMARY
#define KS_PRIMARY
Primary key state index.
Definition ssl_common.h:459
key_state_read_plaintext
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract plaintext data from the TLS module.
Definition ssl_openssl.c:2288
key_state_write_ciphertext
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition ssl_openssl.c:2273
key_state_read_ciphertext
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract ciphertext data from the TLS module.
Definition ssl_openssl.c:2259
key_state_write_plaintext_const
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition ssl_openssl.c:2245
key_state_write_plaintext
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition ssl_openssl.c:2229
verify_callback
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer's certificate allows setting up a VPN tunnel.
constrain_int
static int constrain_int(int x, int min, int max)
Definition integer.h:115
status
static SERVICE_STATUS status
Definition interactive.c:53
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3092
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3763
VALGRIND_MAKE_READABLE
#define VALGRIND_MAKE_READABLE(addr, len)
Definition memdbg.h:53
purge_user_pass
void purge_user_pass(struct user_pass *up, const bool force)
Definition misc.c:485
GET_USER_PASS_MANAGEMENT
#define GET_USER_PASS_MANAGEMENT
Definition misc.h:109
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:111
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:152
openssl_compat.h
OpenSSL compatibility stub.
OSSL_PROVIDER
void OSSL_PROVIDER
Definition openssl_compat.h:131
SSL_get0_peer_signature_name
static int SSL_get0_peer_signature_name(SSL *ssl, const char **sigalg)
Definition openssl_compat.h:178
OSSL_LIB_CTX
void OSSL_LIB_CTX
Definition openssl_compat.h:130
EVP_PKEY_get_group_name
static int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, size_t *gname_len)
Definition openssl_compat.h:91
SSL_CTX_set1_groups
#define SSL_CTX_set1_groups
Definition openssl_compat.h:51
SSL_CTX_new_ex
#define SSL_CTX_new_ex(libctx, propq, method)
Reduce SSL_CTX_new_ex() to SSL_CTX_new() for OpenSSL < 3.
Definition openssl_compat.h:126
CLEAR
#define CLEAR(x)
Definition basic.h:33
M_FATAL
#define M_FATAL
Definition error.h:89
M_NONFATAL
#define M_NONFATAL
Definition error.h:90
dmsg
#define dmsg(flags,...)
Definition error.h:148
msg
#define msg(flags,...)
Definition error.h:144
ASSERT
#define ASSERT(x)
Definition error.h:195
M_DEBUG
#define M_DEBUG
Definition error.h:92
M_WARN
#define M_WARN
Definition error.h:91
streq
#define streq(x, y)
Definition options.h:726
perf_push
static void perf_push(int type)
Definition perf.h:78
PERF_BIO_READ_PLAINTEXT
#define PERF_BIO_READ_PLAINTEXT
Definition perf.h:38
PERF_BIO_WRITE_CIPHERTEXT
#define PERF_BIO_WRITE_CIPHERTEXT
Definition perf.h:41
perf_pop
static void perf_pop(void)
Definition perf.h:82
PERF_BIO_READ_CIPHERTEXT
#define PERF_BIO_READ_CIPHERTEXT
Definition perf.h:40
PERF_BIO_WRITE_PLAINTEXT
#define PERF_BIO_WRITE_PLAINTEXT
Definition perf.h:39
platform_fopen
FILE * platform_fopen(const char *path, const char *mode)
Definition platform.c:501
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition base64.c:158
openvpn_base64_encode
int openvpn_base64_encode(const void *data, int size, char **str)
Definition base64.c:52
pem_password_callback
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user's password.
Definition ssl.c:261
ssl_backend.h
Control Channel SSL library backend module.
TLS_VER_1_0
#define TLS_VER_1_0
Definition ssl_backend.h:106
TLS_VER_1_2
#define TLS_VER_1_2
Definition ssl_backend.h:108
TLS_VER_1_3
#define TLS_VER_1_3
Definition ssl_backend.h:109
TLS_VER_1_1
#define TLS_VER_1_1
Definition ssl_backend.h:107
ssl_common.h
Control Channel Common Data Structures.
SSLF_TLS_VERSION_MAX_SHIFT
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition ssl_common.h:426
UP_TYPE_PRIVATE_KEY
#define UP_TYPE_PRIVATE_KEY
Definition ssl_common.h:43
SSLF_CLIENT_CERT_OPTIONAL
#define SSLF_CLIENT_CERT_OPTIONAL
Definition ssl_common.h:419
SSLF_CLIENT_CERT_NOT_REQUIRED
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition ssl_common.h:418
SSLF_TLS_VERSION_MAX_MASK
#define SSLF_TLS_VERSION_MAX_MASK
Definition ssl_common.h:427
SSLF_TLS_VERSION_MIN_SHIFT
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition ssl_common.h:424
SSLF_TLS_VERSION_MIN_MASK
#define SSLF_TLS_VERSION_MIN_MASK
Definition ssl_common.h:425
tls_ctx_set_tls_groups
void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
Set the (elliptic curve) group allowed for signatures and key exchange.
Definition ssl_openssl.c:560
tls_ctx_free
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition ssl_openssl.c:140
bio_read
static int bio_read(BIO *bio, struct buffer *buf, const char *desc)
Definition ssl_openssl.c:2119
get_ssl_library_version
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition ssl_openssl.c:2663
openvpn_extkey_ec_finish
static void openvpn_extkey_ec_finish(EC_KEY *ec)
Definition ssl_openssl.c:1594
tls_ctx_set_tls_versions
static bool tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Definition ssl_openssl.c:280
bio_write
static int bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
Definition ssl_openssl.c:2057
openvpn_extkey_rsa_finish
static int openvpn_extkey_rsa_finish(RSA *rsa)
Definition ssl_openssl.c:1439
tls_ctx_use_external_ec_key
static int tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1658
openssl_tls_version
static int openssl_tls_version(int ver)
Convert internal version number to openssl version number.
Definition ssl_openssl.c:243
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition ssl_openssl.c:156
load_xkey_provider
void load_xkey_provider(void)
Some helper routines for provider load/unload.
Definition ssl_openssl.c:2696
print_pkey_details
static void print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
Definition ssl_openssl.c:2302
print_server_tempkey
static void print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
Definition ssl_openssl.c:2400
rsa_pub_enc
static int rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1415
tls_ctx_add_extra_certs
static void tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
Definition ssl_openssl.c:1051
show_available_tls_ciphers_list
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
Show the TLS ciphers that are available for us to use in the library depending on the TLS version.
Definition ssl_openssl.c:2548
load_pkey_from_uri
static void * load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
Load private key from OSSL_STORE URI or file uri : URI of object or filename ssl_ctx : SSL_CTX for UI...
Definition ssl_openssl.c:837
tls_ctx_server_new
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition ssl_openssl.c:104
show_available_curves
void show_available_curves(void)
Show the available elliptic curves in the crypto library.
Definition ssl_openssl.c:2623
key_state_ssl_free
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition ssl_openssl.c:2214
ecdsa_sign
static int ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
Definition ssl_openssl.c:1606
tls_ctx_load_priv_file
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
Definition ssl_openssl.c:1273
key_state_ssl_shutdown
void key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
Sets a TLS session to be shutdown state, so the TLS library will generate a shutdown alert.
Definition ssl_openssl.c:2208
tls_ctx_load_extra_certs
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, bool extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1949
print_peer_signature
static void print_peer_signature(SSL *ssl, char *buf, size_t buflen)
Get the type of the signature that is used by the peer during the TLS handshake.
Definition ssl_openssl.c:2457
tls_libctx
OSSL_LIB_CTX * tls_libctx
Definition ssl_openssl.c:79
get_sigtype
static const char * get_sigtype(int nid)
Translate an OpenSSL NID into a more human readable name.
Definition ssl_openssl.c:2426
mydata_index
int mydata_index
Allocate space in SSL objects in which to store a struct tls_session pointer back to parent.
Definition ssl_openssl.c:89
print_cert_details
static void print_cert_details(X509 *cert, char *buf, size_t buflen)
Print human readable information about the certificate into buf.
Definition ssl_openssl.c:2379
ecdsa_sign_setup
static int ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
Definition ssl_openssl.c:1627
tls_ctx_check_cert_time
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition ssl_openssl.c:620
tls_ctx_restrict_ciphers_tls13
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher.
Definition ssl_openssl.c:492
cert_uri_supported
static bool cert_uri_supported(void)
Definition ssl_openssl.c:1085
rsa_priv_dec
static int rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1431
INFO_CALLBACK_SSL_CONST
#define INFO_CALLBACK_SSL_CONST
Definition ssl_openssl.c:180
rsa_pub_dec
static int rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1423
bio_write_post
static void bio_write_post(const int status, struct buffer *buf)
Definition ssl_openssl.c:2106
tls_ctx_load_pkcs12
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context.
Definition ssl_openssl.c:908
tls_ctx_initialised
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition ssl_openssl.c:149
key_state_ssl_init
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition ssl_openssl.c:2168
tls_free_lib
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition ssl_openssl.c:99
unload_xkey_provider
static void unload_xkey_provider(void)
Undo steps in load_xkey_provider.
Definition ssl_openssl.c:2739
get_rsa_padding_name
const char * get_rsa_padding_name(const int padding)
Definition ssl_openssl.c:1454
tls_ctx_load_ecdh_params
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:717
get_sig_from_man
static int get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig, unsigned int siglen, const char *algorithm)
Pass the input hash in 'dgst' to management and get the signature back.
Definition ssl_openssl.c:1481
tls_ctx_load_cert_uri
static void tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
Definition ssl_openssl.c:1095
rsa_priv_enc
static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1508
convert_tls_list_to_openssl
static void convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:358
tls_ctx_load_cert_pem_file
static void tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Definition ssl_openssl.c:1197
tls_init_lib
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition ssl_openssl.c:92
print_details
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Print a one line summary of SSL/TLS session handshake.
Definition ssl_openssl.c:2515
info_callback
static void info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
Definition ssl_openssl.c:183
tls_version_max
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation.
Definition ssl_openssl.c:207
backend_tls_ctx_reload_crl
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition ssl_openssl.c:1328
tls_ctx_restrict_ciphers
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below.
Definition ssl_openssl.c:430
tls_ctx_load_ca
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1800
tls_ctx_set_cert_profile
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition ssl_openssl.c:521
tls_ctx_use_management_external_key
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
Definition ssl_openssl.c:1720
tls_ctx_use_external_rsa_key
static int tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1526
ecdsa_sign_sig
static ECDSA_SIG * ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *ec)
Definition ssl_openssl.c:1637
tls_ctx_load_cryptoapi
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition ssl_openssl.c:1038
convert_tls13_list_to_openssl
static void convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:465
tls_ctx_set_options
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition ssl_openssl.c:310
tls_ctx_load_dh_params
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:656
tls_ctx_client_new
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition ssl_openssl.c:122
sk_x509_name_cmp
static int sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
Definition ssl_openssl.c:1794
tls_ctx_load_cert_file
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Load certificate file into the given TLS context.
Definition ssl_openssl.c:1259
get_num_elements
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number e...
Definition ssl_util.c:284
tls_get_cipher_name_pair
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition ssl_util.c:265
ssl_util.h
SSL utility functions.
ssl_verify_openssl.h
Control Channel Verification Module OpenSSL backend.
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:61
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:66
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:117
key_state_ssl
Definition ssl_mbedtls.h:128
key_state_ssl::ct_in
BIO * ct_in
Definition ssl_openssl.h:49
key_state_ssl::ssl
SSL * ssl
Definition ssl_openssl.h:47
key_state_ssl::ssl_bio
BIO * ssl_bio
Definition ssl_openssl.h:48
key_state_ssl::ct_out
BIO * ct_out
Definition ssl_openssl.h:50
signame
Definition sig.c:47
tls_cipher_name_pair
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name.
Definition ssl_util.h:77
tls_cipher_name_pair::iana_name
const char * iana_name
Definition ssl_util.h:77
tls_cipher_name_pair::openssl_name
const char * openssl_name
Definition ssl_util.h:77
tls_root_ctx
Structure that wraps the TLS context.
Definition ssl_mbedtls.h:107
tls_root_ctx::ctx
SSL_CTX * ctx
Definition ssl_openssl.h:41
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:483
user_pass
Definition misc.h:57
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:73
cleanup
static int cleanup(void **state)
Definition test_pkcs11.c:290
gc
struct gc_arena gc
Definition test_ssl.c:155
xkey_common.h
Generated by doxygen 1.9.8