OpenVPN
ssl_openssl.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 * Copyright (C) 2010-2021 Sentyron B.V. <openvpn@sentyron.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <https://www.gnu.org/licenses/>.
22 */
23
29#ifdef HAVE_CONFIG_H
30#include "config.h"
31#endif
32
33#include "syshead.h"
34
35#if defined(ENABLE_CRYPTO_OPENSSL)
36
37#include "errlevel.h"
38#include "buffer.h"
39#include "misc.h"
40#include "manage.h"
41#include "memdbg.h"
42#include "ssl_backend.h"
43#include "ssl_common.h"
44#include "base64.h"
45#include "openssl_compat.h"
46#include "xkey_common.h"
47
48#ifdef ENABLE_CRYPTOAPI
49#include "cryptoapi.h"
50#endif
51
52#include "ssl_verify_openssl.h"
53#include "ssl_util.h"
54
55#include <openssl/bn.h>
56#include <openssl/crypto.h>
57#include <openssl/dh.h>
58#include <openssl/dsa.h>
59#include <openssl/err.h>
60#include <openssl/pkcs12.h>
61#include <openssl/rsa.h>
62#include <openssl/x509.h>
63#include <openssl/ssl.h>
64#ifndef OPENSSL_NO_EC
65#include <openssl/ec.h>
66#endif
67
68#if OPENSSL_VERSION_NUMBER >= 0x30000000L
69#define HAVE_OPENSSL_STORE_API
70#include <openssl/ui.h>
71#include <openssl/store.h>
72#endif
73
74#if defined(_MSC_VER) && !defined(_M_ARM64)
75#include <openssl/applink.c>
76#endif
77
78OSSL_LIB_CTX *tls_libctx; /* Global */
79
80static void unload_xkey_provider(void);
81
82/*
83 * Allocate space in SSL objects in which to store a struct tls_session
84 * pointer back to parent.
85 *
86 */
87
88int mydata_index; /* GLOBAL */
89
90void
91tls_init_lib(void)
92{
93 mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
94 ASSERT(mydata_index >= 0);
95}
96
97void
98tls_free_lib(void)
99{
100}
101
102void
103tls_ctx_server_new(struct tls_root_ctx *ctx)
104{
105 ASSERT(NULL != ctx);
106
107 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_server_method());
108
109 if (ctx->ctx == NULL)
110 {
111 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
112 }
113 if (ERR_peek_error() != 0)
114 {
115 crypto_msg(M_WARN, "Warning: TLS server context initialisation "
116 "has warnings.");
117 }
118}
119
120void
121tls_ctx_client_new(struct tls_root_ctx *ctx)
122{
123 ASSERT(NULL != ctx);
124
125 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_client_method());
126
127 if (ctx->ctx == NULL)
128 {
129 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
130 }
131 if (ERR_peek_error() != 0)
132 {
133 crypto_msg(M_WARN, "Warning: TLS client context initialisation "
134 "has warnings.");
135 }
136}
137
138void
139tls_ctx_free(struct tls_root_ctx *ctx)
140{
141 ASSERT(NULL != ctx);
142 SSL_CTX_free(ctx->ctx);
143 ctx->ctx = NULL;
144 unload_xkey_provider(); /* in case it is loaded */
145}
146
147bool
148tls_ctx_initialised(struct tls_root_ctx *ctx)
149{
150 ASSERT(NULL != ctx);
151 return NULL != ctx->ctx;
152}
153
154bool
155key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size,
156 void *ekm, size_t ekm_size)
157
158{
159 SSL *ssl = session->key[KS_PRIMARY].ks_ssl.ssl;
160
161 if (SSL_export_keying_material(ssl, ekm, ekm_size, label, label_size, NULL, 0, 0) == 1)
162 {
163 return true;
164 }
165 else
166 {
167 secure_memzero(ekm, ekm_size);
168 return false;
169 }
170}
171
172/*
173 * Print debugging information on SSL/TLS session negotiation.
174 */
175
176#ifndef INFO_CALLBACK_SSL_CONST
177#define INFO_CALLBACK_SSL_CONST const
178#endif
179static void
180info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
181{
182 if (where & SSL_CB_LOOP)
183 {
184 dmsg(D_HANDSHAKE_VERBOSE, "SSL state (%s): %s",
185 where & SSL_ST_CONNECT ? "connect"
186 : where & SSL_ST_ACCEPT ? "accept"
187 : "undefined",
188 SSL_state_string_long(s));
189 }
190 else if (where & SSL_CB_ALERT)
191 {
192 dmsg(D_TLS_DEBUG_LOW, "%s %s SSL alert: %s", where & SSL_CB_READ ? "Received" : "Sent",
193 SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
194 }
195}
196
197/*
198 * Return maximum TLS version supported by local OpenSSL library.
199 * Assume that presence of SSL_OP_NO_TLSvX macro indicates that
200 * TLSvX is supported.
201 */
202int
203tls_version_max(void)
204{
205#if defined(TLS1_3_VERSION)
206 /* If this is defined we can safely assume TLS 1.3 support */
207 return TLS_VER_1_3;
208#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
209 /*
210 * If TLS_VER_1_3 is not defined, we were compiled against a version that
211 * did not support TLS 1.3.
212 *
213 * However, the library we are *linked* against might be OpenSSL 1.1.1
214 * and therefore supports TLS 1.3. This needs to be checked at runtime
215 * since we can be compiled against 1.1.0 and then the library can be
216 * upgraded to 1.1.1.
217 * We only need to check this for OpenSSL versions that can be
218 * upgraded to 1.1.1 without recompile (>= 1.1.0)
219 */
220 if (OpenSSL_version_num() >= 0x1010100fL)
221 {
222 return TLS_VER_1_3;
223 }
224 else
225 {
226 return TLS_VER_1_2;
227 }
228#elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2)
229 return TLS_VER_1_2;
230#elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1)
231 return TLS_VER_1_1;
232#else /* if defined(TLS1_3_VERSION) */
233 return TLS_VER_1_0;
234#endif
235}
236
238static int
239openssl_tls_version(int ver)
240{
241 if (ver == TLS_VER_1_0)
242 {
243 return TLS1_VERSION;
244 }
245 else if (ver == TLS_VER_1_1)
246 {
247 return TLS1_1_VERSION;
248 }
249 else if (ver == TLS_VER_1_2)
250 {
251 return TLS1_2_VERSION;
252 }
253 else if (ver == TLS_VER_1_3)
254 {
255 /*
256 * Supporting the library upgraded to TLS1.3 without recompile
257 * is enough to support here with a simple constant that the same
258 * as in the TLS 1.3, so spec it is very unlikely that OpenSSL
259 * will change this constant
260 */
261#ifndef TLS1_3_VERSION
262 /*
263 * We do not want to define TLS_VER_1_3 if not defined
264 * since other parts of the code use the existance of this macro
265 * as proxy for TLS 1.3 support
266 */
267 return 0x0304;
268#else
269 return TLS1_3_VERSION;
270#endif
271 }
272 return 0;
273}
274
275#if defined(__GNUC__) || defined(__clang__)
276#pragma GCC diagnostic push
277#pragma GCC diagnostic ignored "-Wconversion"
278#endif
279
280static bool
281tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
282{
283 int tls_ver_min =
284 openssl_tls_version((ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) & SSLF_TLS_VERSION_MIN_MASK);
285 int tls_ver_max =
286 openssl_tls_version((ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK);
287
288 if (!tls_ver_min)
289 {
290 /* Enforce at least TLS 1.0 */
291 int cur_min = SSL_CTX_get_min_proto_version(ctx->ctx);
292 tls_ver_min = cur_min < TLS1_VERSION ? TLS1_VERSION : cur_min;
293 }
294
295 if (!SSL_CTX_set_min_proto_version(ctx->ctx, tls_ver_min))
296 {
297 msg(D_TLS_ERRORS, "%s: failed to set minimum TLS version", __func__);
298 return false;
299 }
300
301 if (tls_ver_max && !SSL_CTX_set_max_proto_version(ctx->ctx, tls_ver_max))
302 {
303 msg(D_TLS_ERRORS, "%s: failed to set maximum TLS version", __func__);
304 return false;
305 }
306
307 return true;
308}
309
310bool
311tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
312{
313 ASSERT(NULL != ctx);
314
315 /* process SSL options */
316 uint64_t sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET;
317#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
318 sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE;
319#endif
320 sslopt |= SSL_OP_NO_COMPRESSION;
321 /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL
322 * session and does not depend on this feature. And TLS renegotiations have
323 * been problematic in the past */
324#ifdef SSL_OP_NO_RENEGOTIATION
325 sslopt |= SSL_OP_NO_RENEGOTIATION;
326#endif
327
328 SSL_CTX_set_options(ctx->ctx, sslopt);
329
330 if (!tls_ctx_set_tls_versions(ctx, ssl_flags))
331 {
332 return false;
333 }
334
335#ifdef SSL_MODE_RELEASE_BUFFERS
336 SSL_CTX_set_mode(ctx->ctx, SSL_MODE_RELEASE_BUFFERS);
337#endif
338 SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_OFF);
339 SSL_CTX_set_default_passwd_cb(ctx->ctx, pem_password_callback);
340
341 /* Require peer certificate verification */
342 int verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
343 if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
344 {
345 verify_flags = 0;
346 }
347 else if (ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
348 {
349 verify_flags = SSL_VERIFY_PEER;
350 }
351 SSL_CTX_set_verify(ctx->ctx, verify_flags, verify_callback);
352
353 SSL_CTX_set_info_callback(ctx->ctx, info_callback);
354
355 return true;
356}
357
358static void
359convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
360{
361 /* Parse supplied cipher list and pass on to OpenSSL */
362 size_t begin_of_cipher, end_of_cipher;
363
364 const char *current_cipher;
365 size_t current_cipher_len;
366
367 const tls_cipher_name_pair *cipher_pair;
368
369 size_t openssl_ciphers_len = 0;
370 openssl_ciphers[0] = '\0';
371
372 /* Translate IANA cipher suite names to OpenSSL names */
373 begin_of_cipher = end_of_cipher = 0;
374 for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
375 {
376 end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
377 cipher_pair =
378 tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
379
380 if (NULL == cipher_pair)
381 {
382 /* No translation found, use original */
383 current_cipher = &ciphers[begin_of_cipher];
384 current_cipher_len = end_of_cipher - begin_of_cipher;
385
386 /* Issue warning on missing translation */
387 /* %.*s format specifier expects length of type int, so guarantee */
388 /* that length is small enough and cast to int. */
389 msg(D_LOW, "No valid translation found for TLS cipher '%.*s'",
390 constrain_int(current_cipher_len, 0, 256), current_cipher);
391 }
392 else
393 {
394 /* Use OpenSSL name */
395 current_cipher = cipher_pair->openssl_name;
396 current_cipher_len = strlen(current_cipher);
397
398 if (end_of_cipher - begin_of_cipher == current_cipher_len
399 && 0
400 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name,
401 end_of_cipher - begin_of_cipher))
402 {
403 /* Non-IANA name used, show warning */
404 msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'",
405 cipher_pair->openssl_name, cipher_pair->iana_name);
406 }
407 }
408
409 /* Make sure new cipher name fits in cipher string */
410 if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
411 || (len - 1) < (openssl_ciphers_len + current_cipher_len))
412 {
413 msg(M_FATAL, "Failed to set restricted TLS cipher list, too long (>%d).",
414 (int)(len - 1));
415 }
416
417 /* Concatenate cipher name to OpenSSL cipher string */
418 memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
419 openssl_ciphers_len += current_cipher_len;
420 openssl_ciphers[openssl_ciphers_len] = ':';
421 openssl_ciphers_len++;
422
423 end_of_cipher++;
424 }
425
426 if (openssl_ciphers_len > 0)
427 {
428 openssl_ciphers[openssl_ciphers_len - 1] = '\0';
429 }
430}
431
432#if defined(__GNUC__) || defined(__clang__)
433#pragma GCC diagnostic pop
434#endif
435
436void
437tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
438{
439 if (ciphers == NULL)
440 {
441 /* Use sane default TLS cipher list */
442 if (!SSL_CTX_set_cipher_list(
443 ctx->ctx,
444 /* Use openssl's default list as a basis */
445 "DEFAULT"
446 /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */
447 ":!EXP:!LOW:!MEDIUM"
448 /* Disable static (EC)DH keys (no forward secrecy) */
449 ":!kDH:!kECDH"
450 /* Disable DSA private keys */
451 ":!DSS"
452 /* Disable unsupported TLS modes */
453 ":!PSK:!SRP:!kRSA"))
454 {
455 crypto_msg(M_FATAL, "Failed to set default TLS cipher list.");
456 }
457 return;
458 }
459
460 char openssl_ciphers[4096];
461 convert_tls_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
462
463 ASSERT(NULL != ctx);
464
465 /* Set OpenSSL cipher list */
466 if (!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers))
467 {
468 crypto_msg(M_FATAL, "Failed to set restricted TLS cipher list: %s", openssl_ciphers);
469 }
470}
471
472static void
473convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
474{
475 /*
476 * OpenSSL (and official IANA) cipher names have _ in them. We
477 * historically used names with - in them. Silently convert names
478 * with - to names with _ to support both
479 */
480 if (strlen(ciphers) >= (len - 1))
481 {
482 msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list, too long (>%d).",
483 (int)(len - 1));
484 }
485
486 strncpy(openssl_ciphers, ciphers, len);
487
488 for (size_t i = 0; i < strlen(openssl_ciphers); i++)
489 {
490 if (openssl_ciphers[i] == '-')
491 {
492 openssl_ciphers[i] = '_';
493 }
494 }
495}
496
497void
498tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
499{
500 if (ciphers == NULL)
501 {
502 /* default cipher list of OpenSSL 1.1.1 is sane, do not set own
503 * default as we do with tls-cipher */
504 return;
505 }
506
507#if !defined(TLS1_3_VERSION)
508 crypto_msg(M_WARN,
509 "Not compiled with OpenSSL 1.1.1 or higher. "
510 "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
511 ciphers);
512#else
513 ASSERT(NULL != ctx);
514
515 char openssl_ciphers[4096];
516 convert_tls13_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
517
518 if (!SSL_CTX_set_ciphersuites(ctx->ctx, openssl_ciphers))
519 {
520 crypto_msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list: %s", openssl_ciphers);
521 }
522#endif
523}
524
525void
526tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
527{
528#if OPENSSL_VERSION_NUMBER > 0x10100000L \
529 && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3060000fL)
530 /* OpenSSL does not have certificate profiles, but a complex set of
531 * callbacks that we could try to implement to achieve something similar.
532 * For now, use OpenSSL's security levels to achieve similar (but not equal)
533 * behaviour. */
534 if (!profile || 0 == strcmp(profile, "legacy"))
535 {
536 SSL_CTX_set_security_level(ctx->ctx, 1);
537 }
538 else if (0 == strcmp(profile, "insecure"))
539 {
540 SSL_CTX_set_security_level(ctx->ctx, 0);
541 }
542 else if (0 == strcmp(profile, "preferred"))
543 {
544 SSL_CTX_set_security_level(ctx->ctx, 2);
545 }
546 else if (0 == strcmp(profile, "suiteb"))
547 {
548 SSL_CTX_set_security_level(ctx->ctx, 3);
549 SSL_CTX_set_cipher_list(ctx->ctx, "SUITEB128");
550 }
551 else
552 {
553 msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
554 }
555#else /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
556 if (profile)
557 {
558 msg(M_WARN,
559 "WARNING: OpenSSL 1.1.0 and LibreSSL do not support "
560 "--tls-cert-profile, ignoring user-set profile: '%s'",
561 profile);
562 }
563#endif /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
564}
565
566void
567tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
568{
569 ASSERT(ctx);
570#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(ENABLE_CRYPTO_WOLFSSL)
571 struct gc_arena gc = gc_new();
572 /* This method could be as easy as
573 * SSL_CTX_set1_groups_list(ctx->ctx, groups)
574 * but OpenSSL (< 3.0) does not like the name secp256r1 for prime256v1
575 * This is one of the important curves.
576 * To support the same name for OpenSSL and mbedTLS, we do
577 * this dance.
578 * Also note that the code is wrong in the presence of OpenSSL3 providers.
579 */
580
581 int groups_count = get_num_elements(groups, ':');
582
583 int *glist;
584 /* Allocate an array for them */
585 ALLOC_ARRAY_CLEAR_GC(glist, int, groups_count, &gc);
586
587 /* Parse allowed ciphers, getting IDs */
588 int glistlen = 0;
589 char *tmp_groups = string_alloc(groups, &gc);
590
591 const char *token;
592 while ((token = strsep(&tmp_groups, ":")))
593 {
594 if (streq(token, "secp256r1"))
595 {
596 token = "prime256v1";
597 }
598 int nid = OBJ_sn2nid(token);
599
600 if (nid == 0)
601 {
602 msg(M_WARN, "Warning unknown curve/group specified: %s", token);
603 }
604 else
605 {
606 glist[glistlen] = nid;
607 glistlen++;
608 }
609 }
610
611 if (!SSL_CTX_set1_groups(ctx->ctx, glist, glistlen))
612 {
613 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s", groups);
614 }
615 gc_free(&gc);
616#else /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
617 if (!SSL_CTX_set1_groups_list(ctx->ctx, groups))
618 {
619 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s", groups);
620 }
621#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
622}
623
624void
625tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
626{
627 int ret;
628 const X509 *cert;
629
630 ASSERT(ctx);
631
632 cert = SSL_CTX_get0_certificate(ctx->ctx);
633
634 if (cert == NULL)
635 {
636 return; /* Nothing to check if there is no certificate */
637 }
638
639 ret = X509_cmp_time(X509_get0_notBefore(cert), NULL);
640 if (ret == 0)
641 {
642 msg(D_TLS_DEBUG_MED, "Failed to read certificate notBefore field.");
643 }
644 if (ret > 0)
645 {
646 msg(M_WARN, "WARNING: Your certificate is not yet valid!");
647 }
648
649 ret = X509_cmp_time(X509_get0_notAfter(cert), NULL);
650 if (ret == 0)
651 {
652 msg(D_TLS_DEBUG_MED, "Failed to read certificate notAfter field.");
653 }
654 if (ret < 0)
655 {
656 msg(M_WARN, "WARNING: Your certificate has expired!");
657 }
658}
659
660void
661tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
662{
663 BIO *bio;
664
665 ASSERT(NULL != ctx);
666
667 if (dh_file_inline)
668 {
669 if (!(bio = BIO_new_mem_buf((char *)dh_file, -1)))
670 {
671 crypto_msg(M_FATAL, "Cannot open memory BIO for inline DH parameters");
672 }
673 }
674 else
675 {
676 /* Get Diffie Hellman Parameters */
677 if (!(bio = BIO_new_file(dh_file, "r")))
678 {
679 crypto_msg(M_FATAL, "Cannot open %s for DH parameters", dh_file);
680 }
681 }
682
683#if OPENSSL_VERSION_NUMBER >= 0x30000000L
684 EVP_PKEY *dh = PEM_read_bio_Parameters(bio, NULL);
685 BIO_free(bio);
686
687 if (!dh)
688 {
689 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
690 print_key_filename(dh_file, dh_file_inline));
691 }
692 if (!SSL_CTX_set0_tmp_dh_pkey(ctx->ctx, dh))
693 {
694 crypto_msg(M_FATAL, "SSL_CTX_set0_tmp_dh_pkey");
695 }
696
697 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", 8 * EVP_PKEY_get_size(dh));
698#else /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
699 DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
700 BIO_free(bio);
701
702 if (!dh)
703 {
704 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
705 print_key_filename(dh_file, dh_file_inline));
706 }
707 if (!SSL_CTX_set_tmp_dh(ctx->ctx, dh))
708 {
709 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_dh");
710 }
711
712 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", 8 * DH_size(dh));
713
714 DH_free(dh);
715#endif /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
716}
717
718void
719tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
720{
721#if OPENSSL_VERSION_NUMBER >= 0x30000000L
722 if (curve_name != NULL)
723 {
724 msg(M_WARN, "WARNING: OpenSSL 3.0+ builds do not support specifying an "
725 "ECDH curve with --ecdh-curve, using default curves. Use "
726 "--tls-groups to specify groups.");
727 }
728#elif !defined(OPENSSL_NO_EC)
729 int nid = NID_undef;
730 EC_KEY *ecdh = NULL;
731 const char *sname = NULL;
732
733 /* Generate a new ECDH key for each SSL session (for non-ephemeral ECDH) */
734 SSL_CTX_set_options(ctx->ctx, SSL_OP_SINGLE_ECDH_USE);
735
736 if (curve_name != NULL)
737 {
738 /* Use user supplied curve if given */
739 msg(D_TLS_DEBUG, "Using user specified ECDH curve (%s)", curve_name);
740 nid = OBJ_sn2nid(curve_name);
741 }
742 else
743 {
744 return;
745 }
746
747 /* Translate NID back to name , just for kicks */
748 sname = OBJ_nid2sn(nid);
749 if (sname == NULL)
750 {
751 sname = "(Unknown)";
752 }
753
754 /* Create new EC key and set as ECDH key */
755 if (NID_undef == nid || NULL == (ecdh = EC_KEY_new_by_curve_name(nid)))
756 {
757 /* Creating key failed, fall back on sane default */
758 ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
759 const char *source =
760 (NULL == curve_name) ? "extract curve from certificate" : "use supplied curve";
761 msg(D_TLS_DEBUG_LOW, "Failed to %s (%s), using secp384r1 instead.", source, sname);
762 sname = OBJ_nid2sn(NID_secp384r1);
763 }
764
765 if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
766 {
767 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_ecdh: cannot add curve");
768 }
769
770 msg(D_TLS_DEBUG_LOW, "ECDH curve %s added", sname);
771
772 EC_KEY_free(ecdh);
773#else /* ifndef OPENSSL_NO_EC */
774 msg(D_LOW, "Your OpenSSL library was built without elliptic curve support."
775 " Skipping ECDH parameter loading.");
776#endif /* OPENSSL_NO_EC */
777}
778
779#if defined(HAVE_OPENSSL_STORE_API)
785static int
786ui_reader(UI *ui, UI_STRING *uis)
787{
788 SSL_CTX *ctx = UI_get0_user_data(ui);
789
790 if (UI_get_string_type(uis) == UIT_PROMPT)
791 {
792 const char *prompt = UI_get0_output_string(uis);
793
794 /* If pkcs#11 Use custom prompt similar to pkcs11-helper */
795 if (strstr(prompt, "PKCS#11"))
796 {
797 struct user_pass up;
798 CLEAR(up);
799 get_user_pass(&up, NULL, "PKCS#11 token",
800 GET_USER_PASS_MANAGEMENT | GET_USER_PASS_PASSWORD_ONLY);
801 UI_set_result(ui, uis, up.password);
802 purge_user_pass(&up, true);
803 }
804 else /* use our generic 'Private Key' passphrase callback */
805 {
806 char password[64];
807 pem_password_cb *cb = SSL_CTX_get_default_passwd_cb(ctx);
808 void *d = SSL_CTX_get_default_passwd_cb_userdata(ctx);
809
810 cb(password, sizeof(password), 0, d);
811 UI_set_result(ui, uis, password);
812 secure_memzero(password, sizeof(password));
813 }
814
815 return 1;
816 }
817 return 0;
818}
819
820static void
821clear_ossl_store_error(OSSL_STORE_CTX *store_ctx)
822{
823 if (OSSL_STORE_error(store_ctx))
824 {
825 ERR_clear_error();
826 }
827}
828#endif /* defined(HAVE_OPENSSL_STORE_API) */
829
838static void *
839load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
840{
841 EVP_PKEY *pkey = NULL;
842
843#if !defined(HAVE_OPENSSL_STORE_API)
844
845 /* Treat the uri as file name */
846 BIO *in = BIO_new_file(uri, "r");
847 if (!in)
848 {
849 return NULL;
850 }
851 pkey = PEM_read_bio_PrivateKey(in, NULL, SSL_CTX_get_default_passwd_cb(ssl_ctx),
852 SSL_CTX_get_default_passwd_cb_userdata(ssl_ctx));
853 BIO_free(in);
854
855#else /* defined(HAVE_OPENSSL_STORE_API) */
856
857 OSSL_STORE_CTX *store_ctx = NULL;
858 OSSL_STORE_INFO *info = NULL;
859
860 UI_METHOD *ui_method = UI_create_method("openvpn");
861 if (!ui_method)
862 {
863 msg(M_WARN, "OpenSSL UI creation failed");
864 return NULL;
865 }
866 UI_method_set_reader(ui_method, ui_reader);
867
868 store_ctx = OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, ssl_ctx, NULL, NULL, NULL);
869 if (!store_ctx)
870 {
871 goto end;
872 }
873 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_PKEY) != 1)
874 {
875 goto end;
876 }
877 while (1)
878 {
879 info = OSSL_STORE_load(store_ctx);
880 if (info || OSSL_STORE_eof(store_ctx))
881 {
882 break;
883 }
884 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
885 * ref: man OPENSSL_STORE_open
886 * Clear error and recurse through the file if info = NULL and eof not reached
887 */
888 clear_ossl_store_error(store_ctx);
889 }
890 if (!info)
891 {
892 goto end;
893 }
894 pkey = OSSL_STORE_INFO_get1_PKEY(info);
895 OSSL_STORE_INFO_free(info);
896 msg(D_TLS_DEBUG_MED, "Found pkey in store using URI: %s", uri);
897
898end:
899 OSSL_STORE_close(store_ctx);
900 UI_destroy_method(ui_method);
901
902#endif /* defined(HAVE_OPENSSL_STORE_API) */
903
904 return pkey;
905}
906
907int
908tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline,
909 bool load_ca_file)
910{
911 FILE *fp;
912 EVP_PKEY *pkey;
913 X509 *cert;
914 STACK_OF(X509) *ca = NULL;
915 PKCS12 *p12;
916 int i;
917 char password[256];
918
919 ASSERT(NULL != ctx);
920
921 if (pkcs12_file_inline)
922 {
923 BIO *b64 = BIO_new(BIO_f_base64());
924 BIO *bio = BIO_new_mem_buf((void *)pkcs12_file, (int)strlen(pkcs12_file));
925 ASSERT(b64 && bio);
926 BIO_push(b64, bio);
927 p12 = d2i_PKCS12_bio(b64, NULL);
928 if (!p12)
929 {
930 crypto_msg(M_FATAL, "Error reading inline PKCS#12 file");
931 }
932 BIO_free(b64);
933 BIO_free(bio);
934 }
935 else
936 {
937 /* Load the PKCS #12 file */
938 if (!(fp = platform_fopen(pkcs12_file, "rb")))
939 {
940 crypto_msg(M_FATAL, "Error opening file %s", pkcs12_file);
941 }
942 p12 = d2i_PKCS12_fp(fp, NULL);
943 fclose(fp);
944 if (!p12)
945 {
946 crypto_msg(M_FATAL, "Error reading PKCS#12 file %s", pkcs12_file);
947 }
948 }
949
950 /* Parse the PKCS #12 file */
951 if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
952 {
953 pem_password_callback(password, sizeof(password) - 1, 0, NULL);
954 /* Reparse the PKCS #12 file with password */
955 ca = NULL;
956 if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
957 {
958 crypto_msg(M_WARN, "Decoding PKCS12 failed. Probably wrong password "
959 "or unsupported/legacy encryption");
960#ifdef ENABLE_MANAGEMENT
961 if (management && (ERR_GET_REASON(ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
962 {
963 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
964 }
965#endif
966 PKCS12_free(p12);
967 return 1;
968 }
969 }
970 PKCS12_free(p12);
971
972 /* Load Certificate */
973 if (!SSL_CTX_use_certificate(ctx->ctx, cert))
974 {
975 crypto_print_openssl_errors(M_WARN);
976 crypto_msg(M_FATAL, "Cannot use certificate");
977 }
978
979 /* Load Private Key */
980 if (!SSL_CTX_use_PrivateKey(ctx->ctx, pkey))
981 {
982 crypto_msg(M_FATAL, "Cannot use private key");
983 }
984
985 /* Check Private Key */
986 if (!SSL_CTX_check_private_key(ctx->ctx))
987 {
988 crypto_msg(M_FATAL, "Private key does not match the certificate");
989 }
990
991 /* Set Certificate Verification chain */
992 if (load_ca_file)
993 {
994 /* Add CAs from PKCS12 to the cert store and mark them as trusted.
995 * They're also used to fill in the chain of intermediate certs as
996 * necessary.
997 */
998 if (ca && sk_X509_num(ca))
999 {
1000 for (i = 0; i < sk_X509_num(ca); i++)
1001 {
1002 X509_STORE *cert_store = SSL_CTX_get_cert_store(ctx->ctx);
1003 if (!X509_STORE_add_cert(cert_store, sk_X509_value(ca, i)))
1004 {
1005 crypto_msg(M_FATAL,
1006 "Cannot add certificate to certificate chain (X509_STORE_add_cert)");
1007 }
1008 if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))
1009 {
1010 crypto_msg(M_FATAL,
1011 "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
1012 }
1013 }
1014 }
1015 }
1016 else
1017 {
1018 /* If trusted CA certs were loaded from a PEM file, and we ignore the
1019 * ones in PKCS12, do load PKCS12-provided certs to the client extra
1020 * certs chain just in case they include intermediate CAs needed to
1021 * prove my identity to the other end. This does not make them trusted.
1022 */
1023 if (ca && sk_X509_num(ca))
1024 {
1025 for (i = 0; i < sk_X509_num(ca); i++)
1026 {
1027 if (!SSL_CTX_add_extra_chain_cert(ctx->ctx, sk_X509_value(ca, i)))
1028 {
1029 crypto_msg(
1030 M_FATAL,
1031 "Cannot add extra certificate to chain (SSL_CTX_add_extra_chain_cert)");
1032 }
1033 }
1034 }
1035 }
1036 return 0;
1037}
1038
1039#ifdef ENABLE_CRYPTOAPI
1040void
1041tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
1042{
1043 ASSERT(NULL != ctx);
1044
1045 /* Load Certificate and Private Key */
1046 if (!SSL_CTX_use_CryptoAPI_certificate(ctx->ctx, cryptoapi_cert))
1047 {
1048 crypto_msg(M_FATAL, "Cannot load certificate \"%s\" from Microsoft Certificate Store",
1049 cryptoapi_cert);
1050 }
1051}
1052#endif /* ENABLE_CRYPTOAPI */
1053
1054static void
1055tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
1056{
1057 X509 *cert;
1058 while (true)
1059 {
1060 cert = NULL;
1061 if (!PEM_read_bio_X509(bio, &cert, NULL, NULL))
1062 {
1063 /* a PEM_R_NO_START_LINE "Error" indicates that no certificate
1064 * is found in the buffer. If loading more certificates is
1065 * optional, break without raising an error
1066 */
1067 if (optional && ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
1068 {
1069 /* remove that error from error stack */
1070 (void)ERR_get_error();
1071 break;
1072 }
1073
1074 /* Otherwise, bail out with error */
1075 crypto_msg(M_FATAL, "Error reading extra certificate");
1076 }
1077 /* takes ownership of cert like a set1 method */
1078 if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
1079 {
1080 crypto_msg(M_FATAL, "Error adding extra certificate");
1081 }
1082 /* We loaded at least one certificate, so loading more is optional */
1083 optional = true;
1084 }
1085}
1086
1087static bool
1088cert_uri_supported(void)
1089{
1090#if defined(HAVE_OPENSSL_STORE_API)
1091 return 1;
1092#else
1093 return 0;
1094#endif
1095}
1096
1097static void
1098tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
1099{
1100#if defined(HAVE_OPENSSL_STORE_API)
1101 X509 *x = NULL;
1102 int ret = 0;
1103 OSSL_STORE_CTX *store_ctx = NULL;
1104 OSSL_STORE_INFO *info = NULL;
1105
1106 ASSERT(NULL != tls_ctx);
1107
1108 UI_METHOD *ui_method = UI_create_method("openvpn");
1109 if (!ui_method)
1110 {
1111 msg(M_WARN, "OpenSSL UI method creation failed");
1112 goto end;
1113 }
1114 UI_method_set_reader(ui_method, ui_reader);
1115
1116 store_ctx =
1117 OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, tls_ctx->ctx, NULL, NULL, NULL);
1118 if (!store_ctx)
1119 {
1120 goto end;
1121 }
1122 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_CERT) != 1)
1123 {
1124 goto end;
1125 }
1126
1127 while (1)
1128 {
1129 info = OSSL_STORE_load(store_ctx);
1130 if (info || OSSL_STORE_eof(store_ctx))
1131 {
1132 break;
1133 }
1134 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
1135 * ref: man OPENSSL_STORE_open
1136 * Clear error and recurse through the file if info = NULL and eof not reached.
1137 */
1138 clear_ossl_store_error(store_ctx);
1139 }
1140 if (!info)
1141 {
1142 goto end;
1143 }
1144
1145 x = OSSL_STORE_INFO_get0_CERT(info);
1146 if (x == NULL)
1147 {
1148 goto end;
1149 }
1150 msg(D_TLS_DEBUG_MED, "Found cert in store using URI: %s", uri);
1151
1152 ret = SSL_CTX_use_certificate(tls_ctx->ctx, x);
1153 if (!ret)
1154 {
1155 goto end;
1156 }
1157 OSSL_STORE_INFO_free(info);
1158 info = NULL;
1159
1160 /* iterate through the store and add extra certificates if any to the chain */
1161 while (!OSSL_STORE_eof(store_ctx))
1162 {
1163 info = OSSL_STORE_load(store_ctx);
1164 if (!info)
1165 {
1166 clear_ossl_store_error(store_ctx);
1167 continue;
1168 }
1169 x = OSSL_STORE_INFO_get1_CERT(info);
1170 if (x && SSL_CTX_add_extra_chain_cert(tls_ctx->ctx, x) != 1)
1171 {
1172 X509_free(x);
1173 crypto_msg(M_FATAL, "Error adding extra certificate");
1174 break;
1175 }
1176 OSSL_STORE_INFO_free(info);
1177 info = NULL;
1178 }
1179
1180end:
1181 if (!ret)
1182 {
1183 crypto_print_openssl_errors(M_WARN);
1184 crypto_msg(M_FATAL, "Cannot load certificate from URI <%s>", uri);
1185 }
1186 else
1187 {
1188 crypto_print_openssl_errors(M_DEBUG);
1189 }
1190
1191 UI_destroy_method(ui_method);
1192 OSSL_STORE_INFO_free(info);
1193 OSSL_STORE_close(store_ctx);
1194#else /* defined(HAVE_OPENSSL_STORE_API */
1195 ASSERT(0);
1196#endif /* defined(HAVE_OPENSSL_STORE_API */
1197}
1198
1199static void
1200tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
1201{
1202 BIO *in = NULL;
1203 X509 *x = NULL;
1204 int ret = 0;
1205
1206 ASSERT(NULL != ctx);
1207
1208 if (cert_file_inline)
1209 {
1210 in = BIO_new_mem_buf((char *)cert_file, -1);
1211 }
1212 else
1213 {
1214 in = BIO_new_file((char *)cert_file, "r");
1215 }
1216
1217 if (in == NULL)
1218 {
1219 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
1220 goto end;
1221 }
1222
1223 x = PEM_read_bio_X509(in, NULL, SSL_CTX_get_default_passwd_cb(ctx->ctx),
1224 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1225 if (x == NULL)
1226 {
1227 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
1228 goto end;
1229 }
1230
1231 ret = SSL_CTX_use_certificate(ctx->ctx, x);
1232 if (ret)
1233 {
1234 tls_ctx_add_extra_certs(ctx, in, true);
1235 }
1236
1237end:
1238 if (!ret)
1239 {
1240 crypto_print_openssl_errors(M_WARN);
1241 if (cert_file_inline)
1242 {
1243 crypto_msg(M_FATAL, "Cannot load inline certificate file");
1244 }
1245 else
1246 {
1247 crypto_msg(M_FATAL, "Cannot load certificate file %s", cert_file);
1248 }
1249 }
1250 else
1251 {
1252 crypto_print_openssl_errors(M_DEBUG);
1253 }
1254
1255 BIO_free(in);
1256 X509_free(x);
1257}
1258
1259void
1260tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
1261{
1262 if (cert_uri_supported() && !cert_file_inline)
1263 {
1264 tls_ctx_load_cert_uri(ctx, cert_file);
1265 }
1266 else
1267 {
1268 tls_ctx_load_cert_pem_file(ctx, cert_file, cert_file_inline);
1269 }
1270}
1271
1272int
1273tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
1274 bool priv_key_file_inline)
1275{
1276 SSL_CTX *ssl_ctx = NULL;
1277 BIO *in = NULL;
1278 EVP_PKEY *pkey = NULL;
1279 int ret = 1;
1280
1281 ASSERT(NULL != ctx);
1282
1283 ssl_ctx = ctx->ctx;
1284
1285 if (priv_key_file_inline)
1286 {
1287 in = BIO_new_mem_buf((char *)priv_key_file, -1);
1288 if (in == NULL)
1289 {
1290 goto end;
1291 }
1292 pkey = PEM_read_bio_PrivateKey(in, NULL, SSL_CTX_get_default_passwd_cb(ctx->ctx),
1293 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1294 }
1295 else
1296 {
1297 pkey = load_pkey_from_uri(priv_key_file, ssl_ctx);
1298 }
1299
1300 if (!pkey || !SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1301 {
1302#ifdef ENABLE_MANAGEMENT
1303 if (management && (ERR_GET_REASON(ERR_peek_error()) == EVP_R_BAD_DECRYPT))
1304 {
1305 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
1306 }
1307#endif
1308 crypto_msg(M_WARN, "Cannot load private key file %s",
1309 print_key_filename(priv_key_file, priv_key_file_inline));
1310 goto end;
1311 }
1312
1313 /* Check Private Key */
1314 if (!SSL_CTX_check_private_key(ssl_ctx))
1315 {
1316 crypto_msg(M_FATAL, "Private key does not match the certificate");
1317 }
1318 ret = 0;
1319
1320end:
1321 EVP_PKEY_free(pkey);
1322 BIO_free(in);
1323 return ret;
1324}
1325
1326void
1327backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
1328{
1329 BIO *in = NULL;
1330
1331 X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx->ctx);
1332 if (!store)
1333 {
1334 crypto_msg(M_FATAL, "Cannot get certificate store");
1335 }
1336
1337 /* Always start with a cleared CRL list, for that we
1338 * we need to manually find the CRL object from the stack
1339 * and remove it */
1340 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
1341 for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
1342 {
1343 X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
1344 ASSERT(obj);
1345 if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
1346 {
1347 sk_X509_OBJECT_delete(objs, i);
1348 X509_OBJECT_free(obj);
1349 }
1350 }
1351
1352 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1353
1354 if (crl_inline)
1355 {
1356 in = BIO_new_mem_buf((char *)crl_file, -1);
1357 }
1358 else
1359 {
1360 in = BIO_new_file(crl_file, "r");
1361 }
1362
1363 if (in == NULL)
1364 {
1365 msg(M_WARN, "CRL: cannot read: %s", print_key_filename(crl_file, crl_inline));
1366 goto end;
1367 }
1368
1369 int num_crls_loaded = 0;
1370 while (true)
1371 {
1372 X509_CRL *crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
1373 if (crl == NULL)
1374 {
1375 /*
1376 * PEM_R_NO_START_LINE can be considered equivalent to EOF.
1377 */
1378 bool eof = ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE;
1379 /* but warn if no CRLs have been loaded */
1380 if (num_crls_loaded > 0 && eof)
1381 {
1382 /* remove that error from error stack */
1383 (void)ERR_get_error();
1384 break;
1385 }
1386
1387 crypto_msg(M_WARN, "CRL: cannot read CRL from file %s",
1388 print_key_filename(crl_file, crl_inline));
1389 break;
1390 }
1391
1392 if (!X509_STORE_add_crl(store, crl))
1393 {
1394 X509_CRL_free(crl);
1395 crypto_msg(M_WARN, "CRL: cannot add %s to store",
1396 print_key_filename(crl_file, crl_inline));
1397 break;
1398 }
1399 X509_CRL_free(crl);
1400 num_crls_loaded++;
1401 }
1402 msg(M_INFO, "CRL: loaded %d CRLs from file %s", num_crls_loaded, crl_file);
1403end:
1404 BIO_free(in);
1405}
1406
1407
1408#if defined(ENABLE_MANAGEMENT) && !defined(HAVE_XKEY_PROVIDER)
1409
1410/* encrypt */
1411static int
1412rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1413{
1414 ASSERT(0);
1415 return -1;
1416}
1417
1418/* verify arbitrary data */
1419static int
1420rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1421{
1422 ASSERT(0);
1423 return -1;
1424}
1425
1426/* decrypt */
1427static int
1428rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1429{
1430 ASSERT(0);
1431 return -1;
1432}
1433
1434/* called at RSA_free */
1435static int
1436openvpn_extkey_rsa_finish(RSA *rsa)
1437{
1438 /* meth was allocated in tls_ctx_use_management_external_key() ; since
1439 * this function is called when the parent RSA object is destroyed,
1440 * it is no longer used after this point so kill it. */
1441 const RSA_METHOD *meth = RSA_get_method(rsa);
1442 RSA_meth_free((RSA_METHOD *)meth);
1443 return 1;
1444}
1445
1446/*
1447 * Convert OpenSSL's constant to the strings used in the management
1448 * interface query
1449 */
1450const char *
1451get_rsa_padding_name(const int padding)
1452{
1453 switch (padding)
1454 {
1455 case RSA_PKCS1_PADDING:
1456 return "RSA_PKCS1_PADDING";
1457
1458 case RSA_NO_PADDING:
1459 return "RSA_NO_PADDING";
1460
1461 default:
1462 return "UNKNOWN";
1463 }
1464}
1465
1477static int
1478get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig,
1479 unsigned int siglen, const char *algorithm)
1480{
1481 char *in_b64 = NULL;
1482 char *out_b64 = NULL;
1483 int len = -1;
1484
1485 int bencret = openvpn_base64_encode(dgst, dgstlen, &in_b64);
1486
1487 if (management && bencret > 0)
1488 {
1489 out_b64 = management_query_pk_sig(management, in_b64, algorithm);
1490 }
1491 if (out_b64)
1492 {
1493 len = openvpn_base64_decode(out_b64, sig, siglen);
1494 }
1495
1496 free(in_b64);
1497 free(out_b64);
1498 return len;
1499}
1500
1501/* sign arbitrary data */
1502static int
1503rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1504{
1505 unsigned int len = RSA_size(rsa);
1506 int ret = -1;
1507
1508 if (padding != RSA_PKCS1_PADDING && padding != RSA_NO_PADDING)
1509 {
1510 RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
1511 return -1;
1512 }
1513
1514 ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name(padding));
1515
1516 return (ret == len) ? ret : -1;
1517}
1518
1519static int
1520tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1521{
1522 RSA *rsa = NULL;
1523 RSA_METHOD *rsa_meth;
1524
1525 ASSERT(NULL != ctx);
1526
1527 const RSA *pub_rsa = EVP_PKEY_get0_RSA(pkey);
1528 ASSERT(NULL != pub_rsa);
1529
1530 /* allocate custom RSA method object */
1531 rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method", RSA_METHOD_FLAG_NO_CHECK);
1532 check_malloc_return(rsa_meth);
1533 RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc);
1534 RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec);
1535 RSA_meth_set_priv_enc(rsa_meth, rsa_priv_enc);
1536 RSA_meth_set_priv_dec(rsa_meth, rsa_priv_dec);
1537 RSA_meth_set_init(rsa_meth, NULL);
1538 RSA_meth_set_finish(rsa_meth, openvpn_extkey_rsa_finish);
1539 RSA_meth_set0_app_data(rsa_meth, NULL);
1540
1541 /* allocate RSA object */
1542 rsa = RSA_new();
1543 if (rsa == NULL)
1544 {
1545 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
1546 goto err;
1547 }
1548
1549 /* initialize RSA object */
1550 const BIGNUM *n = NULL;
1551 const BIGNUM *e = NULL;
1552 RSA_get0_key(pub_rsa, &n, &e, NULL);
1553 RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL);
1554 RSA_set_flags(rsa, RSA_flags(rsa) | RSA_FLAG_EXT_PKEY);
1555 if (!RSA_set_method(rsa, rsa_meth))
1556 {
1557 RSA_meth_free(rsa_meth);
1558 goto err;
1559 }
1560 /* from this point rsa_meth will get freed with rsa */
1561
1562 /* bind our custom RSA object to ssl_ctx */
1563 if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
1564 {
1565 goto err;
1566 }
1567
1568 RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
1569 return 1;
1570
1571err:
1572 if (rsa)
1573 {
1574 RSA_free(rsa);
1575 }
1576 else if (rsa_meth)
1577 {
1578 RSA_meth_free(rsa_meth);
1579 }
1580 return 0;
1581}
1582
1583#if !defined(OPENSSL_NO_EC)
1584
1585/* called when EC_KEY is destroyed */
1586static void
1587openvpn_extkey_ec_finish(EC_KEY *ec)
1588{
1589 /* release the method structure */
1590 const EC_KEY_METHOD *ec_meth = EC_KEY_get_method(ec);
1591 EC_KEY_METHOD_free((EC_KEY_METHOD *)ec_meth);
1592}
1593
1594/* EC_KEY_METHOD callback: sign().
1595 * Sign the hash using EC key and return DER encoded signature in sig,
1596 * its length in siglen. Return value is 1 on success, 0 on error.
1597 */
1598static int
1599ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig,
1600 unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
1601{
1602 int capacity = ECDSA_size(ec);
1603 /*
1604 * ECDSA does not seem to have proper constants for paddings since
1605 * there are only signatures without padding at the moment, use
1606 * a generic ECDSA for the moment
1607 */
1608 int len = get_sig_from_man(dgst, dgstlen, sig, capacity, "ECDSA");
1609
1610 if (len > 0)
1611 {
1612 *siglen = len;
1613 return 1;
1614 }
1615 return 0;
1616}
1617
1618/* EC_KEY_METHOD callback: sign_setup(). We do no precomputations */
1619static int
1620ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
1621{
1622 return 1;
1623}
1624
1625/* EC_KEY_METHOD callback: sign_sig().
1626 * Sign the hash and return the result as a newly allocated ECDS_SIG
1627 * struct or NULL on error.
1628 */
1629static ECDSA_SIG *
1630ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv, const BIGNUM *in_r,
1631 EC_KEY *ec)
1632{
1633 ECDSA_SIG *ecsig = NULL;
1634 unsigned int len = ECDSA_size(ec);
1635 struct gc_arena gc = gc_new();
1636
1637 unsigned char *buf = gc_malloc(len, false, &gc);
1638 if (ecdsa_sign(0, dgst, dgstlen, buf, &len, NULL, NULL, ec) != 1)
1639 {
1640 goto out;
1641 }
1642 /* const char ** should be avoided: not up to us, so we cast our way through */
1643 ecsig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&buf, len);
1644
1645out:
1646 gc_free(&gc);
1647 return ecsig;
1648}
1649
1650static int
1651tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1652{
1653 EC_KEY *ec = NULL;
1654 EVP_PKEY *privkey = NULL;
1655 EC_KEY_METHOD *ec_method;
1656
1657 ASSERT(ctx);
1658
1659 ec_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
1660 if (!ec_method)
1661 {
1662 goto err;
1663 }
1664
1665 /* Among init methods, we only need the finish method */
1666 EC_KEY_METHOD_set_init(ec_method, NULL, openvpn_extkey_ec_finish, NULL, NULL, NULL, NULL);
1667#ifdef OPENSSL_IS_AWSLC
1668 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, NULL, ecdsa_sign_sig);
1669#else
1670 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, ecdsa_sign_setup, ecdsa_sign_sig);
1671#endif
1672
1673 ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pkey));
1674 if (!ec)
1675 {
1676 EC_KEY_METHOD_free(ec_method);
1677 goto err;
1678 }
1679 if (!EC_KEY_set_method(ec, ec_method))
1680 {
1681 EC_KEY_METHOD_free(ec_method);
1682 goto err;
1683 }
1684 /* from this point ec_method will get freed when ec is freed */
1685
1686 privkey = EVP_PKEY_new();
1687 if (!EVP_PKEY_assign_EC_KEY(privkey, ec))
1688 {
1689 goto err;
1690 }
1691 /* from this point ec will get freed when privkey is freed */
1692
1693 if (!SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1694 {
1695 ec = NULL; /* avoid double freeing it below */
1696 goto err;
1697 }
1698
1699 EVP_PKEY_free(privkey); /* this will down ref privkey and ec */
1700 return 1;
1701
1702err:
1703 /* Reach here only when ec and privkey can be independenly freed */
1704 EVP_PKEY_free(privkey);
1705 EC_KEY_free(ec);
1706 return 0;
1707}
1708#endif /* !defined(OPENSSL_NO_EC) */
1709#endif /* ENABLE_MANAGEMENT && !HAVE_XKEY_PROVIDER */
1710
1711#ifdef ENABLE_MANAGEMENT
1712int
1713tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
1714{
1715 int ret = 1;
1716
1717 ASSERT(NULL != ctx);
1718
1719 X509 *cert = SSL_CTX_get0_certificate(ctx->ctx);
1720
1721 ASSERT(NULL != cert);
1722
1723 /* get the public key */
1724 EVP_PKEY *pkey = X509_get0_pubkey(cert);
1725 ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */
1726
1727#ifdef HAVE_XKEY_PROVIDER
1728 EVP_PKEY *privkey = xkey_load_management_key(tls_libctx, pkey);
1729 if (!privkey || !SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1730 {
1731 EVP_PKEY_free(privkey);
1732 goto cleanup;
1733 }
1734 EVP_PKEY_free(privkey);
1735#else /* ifdef HAVE_XKEY_PROVIDER */
1736#if OPENSSL_VERSION_NUMBER < 0x30000000L
1737 if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
1738#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1739 if (EVP_PKEY_is_a(pkey, "RSA"))
1740#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1741 {
1742 if (!tls_ctx_use_external_rsa_key(ctx, pkey))
1743 {
1744 goto cleanup;
1745 }
1746 }
1747#if !defined(OPENSSL_NO_EC)
1748#if OPENSSL_VERSION_NUMBER < 0x30000000L
1749 else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
1750#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1751 else if (EVP_PKEY_is_a(pkey, "EC"))
1752#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1753 {
1754 if (!tls_ctx_use_external_ec_key(ctx, pkey))
1755 {
1756 goto cleanup;
1757 }
1758 }
1759 else
1760 {
1761 crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate");
1762 goto cleanup;
1763 }
1764#else /* !defined(OPENSSL_NO_EC) */
1765 else
1766 {
1767 crypto_msg(M_WARN, "management-external-key requires an RSA certificate");
1768 goto cleanup;
1769 }
1770#endif /* !defined(OPENSSL_NO_EC) */
1771
1772#endif /* HAVE_XKEY_PROVIDER */
1773
1774 ret = 0;
1775cleanup:
1776 if (ret)
1777 {
1778 crypto_msg(M_FATAL, "Cannot enable SSL external private key capability");
1779 }
1780 return ret;
1781}
1782
1783#endif /* ifdef ENABLE_MANAGEMENT */
1784
1785static int
1786sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
1787{
1788 return X509_NAME_cmp(*a, *b);
1789}
1790
1791void
1792tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline,
1793 const char *ca_path, bool tls_server)
1794{
1795 STACK_OF(X509_INFO) *info_stack = NULL;
1796 STACK_OF(X509_NAME) *cert_names = NULL;
1797 X509_LOOKUP *lookup = NULL;
1798 X509_STORE *store = NULL;
1799 X509_NAME *xn = NULL;
1800 BIO *in = NULL;
1801 int i, added = 0, prev = 0;
1802
1803 ASSERT(NULL != ctx);
1804
1805 store = SSL_CTX_get_cert_store(ctx->ctx);
1806 if (!store)
1807 {
1808 crypto_msg(M_FATAL, "Cannot get certificate store");
1809 }
1810
1811 /* Try to add certificates and CRLs from ca_file */
1812 if (ca_file)
1813 {
1814 if (ca_file_inline)
1815 {
1816 in = BIO_new_mem_buf((char *)ca_file, -1);
1817 }
1818 else
1819 {
1820 in = BIO_new_file(ca_file, "r");
1821 }
1822
1823 if (in)
1824 {
1825 info_stack = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
1826 }
1827
1828 if (info_stack)
1829 {
1830 for (i = 0; i < sk_X509_INFO_num(info_stack); i++)
1831 {
1832 X509_INFO *info = sk_X509_INFO_value(info_stack, i);
1833 if (info->crl)
1834 {
1835 X509_STORE_add_crl(store, info->crl);
1836 }
1837
1838 if (tls_server && !info->x509)
1839 {
1840 crypto_msg(M_FATAL, "X509 name was missing in TLS mode");
1841 }
1842
1843 if (info->x509)
1844 {
1845 X509_STORE_add_cert(store, info->x509);
1846 added++;
1847
1848 if (!tls_server)
1849 {
1850 continue;
1851 }
1852
1853 /* Use names of CAs as a client CA list */
1854 if (cert_names == NULL)
1855 {
1856 cert_names = sk_X509_NAME_new(sk_x509_name_cmp);
1857 if (!cert_names)
1858 {
1859 continue;
1860 }
1861 }
1862
1863 xn = X509_get_subject_name(info->x509);
1864 if (!xn)
1865 {
1866 continue;
1867 }
1868
1869 /* Don't add duplicate CA names */
1870 if (sk_X509_NAME_find(cert_names, xn) == -1)
1871 {
1872 xn = X509_NAME_dup(xn);
1873 if (!xn)
1874 {
1875 continue;
1876 }
1877 sk_X509_NAME_push(cert_names, xn);
1878 }
1879 }
1880
1881 if (tls_server)
1882 {
1883 int cnum = sk_X509_NAME_num(cert_names);
1884 if (cnum != (prev + 1))
1885 {
1886 crypto_msg(M_WARN,
1887 "Cannot load CA certificate file %s (entry %d did not validate)",
1888 print_key_filename(ca_file, ca_file_inline), added);
1889 }
1890 prev = cnum;
1891 }
1892 }
1893 sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
1894 }
1895 int cnum;
1896 if (tls_server)
1897 {
1898 cnum = sk_X509_NAME_num(cert_names);
1899 SSL_CTX_set_client_CA_list(ctx->ctx, cert_names);
1900 }
1901
1902 if (!added)
1903 {
1904 crypto_msg(M_FATAL, "Cannot load CA certificate file %s (no entries were read)",
1905 print_key_filename(ca_file, ca_file_inline));
1906 }
1907
1908 if (tls_server)
1909 {
1910 if (cnum != added)
1911 {
1912 crypto_msg(M_FATAL,
1913 "Cannot load CA certificate file %s (only %d "
1914 "of %d entries were valid X509 names)",
1915 print_key_filename(ca_file, ca_file_inline), cnum, added);
1916 }
1917 }
1918
1919 BIO_free(in);
1920 }
1921
1922 /* Set a store for certs (CA & CRL) with a lookup on the "capath" hash directory */
1923 if (ca_path)
1924 {
1925 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
1926 if (lookup && X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM))
1927 {
1928 msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);
1929 }
1930 else
1931 {
1932 crypto_msg(M_FATAL, "Cannot add lookup at --capath %s", ca_path);
1933 }
1934 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1935 }
1936}
1937
1938void
1939tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
1940 bool extra_certs_file_inline)
1941{
1942 BIO *in;
1943 if (extra_certs_file_inline)
1944 {
1945 in = BIO_new_mem_buf((char *)extra_certs_file, -1);
1946 }
1947 else
1948 {
1949 in = BIO_new_file(extra_certs_file, "r");
1950 }
1951
1952 if (in == NULL)
1953 {
1954 crypto_msg(M_FATAL, "Cannot load extra-certs file: %s",
1955 print_key_filename(extra_certs_file, extra_certs_file_inline));
1956 }
1957 else
1958 {
1959 tls_ctx_add_extra_certs(ctx, in, false);
1960 }
1961
1962 BIO_free(in);
1963}
1964
1965/* **************************************
1966 *
1967 * Key-state specific functions
1968 *
1969 ***************************************/
1970/*
1971 *
1972 * BIO functions
1973 *
1974 */
1975
1976#ifdef BIO_DEBUG
1977
1978#warning BIO_DEBUG defined
1979
1980static FILE *biofp; /* GLOBAL */
1981static bool biofp_toggle; /* GLOBAL */
1982static time_t biofp_last_open; /* GLOBAL */
1983static const int biofp_reopen_interval = 600; /* GLOBAL */
1984
1985static void
1986close_biofp(void)
1987{
1988 if (biofp)
1989 {
1990 ASSERT(!fclose(biofp));
1991 biofp = NULL;
1992 }
1993}
1994
1995static void
1996open_biofp(void)
1997{
1998 const time_t current = time(NULL);
1999 const pid_t pid = getpid();
2000
2001 if (biofp_last_open + biofp_reopen_interval < current)
2002 {
2003 close_biofp();
2004 }
2005 if (!biofp)
2006 {
2007 char fn[256];
2008 snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
2009 biofp = fopen(fn, "w");
2010 ASSERT(biofp);
2011 biofp_last_open = time(NULL);
2012 biofp_toggle ^= 1;
2013 }
2014}
2015
2016static void
2017bio_debug_data(const char *mode, BIO *bio, const uint8_t *buf, int len, const char *desc)
2018{
2019 struct gc_arena gc = gc_new();
2020 if (len > 0)
2021 {
2022 open_biofp();
2023 fprintf(biofp, "BIO_%s %s time=%" PRIi64 " bio=" ptr_format " len=%d data=%s\n", mode, desc,
2024 (int64_t)time(NULL), (ptr_type)bio, len, format_hex(buf, len, 0, &gc));
2025 fflush(biofp);
2026 }
2027 gc_free(&gc);
2028}
2029
2030static void
2031bio_debug_oc(const char *mode, BIO *bio)
2032{
2033 open_biofp();
2034 fprintf(biofp, "BIO %s time=%" PRIi64 " bio=" ptr_format "\n", mode, (int64_t)time(NULL),
2035 (ptr_type)bio);
2036 fflush(biofp);
2037}
2038
2039#endif /* ifdef BIO_DEBUG */
2040
2041/*
2042 * Write to an OpenSSL BIO in non-blocking mode.
2043 */
2044static int
2045bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
2046{
2047 int i;
2048 int ret = 0;
2049 ASSERT(size >= 0);
2050 if (size)
2051 {
2052 /*
2053 * Free the L_TLS lock prior to calling BIO routines
2054 * so that foreground thread can still call
2055 * tls_pre_decrypt or tls_pre_encrypt,
2056 * allowing tunnel packet forwarding to continue.
2057 */
2058#ifdef BIO_DEBUG
2059 bio_debug_data("write", bio, data, size, desc);
2060#endif
2061 i = BIO_write(bio, data, size);
2062
2063 if (i < 0)
2064 {
2065 if (!BIO_should_retry(bio))
2066 {
2067 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s error", desc);
2068 ret = -1;
2069 ERR_clear_error();
2070 }
2071 }
2072 else if (i != size)
2073 {
2074 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s incomplete %d/%d", desc, i, size);
2075 ret = -1;
2076 ERR_clear_error();
2077 }
2078 else
2079 { /* successful write */
2080 dmsg(D_HANDSHAKE_VERBOSE, "BIO write %s %d bytes", desc, i);
2081 ret = 1;
2082 }
2083 }
2084 return ret;
2085}
2086
2087/*
2088 * Inline functions for reading from and writing
2089 * to BIOs.
2090 */
2091
2092static void
2093bio_write_post(const int status, struct buffer *buf)
2094{
2095 if (status == 1) /* success status return from bio_write? */
2096 {
2097 memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
2098 buf->len = 0;
2099 }
2100}
2101
2102/*
2103 * Read from an OpenSSL BIO in non-blocking mode.
2104 */
2105static int
2106bio_read(BIO *bio, struct buffer *buf, const char *desc)
2107{
2108 ASSERT(buf->len >= 0);
2109 if (buf->len)
2110 {
2111 /* we only want to write empty buffers, ignore read request
2112 * if the buffer is not empty */
2113 return 0;
2114 }
2115 int len = buf_forward_capacity(buf);
2116
2117 /*
2118 * BIO_read brackets most of the serious RSA
2119 * key negotiation number crunching.
2120 */
2121 int i = BIO_read(bio, BPTR(buf), len);
2122
2123 VALGRIND_MAKE_READABLE((void *)&i, sizeof(i));
2124
2125#ifdef BIO_DEBUG
2126 bio_debug_data("read", bio, BPTR(buf), i, desc);
2127#endif
2128
2129 int ret = 0;
2130 if (i < 0)
2131 {
2132 if (!BIO_should_retry(bio))
2133 {
2134 crypto_msg(D_TLS_ERRORS, "TLS_ERROR: BIO read %s error", desc);
2135 buf->len = 0;
2136 ret = -1;
2137 ERR_clear_error();
2138 }
2139 }
2140 else if (!i)
2141 {
2142 buf->len = 0;
2143 }
2144 else
2145 { /* successful read */
2146 dmsg(D_HANDSHAKE_VERBOSE, "BIO read %s %d bytes", desc, i);
2147 buf->len = i;
2148 ret = 1;
2149 VALGRIND_MAKE_READABLE((void *)BPTR(buf), BLEN(buf));
2150 }
2151 return ret;
2152}
2153
2154void
2155key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server,
2156 struct tls_session *session)
2157{
2158 ASSERT(NULL != ssl_ctx);
2159 ASSERT(ks_ssl);
2160 CLEAR(*ks_ssl);
2161
2162 ks_ssl->ssl = SSL_new(ssl_ctx->ctx);
2163 if (!ks_ssl->ssl)
2164 {
2165 crypto_msg(M_FATAL, "SSL_new failed");
2166 }
2167
2168 /* put session * in ssl object so we can access it
2169 * from verify callback*/
2170 SSL_set_ex_data(ks_ssl->ssl, mydata_index, session);
2171
2172 ASSERT((ks_ssl->ssl_bio = BIO_new(BIO_f_ssl())));
2173 ASSERT((ks_ssl->ct_in = BIO_new(BIO_s_mem())));
2174 ASSERT((ks_ssl->ct_out = BIO_new(BIO_s_mem())));
2175
2176#ifdef BIO_DEBUG
2177 bio_debug_oc("open ssl_bio", ks_ssl->ssl_bio);
2178 bio_debug_oc("open ct_in", ks_ssl->ct_in);
2179 bio_debug_oc("open ct_out", ks_ssl->ct_out);
2180#endif
2181
2182 if (is_server)
2183 {
2184 SSL_set_accept_state(ks_ssl->ssl);
2185 }
2186 else
2187 {
2188 SSL_set_connect_state(ks_ssl->ssl);
2189 }
2190
2191 SSL_set_bio(ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
2192 BIO_set_ssl(ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
2193}
2194
2195void
2196key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
2197{
2198 SSL_set_shutdown(ks_ssl->ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2199}
2200
2201void
2202key_state_ssl_free(struct key_state_ssl *ks_ssl)
2203{
2204 if (ks_ssl->ssl)
2205 {
2206#ifdef BIO_DEBUG
2207 bio_debug_oc("close ssl_bio", ks_ssl->ssl_bio);
2208 bio_debug_oc("close ct_in", ks_ssl->ct_in);
2209 bio_debug_oc("close ct_out", ks_ssl->ct_out);
2210#endif
2211 BIO_free_all(ks_ssl->ssl_bio);
2212 SSL_free(ks_ssl->ssl);
2213 }
2214}
2215
2216int
2217key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2218{
2219 int ret = 0;
2220 perf_push(PERF_BIO_WRITE_PLAINTEXT);
2221
2222 ASSERT(NULL != ks_ssl);
2223
2224 ret = bio_write(ks_ssl->ssl_bio, BPTR(buf), BLEN(buf), "tls_write_plaintext");
2225 bio_write_post(ret, buf);
2226
2227 perf_pop();
2228 return ret;
2229}
2230
2231int
2232key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
2233{
2234 int ret = 0;
2235 perf_push(PERF_BIO_WRITE_PLAINTEXT);
2236
2237 ASSERT(NULL != ks_ssl);
2238
2239 ret = bio_write(ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
2240
2241 perf_pop();
2242 return ret;
2243}
2244
2245int
2246key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2247{
2248 int ret = 0;
2249 perf_push(PERF_BIO_READ_CIPHERTEXT);
2250
2251 ASSERT(NULL != ks_ssl);
2252
2253 ret = bio_read(ks_ssl->ct_out, buf, "tls_read_ciphertext");
2254
2255 perf_pop();
2256 return ret;
2257}
2258
2259int
2260key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2261{
2262 int ret = 0;
2263 perf_push(PERF_BIO_WRITE_CIPHERTEXT);
2264
2265 ASSERT(NULL != ks_ssl);
2266
2267 ret = bio_write(ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
2268 bio_write_post(ret, buf);
2269
2270 perf_pop();
2271 return ret;
2272}
2273
2274int
2275key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2276{
2277 int ret = 0;
2278 perf_push(PERF_BIO_READ_PLAINTEXT);
2279
2280 ASSERT(NULL != ks_ssl);
2281
2282 ret = bio_read(ks_ssl->ssl_bio, buf, "tls_read_plaintext");
2283
2284 perf_pop();
2285 return ret;
2286}
2287
2288static void
2289print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
2290{
2291 const char *curve = "";
2292 const char *type = "(error getting type)";
2293
2294 if (pkey == NULL)
2295 {
2296 buf[0] = 0;
2297 return;
2298 }
2299
2300 int typeid = EVP_PKEY_id(pkey);
2301#if OPENSSL_VERSION_NUMBER < 0x30000000L
2302 bool is_ec = typeid == EVP_PKEY_EC;
2303#else
2304 bool is_ec = EVP_PKEY_is_a(pkey, "EC");
2305#endif
2306
2307#ifndef OPENSSL_NO_EC
2308 char groupname[64];
2309 if (is_ec)
2310 {
2311 size_t len;
2312 if (EVP_PKEY_get_group_name(pkey, groupname, sizeof(groupname), &len))
2313 {
2314 curve = groupname;
2315 }
2316 else
2317 {
2318 curve = "(error getting curve name)";
2319 }
2320 }
2321#endif
2322 if (typeid != 0)
2323 {
2324#if OPENSSL_VERSION_NUMBER < 0x30000000L
2325 type = OBJ_nid2sn(typeid);
2326
2327 /* OpenSSL reports rsaEncryption, dsaEncryption and
2328 * id-ecPublicKey, map these values to nicer ones */
2329 if (typeid == EVP_PKEY_RSA)
2330 {
2331 type = "RSA";
2332 }
2333 else if (typeid == EVP_PKEY_DSA)
2334 {
2335 type = "DSA";
2336 }
2337 else if (typeid == EVP_PKEY_EC)
2338 {
2339 /* EC gets the curve appended after the type */
2340 type = "EC, curve ";
2341 }
2342 else if (type == NULL)
2343 {
2344 type = "unknown type";
2345 }
2346#else /* OpenSSL >= 3 */
2347 type = EVP_PKEY_get0_type_name(pkey);
2348 if (type == NULL)
2349 {
2350 type = "(error getting public key type)";
2351 }
2352#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
2353 }
2354
2355 snprintf(buf, buflen, "%d bits %s%s", EVP_PKEY_bits(pkey), type, curve);
2356}
2357
2364static void
2365print_cert_details(X509 *cert, char *buf, size_t buflen)
2366{
2367 EVP_PKEY *pkey = X509_get_pubkey(cert);
2368 char pkeybuf[64] = { 0 };
2369 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2370
2371 char sig[128] = { 0 };
2372 int signature_nid = X509_get_signature_nid(cert);
2373 if (signature_nid != 0)
2374 {
2375 snprintf(sig, sizeof(sig), ", signature: %s", OBJ_nid2sn(signature_nid));
2376 }
2377
2378 snprintf(buf, buflen, ", peer certificate: %s%s", pkeybuf, sig);
2379
2380 EVP_PKEY_free(pkey);
2381}
2382
2383static void
2384print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
2385{
2386 EVP_PKEY *pkey = NULL;
2387 SSL_get_peer_tmp_key(ssl, &pkey);
2388 if (!pkey)
2389 {
2390 return;
2391 }
2392
2393 char pkeybuf[128] = { 0 };
2394 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2395
2396 snprintf(buf, buflen, ", peer temporary key: %s", pkeybuf);
2397
2398 EVP_PKEY_free(pkey);
2399}
2400
2401#if !defined(LIBRESSL_VERSION_NUMBER) \
2402 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2408static const char *
2409get_sigtype(int nid)
2410{
2411 /* Fix a few OpenSSL names to be better understandable */
2412 switch (nid)
2413 {
2414 case EVP_PKEY_RSA:
2415 /* will otherwise say rsaEncryption */
2416 return "RSA";
2417
2418 case EVP_PKEY_DSA:
2419 /* dsaEncryption otherwise */
2420 return "DSA";
2421
2422 case EVP_PKEY_EC:
2423 /* will say id-ecPublicKey */
2424 return "ECDSA";
2425
2426 case -1:
2427 return "(error getting name)";
2428
2429 default:
2430 return OBJ_nid2sn(nid);
2431 }
2432}
2433#endif /* ifndef LIBRESSL_VERSION_NUMBER */
2434
2439static void
2440print_peer_signature(SSL *ssl, char *buf, size_t buflen)
2441{
2442 int peer_sig_type_nid = NID_undef;
2443 const char *peer_sig_unknown = "unknown";
2444 const char *peer_sig = peer_sig_unknown;
2445 const char *peer_sig_type = "unknown type";
2446
2447 const char *signame = NULL;
2448 SSL_get0_peer_signature_name(ssl, &signame);
2449 if (signame)
2450 {
2451 peer_sig = signame;
2452 }
2453
2454#if !defined(LIBRESSL_VERSION_NUMBER) \
2455 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2456 /* LibreSSL 3.7.x and 3.8.x implement this function but do not export it
2457 * and fail linking with an unresolved symbol */
2458 if (SSL_get_peer_signature_type_nid(ssl, &peer_sig_type_nid) && peer_sig_type_nid != NID_undef)
2459 {
2460 peer_sig_type = get_sigtype(peer_sig_type_nid);
2461 }
2462#endif
2463
2464 if (peer_sig == peer_sig_unknown && peer_sig_type_nid == NID_undef)
2465 {
2466 return;
2467 }
2468
2469 snprintf(buf, buflen, ", peer signing digest/type: %s %s", peer_sig, peer_sig_type);
2470}
2471
2472#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2473void
2474print_tls_key_agreement_group(SSL *ssl, char *buf, size_t buflen)
2475{
2476 const char *groupname = SSL_get0_group_name(ssl);
2477 if (!groupname)
2478 {
2479 snprintf(buf, buflen, ", key agreement: (error fetching group)");
2480 }
2481 else
2482 {
2483 snprintf(buf, buflen, ", key agreement: %s", groupname);
2484 }
2485}
2486#endif
2487
2488/* **************************************
2489 *
2490 * Information functions
2491 *
2492 * Print information for the end user.
2493 *
2494 ***************************************/
2495void
2496print_details(struct key_state_ssl *ks_ssl, const char *prefix)
2497{
2498 const SSL_CIPHER *ciph;
2499 char s1[256];
2500 char s2[256];
2501 char s3[256];
2502 char s4[256];
2503 char s5[256];
2504
2505 s1[0] = s2[0] = s3[0] = s4[0] = s5[0] = 0;
2506 ciph = SSL_get_current_cipher(ks_ssl->ssl);
2507 snprintf(s1, sizeof(s1), "%s %s, cipher %s %s", prefix, SSL_get_version(ks_ssl->ssl),
2508 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
2509 X509 *cert = SSL_get_peer_certificate(ks_ssl->ssl);
2510
2511 if (cert)
2512 {
2513 print_cert_details(cert, s2, sizeof(s2));
2514 X509_free(cert);
2515 }
2516 print_server_tempkey(ks_ssl->ssl, s3, sizeof(s3));
2517 print_peer_signature(ks_ssl->ssl, s4, sizeof(s4));
2518#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2519 print_tls_key_agreement_group(ks_ssl->ssl, s5, sizeof(s5));
2520#endif
2521
2522 msg(D_HANDSHAKE, "%s%s%s%s%s", s1, s2, s3, s4, s5);
2523}
2524
2525#if defined(__GNUC__) || defined(__clang__)
2526#pragma GCC diagnostic push
2527#pragma GCC diagnostic ignored "-Wconversion"
2528#endif
2529
2530void
2531show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
2532{
2533 struct tls_root_ctx tls_ctx;
2534
2535 tls_ctx.ctx = SSL_CTX_new(SSLv23_method());
2536 if (!tls_ctx.ctx)
2537 {
2538 crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
2539 }
2540
2541#if defined(TLS1_3_VERSION)
2542 if (tls13)
2543 {
2544 SSL_CTX_set_min_proto_version(tls_ctx.ctx, openssl_tls_version(TLS_VER_1_3));
2545 tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list);
2546 }
2547 else
2548#endif
2549 {
2550 SSL_CTX_set_max_proto_version(tls_ctx.ctx, TLS1_2_VERSION);
2551 tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
2552 }
2553
2554 tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
2555
2556 SSL *ssl = SSL_new(tls_ctx.ctx);
2557 if (!ssl)
2558 {
2559 crypto_msg(M_FATAL, "Cannot create SSL object");
2560 }
2561
2562#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC)
2563 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
2564#else
2565 STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
2566#endif
2567 for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++)
2568 {
2569 const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
2570
2571 const char *cipher_name = SSL_CIPHER_get_name(c);
2572
2573 const tls_cipher_name_pair *pair =
2574 tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
2575
2576 if (tls13)
2577 {
2578 printf("%s\n", cipher_name);
2579 }
2580 else if (NULL == pair)
2581 {
2582 /* No translation found, print warning */
2583 printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n", cipher_name);
2584 }
2585 else
2586 {
2587 printf("%s\n", pair->iana_name);
2588 }
2589 }
2590#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
2591 sk_SSL_CIPHER_free(sk);
2592#endif
2593 SSL_free(ssl);
2594 SSL_CTX_free(tls_ctx.ctx);
2595}
2596
2597#if defined(__GNUC__) || defined(__clang__)
2598#pragma GCC diagnostic pop
2599#endif
2600
2601/*
2602 * Show the Elliptic curves that are available for us to use
2603 * in the OpenSSL library.
2604 */
2605void
2606show_available_curves(void)
2607{
2608 printf("Consider using 'openssl ecparam -list_curves' as alternative to running\n"
2609 "this command.\n"
2610 "Note this output does only list curves/groups that OpenSSL considers as\n"
2611 "builtin EC curves. It does not list additional curves nor X448 or X25519\n");
2612#ifndef OPENSSL_NO_EC
2613 EC_builtin_curve *curves = NULL;
2614 size_t crv_len = 0;
2615 size_t n = 0;
2616
2617 crv_len = EC_get_builtin_curves(NULL, 0);
2618 ALLOC_ARRAY(curves, EC_builtin_curve, crv_len);
2619 if (EC_get_builtin_curves(curves, crv_len))
2620 {
2621 printf("\nAvailable Elliptic curves/groups:\n");
2622 for (n = 0; n < crv_len; n++)
2623 {
2624 const char *sname;
2625 sname = OBJ_nid2sn(curves[n].nid);
2626 if (sname == NULL)
2627 {
2628 sname = "";
2629 }
2630
2631 printf("%s\n", sname);
2632 }
2633 }
2634 else
2635 {
2636 crypto_msg(M_FATAL, "Cannot get list of builtin curves");
2637 }
2638 free(curves);
2639#else /* ifndef OPENSSL_NO_EC */
2640 msg(M_WARN, "Your OpenSSL library was built without elliptic curve support. "
2641 "No curves available.");
2642#endif /* ifndef OPENSSL_NO_EC */
2643}
2644
2645const char *
2646get_ssl_library_version(void)
2647{
2648 return OpenSSL_version(OPENSSL_VERSION);
2649}
2650
2651
2653#ifdef HAVE_XKEY_PROVIDER
2654static int
2655provider_load(OSSL_PROVIDER *prov, void *dest_libctx)
2656{
2657 const char *name = OSSL_PROVIDER_get0_name(prov);
2658 OSSL_PROVIDER_load(dest_libctx, name);
2659 return 1;
2660}
2661
2662static int
2663provider_unload(OSSL_PROVIDER *prov, void *unused)
2664{
2665 (void)unused;
2666 OSSL_PROVIDER_unload(prov);
2667 return 1;
2668}
2669#endif /* HAVE_XKEY_PROVIDER */
2670
2678void
2679load_xkey_provider(void)
2680{
2681#ifdef HAVE_XKEY_PROVIDER
2682
2683 /* Make a new library context for use in TLS context */
2684 if (!tls_libctx)
2685 {
2686 tls_libctx = OSSL_LIB_CTX_new();
2687 check_malloc_return(tls_libctx);
2688
2689 /* Load all providers in default LIBCTX into this libctx.
2690 * OpenSSL has a child libctx functionality to automate this,
2691 * but currently that is usable only from within providers.
2692 * So we do something close to it manually here.
2693 */
2694 OSSL_PROVIDER_do_all(NULL, provider_load, tls_libctx);
2695 }
2696
2697 if (!OSSL_PROVIDER_available(tls_libctx, "ovpn.xkey"))
2698 {
2699 OSSL_PROVIDER_add_builtin(tls_libctx, "ovpn.xkey", xkey_provider_init);
2700 if (!OSSL_PROVIDER_load(tls_libctx, "ovpn.xkey"))
2701 {
2702 msg(M_NONFATAL, "ERROR: failed loading external key provider: "
2703 "Signing with external keys will not work.");
2704 }
2705 }
2706
2707 /* We only implement minimal functionality in ovpn.xkey, so we do not want
2708 * methods in xkey to be picked unless absolutely required (i.e, when the key
2709 * is external). Ensure this by setting a default propquery for the custom
2710 * libctx that unprefers, but does not forbid, ovpn.xkey. See also man page
2711 * of "property" in OpenSSL 3.0.
2712 */
2713 EVP_set_default_properties(tls_libctx, "?provider!=ovpn.xkey");
2714
2715#endif /* HAVE_XKEY_PROVIDER */
2716}
2717
2721static void
2722unload_xkey_provider(void)
2723{
2724#ifdef HAVE_XKEY_PROVIDER
2725 if (tls_libctx)
2726 {
2727 OSSL_PROVIDER_do_all(tls_libctx, provider_unload, NULL);
2728 OSSL_LIB_CTX_free(tls_libctx);
2729 }
2730#endif /* HAVE_XKEY_PROVIDER */
2731 tls_libctx = NULL;
2732}
2733
2734#endif /* defined(ENABLE_CRYPTO_OPENSSL) */
gc_malloc
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition buffer.c:336
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:649
format_hex
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
Definition buffer.h:503
BPTR
#define BPTR(buf)
Definition buffer.h:123
ALLOC_ARRAY_CLEAR_GC
#define ALLOC_ARRAY_CLEAR_GC(dptr, type, n, gc)
Definition buffer.h:1064
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition buffer.h:539
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:414
BLEN
#define BLEN(buf)
Definition buffer.h:126
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1085
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
ALLOC_ARRAY
#define ALLOC_ARRAY(dptr, type, n)
Definition buffer.h:1048
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1007
ptr_type
unsigned long ptr_type
Definition common.h:57
ptr_format
#define ptr_format
Definition common.h:48
strsep
char * strsep(char **stringp, const char *delim)
Definition compat-strsep.c:35
print_key_filename
const char * print_key_filename(const char *str, bool is_inline)
To be used when printing a string that may contain inline data.
Definition crypto.c:1278
crypto_print_openssl_errors
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
Definition crypto_openssl.c:230
crypto_msg
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
Definition crypto_openssl.h:116
SSL_CTX_use_CryptoAPI_certificate
int SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
Definition cryptoapi.c:59
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition errlevel.h:76
D_TLS_DEBUG_MED
#define D_TLS_DEBUG_MED
Definition errlevel.h:156
D_HANDSHAKE_VERBOSE
#define D_HANDSHAKE_VERBOSE
Definition errlevel.h:155
D_HANDSHAKE
#define D_HANDSHAKE
Definition errlevel.h:71
D_TLS_ERRORS
#define D_TLS_ERRORS
Definition errlevel.h:58
D_LOW
#define D_LOW
Definition errlevel.h:96
M_INFO
#define M_INFO
Definition errlevel.h:54
D_TLS_DEBUG
#define D_TLS_DEBUG
Definition errlevel.h:164
KS_PRIMARY
#define KS_PRIMARY
Primary key state index.
Definition ssl_common.h:465
key_state_read_plaintext
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract plaintext data from the TLS module.
Definition ssl_openssl.c:2275
key_state_write_ciphertext
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition ssl_openssl.c:2260
key_state_read_ciphertext
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract ciphertext data from the TLS module.
Definition ssl_openssl.c:2246
key_state_write_plaintext_const
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition ssl_openssl.c:2232
key_state_write_plaintext
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition ssl_openssl.c:2217
verify_callback
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer's certificate allows setting up a VPN tunnel.
constrain_int
static int constrain_int(int x, int min, int max)
Definition integer.h:118
status
static SERVICE_STATUS status
Definition interactive.c:51
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3124
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3786
VALGRIND_MAKE_READABLE
#define VALGRIND_MAKE_READABLE(addr, len)
Definition memdbg.h:53
purge_user_pass
void purge_user_pass(struct user_pass *up, const bool force)
Definition misc.c:474
GET_USER_PASS_MANAGEMENT
#define GET_USER_PASS_MANAGEMENT
Definition misc.h:110
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:112
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:150
openssl_compat.h
OpenSSL compatibility stub.
OSSL_PROVIDER
void OSSL_PROVIDER
Definition openssl_compat.h:128
SSL_get0_peer_signature_name
static int SSL_get0_peer_signature_name(SSL *ssl, const char **sigalg)
Definition openssl_compat.h:174
OSSL_LIB_CTX
void OSSL_LIB_CTX
Definition openssl_compat.h:127
EVP_PKEY_get_group_name
static int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, size_t *gname_len)
Definition openssl_compat.h:90
SSL_CTX_set1_groups
#define SSL_CTX_set1_groups
Definition openssl_compat.h:50
SSL_CTX_new_ex
#define SSL_CTX_new_ex(libctx, propq, method)
Reduce SSL_CTX_new_ex() to SSL_CTX_new() for OpenSSL < 3.
Definition openssl_compat.h:124
CLEAR
#define CLEAR(x)
Definition basic.h:32
M_FATAL
#define M_FATAL
Definition error.h:90
M_NONFATAL
#define M_NONFATAL
Definition error.h:91
dmsg
#define dmsg(flags,...)
Definition error.h:172
msg
#define msg(flags,...)
Definition error.h:152
ASSERT
#define ASSERT(x)
Definition error.h:219
M_DEBUG
#define M_DEBUG
Definition error.h:93
M_WARN
#define M_WARN
Definition error.h:92
streq
#define streq(x, y)
Definition options.h:727
perf_push
static void perf_push(int type)
Definition perf.h:77
PERF_BIO_READ_PLAINTEXT
#define PERF_BIO_READ_PLAINTEXT
Definition perf.h:37
PERF_BIO_WRITE_CIPHERTEXT
#define PERF_BIO_WRITE_CIPHERTEXT
Definition perf.h:40
perf_pop
static void perf_pop(void)
Definition perf.h:81
PERF_BIO_READ_CIPHERTEXT
#define PERF_BIO_READ_CIPHERTEXT
Definition perf.h:39
PERF_BIO_WRITE_PLAINTEXT
#define PERF_BIO_WRITE_PLAINTEXT
Definition perf.h:38
platform_fopen
FILE * platform_fopen(const char *path, const char *mode)
Definition platform.c:504
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition base64.c:160
openvpn_base64_encode
int openvpn_base64_encode(const void *data, int size, char **str)
Definition base64.c:51
pem_password_callback
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user's password.
Definition ssl.c:269
ssl_backend.h
Control Channel SSL library backend module.
TLS_VER_1_0
#define TLS_VER_1_0
Definition ssl_backend.h:105
TLS_VER_1_2
#define TLS_VER_1_2
Definition ssl_backend.h:107
TLS_VER_1_3
#define TLS_VER_1_3
Definition ssl_backend.h:108
TLS_VER_1_1
#define TLS_VER_1_1
Definition ssl_backend.h:106
ssl_common.h
Control Channel Common Data Structures.
SSLF_TLS_VERSION_MAX_SHIFT
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition ssl_common.h:432
UP_TYPE_PRIVATE_KEY
#define UP_TYPE_PRIVATE_KEY
Definition ssl_common.h:42
SSLF_CLIENT_CERT_OPTIONAL
#define SSLF_CLIENT_CERT_OPTIONAL
Definition ssl_common.h:425
SSLF_CLIENT_CERT_NOT_REQUIRED
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition ssl_common.h:424
SSLF_TLS_VERSION_MAX_MASK
#define SSLF_TLS_VERSION_MAX_MASK
Definition ssl_common.h:433
SSLF_TLS_VERSION_MIN_SHIFT
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition ssl_common.h:430
SSLF_TLS_VERSION_MIN_MASK
#define SSLF_TLS_VERSION_MIN_MASK
Definition ssl_common.h:431
tls_ctx_set_tls_groups
void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
Set the (elliptic curve) group allowed for signatures and key exchange.
Definition ssl_openssl.c:567
tls_ctx_free
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition ssl_openssl.c:139
bio_read
static int bio_read(BIO *bio, struct buffer *buf, const char *desc)
Definition ssl_openssl.c:2106
get_ssl_library_version
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition ssl_openssl.c:2646
openvpn_extkey_ec_finish
static void openvpn_extkey_ec_finish(EC_KEY *ec)
Definition ssl_openssl.c:1587
tls_ctx_set_tls_versions
static bool tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Definition ssl_openssl.c:281
bio_write
static int bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
Definition ssl_openssl.c:2045
openvpn_extkey_rsa_finish
static int openvpn_extkey_rsa_finish(RSA *rsa)
Definition ssl_openssl.c:1436
tls_ctx_use_external_ec_key
static int tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1651
openssl_tls_version
static int openssl_tls_version(int ver)
Convert internal version number to openssl version number.
Definition ssl_openssl.c:239
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition ssl_openssl.c:155
load_xkey_provider
void load_xkey_provider(void)
Some helper routines for provider load/unload.
Definition ssl_openssl.c:2679
print_pkey_details
static void print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
Definition ssl_openssl.c:2289
print_server_tempkey
static void print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
Definition ssl_openssl.c:2384
rsa_pub_enc
static int rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1412
tls_ctx_add_extra_certs
static void tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
Definition ssl_openssl.c:1055
show_available_tls_ciphers_list
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
Show the TLS ciphers that are available for us to use in the library depending on the TLS version.
Definition ssl_openssl.c:2531
load_pkey_from_uri
static void * load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
Load private key from OSSL_STORE URI or file uri : URI of object or filename ssl_ctx : SSL_CTX for UI...
Definition ssl_openssl.c:839
tls_ctx_server_new
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition ssl_openssl.c:103
show_available_curves
void show_available_curves(void)
Show the available elliptic curves in the crypto library.
Definition ssl_openssl.c:2606
key_state_ssl_free
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition ssl_openssl.c:2202
ecdsa_sign
static int ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
Definition ssl_openssl.c:1599
tls_ctx_load_priv_file
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
Definition ssl_openssl.c:1273
key_state_ssl_shutdown
void key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
Sets a TLS session to be shutdown state, so the TLS library will generate a shutdown alert.
Definition ssl_openssl.c:2196
tls_ctx_load_extra_certs
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, bool extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1939
print_peer_signature
static void print_peer_signature(SSL *ssl, char *buf, size_t buflen)
Get the type of the signature that is used by the peer during the TLS handshake.
Definition ssl_openssl.c:2440
tls_libctx
OSSL_LIB_CTX * tls_libctx
Definition ssl_openssl.c:78
get_sigtype
static const char * get_sigtype(int nid)
Translate an OpenSSL NID into a more human readable name.
Definition ssl_openssl.c:2409
mydata_index
int mydata_index
Allocate space in SSL objects in which to store a struct tls_session pointer back to parent.
Definition ssl_openssl.c:88
print_cert_details
static void print_cert_details(X509 *cert, char *buf, size_t buflen)
Print human readable information about the certificate into buf.
Definition ssl_openssl.c:2365
ecdsa_sign_setup
static int ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
Definition ssl_openssl.c:1620
tls_ctx_check_cert_time
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition ssl_openssl.c:625
tls_ctx_restrict_ciphers_tls13
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher.
Definition ssl_openssl.c:498
cert_uri_supported
static bool cert_uri_supported(void)
Definition ssl_openssl.c:1088
rsa_priv_dec
static int rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1428
INFO_CALLBACK_SSL_CONST
#define INFO_CALLBACK_SSL_CONST
Definition ssl_openssl.c:177
rsa_pub_dec
static int rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1420
bio_write_post
static void bio_write_post(const int status, struct buffer *buf)
Definition ssl_openssl.c:2093
tls_ctx_load_pkcs12
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context.
Definition ssl_openssl.c:908
tls_ctx_initialised
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition ssl_openssl.c:148
key_state_ssl_init
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition ssl_openssl.c:2155
tls_free_lib
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition ssl_openssl.c:98
unload_xkey_provider
static void unload_xkey_provider(void)
Undo steps in load_xkey_provider.
Definition ssl_openssl.c:2722
get_rsa_padding_name
const char * get_rsa_padding_name(const int padding)
Definition ssl_openssl.c:1451
tls_ctx_load_ecdh_params
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:719
get_sig_from_man
static int get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig, unsigned int siglen, const char *algorithm)
Pass the input hash in 'dgst' to management and get the signature back.
Definition ssl_openssl.c:1478
tls_ctx_load_cert_uri
static void tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
Definition ssl_openssl.c:1098
rsa_priv_enc
static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1503
convert_tls_list_to_openssl
static void convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:359
tls_ctx_load_cert_pem_file
static void tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Definition ssl_openssl.c:1200
tls_init_lib
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition ssl_openssl.c:91
print_details
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Print a one line summary of SSL/TLS session handshake.
Definition ssl_openssl.c:2496
info_callback
static void info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
Definition ssl_openssl.c:180
tls_version_max
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation.
Definition ssl_openssl.c:203
backend_tls_ctx_reload_crl
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition ssl_openssl.c:1327
tls_ctx_restrict_ciphers
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below.
Definition ssl_openssl.c:437
tls_ctx_load_ca
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1792
tls_ctx_set_cert_profile
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition ssl_openssl.c:526
tls_ctx_use_management_external_key
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
Definition ssl_openssl.c:1713
tls_ctx_use_external_rsa_key
static int tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1520
ecdsa_sign_sig
static ECDSA_SIG * ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *ec)
Definition ssl_openssl.c:1630
tls_ctx_load_cryptoapi
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition ssl_openssl.c:1041
convert_tls13_list_to_openssl
static void convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:473
tls_ctx_set_options
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition ssl_openssl.c:311
tls_ctx_load_dh_params
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:661
tls_ctx_client_new
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition ssl_openssl.c:121
sk_x509_name_cmp
static int sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
Definition ssl_openssl.c:1786
tls_ctx_load_cert_file
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Load certificate file into the given TLS context.
Definition ssl_openssl.c:1260
get_num_elements
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number e...
Definition ssl_util.c:299
tls_get_cipher_name_pair
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition ssl_util.c:275
ssl_util.h
SSL utility functions.
ssl_verify_openssl.h
Control Channel Verification Module OpenSSL backend.
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
key_state_ssl
Definition ssl_mbedtls.h:138
key_state_ssl::ct_in
BIO * ct_in
Definition ssl_openssl.h:50
key_state_ssl::ssl
SSL * ssl
Definition ssl_openssl.h:48
key_state_ssl::ssl_bio
BIO * ssl_bio
Definition ssl_openssl.h:49
key_state_ssl::ct_out
BIO * ct_out
Definition ssl_openssl.h:51
signame
Definition sig.c:47
tls_cipher_name_pair
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name.
Definition ssl_util.h:77
tls_cipher_name_pair::iana_name
const char * iana_name
Definition ssl_util.h:79
tls_cipher_name_pair::openssl_name
const char * openssl_name
Definition ssl_util.h:78
tls_root_ctx
Structure that wraps the TLS context.
Definition ssl_mbedtls.h:116
tls_root_ctx::ctx
SSL_CTX * ctx
Definition ssl_openssl.h:41
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:490
user_pass
Definition misc.h:52
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:68
cleanup
static int cleanup(void **state)
Definition test_pkcs11.c:289
i
int i
Definition test_push_update_msg.c:120
gc
struct gc_arena gc
Definition test_ssl.c:131
xkey_common.h
Generated by doxygen 1.9.8