OpenVPN
ssl_openssl.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
9 * Copyright (C) 2010-2026 Sentyron B.V. <openvpn@sentyron.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <https://www.gnu.org/licenses/>.
22 */
23
29#ifdef HAVE_CONFIG_H
30#include "config.h"
31#endif
32
33#include "syshead.h"
34
35#if defined(ENABLE_CRYPTO_OPENSSL)
36
37#include "errlevel.h"
38#include "buffer.h"
39#include "misc.h"
40#include "manage.h"
41#include "memdbg.h"
42#include "ssl_backend.h"
43#include "ssl_common.h"
44#include "base64.h"
45#include "openssl_compat.h"
46#include "xkey_common.h"
47
48#ifdef ENABLE_CRYPTOAPI
49#include "cryptoapi.h"
50#endif
51
52#include "ssl_verify_openssl.h"
53#include "ssl_util.h"
54
55#include <openssl/bn.h>
56#include <openssl/crypto.h>
57#include <openssl/dh.h>
58#include <openssl/dsa.h>
59#include <openssl/err.h>
60#include <openssl/pkcs12.h>
61#include <openssl/rsa.h>
62#include <openssl/x509.h>
63#include <openssl/ssl.h>
64#ifndef OPENSSL_NO_EC
65#include <openssl/ec.h>
66#endif
67
68#if OPENSSL_VERSION_NUMBER >= 0x30000000L
69#define HAVE_OPENSSL_STORE_API
70#include <openssl/ui.h>
71#include <openssl/store.h>
72#endif
73
74#if defined(_MSC_VER) && !defined(_M_ARM64)
75#include <openssl/applink.c>
76#endif
77
78OSSL_LIB_CTX *tls_libctx; /* Global */
79
80static void unload_xkey_provider(void);
81
82/*
83 * Allocate space in SSL objects in which to store a struct tls_session
84 * pointer back to parent.
85 *
86 */
87
88int mydata_index; /* GLOBAL */
89
90void
91tls_init_lib(void)
92{
93 mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
94 ASSERT(mydata_index >= 0);
95}
96
97void
98tls_free_lib(void)
99{
100}
101
102void
103tls_ctx_server_new(struct tls_root_ctx *ctx)
104{
105 ASSERT(NULL != ctx);
106
107 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_server_method());
108
109 if (ctx->ctx == NULL)
110 {
111 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
112 }
113 if (ERR_peek_error() != 0)
114 {
115 crypto_msg(M_WARN, "Warning: TLS server context initialisation "
116 "has warnings.");
117 }
118}
119
120void
121tls_ctx_client_new(struct tls_root_ctx *ctx)
122{
123 ASSERT(NULL != ctx);
124
125 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_client_method());
126
127 if (ctx->ctx == NULL)
128 {
129 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
130 }
131 if (ERR_peek_error() != 0)
132 {
133 crypto_msg(M_WARN, "Warning: TLS client context initialisation "
134 "has warnings.");
135 }
136}
137
138void
139tls_ctx_free(struct tls_root_ctx *ctx)
140{
141 ASSERT(NULL != ctx);
142 SSL_CTX_free(ctx->ctx);
143 ctx->ctx = NULL;
144 unload_xkey_provider(); /* in case it is loaded */
145}
146
147bool
148tls_ctx_initialised(struct tls_root_ctx *ctx)
149{
150 /* either this should be NULL or should be non-null and then have a
151 * valid TLS ctx inside as well */
152 ASSERT(ctx == NULL || ctx->ctx != NULL);
153 return ctx != NULL;
154}
155
156bool
157key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size,
158 void *ekm, size_t ekm_size)
159
160{
161 SSL *ssl = session->key[KS_PRIMARY].ks_ssl.ssl;
162
163 if (SSL_export_keying_material(ssl, ekm, ekm_size, label, label_size, NULL, 0, 0) == 1)
164 {
165 return true;
166 }
167 else
168 {
169 secure_memzero(ekm, ekm_size);
170 return false;
171 }
172}
173
174/*
175 * Print debugging information on SSL/TLS session negotiation.
176 */
177
178#ifndef INFO_CALLBACK_SSL_CONST
179#define INFO_CALLBACK_SSL_CONST const
180#endif
181static void
182info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
183{
184 if (where & SSL_CB_LOOP)
185 {
186 dmsg(D_HANDSHAKE_VERBOSE, "SSL state (%s): %s",
187 where & SSL_ST_CONNECT ? "connect"
188 : where & SSL_ST_ACCEPT ? "accept"
189 : "undefined",
190 SSL_state_string_long(s));
191 }
192 else if (where & SSL_CB_ALERT)
193 {
194 dmsg(D_TLS_DEBUG_LOW, "%s %s SSL alert: %s", where & SSL_CB_READ ? "Received" : "Sent",
195 SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
196 }
197}
198
199/*
200 * Return maximum TLS version supported by local OpenSSL library.
201 * Assume that presence of SSL_OP_NO_TLSvX macro indicates that
202 * TLSvX is supported.
203 */
204int
205tls_version_max(void)
206{
207#if defined(TLS1_3_VERSION)
208 /* If this is defined we can safely assume TLS 1.3 support */
209 return TLS_VER_1_3;
210#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
211 /*
212 * If TLS_VER_1_3 is not defined, we were compiled against a version that
213 * did not support TLS 1.3.
214 *
215 * However, the library we are *linked* against might be OpenSSL 1.1.1
216 * and therefore supports TLS 1.3. This needs to be checked at runtime
217 * since we can be compiled against 1.1.0 and then the library can be
218 * upgraded to 1.1.1.
219 * We only need to check this for OpenSSL versions that can be
220 * upgraded to 1.1.1 without recompile (>= 1.1.0)
221 */
222 if (OpenSSL_version_num() >= 0x1010100fL)
223 {
224 return TLS_VER_1_3;
225 }
226 else
227 {
228 return TLS_VER_1_2;
229 }
230#elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2)
231 return TLS_VER_1_2;
232#elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1)
233 return TLS_VER_1_1;
234#else /* if defined(TLS1_3_VERSION) */
235 return TLS_VER_1_0;
236#endif
237}
238
240static uint16_t
241openssl_tls_version(unsigned int ver)
242{
243 if (ver == TLS_VER_1_0)
244 {
245 return TLS1_VERSION;
246 }
247 else if (ver == TLS_VER_1_1)
248 {
249 return TLS1_1_VERSION;
250 }
251 else if (ver == TLS_VER_1_2)
252 {
253 return TLS1_2_VERSION;
254 }
255 else if (ver == TLS_VER_1_3)
256 {
257 /*
258 * Supporting the library upgraded to TLS1.3 without recompile
259 * is enough to support here with a simple constant that the same
260 * as in the TLS 1.3, so spec it is very unlikely that OpenSSL
261 * will change this constant
262 */
263#ifndef TLS1_3_VERSION
264 /*
265 * We do not want to define TLS_VER_1_3 if not defined
266 * since other parts of the code use the existance of this macro
267 * as proxy for TLS 1.3 support
268 */
269 return 0x0304;
270#else
271 return TLS1_3_VERSION;
272#endif
273 }
274 return 0;
275}
276
277static bool
278tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
279{
280 uint16_t tls_ver_min =
281 openssl_tls_version((ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) & SSLF_TLS_VERSION_MIN_MASK);
282 uint16_t tls_ver_max =
283 openssl_tls_version((ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK);
284
285 if (!tls_ver_min)
286 {
287 /* Enforce at least TLS 1.0 */
288 uint16_t cur_min = (uint16_t)SSL_CTX_get_min_proto_version(ctx->ctx);
289 tls_ver_min = cur_min < TLS1_VERSION ? TLS1_VERSION : cur_min;
290 }
291
292 if (!SSL_CTX_set_min_proto_version(ctx->ctx, tls_ver_min))
293 {
294 msg(D_TLS_ERRORS, "%s: failed to set minimum TLS version", __func__);
295 return false;
296 }
297
298 if (tls_ver_max && !SSL_CTX_set_max_proto_version(ctx->ctx, tls_ver_max))
299 {
300 msg(D_TLS_ERRORS, "%s: failed to set maximum TLS version", __func__);
301 return false;
302 }
303
304 return true;
305}
306
307bool
308tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
309{
310 ASSERT(NULL != ctx);
311
312 /* process SSL options */
313 uint64_t sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET;
314#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
315 sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE;
316#endif
317 sslopt |= SSL_OP_NO_COMPRESSION;
318 /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL
319 * session and does not depend on this feature. And TLS renegotiations have
320 * been problematic in the past */
321#ifdef SSL_OP_NO_RENEGOTIATION
322 sslopt |= SSL_OP_NO_RENEGOTIATION;
323#endif
324
325 SSL_CTX_set_options(ctx->ctx, sslopt);
326
327 if (!tls_ctx_set_tls_versions(ctx, ssl_flags))
328 {
329 return false;
330 }
331
332#ifdef SSL_MODE_RELEASE_BUFFERS
333 SSL_CTX_set_mode(ctx->ctx, SSL_MODE_RELEASE_BUFFERS);
334#endif
335 SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_OFF);
336 SSL_CTX_set_default_passwd_cb(ctx->ctx, pem_password_callback);
337
338 /* Require peer certificate verification */
339 int verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
340 if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
341 {
342 verify_flags = 0;
343 }
344 else if (ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
345 {
346 verify_flags = SSL_VERIFY_PEER;
347 }
348 SSL_CTX_set_verify(ctx->ctx, verify_flags, verify_callback);
349
350 SSL_CTX_set_info_callback(ctx->ctx, info_callback);
351
352 return true;
353}
354
355static void
356convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
357{
358 /* Parse supplied cipher list and pass on to OpenSSL */
359 size_t begin_of_cipher, end_of_cipher;
360
361 const char *current_cipher;
362 size_t current_cipher_len;
363
364 const tls_cipher_name_pair *cipher_pair;
365
366 size_t openssl_ciphers_len = 0;
367 openssl_ciphers[0] = '\0';
368
369 /* Translate IANA cipher suite names to OpenSSL names */
370 begin_of_cipher = end_of_cipher = 0;
371 for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
372 {
373 end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
374 cipher_pair =
375 tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
376
377 if (NULL == cipher_pair)
378 {
379 /* No translation found, use original */
380 current_cipher = &ciphers[begin_of_cipher];
381 current_cipher_len = end_of_cipher - begin_of_cipher;
382
383 /* Issue warning on missing translation */
384 /* %.*s format specifier expects length of type int, so guarantee */
385 /* that length is small enough and cast to int. */
386 msg(D_LOW, "No valid translation found for TLS cipher '%.*s'",
387 constrain_int((int)current_cipher_len, 0, 256), current_cipher);
388 }
389 else
390 {
391 /* Use OpenSSL name */
392 current_cipher = cipher_pair->openssl_name;
393 current_cipher_len = strlen(current_cipher);
394
395 if (end_of_cipher - begin_of_cipher == current_cipher_len
396 && 0
397 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name,
398 end_of_cipher - begin_of_cipher))
399 {
400 /* Non-IANA name used, show warning */
401 msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'",
402 cipher_pair->openssl_name, cipher_pair->iana_name);
403 }
404 }
405
406 /* Make sure new cipher name fits in cipher string */
407 if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
408 || (len - 1) < (openssl_ciphers_len + current_cipher_len))
409 {
410 msg(M_FATAL, "Failed to set restricted TLS cipher list, too long (>%d).",
411 (int)(len - 1));
412 }
413
414 /* Concatenate cipher name to OpenSSL cipher string */
415 memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
416 openssl_ciphers_len += current_cipher_len;
417 openssl_ciphers[openssl_ciphers_len] = ':';
418 openssl_ciphers_len++;
419
420 end_of_cipher++;
421 }
422
423 if (openssl_ciphers_len > 0)
424 {
425 openssl_ciphers[openssl_ciphers_len - 1] = '\0';
426 }
427}
428
429void
430tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
431{
432 if (ciphers == NULL)
433 {
434 /* Use sane default TLS cipher list */
435 if (!SSL_CTX_set_cipher_list(
436 ctx->ctx,
437 /* Use openssl's default list as a basis */
438 "DEFAULT"
439 /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */
440 ":!EXP:!LOW:!MEDIUM"
441 /* Disable static (EC)DH keys (no forward secrecy) */
442 ":!kDH:!kECDH"
443 /* Disable DSA private keys */
444 ":!DSS"
445 /* Disable unsupported TLS modes */
446 ":!PSK:!SRP:!kRSA"))
447 {
448 crypto_msg(M_FATAL, "Failed to set default TLS cipher list.");
449 }
450 return;
451 }
452
453 char openssl_ciphers[4096];
454 convert_tls_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
455
456 ASSERT(NULL != ctx);
457
458 /* Set OpenSSL cipher list */
459 if (!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers))
460 {
461 crypto_msg(M_FATAL, "Failed to set restricted TLS cipher list: %s", openssl_ciphers);
462 }
463}
464
465static void
466convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
467{
468 /*
469 * OpenSSL (and official IANA) cipher names have _ in them. We
470 * historically used names with - in them. Silently convert names
471 * with - to names with _ to support both
472 */
473 if (strlen(ciphers) >= (len - 1))
474 {
475 msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list, too long (>%d).",
476 (int)(len - 1));
477 }
478
479 strncpy(openssl_ciphers, ciphers, len);
480
481 for (size_t i = 0; i < strlen(openssl_ciphers); i++)
482 {
483 if (openssl_ciphers[i] == '-')
484 {
485 openssl_ciphers[i] = '_';
486 }
487 }
488}
489
490void
491tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
492{
493 if (ciphers == NULL)
494 {
495 /* default cipher list of OpenSSL 1.1.1 is sane, do not set own
496 * default as we do with tls-cipher */
497 return;
498 }
499
500#if !defined(TLS1_3_VERSION)
501 crypto_msg(M_WARN,
502 "Not compiled with OpenSSL 1.1.1 or higher. "
503 "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
504 ciphers);
505#else
506 ASSERT(NULL != ctx);
507
508 char openssl_ciphers[4096];
509 convert_tls13_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
510
511 if (!SSL_CTX_set_ciphersuites(ctx->ctx, openssl_ciphers))
512 {
513 crypto_msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list: %s", openssl_ciphers);
514 }
515#endif
516}
517
518void
519tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
520{
521#if OPENSSL_VERSION_NUMBER > 0x10100000L \
522 && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3060000fL)
523 /* OpenSSL does not have certificate profiles, but a complex set of
524 * callbacks that we could try to implement to achieve something similar.
525 * For now, use OpenSSL's security levels to achieve similar (but not equal)
526 * behaviour. */
527 if (!profile || 0 == strcmp(profile, "legacy"))
528 {
529 SSL_CTX_set_security_level(ctx->ctx, 1);
530 }
531 else if (0 == strcmp(profile, "insecure"))
532 {
533 SSL_CTX_set_security_level(ctx->ctx, 0);
534 }
535 else if (0 == strcmp(profile, "preferred"))
536 {
537 SSL_CTX_set_security_level(ctx->ctx, 2);
538 }
539 else if (0 == strcmp(profile, "suiteb"))
540 {
541 SSL_CTX_set_security_level(ctx->ctx, 3);
542 SSL_CTX_set_cipher_list(ctx->ctx, "SUITEB128");
543 }
544 else
545 {
546 msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
547 }
548#else /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
549 if (profile)
550 {
551 msg(M_WARN,
552 "WARNING: OpenSSL 1.1.0 and LibreSSL do not support "
553 "--tls-cert-profile, ignoring user-set profile: '%s'",
554 profile);
555 }
556#endif /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
557}
558
559void
560tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
561{
562 ASSERT(ctx);
563#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(ENABLE_CRYPTO_WOLFSSL)
564 struct gc_arena gc = gc_new();
565 /* This method could be as easy as
566 * SSL_CTX_set1_groups_list(ctx->ctx, groups)
567 * but OpenSSL (< 3.0) does not like the name secp256r1 for prime256v1
568 * This is one of the important curves.
569 * To support the same name for OpenSSL and mbedTLS, we do
570 * this dance.
571 * Also note that the code is wrong in the presence of OpenSSL3 providers.
572 */
573
574 int groups_count = get_num_elements(groups, ':');
575
576 int *glist;
577 /* Allocate an array for them */
578 ALLOC_ARRAY_CLEAR_GC(glist, int, groups_count, &gc);
579
580 /* Parse allowed ciphers, getting IDs */
581 int glistlen = 0;
582 char *tmp_groups = string_alloc(groups, &gc);
583
584 const char *token;
585 while ((token = strsep(&tmp_groups, ":")))
586 {
587 if (streq(token, "secp256r1"))
588 {
589 token = "prime256v1";
590 }
591 int nid = OBJ_sn2nid(token);
592
593 if (nid == 0)
594 {
595 msg(M_WARN, "Warning unknown curve/group specified: %s", token);
596 }
597 else
598 {
599 glist[glistlen] = nid;
600 glistlen++;
601 }
602 }
603
604 if (!SSL_CTX_set1_groups(ctx->ctx, glist, glistlen))
605 {
606 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s", groups);
607 }
608 gc_free(&gc);
609#else /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
610 if (!SSL_CTX_set1_groups_list(ctx->ctx, groups))
611 {
612 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s", groups);
613 }
614#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
615}
616
617void
618tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
619{
620 int ret;
621 const X509 *cert;
622
623 ASSERT(ctx);
624
625 cert = SSL_CTX_get0_certificate(ctx->ctx);
626
627 if (cert == NULL)
628 {
629 return; /* Nothing to check if there is no certificate */
630 }
631
632 ret = X509_cmp_time(X509_get0_notBefore(cert), NULL);
633 if (ret == 0)
634 {
635 msg(D_TLS_DEBUG_MED, "Failed to read certificate notBefore field.");
636 }
637 if (ret > 0)
638 {
639 msg(M_WARN, "WARNING: Your certificate is not yet valid!");
640 }
641
642 ret = X509_cmp_time(X509_get0_notAfter(cert), NULL);
643 if (ret == 0)
644 {
645 msg(D_TLS_DEBUG_MED, "Failed to read certificate notAfter field.");
646 }
647 if (ret < 0)
648 {
649 msg(M_WARN, "WARNING: Your certificate has expired!");
650 }
651}
652
653void
654tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
655{
656 BIO *bio;
657
658 ASSERT(NULL != ctx);
659
660 if (dh_file_inline)
661 {
662 if (!(bio = BIO_new_mem_buf((char *)dh_file, -1)))
663 {
664 crypto_msg(M_FATAL, "Cannot open memory BIO for inline DH parameters");
665 }
666 }
667 else
668 {
669 /* Get Diffie Hellman Parameters */
670 if (!(bio = BIO_new_file(dh_file, "r")))
671 {
672 crypto_msg(M_FATAL, "Cannot open %s for DH parameters", dh_file);
673 }
674 }
675
676#if OPENSSL_VERSION_NUMBER >= 0x30000000L
677 EVP_PKEY *dh = PEM_read_bio_Parameters(bio, NULL);
678 BIO_free(bio);
679
680 if (!dh)
681 {
682 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
683 print_key_filename(dh_file, dh_file_inline));
684 }
685 if (!SSL_CTX_set0_tmp_dh_pkey(ctx->ctx, dh))
686 {
687 crypto_msg(M_FATAL, "SSL_CTX_set0_tmp_dh_pkey");
688 }
689
690 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", 8 * EVP_PKEY_get_size(dh));
691#else /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
692 DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
693 BIO_free(bio);
694
695 if (!dh)
696 {
697 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
698 print_key_filename(dh_file, dh_file_inline));
699 }
700 if (!SSL_CTX_set_tmp_dh(ctx->ctx, dh))
701 {
702 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_dh");
703 }
704
705 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", 8 * DH_size(dh));
706
707 DH_free(dh);
708#endif /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
709}
710
711void
712tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
713{
714#if OPENSSL_VERSION_NUMBER >= 0x30000000L
715 if (curve_name != NULL)
716 {
717 msg(M_WARN, "WARNING: OpenSSL 3.0+ builds do not support specifying an "
718 "ECDH curve with --ecdh-curve, using default curves. Use "
719 "--tls-groups to specify groups.");
720 }
721#elif !defined(OPENSSL_NO_EC)
722 int nid = NID_undef;
723 EC_KEY *ecdh = NULL;
724 const char *sname = NULL;
725
726 /* Generate a new ECDH key for each SSL session (for non-ephemeral ECDH) */
727 SSL_CTX_set_options(ctx->ctx, SSL_OP_SINGLE_ECDH_USE);
728
729 if (curve_name != NULL)
730 {
731 /* Use user supplied curve if given */
732 msg(D_TLS_DEBUG, "Using user specified ECDH curve (%s)", curve_name);
733 nid = OBJ_sn2nid(curve_name);
734 }
735 else
736 {
737 return;
738 }
739
740 /* Translate NID back to name , just for kicks */
741 sname = OBJ_nid2sn(nid);
742 if (sname == NULL)
743 {
744 sname = "(Unknown)";
745 }
746
747 /* Create new EC key and set as ECDH key */
748 if (NID_undef == nid || NULL == (ecdh = EC_KEY_new_by_curve_name(nid)))
749 {
750 /* Creating key failed, fall back on sane default */
751 ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
752 const char *source =
753 (NULL == curve_name) ? "extract curve from certificate" : "use supplied curve";
754 msg(D_TLS_DEBUG_LOW, "Failed to %s (%s), using secp384r1 instead.", source, sname);
755 sname = OBJ_nid2sn(NID_secp384r1);
756 }
757
758 if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
759 {
760 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_ecdh: cannot add curve");
761 }
762
763 msg(D_TLS_DEBUG_LOW, "ECDH curve %s added", sname);
764
765 EC_KEY_free(ecdh);
766#else /* ifndef OPENSSL_NO_EC */
767 msg(D_LOW, "Your OpenSSL library was built without elliptic curve support."
768 " Skipping ECDH parameter loading.");
769#endif /* OPENSSL_NO_EC */
770}
771
772#if defined(HAVE_OPENSSL_STORE_API)
778static int
779ui_reader(UI *ui, UI_STRING *uis)
780{
781 SSL_CTX *ctx = UI_get0_user_data(ui);
782
783 if (UI_get_string_type(uis) == UIT_PROMPT)
784 {
785 const char *prompt = UI_get0_output_string(uis);
786
787 /* If pkcs#11 Use custom prompt similar to pkcs11-helper */
788 if (strstr(prompt, "PKCS#11"))
789 {
790 struct user_pass up;
791 CLEAR(up);
792 get_user_pass(&up, NULL, "PKCS#11 token",
793 GET_USER_PASS_MANAGEMENT | GET_USER_PASS_PASSWORD_ONLY);
794 UI_set_result(ui, uis, up.password);
795 purge_user_pass(&up, true);
796 }
797 else /* use our generic 'Private Key' passphrase callback */
798 {
799 char password[64];
800 pem_password_cb *cb = SSL_CTX_get_default_passwd_cb(ctx);
801 void *d = SSL_CTX_get_default_passwd_cb_userdata(ctx);
802
803 cb(password, sizeof(password), 0, d);
804 UI_set_result(ui, uis, password);
805 secure_memzero(password, sizeof(password));
806 }
807
808 return 1;
809 }
810 return 0;
811}
812
813static void
814clear_ossl_store_error(OSSL_STORE_CTX *store_ctx)
815{
816 if (OSSL_STORE_error(store_ctx))
817 {
818 ERR_clear_error();
819 }
820}
821#endif /* defined(HAVE_OPENSSL_STORE_API) */
822
831static void *
832load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
833{
834 EVP_PKEY *pkey = NULL;
835
836#if !defined(HAVE_OPENSSL_STORE_API)
837
838 /* Treat the uri as file name */
839 BIO *in = BIO_new_file(uri, "r");
840 if (!in)
841 {
842 return NULL;
843 }
844 pkey = PEM_read_bio_PrivateKey(in, NULL, SSL_CTX_get_default_passwd_cb(ssl_ctx),
845 SSL_CTX_get_default_passwd_cb_userdata(ssl_ctx));
846 BIO_free(in);
847
848#else /* defined(HAVE_OPENSSL_STORE_API) */
849
850 OSSL_STORE_CTX *store_ctx = NULL;
851 OSSL_STORE_INFO *info = NULL;
852
853 UI_METHOD *ui_method = UI_create_method("openvpn");
854 if (!ui_method)
855 {
856 msg(M_WARN, "OpenSSL UI creation failed");
857 return NULL;
858 }
859 UI_method_set_reader(ui_method, ui_reader);
860
861 store_ctx = OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, ssl_ctx, NULL, NULL, NULL);
862 if (!store_ctx)
863 {
864 goto end;
865 }
866 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_PKEY) != 1)
867 {
868 goto end;
869 }
870 while (1)
871 {
872 info = OSSL_STORE_load(store_ctx);
873 if (info || OSSL_STORE_eof(store_ctx))
874 {
875 break;
876 }
877 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
878 * ref: man OPENSSL_STORE_open
879 * Clear error and recurse through the file if info = NULL and eof not reached
880 */
881 clear_ossl_store_error(store_ctx);
882 }
883 if (!info)
884 {
885 goto end;
886 }
887 pkey = OSSL_STORE_INFO_get1_PKEY(info);
888 OSSL_STORE_INFO_free(info);
889 msg(D_TLS_DEBUG_MED, "Found pkey in store using URI: %s", uri);
890
891end:
892 OSSL_STORE_close(store_ctx);
893 UI_destroy_method(ui_method);
894
895#endif /* defined(HAVE_OPENSSL_STORE_API) */
896
897 return pkey;
898}
899
900int
901tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline,
902 bool load_ca_file)
903{
904 FILE *fp;
905 EVP_PKEY *pkey;
906 X509 *cert;
907 STACK_OF(X509) *ca = NULL;
908 PKCS12 *p12;
909 int i;
910 char password[256];
911
912 ASSERT(NULL != ctx);
913
914 if (pkcs12_file_inline)
915 {
916 BIO *b64 = BIO_new(BIO_f_base64());
917 BIO *bio = BIO_new_mem_buf((void *)pkcs12_file, (int)strlen(pkcs12_file));
918 ASSERT(b64 && bio);
919 BIO_push(b64, bio);
920 p12 = d2i_PKCS12_bio(b64, NULL);
921 if (!p12)
922 {
923 crypto_msg(M_FATAL, "Error reading inline PKCS#12 file");
924 }
925 BIO_free(b64);
926 BIO_free(bio);
927 }
928 else
929 {
930 /* Load the PKCS #12 file */
931 if (!(fp = platform_fopen(pkcs12_file, "rb")))
932 {
933 crypto_msg(M_FATAL, "Error opening file %s", pkcs12_file);
934 }
935 p12 = d2i_PKCS12_fp(fp, NULL);
936 fclose(fp);
937 if (!p12)
938 {
939 crypto_msg(M_FATAL, "Error reading PKCS#12 file %s", pkcs12_file);
940 }
941 }
942
943 /* Parse the PKCS #12 file */
944 if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
945 {
946 pem_password_callback(password, sizeof(password) - 1, 0, NULL);
947 /* Reparse the PKCS #12 file with password */
948 ca = NULL;
949 if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
950 {
951 crypto_msg(M_WARN, "Decoding PKCS12 failed. Probably wrong password "
952 "or unsupported/legacy encryption");
953#ifdef ENABLE_MANAGEMENT
954 if (management && (ERR_GET_REASON(ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
955 {
956 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
957 }
958#endif
959 PKCS12_free(p12);
960 return 1;
961 }
962 }
963 PKCS12_free(p12);
964
965 /* Load Certificate */
966 if (!SSL_CTX_use_certificate(ctx->ctx, cert))
967 {
968 crypto_print_openssl_errors(M_WARN);
969 crypto_msg(M_FATAL, "Cannot use certificate");
970 }
971
972 /* Load Private Key */
973 if (!SSL_CTX_use_PrivateKey(ctx->ctx, pkey))
974 {
975 crypto_msg(M_FATAL, "Cannot use private key");
976 }
977
978 /* Check Private Key */
979 if (!SSL_CTX_check_private_key(ctx->ctx))
980 {
981 crypto_msg(M_FATAL, "Private key does not match the certificate");
982 }
983
984 /* Set Certificate Verification chain */
985 if (load_ca_file)
986 {
987 /* Add CAs from PKCS12 to the cert store and mark them as trusted.
988 * They're also used to fill in the chain of intermediate certs as
989 * necessary.
990 */
991 if (ca && sk_X509_num(ca))
992 {
993 for (i = 0; i < sk_X509_num(ca); i++)
994 {
995 X509_STORE *cert_store = SSL_CTX_get_cert_store(ctx->ctx);
996 if (!X509_STORE_add_cert(cert_store, sk_X509_value(ca, i)))
997 {
998 crypto_msg(M_FATAL,
999 "Cannot add certificate to certificate chain (X509_STORE_add_cert)");
1000 }
1001 if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))
1002 {
1003 crypto_msg(M_FATAL,
1004 "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
1005 }
1006 }
1007 }
1008 }
1009 else
1010 {
1011 /* If trusted CA certs were loaded from a PEM file, and we ignore the
1012 * ones in PKCS12, do load PKCS12-provided certs to the client extra
1013 * certs chain just in case they include intermediate CAs needed to
1014 * prove my identity to the other end. This does not make them trusted.
1015 */
1016 if (ca && sk_X509_num(ca))
1017 {
1018 for (i = 0; i < sk_X509_num(ca); i++)
1019 {
1020 if (!SSL_CTX_add_extra_chain_cert(ctx->ctx, sk_X509_value(ca, i)))
1021 {
1022 crypto_msg(
1023 M_FATAL,
1024 "Cannot add extra certificate to chain (SSL_CTX_add_extra_chain_cert)");
1025 }
1026 }
1027 }
1028 }
1029 return 0;
1030}
1031
1032#ifdef ENABLE_CRYPTOAPI
1033void
1034tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
1035{
1036 ASSERT(NULL != ctx);
1037
1038 /* Load Certificate and Private Key */
1039 if (!SSL_CTX_use_CryptoAPI_certificate(ctx->ctx, cryptoapi_cert))
1040 {
1041 crypto_msg(M_FATAL, "Cannot load certificate \"%s\" from Microsoft Certificate Store",
1042 cryptoapi_cert);
1043 }
1044}
1045#endif /* ENABLE_CRYPTOAPI */
1046
1047static void
1048tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
1049{
1050 X509 *cert;
1051 while (true)
1052 {
1053 cert = NULL;
1054 if (!PEM_read_bio_X509(bio, &cert, NULL, NULL))
1055 {
1056 /* a PEM_R_NO_START_LINE "Error" indicates that no certificate
1057 * is found in the buffer. If loading more certificates is
1058 * optional, break without raising an error
1059 */
1060 if (optional && ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
1061 {
1062 /* remove that error from error stack */
1063 (void)ERR_get_error();
1064 break;
1065 }
1066
1067 /* Otherwise, bail out with error */
1068 crypto_msg(M_FATAL, "Error reading extra certificate");
1069 }
1070 /* takes ownership of cert like a set1 method */
1071 if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
1072 {
1073 crypto_msg(M_FATAL, "Error adding extra certificate");
1074 }
1075 /* We loaded at least one certificate, so loading more is optional */
1076 optional = true;
1077 }
1078}
1079
1080static bool
1081cert_uri_supported(void)
1082{
1083#if defined(HAVE_OPENSSL_STORE_API)
1084 return 1;
1085#else
1086 return 0;
1087#endif
1088}
1089
1090static void
1091tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
1092{
1093#if defined(HAVE_OPENSSL_STORE_API)
1094 X509 *x = NULL;
1095 int ret = 0;
1096 OSSL_STORE_CTX *store_ctx = NULL;
1097 OSSL_STORE_INFO *info = NULL;
1098
1099 ASSERT(NULL != tls_ctx);
1100
1101 UI_METHOD *ui_method = UI_create_method("openvpn");
1102 if (!ui_method)
1103 {
1104 msg(M_WARN, "OpenSSL UI method creation failed");
1105 goto end;
1106 }
1107 UI_method_set_reader(ui_method, ui_reader);
1108
1109 store_ctx =
1110 OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, tls_ctx->ctx, NULL, NULL, NULL);
1111 if (!store_ctx)
1112 {
1113 goto end;
1114 }
1115 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_CERT) != 1)
1116 {
1117 goto end;
1118 }
1119
1120 while (1)
1121 {
1122 info = OSSL_STORE_load(store_ctx);
1123 if (info || OSSL_STORE_eof(store_ctx))
1124 {
1125 break;
1126 }
1127 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
1128 * ref: man OPENSSL_STORE_open
1129 * Clear error and recurse through the file if info = NULL and eof not reached.
1130 */
1131 clear_ossl_store_error(store_ctx);
1132 }
1133 if (!info)
1134 {
1135 goto end;
1136 }
1137
1138 x = OSSL_STORE_INFO_get0_CERT(info);
1139 if (x == NULL)
1140 {
1141 goto end;
1142 }
1143 msg(D_TLS_DEBUG_MED, "Found cert in store using URI: %s", uri);
1144
1145 ret = SSL_CTX_use_certificate(tls_ctx->ctx, x);
1146 if (!ret)
1147 {
1148 goto end;
1149 }
1150 OSSL_STORE_INFO_free(info);
1151 info = NULL;
1152
1153 /* iterate through the store and add extra certificates if any to the chain */
1154 while (!OSSL_STORE_eof(store_ctx))
1155 {
1156 info = OSSL_STORE_load(store_ctx);
1157 if (!info)
1158 {
1159 clear_ossl_store_error(store_ctx);
1160 continue;
1161 }
1162 x = OSSL_STORE_INFO_get1_CERT(info);
1163 if (x && SSL_CTX_add_extra_chain_cert(tls_ctx->ctx, x) != 1)
1164 {
1165 X509_free(x);
1166 crypto_msg(M_FATAL, "Error adding extra certificate");
1167 break;
1168 }
1169 OSSL_STORE_INFO_free(info);
1170 info = NULL;
1171 }
1172
1173end:
1174 if (!ret)
1175 {
1176 crypto_print_openssl_errors(M_WARN);
1177 crypto_msg(M_FATAL, "Cannot load certificate from URI <%s>", uri);
1178 }
1179 else
1180 {
1181 crypto_print_openssl_errors(M_DEBUG);
1182 }
1183
1184 UI_destroy_method(ui_method);
1185 OSSL_STORE_INFO_free(info);
1186 OSSL_STORE_close(store_ctx);
1187#else /* defined(HAVE_OPENSSL_STORE_API */
1188 ASSERT(0);
1189#endif /* defined(HAVE_OPENSSL_STORE_API */
1190}
1191
1192static void
1193tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
1194{
1195 BIO *in = NULL;
1196 X509 *x = NULL;
1197 int ret = 0;
1198
1199 ASSERT(NULL != ctx);
1200
1201 if (cert_file_inline)
1202 {
1203 in = BIO_new_mem_buf((char *)cert_file, -1);
1204 }
1205 else
1206 {
1207 in = BIO_new_file((char *)cert_file, "r");
1208 }
1209
1210 if (in == NULL)
1211 {
1212 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
1213 goto end;
1214 }
1215
1216 x = PEM_read_bio_X509(in, NULL, SSL_CTX_get_default_passwd_cb(ctx->ctx),
1217 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1218 if (x == NULL)
1219 {
1220 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
1221 goto end;
1222 }
1223
1224 ret = SSL_CTX_use_certificate(ctx->ctx, x);
1225 if (ret)
1226 {
1227 tls_ctx_add_extra_certs(ctx, in, true);
1228 }
1229
1230end:
1231 if (!ret)
1232 {
1233 crypto_print_openssl_errors(M_WARN);
1234 if (cert_file_inline)
1235 {
1236 crypto_msg(M_FATAL, "Cannot load inline certificate file");
1237 }
1238 else
1239 {
1240 crypto_msg(M_FATAL, "Cannot load certificate file %s", cert_file);
1241 }
1242 }
1243 else
1244 {
1245 crypto_print_openssl_errors(M_DEBUG);
1246 }
1247
1248 BIO_free(in);
1249 X509_free(x);
1250}
1251
1252void
1253tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
1254{
1255 if (cert_uri_supported() && !cert_file_inline)
1256 {
1257 tls_ctx_load_cert_uri(ctx, cert_file);
1258 }
1259 else
1260 {
1261 tls_ctx_load_cert_pem_file(ctx, cert_file, cert_file_inline);
1262 }
1263}
1264
1265int
1266tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
1267 bool priv_key_file_inline)
1268{
1269 SSL_CTX *ssl_ctx = NULL;
1270 BIO *in = NULL;
1271 EVP_PKEY *pkey = NULL;
1272 int ret = 1;
1273
1274 ASSERT(NULL != ctx);
1275
1276 ssl_ctx = ctx->ctx;
1277
1278 if (priv_key_file_inline)
1279 {
1280 in = BIO_new_mem_buf((char *)priv_key_file, -1);
1281 if (in == NULL)
1282 {
1283 goto end;
1284 }
1285 pkey = PEM_read_bio_PrivateKey(in, NULL, SSL_CTX_get_default_passwd_cb(ctx->ctx),
1286 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1287 }
1288 else
1289 {
1290 pkey = load_pkey_from_uri(priv_key_file, ssl_ctx);
1291 }
1292
1293 if (!pkey || !SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1294 {
1295#ifdef ENABLE_MANAGEMENT
1296 if (management && (ERR_GET_REASON(ERR_peek_error()) == EVP_R_BAD_DECRYPT))
1297 {
1298 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
1299 }
1300#endif
1301 crypto_msg(M_WARN, "Cannot load private key file %s",
1302 print_key_filename(priv_key_file, priv_key_file_inline));
1303 goto end;
1304 }
1305
1306 /* Check Private Key */
1307 if (!SSL_CTX_check_private_key(ssl_ctx))
1308 {
1309 crypto_msg(M_FATAL, "Private key does not match the certificate");
1310 }
1311 ret = 0;
1312
1313end:
1314 EVP_PKEY_free(pkey);
1315 BIO_free(in);
1316 return ret;
1317}
1318
1319void
1320backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
1321{
1322 BIO *in = NULL;
1323
1324 X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx->ctx);
1325 if (!store)
1326 {
1327 crypto_msg(M_FATAL, "Cannot get certificate store");
1328 }
1329
1330 /* Always start with a cleared CRL list, for that we
1331 * we need to manually find the CRL object from the stack
1332 * and remove it */
1333 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
1334 for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
1335 {
1336 X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
1337 ASSERT(obj);
1338 if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
1339 {
1340 sk_X509_OBJECT_delete(objs, i);
1341 X509_OBJECT_free(obj);
1342 }
1343 }
1344
1345 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1346
1347 if (crl_inline)
1348 {
1349 in = BIO_new_mem_buf((char *)crl_file, -1);
1350 }
1351 else
1352 {
1353 in = BIO_new_file(crl_file, "r");
1354 }
1355
1356 if (in == NULL)
1357 {
1358 msg(M_WARN, "CRL: cannot read: %s", print_key_filename(crl_file, crl_inline));
1359 goto end;
1360 }
1361
1362 int num_crls_loaded = 0;
1363 while (true)
1364 {
1365 X509_CRL *crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
1366 if (crl == NULL)
1367 {
1368 /*
1369 * PEM_R_NO_START_LINE can be considered equivalent to EOF.
1370 */
1371 bool eof = ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE;
1372 /* but warn if no CRLs have been loaded */
1373 if (num_crls_loaded > 0 && eof)
1374 {
1375 /* remove that error from error stack */
1376 (void)ERR_get_error();
1377 break;
1378 }
1379
1380 crypto_msg(M_WARN, "CRL: cannot read CRL from file %s",
1381 print_key_filename(crl_file, crl_inline));
1382 break;
1383 }
1384
1385 if (!X509_STORE_add_crl(store, crl))
1386 {
1387 X509_CRL_free(crl);
1388 crypto_msg(M_WARN, "CRL: cannot add %s to store",
1389 print_key_filename(crl_file, crl_inline));
1390 break;
1391 }
1392 X509_CRL_free(crl);
1393 num_crls_loaded++;
1394 }
1395 msg(M_INFO, "CRL: loaded %d CRLs from file %s", num_crls_loaded, crl_file);
1396end:
1397 BIO_free(in);
1398}
1399
1400
1401#if defined(ENABLE_MANAGEMENT) && !defined(HAVE_XKEY_PROVIDER)
1402
1403/* encrypt */
1404static int
1405rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1406{
1407 ASSERT(0);
1408 return -1;
1409}
1410
1411/* verify arbitrary data */
1412static int
1413rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1414{
1415 ASSERT(0);
1416 return -1;
1417}
1418
1419/* decrypt */
1420static int
1421rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1422{
1423 ASSERT(0);
1424 return -1;
1425}
1426
1427/* called at RSA_free */
1428static int
1429openvpn_extkey_rsa_finish(RSA *rsa)
1430{
1431 /* meth was allocated in tls_ctx_use_management_external_key() ; since
1432 * this function is called when the parent RSA object is destroyed,
1433 * it is no longer used after this point so kill it. */
1434 const RSA_METHOD *meth = RSA_get_method(rsa);
1435 RSA_meth_free((RSA_METHOD *)meth);
1436 return 1;
1437}
1438
1439/*
1440 * Convert OpenSSL's constant to the strings used in the management
1441 * interface query
1442 */
1443const char *
1444get_rsa_padding_name(const int padding)
1445{
1446 switch (padding)
1447 {
1448 case RSA_PKCS1_PADDING:
1449 return "RSA_PKCS1_PADDING";
1450
1451 case RSA_NO_PADDING:
1452 return "RSA_NO_PADDING";
1453
1454 default:
1455 return "UNKNOWN";
1456 }
1457}
1458
1470static int
1471get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig,
1472 unsigned int siglen, const char *algorithm)
1473{
1474 char *in_b64 = NULL;
1475 char *out_b64 = NULL;
1476 int len = -1;
1477
1478 int bencret = openvpn_base64_encode(dgst, dgstlen, &in_b64);
1479
1480 if (management && bencret > 0)
1481 {
1482 out_b64 = management_query_pk_sig(management, in_b64, algorithm);
1483 }
1484 if (out_b64)
1485 {
1486 len = openvpn_base64_decode(out_b64, sig, siglen);
1487 }
1488
1489 free(in_b64);
1490 free(out_b64);
1491 return len;
1492}
1493
1494/* sign arbitrary data */
1495static int
1496rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1497{
1498 unsigned int len = RSA_size(rsa);
1499 int ret = -1;
1500
1501 if (padding != RSA_PKCS1_PADDING && padding != RSA_NO_PADDING)
1502 {
1503 RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
1504 return -1;
1505 }
1506
1507 ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name(padding));
1508
1509 return (ret == len) ? ret : -1;
1510}
1511
1512static int
1513tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1514{
1515 RSA *rsa = NULL;
1516 RSA_METHOD *rsa_meth;
1517
1518 ASSERT(NULL != ctx);
1519
1520 const RSA *pub_rsa = EVP_PKEY_get0_RSA(pkey);
1521 ASSERT(NULL != pub_rsa);
1522
1523 /* allocate custom RSA method object */
1524 rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method", RSA_METHOD_FLAG_NO_CHECK);
1525 check_malloc_return(rsa_meth);
1526 RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc);
1527 RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec);
1528 RSA_meth_set_priv_enc(rsa_meth, rsa_priv_enc);
1529 RSA_meth_set_priv_dec(rsa_meth, rsa_priv_dec);
1530 RSA_meth_set_init(rsa_meth, NULL);
1531 RSA_meth_set_finish(rsa_meth, openvpn_extkey_rsa_finish);
1532 RSA_meth_set0_app_data(rsa_meth, NULL);
1533
1534 /* allocate RSA object */
1535 rsa = RSA_new();
1536 if (rsa == NULL)
1537 {
1538 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
1539 goto err;
1540 }
1541
1542 /* initialize RSA object */
1543 const BIGNUM *n = NULL;
1544 const BIGNUM *e = NULL;
1545 RSA_get0_key(pub_rsa, &n, &e, NULL);
1546 RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL);
1547 RSA_set_flags(rsa, RSA_flags(rsa) | RSA_FLAG_EXT_PKEY);
1548 if (!RSA_set_method(rsa, rsa_meth))
1549 {
1550 RSA_meth_free(rsa_meth);
1551 goto err;
1552 }
1553 /* from this point rsa_meth will get freed with rsa */
1554
1555 /* bind our custom RSA object to ssl_ctx */
1556 if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
1557 {
1558 goto err;
1559 }
1560
1561 RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
1562 return 1;
1563
1564err:
1565 if (rsa)
1566 {
1567 RSA_free(rsa);
1568 }
1569 else if (rsa_meth)
1570 {
1571 RSA_meth_free(rsa_meth);
1572 }
1573 return 0;
1574}
1575
1576#if !defined(OPENSSL_NO_EC)
1577
1578/* called when EC_KEY is destroyed */
1579static void
1580openvpn_extkey_ec_finish(EC_KEY *ec)
1581{
1582 /* release the method structure */
1583 const EC_KEY_METHOD *ec_meth = EC_KEY_get_method(ec);
1584 EC_KEY_METHOD_free((EC_KEY_METHOD *)ec_meth);
1585}
1586
1587/* EC_KEY_METHOD callback: sign().
1588 * Sign the hash using EC key and return DER encoded signature in sig,
1589 * its length in siglen. Return value is 1 on success, 0 on error.
1590 */
1591static int
1592ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig,
1593 unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
1594{
1595 int capacity = ECDSA_size(ec);
1596 /*
1597 * ECDSA does not seem to have proper constants for paddings since
1598 * there are only signatures without padding at the moment, use
1599 * a generic ECDSA for the moment
1600 */
1601 int len = get_sig_from_man(dgst, dgstlen, sig, capacity, "ECDSA");
1602
1603 if (len > 0)
1604 {
1605 *siglen = len;
1606 return 1;
1607 }
1608 return 0;
1609}
1610
1611/* EC_KEY_METHOD callback: sign_setup(). We do no precomputations */
1612static int
1613ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
1614{
1615 return 1;
1616}
1617
1618/* EC_KEY_METHOD callback: sign_sig().
1619 * Sign the hash and return the result as a newly allocated ECDS_SIG
1620 * struct or NULL on error.
1621 */
1622static ECDSA_SIG *
1623ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv, const BIGNUM *in_r,
1624 EC_KEY *ec)
1625{
1626 ECDSA_SIG *ecsig = NULL;
1627 unsigned int len = ECDSA_size(ec);
1628 struct gc_arena gc = gc_new();
1629
1630 unsigned char *buf = gc_malloc(len, false, &gc);
1631 if (ecdsa_sign(0, dgst, dgstlen, buf, &len, NULL, NULL, ec) != 1)
1632 {
1633 goto out;
1634 }
1635 /* const char ** should be avoided: not up to us, so we cast our way through */
1636 ecsig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&buf, len);
1637
1638out:
1639 gc_free(&gc);
1640 return ecsig;
1641}
1642
1643static int
1644tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1645{
1646 EC_KEY *ec = NULL;
1647 EVP_PKEY *privkey = NULL;
1648 EC_KEY_METHOD *ec_method;
1649
1650 ASSERT(ctx);
1651
1652 ec_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
1653 if (!ec_method)
1654 {
1655 goto err;
1656 }
1657
1658 /* Among init methods, we only need the finish method */
1659 EC_KEY_METHOD_set_init(ec_method, NULL, openvpn_extkey_ec_finish, NULL, NULL, NULL, NULL);
1660#ifdef OPENSSL_IS_AWSLC
1661 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, NULL, ecdsa_sign_sig);
1662#else
1663 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, ecdsa_sign_setup, ecdsa_sign_sig);
1664#endif
1665
1666 ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pkey));
1667 if (!ec)
1668 {
1669 EC_KEY_METHOD_free(ec_method);
1670 goto err;
1671 }
1672 if (!EC_KEY_set_method(ec, ec_method))
1673 {
1674 EC_KEY_METHOD_free(ec_method);
1675 goto err;
1676 }
1677 /* from this point ec_method will get freed when ec is freed */
1678
1679 privkey = EVP_PKEY_new();
1680 if (!EVP_PKEY_assign_EC_KEY(privkey, ec))
1681 {
1682 goto err;
1683 }
1684 /* from this point ec will get freed when privkey is freed */
1685
1686 if (!SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1687 {
1688 ec = NULL; /* avoid double freeing it below */
1689 goto err;
1690 }
1691
1692 EVP_PKEY_free(privkey); /* this will down ref privkey and ec */
1693 return 1;
1694
1695err:
1696 /* Reach here only when ec and privkey can be independenly freed */
1697 EVP_PKEY_free(privkey);
1698 EC_KEY_free(ec);
1699 return 0;
1700}
1701#endif /* !defined(OPENSSL_NO_EC) */
1702#endif /* ENABLE_MANAGEMENT && !HAVE_XKEY_PROVIDER */
1703
1704#ifdef ENABLE_MANAGEMENT
1705int
1706tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
1707{
1708 int ret = 1;
1709
1710 ASSERT(NULL != ctx);
1711
1712 X509 *cert = SSL_CTX_get0_certificate(ctx->ctx);
1713
1714 ASSERT(NULL != cert);
1715
1716 /* get the public key */
1717 EVP_PKEY *pkey = X509_get0_pubkey(cert);
1718 ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */
1719
1720#ifdef HAVE_XKEY_PROVIDER
1721 EVP_PKEY *privkey = xkey_load_management_key(tls_libctx, pkey);
1722 if (!privkey || !SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1723 {
1724 EVP_PKEY_free(privkey);
1725 goto cleanup;
1726 }
1727 EVP_PKEY_free(privkey);
1728#else /* ifdef HAVE_XKEY_PROVIDER */
1729#if OPENSSL_VERSION_NUMBER < 0x30000000L
1730 if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
1731#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1732 if (EVP_PKEY_is_a(pkey, "RSA"))
1733#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1734 {
1735 if (!tls_ctx_use_external_rsa_key(ctx, pkey))
1736 {
1737 goto cleanup;
1738 }
1739 }
1740#if !defined(OPENSSL_NO_EC)
1741#if OPENSSL_VERSION_NUMBER < 0x30000000L
1742 else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
1743#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1744 else if (EVP_PKEY_is_a(pkey, "EC"))
1745#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1746 {
1747 if (!tls_ctx_use_external_ec_key(ctx, pkey))
1748 {
1749 goto cleanup;
1750 }
1751 }
1752 else
1753 {
1754 crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate");
1755 goto cleanup;
1756 }
1757#else /* !defined(OPENSSL_NO_EC) */
1758 else
1759 {
1760 crypto_msg(M_WARN, "management-external-key requires an RSA certificate");
1761 goto cleanup;
1762 }
1763#endif /* !defined(OPENSSL_NO_EC) */
1764
1765#endif /* HAVE_XKEY_PROVIDER */
1766
1767 ret = 0;
1768cleanup:
1769 if (ret)
1770 {
1771 crypto_msg(M_FATAL, "Cannot enable SSL external private key capability");
1772 }
1773 return ret;
1774}
1775
1776#endif /* ifdef ENABLE_MANAGEMENT */
1777
1778static int
1779sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
1780{
1781 return X509_NAME_cmp(*a, *b);
1782}
1783
1784void
1785tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline,
1786 const char *ca_path, bool tls_server)
1787{
1788 STACK_OF(X509_INFO) *info_stack = NULL;
1789 STACK_OF(X509_NAME) *cert_names = NULL;
1790 X509_LOOKUP *lookup = NULL;
1791 X509_STORE *store = NULL;
1792 X509_NAME *xn = NULL;
1793 BIO *in = NULL;
1794 int i, added = 0, prev = 0;
1795
1796 ASSERT(NULL != ctx);
1797
1798 store = SSL_CTX_get_cert_store(ctx->ctx);
1799 if (!store)
1800 {
1801 crypto_msg(M_FATAL, "Cannot get certificate store");
1802 }
1803
1804 /* Try to add certificates and CRLs from ca_file */
1805 if (ca_file)
1806 {
1807 if (ca_file_inline)
1808 {
1809 in = BIO_new_mem_buf((char *)ca_file, -1);
1810 }
1811 else
1812 {
1813 in = BIO_new_file(ca_file, "r");
1814 }
1815
1816 if (in)
1817 {
1818 info_stack = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
1819 }
1820
1821 if (info_stack)
1822 {
1823 for (i = 0; i < sk_X509_INFO_num(info_stack); i++)
1824 {
1825 X509_INFO *info = sk_X509_INFO_value(info_stack, i);
1826 if (info->crl)
1827 {
1828 X509_STORE_add_crl(store, info->crl);
1829 }
1830
1831 if (tls_server && !info->x509)
1832 {
1833 crypto_msg(M_FATAL, "X509 name was missing in TLS mode");
1834 }
1835
1836 if (info->x509)
1837 {
1838 X509_STORE_add_cert(store, info->x509);
1839 added++;
1840
1841 if (!tls_server)
1842 {
1843 continue;
1844 }
1845
1846 /* Use names of CAs as a client CA list */
1847 if (cert_names == NULL)
1848 {
1849 cert_names = sk_X509_NAME_new(sk_x509_name_cmp);
1850 if (!cert_names)
1851 {
1852 continue;
1853 }
1854 }
1855
1856 xn = X509_get_subject_name(info->x509);
1857 if (!xn)
1858 {
1859 continue;
1860 }
1861
1862 /* Don't add duplicate CA names */
1863 if (sk_X509_NAME_find(cert_names, xn) == -1)
1864 {
1865 xn = X509_NAME_dup(xn);
1866 if (!xn)
1867 {
1868 continue;
1869 }
1870 sk_X509_NAME_push(cert_names, xn);
1871 }
1872 }
1873
1874 if (tls_server)
1875 {
1876 int cnum = sk_X509_NAME_num(cert_names);
1877 if (cnum != (prev + 1))
1878 {
1879 crypto_msg(M_WARN,
1880 "Cannot load CA certificate file %s (entry %d did not validate)",
1881 print_key_filename(ca_file, ca_file_inline), added);
1882 }
1883 prev = cnum;
1884 }
1885 }
1886 sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
1887 }
1888 int cnum;
1889 if (tls_server)
1890 {
1891 cnum = sk_X509_NAME_num(cert_names);
1892 SSL_CTX_set_client_CA_list(ctx->ctx, cert_names);
1893 }
1894
1895 if (!added)
1896 {
1897 crypto_msg(M_FATAL, "Cannot load CA certificate file %s (no entries were read)",
1898 print_key_filename(ca_file, ca_file_inline));
1899 }
1900
1901 if (tls_server)
1902 {
1903 if (cnum != added)
1904 {
1905 crypto_msg(M_FATAL,
1906 "Cannot load CA certificate file %s (only %d "
1907 "of %d entries were valid X509 names)",
1908 print_key_filename(ca_file, ca_file_inline), cnum, added);
1909 }
1910 }
1911
1912 BIO_free(in);
1913 }
1914
1915 /* Set a store for certs (CA & CRL) with a lookup on the "capath" hash directory */
1916 if (ca_path)
1917 {
1918 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
1919 if (lookup && X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM))
1920 {
1921 msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);
1922 }
1923 else
1924 {
1925 crypto_msg(M_FATAL, "Cannot add lookup at --capath %s", ca_path);
1926 }
1927 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1928 }
1929}
1930
1931void
1932tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
1933 bool extra_certs_file_inline)
1934{
1935 BIO *in;
1936 if (extra_certs_file_inline)
1937 {
1938 in = BIO_new_mem_buf((char *)extra_certs_file, -1);
1939 }
1940 else
1941 {
1942 in = BIO_new_file(extra_certs_file, "r");
1943 }
1944
1945 if (in == NULL)
1946 {
1947 crypto_msg(M_FATAL, "Cannot load extra-certs file: %s",
1948 print_key_filename(extra_certs_file, extra_certs_file_inline));
1949 }
1950 else
1951 {
1952 tls_ctx_add_extra_certs(ctx, in, false);
1953 }
1954
1955 BIO_free(in);
1956}
1957
1958/* **************************************
1959 *
1960 * Key-state specific functions
1961 *
1962 ***************************************/
1963/*
1964 *
1965 * BIO functions
1966 *
1967 */
1968
1969#ifdef BIO_DEBUG
1970
1971#warning BIO_DEBUG defined
1972
1973static FILE *biofp; /* GLOBAL */
1974static bool biofp_toggle; /* GLOBAL */
1975static time_t biofp_last_open; /* GLOBAL */
1976static const int biofp_reopen_interval = 600; /* GLOBAL */
1977
1978static void
1979close_biofp(void)
1980{
1981 if (biofp)
1982 {
1983 ASSERT(!fclose(biofp));
1984 biofp = NULL;
1985 }
1986}
1987
1988static void
1989open_biofp(void)
1990{
1991 const time_t current = time(NULL);
1992 const pid_t pid = getpid();
1993
1994 if (biofp_last_open + biofp_reopen_interval < current)
1995 {
1996 close_biofp();
1997 }
1998 if (!biofp)
1999 {
2000 char fn[256];
2001 snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
2002 biofp = fopen(fn, "w");
2003 ASSERT(biofp);
2004 biofp_last_open = time(NULL);
2005 biofp_toggle ^= 1;
2006 }
2007}
2008
2009static void
2010bio_debug_data(const char *mode, BIO *bio, const uint8_t *buf, int len, const char *desc)
2011{
2012 struct gc_arena gc = gc_new();
2013 if (len > 0)
2014 {
2015 open_biofp();
2016 fprintf(biofp, "BIO_%s %s time=%" PRIi64 " bio=" ptr_format " len=%d data=%s\n", mode, desc,
2017 (int64_t)time(NULL), (ptr_type)bio, len, format_hex(buf, len, 0, &gc));
2018 fflush(biofp);
2019 }
2020 gc_free(&gc);
2021}
2022
2023static void
2024bio_debug_oc(const char *mode, BIO *bio)
2025{
2026 open_biofp();
2027 fprintf(biofp, "BIO %s time=%" PRIi64 " bio=" ptr_format "\n", mode, (int64_t)time(NULL),
2028 (ptr_type)bio);
2029 fflush(biofp);
2030}
2031
2032#endif /* ifdef BIO_DEBUG */
2033
2034/*
2035 * Write to an OpenSSL BIO in non-blocking mode.
2036 */
2037static int
2038bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
2039{
2040 int i;
2041 int ret = 0;
2042 ASSERT(size >= 0);
2043 if (size)
2044 {
2045 /*
2046 * Free the L_TLS lock prior to calling BIO routines
2047 * so that foreground thread can still call
2048 * tls_pre_decrypt or tls_pre_encrypt,
2049 * allowing tunnel packet forwarding to continue.
2050 */
2051#ifdef BIO_DEBUG
2052 bio_debug_data("write", bio, data, size, desc);
2053#endif
2054 i = BIO_write(bio, data, size);
2055
2056 if (i < 0)
2057 {
2058 if (!BIO_should_retry(bio))
2059 {
2060 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s error", desc);
2061 ret = -1;
2062 ERR_clear_error();
2063 }
2064 }
2065 else if (i != size)
2066 {
2067 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s incomplete %d/%d", desc, i, size);
2068 ret = -1;
2069 ERR_clear_error();
2070 }
2071 else
2072 { /* successful write */
2073 dmsg(D_HANDSHAKE_VERBOSE, "BIO write %s %d bytes", desc, i);
2074 ret = 1;
2075 }
2076 }
2077 return ret;
2078}
2079
2080/*
2081 * Inline functions for reading from and writing
2082 * to BIOs.
2083 */
2084
2085static void
2086bio_write_post(const int status, struct buffer *buf)
2087{
2088 if (status == 1) /* success status return from bio_write? */
2089 {
2090 memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
2091 buf->len = 0;
2092 }
2093}
2094
2095/*
2096 * Read from an OpenSSL BIO in non-blocking mode.
2097 */
2098static int
2099bio_read(BIO *bio, struct buffer *buf, const char *desc)
2100{
2101 ASSERT(buf->len >= 0);
2102 if (buf->len)
2103 {
2104 /* we only want to write empty buffers, ignore read request
2105 * if the buffer is not empty */
2106 return 0;
2107 }
2108 int len = buf_forward_capacity(buf);
2109
2110 /*
2111 * BIO_read brackets most of the serious RSA
2112 * key negotiation number crunching.
2113 */
2114 int i = BIO_read(bio, BPTR(buf), len);
2115
2116 VALGRIND_MAKE_READABLE((void *)&i, sizeof(i));
2117
2118#ifdef BIO_DEBUG
2119 bio_debug_data("read", bio, BPTR(buf), i, desc);
2120#endif
2121
2122 int ret = 0;
2123 if (i < 0)
2124 {
2125 if (!BIO_should_retry(bio))
2126 {
2127 crypto_msg(D_TLS_ERRORS, "TLS_ERROR: BIO read %s error", desc);
2128 buf->len = 0;
2129 ret = -1;
2130 ERR_clear_error();
2131 }
2132 }
2133 else if (!i)
2134 {
2135 buf->len = 0;
2136 }
2137 else
2138 { /* successful read */
2139 dmsg(D_HANDSHAKE_VERBOSE, "BIO read %s %d bytes", desc, i);
2140 buf->len = i;
2141 ret = 1;
2142 VALGRIND_MAKE_READABLE((void *)BPTR(buf), BLEN(buf));
2143 }
2144 return ret;
2145}
2146
2147void
2148key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server,
2149 struct tls_session *session)
2150{
2151 ASSERT(NULL != ssl_ctx);
2152 ASSERT(ks_ssl);
2153 CLEAR(*ks_ssl);
2154
2155 ks_ssl->ssl = SSL_new(ssl_ctx->ctx);
2156 if (!ks_ssl->ssl)
2157 {
2158 crypto_msg(M_FATAL, "SSL_new failed");
2159 }
2160
2161 /* put session * in ssl object so we can access it
2162 * from verify callback*/
2163 SSL_set_ex_data(ks_ssl->ssl, mydata_index, session);
2164
2165 ASSERT((ks_ssl->ssl_bio = BIO_new(BIO_f_ssl())));
2166 ASSERT((ks_ssl->ct_in = BIO_new(BIO_s_mem())));
2167 ASSERT((ks_ssl->ct_out = BIO_new(BIO_s_mem())));
2168
2169#ifdef BIO_DEBUG
2170 bio_debug_oc("open ssl_bio", ks_ssl->ssl_bio);
2171 bio_debug_oc("open ct_in", ks_ssl->ct_in);
2172 bio_debug_oc("open ct_out", ks_ssl->ct_out);
2173#endif
2174
2175 if (is_server)
2176 {
2177 SSL_set_accept_state(ks_ssl->ssl);
2178 }
2179 else
2180 {
2181 SSL_set_connect_state(ks_ssl->ssl);
2182 }
2183
2184 SSL_set_bio(ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
2185 BIO_set_ssl(ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
2186}
2187
2188void
2189key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
2190{
2191 SSL_set_shutdown(ks_ssl->ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2192}
2193
2194void
2195key_state_ssl_free(struct key_state_ssl *ks_ssl)
2196{
2197 if (ks_ssl->ssl)
2198 {
2199#ifdef BIO_DEBUG
2200 bio_debug_oc("close ssl_bio", ks_ssl->ssl_bio);
2201 bio_debug_oc("close ct_in", ks_ssl->ct_in);
2202 bio_debug_oc("close ct_out", ks_ssl->ct_out);
2203#endif
2204 BIO_free_all(ks_ssl->ssl_bio);
2205 SSL_free(ks_ssl->ssl);
2206 }
2207}
2208
2209int
2210key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2211{
2212 int ret = 0;
2213
2214 ASSERT(NULL != ks_ssl);
2215
2216 ret = bio_write(ks_ssl->ssl_bio, BPTR(buf), BLEN(buf), "tls_write_plaintext");
2217 bio_write_post(ret, buf);
2218
2219 return ret;
2220}
2221
2222int
2223key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
2224{
2225 int ret = 0;
2226
2227 ASSERT(NULL != ks_ssl);
2228
2229 ret = bio_write(ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
2230
2231 return ret;
2232}
2233
2234int
2235key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2236{
2237 int ret = 0;
2238
2239 ASSERT(NULL != ks_ssl);
2240
2241 ret = bio_read(ks_ssl->ct_out, buf, "tls_read_ciphertext");
2242
2243 return ret;
2244}
2245
2246int
2247key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2248{
2249 int ret = 0;
2250
2251 ASSERT(NULL != ks_ssl);
2252
2253 ret = bio_write(ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
2254 bio_write_post(ret, buf);
2255
2256 return ret;
2257}
2258
2259int
2260key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2261{
2262 int ret = 0;
2263
2264 ASSERT(NULL != ks_ssl);
2265
2266 ret = bio_read(ks_ssl->ssl_bio, buf, "tls_read_plaintext");
2267
2268 return ret;
2269}
2270
2271static void
2272print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
2273{
2274 const char *curve = "";
2275 const char *type = "(error getting type)";
2276
2277 if (pkey == NULL)
2278 {
2279 buf[0] = 0;
2280 return;
2281 }
2282
2283 int typeid = EVP_PKEY_id(pkey);
2284#if OPENSSL_VERSION_NUMBER < 0x30000000L
2285 bool is_ec = typeid == EVP_PKEY_EC;
2286#else
2287 bool is_ec = EVP_PKEY_is_a(pkey, "EC");
2288#endif
2289
2290#ifndef OPENSSL_NO_EC
2291 char groupname[64];
2292 if (is_ec)
2293 {
2294 size_t len;
2295 if (EVP_PKEY_get_group_name(pkey, groupname, sizeof(groupname), &len))
2296 {
2297 curve = groupname;
2298 }
2299 else
2300 {
2301 curve = "(error getting curve name)";
2302 }
2303 }
2304#endif
2305 if (typeid != 0)
2306 {
2307#if OPENSSL_VERSION_NUMBER < 0x30000000L
2308 type = OBJ_nid2sn(typeid);
2309
2310 /* OpenSSL reports rsaEncryption, dsaEncryption and
2311 * id-ecPublicKey, map these values to nicer ones */
2312 if (typeid == EVP_PKEY_RSA)
2313 {
2314 type = "RSA";
2315 }
2316 else if (typeid == EVP_PKEY_DSA)
2317 {
2318 type = "DSA";
2319 }
2320 else if (typeid == EVP_PKEY_EC)
2321 {
2322 /* EC gets the curve appended after the type */
2323 type = "EC, curve ";
2324 }
2325 else if (type == NULL)
2326 {
2327 type = "unknown type";
2328 }
2329#else /* OpenSSL >= 3 */
2330 type = EVP_PKEY_get0_type_name(pkey);
2331 if (type == NULL)
2332 {
2333 type = "(error getting public key type)";
2334 }
2335#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
2336 }
2337
2338 snprintf(buf, buflen, "%d bits %s%s", EVP_PKEY_bits(pkey), type, curve);
2339}
2340
2347static void
2348print_cert_details(X509 *cert, char *buf, size_t buflen)
2349{
2350 EVP_PKEY *pkey = X509_get_pubkey(cert);
2351 char pkeybuf[64] = { 0 };
2352 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2353
2354 char sig[128] = { 0 };
2355 int signature_nid = X509_get_signature_nid(cert);
2356 if (signature_nid != 0)
2357 {
2358 snprintf(sig, sizeof(sig), ", signature: %s", OBJ_nid2sn(signature_nid));
2359 }
2360
2361 snprintf(buf, buflen, ", peer certificate: %s%s", pkeybuf, sig);
2362
2363 EVP_PKEY_free(pkey);
2364}
2365
2366static void
2367print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
2368{
2369 EVP_PKEY *pkey = NULL;
2370 SSL_get_peer_tmp_key(ssl, &pkey);
2371 if (!pkey)
2372 {
2373 return;
2374 }
2375
2376 char pkeybuf[128] = { 0 };
2377 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2378
2379 snprintf(buf, buflen, ", peer temporary key: %s", pkeybuf);
2380
2381 EVP_PKEY_free(pkey);
2382}
2383
2384#if !defined(LIBRESSL_VERSION_NUMBER) \
2385 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2391static const char *
2392get_sigtype(int nid)
2393{
2394 /* Fix a few OpenSSL names to be better understandable */
2395 switch (nid)
2396 {
2397 case EVP_PKEY_RSA:
2398 /* will otherwise say rsaEncryption */
2399 return "RSA";
2400
2401 case EVP_PKEY_DSA:
2402 /* dsaEncryption otherwise */
2403 return "DSA";
2404
2405 case EVP_PKEY_EC:
2406 /* will say id-ecPublicKey */
2407 return "ECDSA";
2408
2409 case -1:
2410 return "(error getting name)";
2411
2412 default:
2413 {
2414 const char *type = OBJ_nid2sn(nid);
2415 if (!type)
2416 {
2417 /* This is unlikely to ever happen as OpenSSL is unlikely to
2418 * return an NID it cannot resolve itself but we silence
2419 * linter/code checkers here */
2420 type = "(error getting name, OBJ_nid2sn failed)";
2421 }
2422 return type;
2423 }
2424 }
2425}
2426#endif /* ifndef LIBRESSL_VERSION_NUMBER */
2427
2432static void
2433print_peer_signature(SSL *ssl, char *buf, size_t buflen)
2434{
2435 int peer_sig_type_nid = NID_undef;
2436 const char *peer_sig_unknown = "unknown";
2437 const char *peer_sig = peer_sig_unknown;
2438 const char *peer_sig_type = "unknown type";
2439
2440 const char *signame = NULL;
2441 SSL_get0_peer_signature_name(ssl, &signame);
2442 if (signame)
2443 {
2444 peer_sig = signame;
2445 }
2446
2447#if !defined(LIBRESSL_VERSION_NUMBER) \
2448 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2449 /* LibreSSL 3.7.x and 3.8.x implement this function but do not export it
2450 * and fail linking with an unresolved symbol */
2451 if (SSL_get_peer_signature_type_nid(ssl, &peer_sig_type_nid) && peer_sig_type_nid != NID_undef)
2452 {
2453 peer_sig_type = get_sigtype(peer_sig_type_nid);
2454 }
2455#endif
2456
2457 if (peer_sig == peer_sig_unknown && peer_sig_type_nid == NID_undef)
2458 {
2459 return;
2460 }
2461
2462 snprintf(buf, buflen, ", peer signing digest/type: %s %s", peer_sig, peer_sig_type);
2463}
2464
2465#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2466void
2467print_tls_key_agreement_group(SSL *ssl, char *buf, size_t buflen)
2468{
2469 const char *groupname = SSL_get0_group_name(ssl);
2470 if (!groupname)
2471 {
2472 snprintf(buf, buflen, ", key agreement: (error fetching group)");
2473 }
2474 else
2475 {
2476 snprintf(buf, buflen, ", key agreement: %s", groupname);
2477 }
2478}
2479#endif
2480
2481/* **************************************
2482 *
2483 * Information functions
2484 *
2485 * Print information for the end user.
2486 *
2487 ***************************************/
2488void
2489print_details(struct key_state_ssl *ks_ssl, const char *prefix)
2490{
2491 const SSL_CIPHER *ciph;
2492 char s1[256];
2493 char s2[256];
2494 char s3[256];
2495 char s4[256];
2496 char s5[256];
2497
2498 s1[0] = s2[0] = s3[0] = s4[0] = s5[0] = 0;
2499 ciph = SSL_get_current_cipher(ks_ssl->ssl);
2500 snprintf(s1, sizeof(s1), "%s %s, cipher %s %s", prefix, SSL_get_version(ks_ssl->ssl),
2501 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
2502 X509 *cert = SSL_get_peer_certificate(ks_ssl->ssl);
2503
2504 if (cert)
2505 {
2506 print_cert_details(cert, s2, sizeof(s2));
2507 X509_free(cert);
2508 }
2509 print_server_tempkey(ks_ssl->ssl, s3, sizeof(s3));
2510 print_peer_signature(ks_ssl->ssl, s4, sizeof(s4));
2511#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2512 print_tls_key_agreement_group(ks_ssl->ssl, s5, sizeof(s5));
2513#endif
2514
2515 msg(D_HANDSHAKE, "%s%s%s%s%s", s1, s2, s3, s4, s5);
2516}
2517
2518void
2519show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
2520{
2521 struct tls_root_ctx tls_ctx;
2522
2523 tls_ctx.ctx = SSL_CTX_new(SSLv23_method());
2524 if (!tls_ctx.ctx)
2525 {
2526 crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
2527 }
2528
2529#if defined(TLS1_3_VERSION)
2530 if (tls13)
2531 {
2532 SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
2533 tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list);
2534 }
2535 else
2536#endif
2537 {
2538 SSL_CTX_set_max_proto_version(tls_ctx.ctx, TLS1_2_VERSION);
2539 tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
2540 }
2541
2542 tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
2543
2544 SSL *ssl = SSL_new(tls_ctx.ctx);
2545 if (!ssl)
2546 {
2547 crypto_msg(M_FATAL, "Cannot create SSL object");
2548 }
2549
2550#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC) || defined(ENABLE_CRYPTO_WOLFSSL)
2551 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
2552#else
2553 STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
2554#endif
2555 for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++)
2556 {
2557 const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
2558
2559 const char *cipher_name = SSL_CIPHER_get_name(c);
2560
2561 const tls_cipher_name_pair *pair =
2562 tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
2563
2564 if (tls13)
2565 {
2566 printf("%s\n", cipher_name);
2567 }
2568 else if (NULL == pair)
2569 {
2570 /* No translation found, print warning */
2571 printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n", cipher_name);
2572 }
2573 else
2574 {
2575 printf("%s\n", pair->iana_name);
2576 }
2577 }
2578#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
2579 sk_SSL_CIPHER_free(sk);
2580#endif
2581 SSL_free(ssl);
2582 SSL_CTX_free(tls_ctx.ctx);
2583}
2584
2585/*
2586 * Show the Elliptic curves that are available for us to use
2587 * in the OpenSSL library.
2588 */
2589void
2590show_available_curves(void)
2591{
2592 printf("Consider using 'openssl ecparam -list_curves' as alternative to running\n"
2593 "this command.\n"
2594 "Note this output does only list curves/groups that OpenSSL considers as\n"
2595 "builtin EC curves. It does not list additional curves nor X448 or X25519\n");
2596#ifndef OPENSSL_NO_EC
2597 EC_builtin_curve *curves = NULL;
2598 size_t crv_len = 0;
2599 size_t n = 0;
2600
2601 crv_len = EC_get_builtin_curves(NULL, 0);
2602 ALLOC_ARRAY(curves, EC_builtin_curve, crv_len);
2603 if (EC_get_builtin_curves(curves, crv_len))
2604 {
2605 printf("\nAvailable Elliptic curves/groups:\n");
2606 for (n = 0; n < crv_len; n++)
2607 {
2608 const char *sname;
2609 sname = OBJ_nid2sn(curves[n].nid);
2610 if (sname == NULL)
2611 {
2612 sname = "";
2613 }
2614
2615 printf("%s\n", sname);
2616 }
2617 }
2618 else
2619 {
2620 crypto_msg(M_FATAL, "Cannot get list of builtin curves");
2621 }
2622 free(curves);
2623#else /* ifndef OPENSSL_NO_EC */
2624 msg(M_WARN, "Your OpenSSL library was built without elliptic curve support. "
2625 "No curves available.");
2626#endif /* ifndef OPENSSL_NO_EC */
2627}
2628
2629const char *
2630get_ssl_library_version(void)
2631{
2632 return OpenSSL_version(OPENSSL_VERSION);
2633}
2634
2635
2637#ifdef HAVE_XKEY_PROVIDER
2638static int
2639provider_load(OSSL_PROVIDER *prov, void *dest_libctx)
2640{
2641 const char *name = OSSL_PROVIDER_get0_name(prov);
2642 OSSL_PROVIDER_load(dest_libctx, name);
2643 return 1;
2644}
2645
2646static int
2647provider_unload(OSSL_PROVIDER *prov, void *unused)
2648{
2649 (void)unused;
2650 OSSL_PROVIDER_unload(prov);
2651 return 1;
2652}
2653#endif /* HAVE_XKEY_PROVIDER */
2654
2662void
2663load_xkey_provider(void)
2664{
2665#ifdef HAVE_XKEY_PROVIDER
2666
2667 /* Make a new library context for use in TLS context */
2668 if (!tls_libctx)
2669 {
2670 tls_libctx = OSSL_LIB_CTX_new();
2671 check_malloc_return(tls_libctx);
2672
2673 /* Load all providers in default LIBCTX into this libctx.
2674 * OpenSSL has a child libctx functionality to automate this,
2675 * but currently that is usable only from within providers.
2676 * So we do something close to it manually here.
2677 */
2678 OSSL_PROVIDER_do_all(NULL, provider_load, tls_libctx);
2679 }
2680
2681 if (!OSSL_PROVIDER_available(tls_libctx, "ovpn.xkey"))
2682 {
2683 OSSL_PROVIDER_add_builtin(tls_libctx, "ovpn.xkey", xkey_provider_init);
2684 if (!OSSL_PROVIDER_load(tls_libctx, "ovpn.xkey"))
2685 {
2686 msg(M_NONFATAL, "ERROR: failed loading external key provider: "
2687 "Signing with external keys will not work.");
2688 }
2689 }
2690
2691 /* We only implement minimal functionality in ovpn.xkey, so we do not want
2692 * methods in xkey to be picked unless absolutely required (i.e, when the key
2693 * is external). Ensure this by setting a default propquery for the custom
2694 * libctx that unprefers, but does not forbid, ovpn.xkey. See also man page
2695 * of "property" in OpenSSL 3.0.
2696 */
2697 EVP_set_default_properties(tls_libctx, "?provider!=ovpn.xkey");
2698
2699#endif /* HAVE_XKEY_PROVIDER */
2700}
2701
2705static void
2706unload_xkey_provider(void)
2707{
2708#ifdef HAVE_XKEY_PROVIDER
2709 if (tls_libctx)
2710 {
2711 OSSL_PROVIDER_do_all(tls_libctx, provider_unload, NULL);
2712 OSSL_LIB_CTX_free(tls_libctx);
2713 }
2714#endif /* HAVE_XKEY_PROVIDER */
2715 tls_libctx = NULL;
2716}
2717
2718#endif /* defined(ENABLE_CRYPTO_OPENSSL) */
gc_malloc
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition buffer.c:336
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:648
BPTR
#define BPTR(buf)
Definition buffer.h:123
ALLOC_ARRAY_CLEAR_GC
#define ALLOC_ARRAY_CLEAR_GC(dptr, type, n, gc)
Definition buffer.h:1086
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition buffer.h:539
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:414
BLEN
#define BLEN(buf)
Definition buffer.h:126
format_hex
static char * format_hex(const uint8_t *data, size_t size, size_t maxoutput, struct gc_arena *gc)
Definition buffer.h:503
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1107
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1025
ALLOC_ARRAY
#define ALLOC_ARRAY(dptr, type, n)
Definition buffer.h:1070
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1017
ptr_type
unsigned long ptr_type
Definition common.h:59
ptr_format
#define ptr_format
Definition common.h:50
strsep
char * strsep(char **stringp, const char *delim)
Definition compat-strsep.c:35
print_key_filename
const char * print_key_filename(const char *str, bool is_inline)
To be used when printing a string that may contain inline data.
Definition crypto.c:1279
crypto_print_openssl_errors
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
Definition crypto_openssl.c:230
crypto_msg
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
Definition crypto_openssl.h:116
SSL_CTX_use_CryptoAPI_certificate
int SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
Definition cryptoapi.c:58
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition errlevel.h:76
D_TLS_DEBUG_MED
#define D_TLS_DEBUG_MED
Definition errlevel.h:156
D_HANDSHAKE_VERBOSE
#define D_HANDSHAKE_VERBOSE
Definition errlevel.h:155
D_HANDSHAKE
#define D_HANDSHAKE
Definition errlevel.h:71
D_TLS_ERRORS
#define D_TLS_ERRORS
Definition errlevel.h:58
D_LOW
#define D_LOW
Definition errlevel.h:96
M_INFO
#define M_INFO
Definition errlevel.h:54
D_TLS_DEBUG
#define D_TLS_DEBUG
Definition errlevel.h:164
KS_PRIMARY
#define KS_PRIMARY
Primary key state index.
Definition ssl_common.h:464
key_state_read_plaintext
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract plaintext data from the TLS module.
Definition ssl_openssl.c:2260
key_state_write_ciphertext
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition ssl_openssl.c:2247
key_state_read_ciphertext
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract ciphertext data from the TLS module.
Definition ssl_openssl.c:2235
key_state_write_plaintext_const
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition ssl_openssl.c:2223
key_state_write_plaintext
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition ssl_openssl.c:2210
verify_callback
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer's certificate allows setting up a VPN tunnel.
constrain_int
static int constrain_int(int x, int min, int max)
Definition integer.h:118
status
static SERVICE_STATUS status
Definition interactive.c:51
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3103
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3764
VALGRIND_MAKE_READABLE
#define VALGRIND_MAKE_READABLE(addr, len)
Definition memdbg.h:53
purge_user_pass
void purge_user_pass(struct user_pass *up, const bool force)
Definition misc.c:470
GET_USER_PASS_MANAGEMENT
#define GET_USER_PASS_MANAGEMENT
Definition misc.h:110
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:112
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:150
openssl_compat.h
OpenSSL compatibility stub.
OSSL_PROVIDER
void OSSL_PROVIDER
Definition openssl_compat.h:128
SSL_get0_peer_signature_name
static int SSL_get0_peer_signature_name(SSL *ssl, const char **sigalg)
Definition openssl_compat.h:174
OSSL_LIB_CTX
void OSSL_LIB_CTX
Definition openssl_compat.h:127
EVP_PKEY_get_group_name
static int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, size_t *gname_len)
Definition openssl_compat.h:90
SSL_CTX_set1_groups
#define SSL_CTX_set1_groups
Definition openssl_compat.h:50
SSL_CTX_new_ex
#define SSL_CTX_new_ex(libctx, propq, method)
Reduce SSL_CTX_new_ex() to SSL_CTX_new() for OpenSSL < 3.
Definition openssl_compat.h:124
CLEAR
#define CLEAR(x)
Definition basic.h:32
M_FATAL
#define M_FATAL
Definition error.h:90
M_NONFATAL
#define M_NONFATAL
Definition error.h:91
dmsg
#define dmsg(flags,...)
Definition error.h:172
msg
#define msg(flags,...)
Definition error.h:152
ASSERT
#define ASSERT(x)
Definition error.h:219
M_DEBUG
#define M_DEBUG
Definition error.h:93
M_WARN
#define M_WARN
Definition error.h:92
streq
#define streq(x, y)
Definition options.h:724
platform_fopen
FILE * platform_fopen(const char *path, const char *mode)
Definition platform.c:500
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition base64.c:160
openvpn_base64_encode
int openvpn_base64_encode(const void *data, int size, char **str)
Definition base64.c:51
pem_password_callback
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user's password.
Definition ssl.c:259
ssl_backend.h
Control Channel SSL library backend module.
TLS_VER_1_0
#define TLS_VER_1_0
Definition ssl_backend.h:105
TLS_VER_1_2
#define TLS_VER_1_2
Definition ssl_backend.h:107
TLS_VER_1_3
#define TLS_VER_1_3
Definition ssl_backend.h:108
TLS_VER_1_1
#define TLS_VER_1_1
Definition ssl_backend.h:106
ssl_common.h
Control Channel Common Data Structures.
SSLF_TLS_VERSION_MAX_SHIFT
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition ssl_common.h:431
UP_TYPE_PRIVATE_KEY
#define UP_TYPE_PRIVATE_KEY
Definition ssl_common.h:42
SSLF_CLIENT_CERT_OPTIONAL
#define SSLF_CLIENT_CERT_OPTIONAL
Definition ssl_common.h:424
SSLF_CLIENT_CERT_NOT_REQUIRED
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition ssl_common.h:423
SSLF_TLS_VERSION_MAX_MASK
#define SSLF_TLS_VERSION_MAX_MASK
Definition ssl_common.h:432
SSLF_TLS_VERSION_MIN_SHIFT
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition ssl_common.h:429
SSLF_TLS_VERSION_MIN_MASK
#define SSLF_TLS_VERSION_MIN_MASK
Definition ssl_common.h:430
tls_ctx_set_tls_groups
void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
Set the (elliptic curve) group allowed for signatures and key exchange.
Definition ssl_openssl.c:560
tls_ctx_free
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition ssl_openssl.c:139
bio_read
static int bio_read(BIO *bio, struct buffer *buf, const char *desc)
Definition ssl_openssl.c:2099
get_ssl_library_version
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition ssl_openssl.c:2630
openvpn_extkey_ec_finish
static void openvpn_extkey_ec_finish(EC_KEY *ec)
Definition ssl_openssl.c:1580
tls_ctx_set_tls_versions
static bool tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Definition ssl_openssl.c:278
bio_write
static int bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
Definition ssl_openssl.c:2038
openvpn_extkey_rsa_finish
static int openvpn_extkey_rsa_finish(RSA *rsa)
Definition ssl_openssl.c:1429
tls_ctx_use_external_ec_key
static int tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1644
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition ssl_openssl.c:157
load_xkey_provider
void load_xkey_provider(void)
Some helper routines for provider load/unload.
Definition ssl_openssl.c:2663
print_pkey_details
static void print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
Definition ssl_openssl.c:2272
print_server_tempkey
static void print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
Definition ssl_openssl.c:2367
rsa_pub_enc
static int rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1405
tls_ctx_add_extra_certs
static void tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
Definition ssl_openssl.c:1048
show_available_tls_ciphers_list
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
Show the TLS ciphers that are available for us to use in the library depending on the TLS version.
Definition ssl_openssl.c:2519
load_pkey_from_uri
static void * load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
Load private key from OSSL_STORE URI or file uri : URI of object or filename ssl_ctx : SSL_CTX for UI...
Definition ssl_openssl.c:832
tls_ctx_server_new
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition ssl_openssl.c:103
show_available_curves
void show_available_curves(void)
Show the available elliptic curves in the crypto library.
Definition ssl_openssl.c:2590
openssl_tls_version
static uint16_t openssl_tls_version(unsigned int ver)
Convert internal version number to openssl version number.
Definition ssl_openssl.c:241
key_state_ssl_free
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition ssl_openssl.c:2195
ecdsa_sign
static int ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
Definition ssl_openssl.c:1592
tls_ctx_load_priv_file
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
Definition ssl_openssl.c:1266
key_state_ssl_shutdown
void key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
Sets a TLS session to be shutdown state, so the TLS library will generate a shutdown alert.
Definition ssl_openssl.c:2189
tls_ctx_load_extra_certs
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, bool extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1932
print_peer_signature
static void print_peer_signature(SSL *ssl, char *buf, size_t buflen)
Get the type of the signature that is used by the peer during the TLS handshake.
Definition ssl_openssl.c:2433
tls_libctx
OSSL_LIB_CTX * tls_libctx
Definition ssl_openssl.c:78
get_sigtype
static const char * get_sigtype(int nid)
Translate an OpenSSL NID into a more human readable name.
Definition ssl_openssl.c:2392
mydata_index
int mydata_index
Allocate space in SSL objects in which to store a struct tls_session pointer back to parent.
Definition ssl_openssl.c:88
print_cert_details
static void print_cert_details(X509 *cert, char *buf, size_t buflen)
Print human readable information about the certificate into buf.
Definition ssl_openssl.c:2348
ecdsa_sign_setup
static int ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
Definition ssl_openssl.c:1613
tls_ctx_check_cert_time
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition ssl_openssl.c:618
tls_ctx_restrict_ciphers_tls13
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher.
Definition ssl_openssl.c:491
cert_uri_supported
static bool cert_uri_supported(void)
Definition ssl_openssl.c:1081
rsa_priv_dec
static int rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1421
INFO_CALLBACK_SSL_CONST
#define INFO_CALLBACK_SSL_CONST
Definition ssl_openssl.c:179
rsa_pub_dec
static int rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1413
bio_write_post
static void bio_write_post(const int status, struct buffer *buf)
Definition ssl_openssl.c:2086
tls_ctx_load_pkcs12
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context.
Definition ssl_openssl.c:901
tls_ctx_initialised
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition ssl_openssl.c:148
key_state_ssl_init
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition ssl_openssl.c:2148
tls_free_lib
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition ssl_openssl.c:98
unload_xkey_provider
static void unload_xkey_provider(void)
Undo steps in load_xkey_provider.
Definition ssl_openssl.c:2706
get_rsa_padding_name
const char * get_rsa_padding_name(const int padding)
Definition ssl_openssl.c:1444
tls_ctx_load_ecdh_params
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:712
get_sig_from_man
static int get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig, unsigned int siglen, const char *algorithm)
Pass the input hash in 'dgst' to management and get the signature back.
Definition ssl_openssl.c:1471
tls_ctx_load_cert_uri
static void tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
Definition ssl_openssl.c:1091
rsa_priv_enc
static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1496
convert_tls_list_to_openssl
static void convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:356
tls_ctx_load_cert_pem_file
static void tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Definition ssl_openssl.c:1193
tls_init_lib
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition ssl_openssl.c:91
print_details
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Print a one line summary of SSL/TLS session handshake.
Definition ssl_openssl.c:2489
info_callback
static void info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
Definition ssl_openssl.c:182
tls_version_max
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation.
Definition ssl_openssl.c:205
backend_tls_ctx_reload_crl
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition ssl_openssl.c:1320
tls_ctx_restrict_ciphers
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below.
Definition ssl_openssl.c:430
tls_ctx_load_ca
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1785
tls_ctx_set_cert_profile
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition ssl_openssl.c:519
tls_ctx_use_management_external_key
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
Definition ssl_openssl.c:1706
tls_ctx_use_external_rsa_key
static int tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1513
ecdsa_sign_sig
static ECDSA_SIG * ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *ec)
Definition ssl_openssl.c:1623
tls_ctx_load_cryptoapi
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition ssl_openssl.c:1034
convert_tls13_list_to_openssl
static void convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:466
tls_ctx_set_options
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition ssl_openssl.c:308
tls_ctx_load_dh_params
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:654
tls_ctx_client_new
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition ssl_openssl.c:121
sk_x509_name_cmp
static int sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
Definition ssl_openssl.c:1779
tls_ctx_load_cert_file
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Load certificate file into the given TLS context.
Definition ssl_openssl.c:1253
get_num_elements
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number e...
Definition ssl_util.c:294
tls_get_cipher_name_pair
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition ssl_util.c:275
ssl_util.h
SSL utility functions.
ssl_verify_openssl.h
Control Channel Verification Module OpenSSL backend.
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
key_state_ssl
Definition ssl_mbedtls.h:138
key_state_ssl::ct_in
BIO * ct_in
Definition ssl_openssl.h:50
key_state_ssl::ssl
SSL * ssl
Definition ssl_openssl.h:48
key_state_ssl::ssl_bio
BIO * ssl_bio
Definition ssl_openssl.h:49
key_state_ssl::ct_out
BIO * ct_out
Definition ssl_openssl.h:51
signame
Definition sig.c:47
tls_cipher_name_pair
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name.
Definition ssl_util.h:77
tls_cipher_name_pair::iana_name
const char * iana_name
Definition ssl_util.h:79
tls_cipher_name_pair::openssl_name
const char * openssl_name
Definition ssl_util.h:78
tls_root_ctx
Structure that wraps the TLS context.
Definition ssl_mbedtls.h:114
tls_root_ctx::ctx
SSL_CTX * ctx
Definition ssl_openssl.h:41
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:489
user_pass
Definition misc.h:52
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:68
cleanup
static int cleanup(void **state)
Definition test_pkcs11.c:289
gc
struct gc_arena gc
Definition test_ssl.c:131
xkey_common.h
Generated by doxygen 1.9.8