OpenVPN
ssl_openssl.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <https://www.gnu.org/licenses/>.
22 */
23
29#ifdef HAVE_CONFIG_H
30#include "config.h"
31#endif
32
33#include "syshead.h"
34
35#if defined(ENABLE_CRYPTO_OPENSSL)
36
37#include "errlevel.h"
38#include "buffer.h"
39#include "misc.h"
40#include "manage.h"
41#include "memdbg.h"
42#include "ssl_backend.h"
43#include "ssl_common.h"
44#include "base64.h"
45#include "openssl_compat.h"
46#include "xkey_common.h"
47
48#ifdef ENABLE_CRYPTOAPI
49#include "cryptoapi.h"
50#endif
51
52#include "ssl_verify_openssl.h"
53#include "ssl_util.h"
54
55#include <openssl/bn.h>
56#include <openssl/crypto.h>
57#include <openssl/dh.h>
58#include <openssl/dsa.h>
59#include <openssl/err.h>
60#include <openssl/pkcs12.h>
61#include <openssl/rsa.h>
62#include <openssl/x509.h>
63#include <openssl/ssl.h>
64#ifndef OPENSSL_NO_EC
65#include <openssl/ec.h>
66#endif
67
68#if OPENSSL_VERSION_NUMBER >= 0x30000000L
69#define HAVE_OPENSSL_STORE_API
70#include <openssl/ui.h>
71#include <openssl/store.h>
72#endif
73
74#if defined(_MSC_VER) && !defined(_M_ARM64)
75#include <openssl/applink.c>
76#endif
77
78OSSL_LIB_CTX *tls_libctx; /* Global */
79
80static void unload_xkey_provider(void);
81
82/*
83 * Allocate space in SSL objects in which to store a struct tls_session
84 * pointer back to parent.
85 *
86 */
87
88int mydata_index; /* GLOBAL */
89
90void
91tls_init_lib(void)
92{
93 mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
94 ASSERT(mydata_index >= 0);
95}
96
97void
98tls_free_lib(void)
99{
100}
101
102void
103tls_ctx_server_new(struct tls_root_ctx *ctx)
104{
105 ASSERT(NULL != ctx);
106
107 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_server_method());
108
109 if (ctx->ctx == NULL)
110 {
111 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
112 }
113 if (ERR_peek_error() != 0)
114 {
115 crypto_msg(M_WARN, "Warning: TLS server context initialisation "
116 "has warnings.");
117 }
118}
119
120void
121tls_ctx_client_new(struct tls_root_ctx *ctx)
122{
123 ASSERT(NULL != ctx);
124
125 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_client_method());
126
127 if (ctx->ctx == NULL)
128 {
129 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
130 }
131 if (ERR_peek_error() != 0)
132 {
133 crypto_msg(M_WARN, "Warning: TLS client context initialisation "
134 "has warnings.");
135 }
136}
137
138void
139tls_ctx_free(struct tls_root_ctx *ctx)
140{
141 ASSERT(NULL != ctx);
142 SSL_CTX_free(ctx->ctx);
143 ctx->ctx = NULL;
144 unload_xkey_provider(); /* in case it is loaded */
145}
146
147bool
148tls_ctx_initialised(struct tls_root_ctx *ctx)
149{
150 ASSERT(NULL != ctx);
151 return NULL != ctx->ctx;
152}
153
154bool
155key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size,
156 void *ekm, size_t ekm_size)
157
158{
159 SSL *ssl = session->key[KS_PRIMARY].ks_ssl.ssl;
160
161 if (SSL_export_keying_material(ssl, ekm, ekm_size, label, label_size, NULL, 0, 0) == 1)
162 {
163 return true;
164 }
165 else
166 {
167 secure_memzero(ekm, ekm_size);
168 return false;
169 }
170}
171
172/*
173 * Print debugging information on SSL/TLS session negotiation.
174 */
175
176#ifndef INFO_CALLBACK_SSL_CONST
177#define INFO_CALLBACK_SSL_CONST const
178#endif
179static void
180info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
181{
182 if (where & SSL_CB_LOOP)
183 {
184 dmsg(D_HANDSHAKE_VERBOSE, "SSL state (%s): %s",
185 where & SSL_ST_CONNECT ? "connect"
186 : where & SSL_ST_ACCEPT ? "accept"
187 : "undefined",
188 SSL_state_string_long(s));
189 }
190 else if (where & SSL_CB_ALERT)
191 {
192 dmsg(D_TLS_DEBUG_LOW, "%s %s SSL alert: %s", where & SSL_CB_READ ? "Received" : "Sent",
193 SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
194 }
195}
196
197/*
198 * Return maximum TLS version supported by local OpenSSL library.
199 * Assume that presence of SSL_OP_NO_TLSvX macro indicates that
200 * TLSvX is supported.
201 */
202int
203tls_version_max(void)
204{
205#if defined(TLS1_3_VERSION)
206 /* If this is defined we can safely assume TLS 1.3 support */
207 return TLS_VER_1_3;
208#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
209 /*
210 * If TLS_VER_1_3 is not defined, we were compiled against a version that
211 * did not support TLS 1.3.
212 *
213 * However, the library we are *linked* against might be OpenSSL 1.1.1
214 * and therefore supports TLS 1.3. This needs to be checked at runtime
215 * since we can be compiled against 1.1.0 and then the library can be
216 * upgraded to 1.1.1.
217 * We only need to check this for OpenSSL versions that can be
218 * upgraded to 1.1.1 without recompile (>= 1.1.0)
219 */
220 if (OpenSSL_version_num() >= 0x1010100fL)
221 {
222 return TLS_VER_1_3;
223 }
224 else
225 {
226 return TLS_VER_1_2;
227 }
228#elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2)
229 return TLS_VER_1_2;
230#elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1)
231 return TLS_VER_1_1;
232#else /* if defined(TLS1_3_VERSION) */
233 return TLS_VER_1_0;
234#endif
235}
236
238static int
239openssl_tls_version(int ver)
240{
241 if (ver == TLS_VER_1_0)
242 {
243 return TLS1_VERSION;
244 }
245 else if (ver == TLS_VER_1_1)
246 {
247 return TLS1_1_VERSION;
248 }
249 else if (ver == TLS_VER_1_2)
250 {
251 return TLS1_2_VERSION;
252 }
253 else if (ver == TLS_VER_1_3)
254 {
255 /*
256 * Supporting the library upgraded to TLS1.3 without recompile
257 * is enough to support here with a simple constant that the same
258 * as in the TLS 1.3, so spec it is very unlikely that OpenSSL
259 * will change this constant
260 */
261#ifndef TLS1_3_VERSION
262 /*
263 * We do not want to define TLS_VER_1_3 if not defined
264 * since other parts of the code use the existance of this macro
265 * as proxy for TLS 1.3 support
266 */
267 return 0x0304;
268#else
269 return TLS1_3_VERSION;
270#endif
271 }
272 return 0;
273}
274
275static bool
276tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
277{
278 int tls_ver_min =
279 openssl_tls_version((ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) & SSLF_TLS_VERSION_MIN_MASK);
280 int tls_ver_max =
281 openssl_tls_version((ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK);
282
283 if (!tls_ver_min)
284 {
285 /* Enforce at least TLS 1.0 */
286 int cur_min = SSL_CTX_get_min_proto_version(ctx->ctx);
287 tls_ver_min = cur_min < TLS1_VERSION ? TLS1_VERSION : cur_min;
288 }
289
290 if (!SSL_CTX_set_min_proto_version(ctx->ctx, tls_ver_min))
291 {
292 msg(D_TLS_ERRORS, "%s: failed to set minimum TLS version", __func__);
293 return false;
294 }
295
296 if (tls_ver_max && !SSL_CTX_set_max_proto_version(ctx->ctx, tls_ver_max))
297 {
298 msg(D_TLS_ERRORS, "%s: failed to set maximum TLS version", __func__);
299 return false;
300 }
301
302 return true;
303}
304
305bool
306tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
307{
308 ASSERT(NULL != ctx);
309
310 /* process SSL options */
311 uint64_t sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET;
312#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
313 sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE;
314#endif
315 sslopt |= SSL_OP_NO_COMPRESSION;
316 /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL
317 * session and does not depend on this feature. And TLS renegotiations have
318 * been problematic in the past */
319#ifdef SSL_OP_NO_RENEGOTIATION
320 sslopt |= SSL_OP_NO_RENEGOTIATION;
321#endif
322
323 SSL_CTX_set_options(ctx->ctx, sslopt);
324
325 if (!tls_ctx_set_tls_versions(ctx, ssl_flags))
326 {
327 return false;
328 }
329
330#ifdef SSL_MODE_RELEASE_BUFFERS
331 SSL_CTX_set_mode(ctx->ctx, SSL_MODE_RELEASE_BUFFERS);
332#endif
333 SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_OFF);
334 SSL_CTX_set_default_passwd_cb(ctx->ctx, pem_password_callback);
335
336 /* Require peer certificate verification */
337 int verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
338 if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
339 {
340 verify_flags = 0;
341 }
342 else if (ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
343 {
344 verify_flags = SSL_VERIFY_PEER;
345 }
346 SSL_CTX_set_verify(ctx->ctx, verify_flags, verify_callback);
347
348 SSL_CTX_set_info_callback(ctx->ctx, info_callback);
349
350 return true;
351}
352
353static void
354convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
355{
356 /* Parse supplied cipher list and pass on to OpenSSL */
357 size_t begin_of_cipher, end_of_cipher;
358
359 const char *current_cipher;
360 size_t current_cipher_len;
361
362 const tls_cipher_name_pair *cipher_pair;
363
364 size_t openssl_ciphers_len = 0;
365 openssl_ciphers[0] = '\0';
366
367 /* Translate IANA cipher suite names to OpenSSL names */
368 begin_of_cipher = end_of_cipher = 0;
369 for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
370 {
371 end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
372 cipher_pair =
373 tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
374
375 if (NULL == cipher_pair)
376 {
377 /* No translation found, use original */
378 current_cipher = &ciphers[begin_of_cipher];
379 current_cipher_len = end_of_cipher - begin_of_cipher;
380
381 /* Issue warning on missing translation */
382 /* %.*s format specifier expects length of type int, so guarantee */
383 /* that length is small enough and cast to int. */
384 msg(D_LOW, "No valid translation found for TLS cipher '%.*s'",
385 constrain_int(current_cipher_len, 0, 256), current_cipher);
386 }
387 else
388 {
389 /* Use OpenSSL name */
390 current_cipher = cipher_pair->openssl_name;
391 current_cipher_len = strlen(current_cipher);
392
393 if (end_of_cipher - begin_of_cipher == current_cipher_len
394 && 0
395 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name,
396 end_of_cipher - begin_of_cipher))
397 {
398 /* Non-IANA name used, show warning */
399 msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'",
400 cipher_pair->openssl_name, cipher_pair->iana_name);
401 }
402 }
403
404 /* Make sure new cipher name fits in cipher string */
405 if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
406 || (len - 1) < (openssl_ciphers_len + current_cipher_len))
407 {
408 msg(M_FATAL, "Failed to set restricted TLS cipher list, too long (>%d).",
409 (int)(len - 1));
410 }
411
412 /* Concatenate cipher name to OpenSSL cipher string */
413 memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
414 openssl_ciphers_len += current_cipher_len;
415 openssl_ciphers[openssl_ciphers_len] = ':';
416 openssl_ciphers_len++;
417
418 end_of_cipher++;
419 }
420
421 if (openssl_ciphers_len > 0)
422 {
423 openssl_ciphers[openssl_ciphers_len - 1] = '\0';
424 }
425}
426
427void
428tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
429{
430 if (ciphers == NULL)
431 {
432 /* Use sane default TLS cipher list */
433 if (!SSL_CTX_set_cipher_list(
434 ctx->ctx,
435 /* Use openssl's default list as a basis */
436 "DEFAULT"
437 /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */
438 ":!EXP:!LOW:!MEDIUM"
439 /* Disable static (EC)DH keys (no forward secrecy) */
440 ":!kDH:!kECDH"
441 /* Disable DSA private keys */
442 ":!DSS"
443 /* Disable unsupported TLS modes */
444 ":!PSK:!SRP:!kRSA"))
445 {
446 crypto_msg(M_FATAL, "Failed to set default TLS cipher list.");
447 }
448 return;
449 }
450
451 char openssl_ciphers[4096];
452 convert_tls_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
453
454 ASSERT(NULL != ctx);
455
456 /* Set OpenSSL cipher list */
457 if (!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers))
458 {
459 crypto_msg(M_FATAL, "Failed to set restricted TLS cipher list: %s", openssl_ciphers);
460 }
461}
462
463static void
464convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
465{
466 /*
467 * OpenSSL (and official IANA) cipher names have _ in them. We
468 * historically used names with - in them. Silently convert names
469 * with - to names with _ to support both
470 */
471 if (strlen(ciphers) >= (len - 1))
472 {
473 msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list, too long (>%d).",
474 (int)(len - 1));
475 }
476
477 strncpy(openssl_ciphers, ciphers, len);
478
479 for (size_t i = 0; i < strlen(openssl_ciphers); i++)
480 {
481 if (openssl_ciphers[i] == '-')
482 {
483 openssl_ciphers[i] = '_';
484 }
485 }
486}
487
488void
489tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
490{
491 if (ciphers == NULL)
492 {
493 /* default cipher list of OpenSSL 1.1.1 is sane, do not set own
494 * default as we do with tls-cipher */
495 return;
496 }
497
498#if !defined(TLS1_3_VERSION)
499 crypto_msg(M_WARN,
500 "Not compiled with OpenSSL 1.1.1 or higher. "
501 "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
502 ciphers);
503#else
504 ASSERT(NULL != ctx);
505
506 char openssl_ciphers[4096];
507 convert_tls13_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
508
509 if (!SSL_CTX_set_ciphersuites(ctx->ctx, openssl_ciphers))
510 {
511 crypto_msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list: %s", openssl_ciphers);
512 }
513#endif
514}
515
516void
517tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
518{
519#if OPENSSL_VERSION_NUMBER > 0x10100000L \
520 && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3060000fL)
521 /* OpenSSL does not have certificate profiles, but a complex set of
522 * callbacks that we could try to implement to achieve something similar.
523 * For now, use OpenSSL's security levels to achieve similar (but not equal)
524 * behaviour. */
525 if (!profile || 0 == strcmp(profile, "legacy"))
526 {
527 SSL_CTX_set_security_level(ctx->ctx, 1);
528 }
529 else if (0 == strcmp(profile, "insecure"))
530 {
531 SSL_CTX_set_security_level(ctx->ctx, 0);
532 }
533 else if (0 == strcmp(profile, "preferred"))
534 {
535 SSL_CTX_set_security_level(ctx->ctx, 2);
536 }
537 else if (0 == strcmp(profile, "suiteb"))
538 {
539 SSL_CTX_set_security_level(ctx->ctx, 3);
540 SSL_CTX_set_cipher_list(ctx->ctx, "SUITEB128");
541 }
542 else
543 {
544 msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
545 }
546#else /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
547 if (profile)
548 {
549 msg(M_WARN,
550 "WARNING: OpenSSL 1.1.0 and LibreSSL do not support "
551 "--tls-cert-profile, ignoring user-set profile: '%s'",
552 profile);
553 }
554#endif /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
555}
556
557void
558tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
559{
560 ASSERT(ctx);
561#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(ENABLE_CRYPTO_WOLFSSL)
562 struct gc_arena gc = gc_new();
563 /* This method could be as easy as
564 * SSL_CTX_set1_groups_list(ctx->ctx, groups)
565 * but OpenSSL (< 3.0) does not like the name secp256r1 for prime256v1
566 * This is one of the important curves.
567 * To support the same name for OpenSSL and mbedTLS, we do
568 * this dance.
569 * Also note that the code is wrong in the presence of OpenSSL3 providers.
570 */
571
572 int groups_count = get_num_elements(groups, ':');
573
574 int *glist;
575 /* Allocate an array for them */
576 ALLOC_ARRAY_CLEAR_GC(glist, int, groups_count, &gc);
577
578 /* Parse allowed ciphers, getting IDs */
579 int glistlen = 0;
580 char *tmp_groups = string_alloc(groups, &gc);
581
582 const char *token;
583 while ((token = strsep(&tmp_groups, ":")))
584 {
585 if (streq(token, "secp256r1"))
586 {
587 token = "prime256v1";
588 }
589 int nid = OBJ_sn2nid(token);
590
591 if (nid == 0)
592 {
593 msg(M_WARN, "Warning unknown curve/group specified: %s", token);
594 }
595 else
596 {
597 glist[glistlen] = nid;
598 glistlen++;
599 }
600 }
601
602 if (!SSL_CTX_set1_groups(ctx->ctx, glist, glistlen))
603 {
604 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s", groups);
605 }
606 gc_free(&gc);
607#else /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
608 if (!SSL_CTX_set1_groups_list(ctx->ctx, groups))
609 {
610 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s", groups);
611 }
612#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
613}
614
615void
616tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
617{
618 int ret;
619 const X509 *cert;
620
621 ASSERT(ctx);
622
623 cert = SSL_CTX_get0_certificate(ctx->ctx);
624
625 if (cert == NULL)
626 {
627 return; /* Nothing to check if there is no certificate */
628 }
629
630 ret = X509_cmp_time(X509_get0_notBefore(cert), NULL);
631 if (ret == 0)
632 {
633 msg(D_TLS_DEBUG_MED, "Failed to read certificate notBefore field.");
634 }
635 if (ret > 0)
636 {
637 msg(M_WARN, "WARNING: Your certificate is not yet valid!");
638 }
639
640 ret = X509_cmp_time(X509_get0_notAfter(cert), NULL);
641 if (ret == 0)
642 {
643 msg(D_TLS_DEBUG_MED, "Failed to read certificate notAfter field.");
644 }
645 if (ret < 0)
646 {
647 msg(M_WARN, "WARNING: Your certificate has expired!");
648 }
649}
650
651void
652tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
653{
654 BIO *bio;
655
656 ASSERT(NULL != ctx);
657
658 if (dh_file_inline)
659 {
660 if (!(bio = BIO_new_mem_buf((char *)dh_file, -1)))
661 {
662 crypto_msg(M_FATAL, "Cannot open memory BIO for inline DH parameters");
663 }
664 }
665 else
666 {
667 /* Get Diffie Hellman Parameters */
668 if (!(bio = BIO_new_file(dh_file, "r")))
669 {
670 crypto_msg(M_FATAL, "Cannot open %s for DH parameters", dh_file);
671 }
672 }
673
674#if OPENSSL_VERSION_NUMBER >= 0x30000000L
675 EVP_PKEY *dh = PEM_read_bio_Parameters(bio, NULL);
676 BIO_free(bio);
677
678 if (!dh)
679 {
680 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
681 print_key_filename(dh_file, dh_file_inline));
682 }
683 if (!SSL_CTX_set0_tmp_dh_pkey(ctx->ctx, dh))
684 {
685 crypto_msg(M_FATAL, "SSL_CTX_set0_tmp_dh_pkey");
686 }
687
688 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", 8 * EVP_PKEY_get_size(dh));
689#else /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
690 DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
691 BIO_free(bio);
692
693 if (!dh)
694 {
695 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
696 print_key_filename(dh_file, dh_file_inline));
697 }
698 if (!SSL_CTX_set_tmp_dh(ctx->ctx, dh))
699 {
700 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_dh");
701 }
702
703 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", 8 * DH_size(dh));
704
705 DH_free(dh);
706#endif /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
707}
708
709void
710tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
711{
712#if OPENSSL_VERSION_NUMBER >= 0x30000000L
713 if (curve_name != NULL)
714 {
715 msg(M_WARN, "WARNING: OpenSSL 3.0+ builds do not support specifying an "
716 "ECDH curve with --ecdh-curve, using default curves. Use "
717 "--tls-groups to specify groups.");
718 }
719#elif !defined(OPENSSL_NO_EC)
720 int nid = NID_undef;
721 EC_KEY *ecdh = NULL;
722 const char *sname = NULL;
723
724 /* Generate a new ECDH key for each SSL session (for non-ephemeral ECDH) */
725 SSL_CTX_set_options(ctx->ctx, SSL_OP_SINGLE_ECDH_USE);
726
727 if (curve_name != NULL)
728 {
729 /* Use user supplied curve if given */
730 msg(D_TLS_DEBUG, "Using user specified ECDH curve (%s)", curve_name);
731 nid = OBJ_sn2nid(curve_name);
732 }
733 else
734 {
735 return;
736 }
737
738 /* Translate NID back to name , just for kicks */
739 sname = OBJ_nid2sn(nid);
740 if (sname == NULL)
741 {
742 sname = "(Unknown)";
743 }
744
745 /* Create new EC key and set as ECDH key */
746 if (NID_undef == nid || NULL == (ecdh = EC_KEY_new_by_curve_name(nid)))
747 {
748 /* Creating key failed, fall back on sane default */
749 ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
750 const char *source =
751 (NULL == curve_name) ? "extract curve from certificate" : "use supplied curve";
752 msg(D_TLS_DEBUG_LOW, "Failed to %s (%s), using secp384r1 instead.", source, sname);
753 sname = OBJ_nid2sn(NID_secp384r1);
754 }
755
756 if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
757 {
758 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_ecdh: cannot add curve");
759 }
760
761 msg(D_TLS_DEBUG_LOW, "ECDH curve %s added", sname);
762
763 EC_KEY_free(ecdh);
764#else /* ifndef OPENSSL_NO_EC */
765 msg(D_LOW, "Your OpenSSL library was built without elliptic curve support."
766 " Skipping ECDH parameter loading.");
767#endif /* OPENSSL_NO_EC */
768}
769
770#if defined(HAVE_OPENSSL_STORE_API)
776static int
777ui_reader(UI *ui, UI_STRING *uis)
778{
779 SSL_CTX *ctx = UI_get0_user_data(ui);
780
781 if (UI_get_string_type(uis) == UIT_PROMPT)
782 {
783 const char *prompt = UI_get0_output_string(uis);
784
785 /* If pkcs#11 Use custom prompt similar to pkcs11-helper */
786 if (strstr(prompt, "PKCS#11"))
787 {
788 struct user_pass up;
789 CLEAR(up);
790 get_user_pass(&up, NULL, "PKCS#11 token",
791 GET_USER_PASS_MANAGEMENT | GET_USER_PASS_PASSWORD_ONLY);
792 UI_set_result(ui, uis, up.password);
793 purge_user_pass(&up, true);
794 }
795 else /* use our generic 'Private Key' passphrase callback */
796 {
797 char password[64];
798 pem_password_cb *cb = SSL_CTX_get_default_passwd_cb(ctx);
799 void *d = SSL_CTX_get_default_passwd_cb_userdata(ctx);
800
801 cb(password, sizeof(password), 0, d);
802 UI_set_result(ui, uis, password);
803 secure_memzero(password, sizeof(password));
804 }
805
806 return 1;
807 }
808 return 0;
809}
810
811static void
812clear_ossl_store_error(OSSL_STORE_CTX *store_ctx)
813{
814 if (OSSL_STORE_error(store_ctx))
815 {
816 ERR_clear_error();
817 }
818}
819#endif /* defined(HAVE_OPENSSL_STORE_API) */
820
829static void *
830load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
831{
832 EVP_PKEY *pkey = NULL;
833
834#if !defined(HAVE_OPENSSL_STORE_API)
835
836 /* Treat the uri as file name */
837 BIO *in = BIO_new_file(uri, "r");
838 if (!in)
839 {
840 return NULL;
841 }
842 pkey = PEM_read_bio_PrivateKey(in, NULL, SSL_CTX_get_default_passwd_cb(ssl_ctx),
843 SSL_CTX_get_default_passwd_cb_userdata(ssl_ctx));
844 BIO_free(in);
845
846#else /* defined(HAVE_OPENSSL_STORE_API) */
847
848 OSSL_STORE_CTX *store_ctx = NULL;
849 OSSL_STORE_INFO *info = NULL;
850
851 UI_METHOD *ui_method = UI_create_method("openvpn");
852 if (!ui_method)
853 {
854 msg(M_WARN, "OpenSSL UI creation failed");
855 return NULL;
856 }
857 UI_method_set_reader(ui_method, ui_reader);
858
859 store_ctx = OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, ssl_ctx, NULL, NULL, NULL);
860 if (!store_ctx)
861 {
862 goto end;
863 }
864 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_PKEY) != 1)
865 {
866 goto end;
867 }
868 while (1)
869 {
870 info = OSSL_STORE_load(store_ctx);
871 if (info || OSSL_STORE_eof(store_ctx))
872 {
873 break;
874 }
875 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
876 * ref: man OPENSSL_STORE_open
877 * Clear error and recurse through the file if info = NULL and eof not reached
878 */
879 clear_ossl_store_error(store_ctx);
880 }
881 if (!info)
882 {
883 goto end;
884 }
885 pkey = OSSL_STORE_INFO_get1_PKEY(info);
886 OSSL_STORE_INFO_free(info);
887 msg(D_TLS_DEBUG_MED, "Found pkey in store using URI: %s", uri);
888
889end:
890 OSSL_STORE_close(store_ctx);
891 UI_destroy_method(ui_method);
892
893#endif /* defined(HAVE_OPENSSL_STORE_API) */
894
895 return pkey;
896}
897
898int
899tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline,
900 bool load_ca_file)
901{
902 FILE *fp;
903 EVP_PKEY *pkey;
904 X509 *cert;
905 STACK_OF(X509) *ca = NULL;
906 PKCS12 *p12;
907 int i;
908 char password[256];
909
910 ASSERT(NULL != ctx);
911
912 if (pkcs12_file_inline)
913 {
914 BIO *b64 = BIO_new(BIO_f_base64());
915 BIO *bio = BIO_new_mem_buf((void *)pkcs12_file, (int)strlen(pkcs12_file));
916 ASSERT(b64 && bio);
917 BIO_push(b64, bio);
918 p12 = d2i_PKCS12_bio(b64, NULL);
919 if (!p12)
920 {
921 crypto_msg(M_FATAL, "Error reading inline PKCS#12 file");
922 }
923 BIO_free(b64);
924 BIO_free(bio);
925 }
926 else
927 {
928 /* Load the PKCS #12 file */
929 if (!(fp = platform_fopen(pkcs12_file, "rb")))
930 {
931 crypto_msg(M_FATAL, "Error opening file %s", pkcs12_file);
932 }
933 p12 = d2i_PKCS12_fp(fp, NULL);
934 fclose(fp);
935 if (!p12)
936 {
937 crypto_msg(M_FATAL, "Error reading PKCS#12 file %s", pkcs12_file);
938 }
939 }
940
941 /* Parse the PKCS #12 file */
942 if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
943 {
944 pem_password_callback(password, sizeof(password) - 1, 0, NULL);
945 /* Reparse the PKCS #12 file with password */
946 ca = NULL;
947 if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
948 {
949 crypto_msg(M_WARN, "Decoding PKCS12 failed. Probably wrong password "
950 "or unsupported/legacy encryption");
951#ifdef ENABLE_MANAGEMENT
952 if (management && (ERR_GET_REASON(ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
953 {
954 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
955 }
956#endif
957 PKCS12_free(p12);
958 return 1;
959 }
960 }
961 PKCS12_free(p12);
962
963 /* Load Certificate */
964 if (!SSL_CTX_use_certificate(ctx->ctx, cert))
965 {
966 crypto_print_openssl_errors(M_WARN);
967 crypto_msg(M_FATAL, "Cannot use certificate");
968 }
969
970 /* Load Private Key */
971 if (!SSL_CTX_use_PrivateKey(ctx->ctx, pkey))
972 {
973 crypto_msg(M_FATAL, "Cannot use private key");
974 }
975
976 /* Check Private Key */
977 if (!SSL_CTX_check_private_key(ctx->ctx))
978 {
979 crypto_msg(M_FATAL, "Private key does not match the certificate");
980 }
981
982 /* Set Certificate Verification chain */
983 if (load_ca_file)
984 {
985 /* Add CAs from PKCS12 to the cert store and mark them as trusted.
986 * They're also used to fill in the chain of intermediate certs as
987 * necessary.
988 */
989 if (ca && sk_X509_num(ca))
990 {
991 for (i = 0; i < sk_X509_num(ca); i++)
992 {
993 X509_STORE *cert_store = SSL_CTX_get_cert_store(ctx->ctx);
994 if (!X509_STORE_add_cert(cert_store, sk_X509_value(ca, i)))
995 {
996 crypto_msg(M_FATAL,
997 "Cannot add certificate to certificate chain (X509_STORE_add_cert)");
998 }
999 if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))
1000 {
1001 crypto_msg(M_FATAL,
1002 "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
1003 }
1004 }
1005 }
1006 }
1007 else
1008 {
1009 /* If trusted CA certs were loaded from a PEM file, and we ignore the
1010 * ones in PKCS12, do load PKCS12-provided certs to the client extra
1011 * certs chain just in case they include intermediate CAs needed to
1012 * prove my identity to the other end. This does not make them trusted.
1013 */
1014 if (ca && sk_X509_num(ca))
1015 {
1016 for (i = 0; i < sk_X509_num(ca); i++)
1017 {
1018 if (!SSL_CTX_add_extra_chain_cert(ctx->ctx, sk_X509_value(ca, i)))
1019 {
1020 crypto_msg(
1021 M_FATAL,
1022 "Cannot add extra certificate to chain (SSL_CTX_add_extra_chain_cert)");
1023 }
1024 }
1025 }
1026 }
1027 return 0;
1028}
1029
1030#ifdef ENABLE_CRYPTOAPI
1031void
1032tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
1033{
1034 ASSERT(NULL != ctx);
1035
1036 /* Load Certificate and Private Key */
1037 if (!SSL_CTX_use_CryptoAPI_certificate(ctx->ctx, cryptoapi_cert))
1038 {
1039 crypto_msg(M_FATAL, "Cannot load certificate \"%s\" from Microsoft Certificate Store",
1040 cryptoapi_cert);
1041 }
1042}
1043#endif /* ENABLE_CRYPTOAPI */
1044
1045static void
1046tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
1047{
1048 X509 *cert;
1049 while (true)
1050 {
1051 cert = NULL;
1052 if (!PEM_read_bio_X509(bio, &cert, NULL, NULL))
1053 {
1054 /* a PEM_R_NO_START_LINE "Error" indicates that no certificate
1055 * is found in the buffer. If loading more certificates is
1056 * optional, break without raising an error
1057 */
1058 if (optional && ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
1059 {
1060 /* remove that error from error stack */
1061 (void)ERR_get_error();
1062 break;
1063 }
1064
1065 /* Otherwise, bail out with error */
1066 crypto_msg(M_FATAL, "Error reading extra certificate");
1067 }
1068 /* takes ownership of cert like a set1 method */
1069 if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
1070 {
1071 crypto_msg(M_FATAL, "Error adding extra certificate");
1072 }
1073 /* We loaded at least one certificate, so loading more is optional */
1074 optional = true;
1075 }
1076}
1077
1078static bool
1079cert_uri_supported(void)
1080{
1081#if defined(HAVE_OPENSSL_STORE_API)
1082 return 1;
1083#else
1084 return 0;
1085#endif
1086}
1087
1088static void
1089tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
1090{
1091#if defined(HAVE_OPENSSL_STORE_API)
1092 X509 *x = NULL;
1093 int ret = 0;
1094 OSSL_STORE_CTX *store_ctx = NULL;
1095 OSSL_STORE_INFO *info = NULL;
1096
1097 ASSERT(NULL != tls_ctx);
1098
1099 UI_METHOD *ui_method = UI_create_method("openvpn");
1100 if (!ui_method)
1101 {
1102 msg(M_WARN, "OpenSSL UI method creation failed");
1103 goto end;
1104 }
1105 UI_method_set_reader(ui_method, ui_reader);
1106
1107 store_ctx =
1108 OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, tls_ctx->ctx, NULL, NULL, NULL);
1109 if (!store_ctx)
1110 {
1111 goto end;
1112 }
1113 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_CERT) != 1)
1114 {
1115 goto end;
1116 }
1117
1118 while (1)
1119 {
1120 info = OSSL_STORE_load(store_ctx);
1121 if (info || OSSL_STORE_eof(store_ctx))
1122 {
1123 break;
1124 }
1125 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
1126 * ref: man OPENSSL_STORE_open
1127 * Clear error and recurse through the file if info = NULL and eof not reached.
1128 */
1129 clear_ossl_store_error(store_ctx);
1130 }
1131 if (!info)
1132 {
1133 goto end;
1134 }
1135
1136 x = OSSL_STORE_INFO_get0_CERT(info);
1137 if (x == NULL)
1138 {
1139 goto end;
1140 }
1141 msg(D_TLS_DEBUG_MED, "Found cert in store using URI: %s", uri);
1142
1143 ret = SSL_CTX_use_certificate(tls_ctx->ctx, x);
1144 if (!ret)
1145 {
1146 goto end;
1147 }
1148 OSSL_STORE_INFO_free(info);
1149 info = NULL;
1150
1151 /* iterate through the store and add extra certificates if any to the chain */
1152 while (!OSSL_STORE_eof(store_ctx))
1153 {
1154 info = OSSL_STORE_load(store_ctx);
1155 if (!info)
1156 {
1157 clear_ossl_store_error(store_ctx);
1158 continue;
1159 }
1160 x = OSSL_STORE_INFO_get1_CERT(info);
1161 if (x && SSL_CTX_add_extra_chain_cert(tls_ctx->ctx, x) != 1)
1162 {
1163 X509_free(x);
1164 crypto_msg(M_FATAL, "Error adding extra certificate");
1165 break;
1166 }
1167 OSSL_STORE_INFO_free(info);
1168 info = NULL;
1169 }
1170
1171end:
1172 if (!ret)
1173 {
1174 crypto_print_openssl_errors(M_WARN);
1175 crypto_msg(M_FATAL, "Cannot load certificate from URI <%s>", uri);
1176 }
1177 else
1178 {
1179 crypto_print_openssl_errors(M_DEBUG);
1180 }
1181
1182 UI_destroy_method(ui_method);
1183 OSSL_STORE_INFO_free(info);
1184 OSSL_STORE_close(store_ctx);
1185#else /* defined(HAVE_OPENSSL_STORE_API */
1186 ASSERT(0);
1187#endif /* defined(HAVE_OPENSSL_STORE_API */
1188}
1189
1190static void
1191tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
1192{
1193 BIO *in = NULL;
1194 X509 *x = NULL;
1195 int ret = 0;
1196
1197 ASSERT(NULL != ctx);
1198
1199 if (cert_file_inline)
1200 {
1201 in = BIO_new_mem_buf((char *)cert_file, -1);
1202 }
1203 else
1204 {
1205 in = BIO_new_file((char *)cert_file, "r");
1206 }
1207
1208 if (in == NULL)
1209 {
1210 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
1211 goto end;
1212 }
1213
1214 x = PEM_read_bio_X509(in, NULL, SSL_CTX_get_default_passwd_cb(ctx->ctx),
1215 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1216 if (x == NULL)
1217 {
1218 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
1219 goto end;
1220 }
1221
1222 ret = SSL_CTX_use_certificate(ctx->ctx, x);
1223 if (ret)
1224 {
1225 tls_ctx_add_extra_certs(ctx, in, true);
1226 }
1227
1228end:
1229 if (!ret)
1230 {
1231 crypto_print_openssl_errors(M_WARN);
1232 if (cert_file_inline)
1233 {
1234 crypto_msg(M_FATAL, "Cannot load inline certificate file");
1235 }
1236 else
1237 {
1238 crypto_msg(M_FATAL, "Cannot load certificate file %s", cert_file);
1239 }
1240 }
1241 else
1242 {
1243 crypto_print_openssl_errors(M_DEBUG);
1244 }
1245
1246 BIO_free(in);
1247 X509_free(x);
1248}
1249
1250void
1251tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
1252{
1253 if (cert_uri_supported() && !cert_file_inline)
1254 {
1255 tls_ctx_load_cert_uri(ctx, cert_file);
1256 }
1257 else
1258 {
1259 tls_ctx_load_cert_pem_file(ctx, cert_file, cert_file_inline);
1260 }
1261}
1262
1263int
1264tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
1265 bool priv_key_file_inline)
1266{
1267 SSL_CTX *ssl_ctx = NULL;
1268 BIO *in = NULL;
1269 EVP_PKEY *pkey = NULL;
1270 int ret = 1;
1271
1272 ASSERT(NULL != ctx);
1273
1274 ssl_ctx = ctx->ctx;
1275
1276 if (priv_key_file_inline)
1277 {
1278 in = BIO_new_mem_buf((char *)priv_key_file, -1);
1279 if (in == NULL)
1280 {
1281 goto end;
1282 }
1283 pkey = PEM_read_bio_PrivateKey(in, NULL, SSL_CTX_get_default_passwd_cb(ctx->ctx),
1284 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1285 }
1286 else
1287 {
1288 pkey = load_pkey_from_uri(priv_key_file, ssl_ctx);
1289 }
1290
1291 if (!pkey || !SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1292 {
1293#ifdef ENABLE_MANAGEMENT
1294 if (management && (ERR_GET_REASON(ERR_peek_error()) == EVP_R_BAD_DECRYPT))
1295 {
1296 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
1297 }
1298#endif
1299 crypto_msg(M_WARN, "Cannot load private key file %s",
1300 print_key_filename(priv_key_file, priv_key_file_inline));
1301 goto end;
1302 }
1303
1304 /* Check Private Key */
1305 if (!SSL_CTX_check_private_key(ssl_ctx))
1306 {
1307 crypto_msg(M_FATAL, "Private key does not match the certificate");
1308 }
1309 ret = 0;
1310
1311end:
1312 EVP_PKEY_free(pkey);
1313 BIO_free(in);
1314 return ret;
1315}
1316
1317void
1318backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
1319{
1320 BIO *in = NULL;
1321
1322 X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx->ctx);
1323 if (!store)
1324 {
1325 crypto_msg(M_FATAL, "Cannot get certificate store");
1326 }
1327
1328 /* Always start with a cleared CRL list, for that we
1329 * we need to manually find the CRL object from the stack
1330 * and remove it */
1331 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
1332 for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
1333 {
1334 X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
1335 ASSERT(obj);
1336 if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
1337 {
1338 sk_X509_OBJECT_delete(objs, i);
1339 X509_OBJECT_free(obj);
1340 }
1341 }
1342
1343 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1344
1345 if (crl_inline)
1346 {
1347 in = BIO_new_mem_buf((char *)crl_file, -1);
1348 }
1349 else
1350 {
1351 in = BIO_new_file(crl_file, "r");
1352 }
1353
1354 if (in == NULL)
1355 {
1356 msg(M_WARN, "CRL: cannot read: %s", print_key_filename(crl_file, crl_inline));
1357 goto end;
1358 }
1359
1360 int num_crls_loaded = 0;
1361 while (true)
1362 {
1363 X509_CRL *crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
1364 if (crl == NULL)
1365 {
1366 /*
1367 * PEM_R_NO_START_LINE can be considered equivalent to EOF.
1368 */
1369 bool eof = ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE;
1370 /* but warn if no CRLs have been loaded */
1371 if (num_crls_loaded > 0 && eof)
1372 {
1373 /* remove that error from error stack */
1374 (void)ERR_get_error();
1375 break;
1376 }
1377
1378 crypto_msg(M_WARN, "CRL: cannot read CRL from file %s",
1379 print_key_filename(crl_file, crl_inline));
1380 break;
1381 }
1382
1383 if (!X509_STORE_add_crl(store, crl))
1384 {
1385 X509_CRL_free(crl);
1386 crypto_msg(M_WARN, "CRL: cannot add %s to store",
1387 print_key_filename(crl_file, crl_inline));
1388 break;
1389 }
1390 X509_CRL_free(crl);
1391 num_crls_loaded++;
1392 }
1393 msg(M_INFO, "CRL: loaded %d CRLs from file %s", num_crls_loaded, crl_file);
1394end:
1395 BIO_free(in);
1396}
1397
1398
1399#if defined(ENABLE_MANAGEMENT) && !defined(HAVE_XKEY_PROVIDER)
1400
1401/* encrypt */
1402static int
1403rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1404{
1405 ASSERT(0);
1406 return -1;
1407}
1408
1409/* verify arbitrary data */
1410static int
1411rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1412{
1413 ASSERT(0);
1414 return -1;
1415}
1416
1417/* decrypt */
1418static int
1419rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1420{
1421 ASSERT(0);
1422 return -1;
1423}
1424
1425/* called at RSA_free */
1426static int
1427openvpn_extkey_rsa_finish(RSA *rsa)
1428{
1429 /* meth was allocated in tls_ctx_use_management_external_key() ; since
1430 * this function is called when the parent RSA object is destroyed,
1431 * it is no longer used after this point so kill it. */
1432 const RSA_METHOD *meth = RSA_get_method(rsa);
1433 RSA_meth_free((RSA_METHOD *)meth);
1434 return 1;
1435}
1436
1437/*
1438 * Convert OpenSSL's constant to the strings used in the management
1439 * interface query
1440 */
1441const char *
1442get_rsa_padding_name(const int padding)
1443{
1444 switch (padding)
1445 {
1446 case RSA_PKCS1_PADDING:
1447 return "RSA_PKCS1_PADDING";
1448
1449 case RSA_NO_PADDING:
1450 return "RSA_NO_PADDING";
1451
1452 default:
1453 return "UNKNOWN";
1454 }
1455}
1456
1468static int
1469get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig,
1470 unsigned int siglen, const char *algorithm)
1471{
1472 char *in_b64 = NULL;
1473 char *out_b64 = NULL;
1474 int len = -1;
1475
1476 int bencret = openvpn_base64_encode(dgst, dgstlen, &in_b64);
1477
1478 if (management && bencret > 0)
1479 {
1480 out_b64 = management_query_pk_sig(management, in_b64, algorithm);
1481 }
1482 if (out_b64)
1483 {
1484 len = openvpn_base64_decode(out_b64, sig, siglen);
1485 }
1486
1487 free(in_b64);
1488 free(out_b64);
1489 return len;
1490}
1491
1492/* sign arbitrary data */
1493static int
1494rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1495{
1496 unsigned int len = RSA_size(rsa);
1497 int ret = -1;
1498
1499 if (padding != RSA_PKCS1_PADDING && padding != RSA_NO_PADDING)
1500 {
1501 RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
1502 return -1;
1503 }
1504
1505 ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name(padding));
1506
1507 return (ret == len) ? ret : -1;
1508}
1509
1510static int
1511tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1512{
1513 RSA *rsa = NULL;
1514 RSA_METHOD *rsa_meth;
1515
1516 ASSERT(NULL != ctx);
1517
1518 const RSA *pub_rsa = EVP_PKEY_get0_RSA(pkey);
1519 ASSERT(NULL != pub_rsa);
1520
1521 /* allocate custom RSA method object */
1522 rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method", RSA_METHOD_FLAG_NO_CHECK);
1523 check_malloc_return(rsa_meth);
1524 RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc);
1525 RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec);
1526 RSA_meth_set_priv_enc(rsa_meth, rsa_priv_enc);
1527 RSA_meth_set_priv_dec(rsa_meth, rsa_priv_dec);
1528 RSA_meth_set_init(rsa_meth, NULL);
1529 RSA_meth_set_finish(rsa_meth, openvpn_extkey_rsa_finish);
1530 RSA_meth_set0_app_data(rsa_meth, NULL);
1531
1532 /* allocate RSA object */
1533 rsa = RSA_new();
1534 if (rsa == NULL)
1535 {
1536 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
1537 goto err;
1538 }
1539
1540 /* initialize RSA object */
1541 const BIGNUM *n = NULL;
1542 const BIGNUM *e = NULL;
1543 RSA_get0_key(pub_rsa, &n, &e, NULL);
1544 RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL);
1545 RSA_set_flags(rsa, RSA_flags(rsa) | RSA_FLAG_EXT_PKEY);
1546 if (!RSA_set_method(rsa, rsa_meth))
1547 {
1548 RSA_meth_free(rsa_meth);
1549 goto err;
1550 }
1551 /* from this point rsa_meth will get freed with rsa */
1552
1553 /* bind our custom RSA object to ssl_ctx */
1554 if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
1555 {
1556 goto err;
1557 }
1558
1559 RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
1560 return 1;
1561
1562err:
1563 if (rsa)
1564 {
1565 RSA_free(rsa);
1566 }
1567 else if (rsa_meth)
1568 {
1569 RSA_meth_free(rsa_meth);
1570 }
1571 return 0;
1572}
1573
1574#if !defined(OPENSSL_NO_EC)
1575
1576/* called when EC_KEY is destroyed */
1577static void
1578openvpn_extkey_ec_finish(EC_KEY *ec)
1579{
1580 /* release the method structure */
1581 const EC_KEY_METHOD *ec_meth = EC_KEY_get_method(ec);
1582 EC_KEY_METHOD_free((EC_KEY_METHOD *)ec_meth);
1583}
1584
1585/* EC_KEY_METHOD callback: sign().
1586 * Sign the hash using EC key and return DER encoded signature in sig,
1587 * its length in siglen. Return value is 1 on success, 0 on error.
1588 */
1589static int
1590ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig,
1591 unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
1592{
1593 int capacity = ECDSA_size(ec);
1594 /*
1595 * ECDSA does not seem to have proper constants for paddings since
1596 * there are only signatures without padding at the moment, use
1597 * a generic ECDSA for the moment
1598 */
1599 int len = get_sig_from_man(dgst, dgstlen, sig, capacity, "ECDSA");
1600
1601 if (len > 0)
1602 {
1603 *siglen = len;
1604 return 1;
1605 }
1606 return 0;
1607}
1608
1609/* EC_KEY_METHOD callback: sign_setup(). We do no precomputations */
1610static int
1611ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
1612{
1613 return 1;
1614}
1615
1616/* EC_KEY_METHOD callback: sign_sig().
1617 * Sign the hash and return the result as a newly allocated ECDS_SIG
1618 * struct or NULL on error.
1619 */
1620static ECDSA_SIG *
1621ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv, const BIGNUM *in_r,
1622 EC_KEY *ec)
1623{
1624 ECDSA_SIG *ecsig = NULL;
1625 unsigned int len = ECDSA_size(ec);
1626 struct gc_arena gc = gc_new();
1627
1628 unsigned char *buf = gc_malloc(len, false, &gc);
1629 if (ecdsa_sign(0, dgst, dgstlen, buf, &len, NULL, NULL, ec) != 1)
1630 {
1631 goto out;
1632 }
1633 /* const char ** should be avoided: not up to us, so we cast our way through */
1634 ecsig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&buf, len);
1635
1636out:
1637 gc_free(&gc);
1638 return ecsig;
1639}
1640
1641static int
1642tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1643{
1644 EC_KEY *ec = NULL;
1645 EVP_PKEY *privkey = NULL;
1646 EC_KEY_METHOD *ec_method;
1647
1648 ASSERT(ctx);
1649
1650 ec_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
1651 if (!ec_method)
1652 {
1653 goto err;
1654 }
1655
1656 /* Among init methods, we only need the finish method */
1657 EC_KEY_METHOD_set_init(ec_method, NULL, openvpn_extkey_ec_finish, NULL, NULL, NULL, NULL);
1658#ifdef OPENSSL_IS_AWSLC
1659 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, NULL, ecdsa_sign_sig);
1660#else
1661 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, ecdsa_sign_setup, ecdsa_sign_sig);
1662#endif
1663
1664 ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pkey));
1665 if (!ec)
1666 {
1667 EC_KEY_METHOD_free(ec_method);
1668 goto err;
1669 }
1670 if (!EC_KEY_set_method(ec, ec_method))
1671 {
1672 EC_KEY_METHOD_free(ec_method);
1673 goto err;
1674 }
1675 /* from this point ec_method will get freed when ec is freed */
1676
1677 privkey = EVP_PKEY_new();
1678 if (!EVP_PKEY_assign_EC_KEY(privkey, ec))
1679 {
1680 goto err;
1681 }
1682 /* from this point ec will get freed when privkey is freed */
1683
1684 if (!SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1685 {
1686 ec = NULL; /* avoid double freeing it below */
1687 goto err;
1688 }
1689
1690 EVP_PKEY_free(privkey); /* this will down ref privkey and ec */
1691 return 1;
1692
1693err:
1694 /* Reach here only when ec and privkey can be independenly freed */
1695 EVP_PKEY_free(privkey);
1696 EC_KEY_free(ec);
1697 return 0;
1698}
1699#endif /* !defined(OPENSSL_NO_EC) */
1700#endif /* ENABLE_MANAGEMENT && !HAVE_XKEY_PROVIDER */
1701
1702#ifdef ENABLE_MANAGEMENT
1703int
1704tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
1705{
1706 int ret = 1;
1707
1708 ASSERT(NULL != ctx);
1709
1710 X509 *cert = SSL_CTX_get0_certificate(ctx->ctx);
1711
1712 ASSERT(NULL != cert);
1713
1714 /* get the public key */
1715 EVP_PKEY *pkey = X509_get0_pubkey(cert);
1716 ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */
1717
1718#ifdef HAVE_XKEY_PROVIDER
1719 EVP_PKEY *privkey = xkey_load_management_key(tls_libctx, pkey);
1720 if (!privkey || !SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1721 {
1722 EVP_PKEY_free(privkey);
1723 goto cleanup;
1724 }
1725 EVP_PKEY_free(privkey);
1726#else /* ifdef HAVE_XKEY_PROVIDER */
1727#if OPENSSL_VERSION_NUMBER < 0x30000000L
1728 if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
1729#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1730 if (EVP_PKEY_is_a(pkey, "RSA"))
1731#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1732 {
1733 if (!tls_ctx_use_external_rsa_key(ctx, pkey))
1734 {
1735 goto cleanup;
1736 }
1737 }
1738#if !defined(OPENSSL_NO_EC)
1739#if OPENSSL_VERSION_NUMBER < 0x30000000L
1740 else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
1741#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1742 else if (EVP_PKEY_is_a(pkey, "EC"))
1743#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1744 {
1745 if (!tls_ctx_use_external_ec_key(ctx, pkey))
1746 {
1747 goto cleanup;
1748 }
1749 }
1750 else
1751 {
1752 crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate");
1753 goto cleanup;
1754 }
1755#else /* !defined(OPENSSL_NO_EC) */
1756 else
1757 {
1758 crypto_msg(M_WARN, "management-external-key requires an RSA certificate");
1759 goto cleanup;
1760 }
1761#endif /* !defined(OPENSSL_NO_EC) */
1762
1763#endif /* HAVE_XKEY_PROVIDER */
1764
1765 ret = 0;
1766cleanup:
1767 if (ret)
1768 {
1769 crypto_msg(M_FATAL, "Cannot enable SSL external private key capability");
1770 }
1771 return ret;
1772}
1773
1774#endif /* ifdef ENABLE_MANAGEMENT */
1775
1776static int
1777sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
1778{
1779 return X509_NAME_cmp(*a, *b);
1780}
1781
1782void
1783tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline,
1784 const char *ca_path, bool tls_server)
1785{
1786 STACK_OF(X509_INFO) *info_stack = NULL;
1787 STACK_OF(X509_NAME) *cert_names = NULL;
1788 X509_LOOKUP *lookup = NULL;
1789 X509_STORE *store = NULL;
1790 X509_NAME *xn = NULL;
1791 BIO *in = NULL;
1792 int i, added = 0, prev = 0;
1793
1794 ASSERT(NULL != ctx);
1795
1796 store = SSL_CTX_get_cert_store(ctx->ctx);
1797 if (!store)
1798 {
1799 crypto_msg(M_FATAL, "Cannot get certificate store");
1800 }
1801
1802 /* Try to add certificates and CRLs from ca_file */
1803 if (ca_file)
1804 {
1805 if (ca_file_inline)
1806 {
1807 in = BIO_new_mem_buf((char *)ca_file, -1);
1808 }
1809 else
1810 {
1811 in = BIO_new_file(ca_file, "r");
1812 }
1813
1814 if (in)
1815 {
1816 info_stack = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
1817 }
1818
1819 if (info_stack)
1820 {
1821 for (i = 0; i < sk_X509_INFO_num(info_stack); i++)
1822 {
1823 X509_INFO *info = sk_X509_INFO_value(info_stack, i);
1824 if (info->crl)
1825 {
1826 X509_STORE_add_crl(store, info->crl);
1827 }
1828
1829 if (tls_server && !info->x509)
1830 {
1831 crypto_msg(M_FATAL, "X509 name was missing in TLS mode");
1832 }
1833
1834 if (info->x509)
1835 {
1836 X509_STORE_add_cert(store, info->x509);
1837 added++;
1838
1839 if (!tls_server)
1840 {
1841 continue;
1842 }
1843
1844 /* Use names of CAs as a client CA list */
1845 if (cert_names == NULL)
1846 {
1847 cert_names = sk_X509_NAME_new(sk_x509_name_cmp);
1848 if (!cert_names)
1849 {
1850 continue;
1851 }
1852 }
1853
1854 xn = X509_get_subject_name(info->x509);
1855 if (!xn)
1856 {
1857 continue;
1858 }
1859
1860 /* Don't add duplicate CA names */
1861 if (sk_X509_NAME_find(cert_names, xn) == -1)
1862 {
1863 xn = X509_NAME_dup(xn);
1864 if (!xn)
1865 {
1866 continue;
1867 }
1868 sk_X509_NAME_push(cert_names, xn);
1869 }
1870 }
1871
1872 if (tls_server)
1873 {
1874 int cnum = sk_X509_NAME_num(cert_names);
1875 if (cnum != (prev + 1))
1876 {
1877 crypto_msg(M_WARN,
1878 "Cannot load CA certificate file %s (entry %d did not validate)",
1879 print_key_filename(ca_file, ca_file_inline), added);
1880 }
1881 prev = cnum;
1882 }
1883 }
1884 sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
1885 }
1886 int cnum;
1887 if (tls_server)
1888 {
1889 cnum = sk_X509_NAME_num(cert_names);
1890 SSL_CTX_set_client_CA_list(ctx->ctx, cert_names);
1891 }
1892
1893 if (!added)
1894 {
1895 crypto_msg(M_FATAL, "Cannot load CA certificate file %s (no entries were read)",
1896 print_key_filename(ca_file, ca_file_inline));
1897 }
1898
1899 if (tls_server)
1900 {
1901 if (cnum != added)
1902 {
1903 crypto_msg(M_FATAL,
1904 "Cannot load CA certificate file %s (only %d "
1905 "of %d entries were valid X509 names)",
1906 print_key_filename(ca_file, ca_file_inline), cnum, added);
1907 }
1908 }
1909
1910 BIO_free(in);
1911 }
1912
1913 /* Set a store for certs (CA & CRL) with a lookup on the "capath" hash directory */
1914 if (ca_path)
1915 {
1916 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
1917 if (lookup && X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM))
1918 {
1919 msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);
1920 }
1921 else
1922 {
1923 crypto_msg(M_FATAL, "Cannot add lookup at --capath %s", ca_path);
1924 }
1925 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1926 }
1927}
1928
1929void
1930tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
1931 bool extra_certs_file_inline)
1932{
1933 BIO *in;
1934 if (extra_certs_file_inline)
1935 {
1936 in = BIO_new_mem_buf((char *)extra_certs_file, -1);
1937 }
1938 else
1939 {
1940 in = BIO_new_file(extra_certs_file, "r");
1941 }
1942
1943 if (in == NULL)
1944 {
1945 crypto_msg(M_FATAL, "Cannot load extra-certs file: %s",
1946 print_key_filename(extra_certs_file, extra_certs_file_inline));
1947 }
1948 else
1949 {
1950 tls_ctx_add_extra_certs(ctx, in, false);
1951 }
1952
1953 BIO_free(in);
1954}
1955
1956/* **************************************
1957 *
1958 * Key-state specific functions
1959 *
1960 ***************************************/
1961/*
1962 *
1963 * BIO functions
1964 *
1965 */
1966
1967#ifdef BIO_DEBUG
1968
1969#warning BIO_DEBUG defined
1970
1971static FILE *biofp; /* GLOBAL */
1972static bool biofp_toggle; /* GLOBAL */
1973static time_t biofp_last_open; /* GLOBAL */
1974static const int biofp_reopen_interval = 600; /* GLOBAL */
1975
1976static void
1977close_biofp(void)
1978{
1979 if (biofp)
1980 {
1981 ASSERT(!fclose(biofp));
1982 biofp = NULL;
1983 }
1984}
1985
1986static void
1987open_biofp(void)
1988{
1989 const time_t current = time(NULL);
1990 const pid_t pid = getpid();
1991
1992 if (biofp_last_open + biofp_reopen_interval < current)
1993 {
1994 close_biofp();
1995 }
1996 if (!biofp)
1997 {
1998 char fn[256];
1999 snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
2000 biofp = fopen(fn, "w");
2001 ASSERT(biofp);
2002 biofp_last_open = time(NULL);
2003 biofp_toggle ^= 1;
2004 }
2005}
2006
2007static void
2008bio_debug_data(const char *mode, BIO *bio, const uint8_t *buf, int len, const char *desc)
2009{
2010 struct gc_arena gc = gc_new();
2011 if (len > 0)
2012 {
2013 open_biofp();
2014 fprintf(biofp, "BIO_%s %s time=%" PRIi64 " bio=" ptr_format " len=%d data=%s\n", mode, desc,
2015 (int64_t)time(NULL), (ptr_type)bio, len, format_hex(buf, len, 0, &gc));
2016 fflush(biofp);
2017 }
2018 gc_free(&gc);
2019}
2020
2021static void
2022bio_debug_oc(const char *mode, BIO *bio)
2023{
2024 open_biofp();
2025 fprintf(biofp, "BIO %s time=%" PRIi64 " bio=" ptr_format "\n", mode, (int64_t)time(NULL),
2026 (ptr_type)bio);
2027 fflush(biofp);
2028}
2029
2030#endif /* ifdef BIO_DEBUG */
2031
2032/*
2033 * Write to an OpenSSL BIO in non-blocking mode.
2034 */
2035static int
2036bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
2037{
2038 int i;
2039 int ret = 0;
2040 ASSERT(size >= 0);
2041 if (size)
2042 {
2043 /*
2044 * Free the L_TLS lock prior to calling BIO routines
2045 * so that foreground thread can still call
2046 * tls_pre_decrypt or tls_pre_encrypt,
2047 * allowing tunnel packet forwarding to continue.
2048 */
2049#ifdef BIO_DEBUG
2050 bio_debug_data("write", bio, data, size, desc);
2051#endif
2052 i = BIO_write(bio, data, size);
2053
2054 if (i < 0)
2055 {
2056 if (!BIO_should_retry(bio))
2057 {
2058 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s error", desc);
2059 ret = -1;
2060 ERR_clear_error();
2061 }
2062 }
2063 else if (i != size)
2064 {
2065 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s incomplete %d/%d", desc, i, size);
2066 ret = -1;
2067 ERR_clear_error();
2068 }
2069 else
2070 { /* successful write */
2071 dmsg(D_HANDSHAKE_VERBOSE, "BIO write %s %d bytes", desc, i);
2072 ret = 1;
2073 }
2074 }
2075 return ret;
2076}
2077
2078/*
2079 * Inline functions for reading from and writing
2080 * to BIOs.
2081 */
2082
2083static void
2084bio_write_post(const int status, struct buffer *buf)
2085{
2086 if (status == 1) /* success status return from bio_write? */
2087 {
2088 memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
2089 buf->len = 0;
2090 }
2091}
2092
2093/*
2094 * Read from an OpenSSL BIO in non-blocking mode.
2095 */
2096static int
2097bio_read(BIO *bio, struct buffer *buf, const char *desc)
2098{
2099 ASSERT(buf->len >= 0);
2100 if (buf->len)
2101 {
2102 /* we only want to write empty buffers, ignore read request
2103 * if the buffer is not empty */
2104 return 0;
2105 }
2106 int len = buf_forward_capacity(buf);
2107
2108 /*
2109 * BIO_read brackets most of the serious RSA
2110 * key negotiation number crunching.
2111 */
2112 int i = BIO_read(bio, BPTR(buf), len);
2113
2114 VALGRIND_MAKE_READABLE((void *)&i, sizeof(i));
2115
2116#ifdef BIO_DEBUG
2117 bio_debug_data("read", bio, BPTR(buf), i, desc);
2118#endif
2119
2120 int ret = 0;
2121 if (i < 0)
2122 {
2123 if (!BIO_should_retry(bio))
2124 {
2125 crypto_msg(D_TLS_ERRORS, "TLS_ERROR: BIO read %s error", desc);
2126 buf->len = 0;
2127 ret = -1;
2128 ERR_clear_error();
2129 }
2130 }
2131 else if (!i)
2132 {
2133 buf->len = 0;
2134 }
2135 else
2136 { /* successful read */
2137 dmsg(D_HANDSHAKE_VERBOSE, "BIO read %s %d bytes", desc, i);
2138 buf->len = i;
2139 ret = 1;
2140 VALGRIND_MAKE_READABLE((void *)BPTR(buf), BLEN(buf));
2141 }
2142 return ret;
2143}
2144
2145void
2146key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server,
2147 struct tls_session *session)
2148{
2149 ASSERT(NULL != ssl_ctx);
2150 ASSERT(ks_ssl);
2151 CLEAR(*ks_ssl);
2152
2153 ks_ssl->ssl = SSL_new(ssl_ctx->ctx);
2154 if (!ks_ssl->ssl)
2155 {
2156 crypto_msg(M_FATAL, "SSL_new failed");
2157 }
2158
2159 /* put session * in ssl object so we can access it
2160 * from verify callback*/
2161 SSL_set_ex_data(ks_ssl->ssl, mydata_index, session);
2162
2163 ASSERT((ks_ssl->ssl_bio = BIO_new(BIO_f_ssl())));
2164 ASSERT((ks_ssl->ct_in = BIO_new(BIO_s_mem())));
2165 ASSERT((ks_ssl->ct_out = BIO_new(BIO_s_mem())));
2166
2167#ifdef BIO_DEBUG
2168 bio_debug_oc("open ssl_bio", ks_ssl->ssl_bio);
2169 bio_debug_oc("open ct_in", ks_ssl->ct_in);
2170 bio_debug_oc("open ct_out", ks_ssl->ct_out);
2171#endif
2172
2173 if (is_server)
2174 {
2175 SSL_set_accept_state(ks_ssl->ssl);
2176 }
2177 else
2178 {
2179 SSL_set_connect_state(ks_ssl->ssl);
2180 }
2181
2182 SSL_set_bio(ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
2183 BIO_set_ssl(ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
2184}
2185
2186void
2187key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
2188{
2189 SSL_set_shutdown(ks_ssl->ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2190}
2191
2192void
2193key_state_ssl_free(struct key_state_ssl *ks_ssl)
2194{
2195 if (ks_ssl->ssl)
2196 {
2197#ifdef BIO_DEBUG
2198 bio_debug_oc("close ssl_bio", ks_ssl->ssl_bio);
2199 bio_debug_oc("close ct_in", ks_ssl->ct_in);
2200 bio_debug_oc("close ct_out", ks_ssl->ct_out);
2201#endif
2202 BIO_free_all(ks_ssl->ssl_bio);
2203 SSL_free(ks_ssl->ssl);
2204 }
2205}
2206
2207int
2208key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2209{
2210 int ret = 0;
2211 perf_push(PERF_BIO_WRITE_PLAINTEXT);
2212
2213 ASSERT(NULL != ks_ssl);
2214
2215 ret = bio_write(ks_ssl->ssl_bio, BPTR(buf), BLEN(buf), "tls_write_plaintext");
2216 bio_write_post(ret, buf);
2217
2218 perf_pop();
2219 return ret;
2220}
2221
2222int
2223key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
2224{
2225 int ret = 0;
2226 perf_push(PERF_BIO_WRITE_PLAINTEXT);
2227
2228 ASSERT(NULL != ks_ssl);
2229
2230 ret = bio_write(ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
2231
2232 perf_pop();
2233 return ret;
2234}
2235
2236int
2237key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2238{
2239 int ret = 0;
2240 perf_push(PERF_BIO_READ_CIPHERTEXT);
2241
2242 ASSERT(NULL != ks_ssl);
2243
2244 ret = bio_read(ks_ssl->ct_out, buf, "tls_read_ciphertext");
2245
2246 perf_pop();
2247 return ret;
2248}
2249
2250int
2251key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2252{
2253 int ret = 0;
2254 perf_push(PERF_BIO_WRITE_CIPHERTEXT);
2255
2256 ASSERT(NULL != ks_ssl);
2257
2258 ret = bio_write(ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
2259 bio_write_post(ret, buf);
2260
2261 perf_pop();
2262 return ret;
2263}
2264
2265int
2266key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2267{
2268 int ret = 0;
2269 perf_push(PERF_BIO_READ_PLAINTEXT);
2270
2271 ASSERT(NULL != ks_ssl);
2272
2273 ret = bio_read(ks_ssl->ssl_bio, buf, "tls_read_plaintext");
2274
2275 perf_pop();
2276 return ret;
2277}
2278
2279static void
2280print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
2281{
2282 const char *curve = "";
2283 const char *type = "(error getting type)";
2284
2285 if (pkey == NULL)
2286 {
2287 buf[0] = 0;
2288 return;
2289 }
2290
2291 int typeid = EVP_PKEY_id(pkey);
2292#if OPENSSL_VERSION_NUMBER < 0x30000000L
2293 bool is_ec = typeid == EVP_PKEY_EC;
2294#else
2295 bool is_ec = EVP_PKEY_is_a(pkey, "EC");
2296#endif
2297
2298#ifndef OPENSSL_NO_EC
2299 char groupname[64];
2300 if (is_ec)
2301 {
2302 size_t len;
2303 if (EVP_PKEY_get_group_name(pkey, groupname, sizeof(groupname), &len))
2304 {
2305 curve = groupname;
2306 }
2307 else
2308 {
2309 curve = "(error getting curve name)";
2310 }
2311 }
2312#endif
2313 if (typeid != 0)
2314 {
2315#if OPENSSL_VERSION_NUMBER < 0x30000000L
2316 type = OBJ_nid2sn(typeid);
2317
2318 /* OpenSSL reports rsaEncryption, dsaEncryption and
2319 * id-ecPublicKey, map these values to nicer ones */
2320 if (typeid == EVP_PKEY_RSA)
2321 {
2322 type = "RSA";
2323 }
2324 else if (typeid == EVP_PKEY_DSA)
2325 {
2326 type = "DSA";
2327 }
2328 else if (typeid == EVP_PKEY_EC)
2329 {
2330 /* EC gets the curve appended after the type */
2331 type = "EC, curve ";
2332 }
2333 else if (type == NULL)
2334 {
2335 type = "unknown type";
2336 }
2337#else /* OpenSSL >= 3 */
2338 type = EVP_PKEY_get0_type_name(pkey);
2339 if (type == NULL)
2340 {
2341 type = "(error getting public key type)";
2342 }
2343#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
2344 }
2345
2346 snprintf(buf, buflen, "%d bits %s%s", EVP_PKEY_bits(pkey), type, curve);
2347}
2348
2355static void
2356print_cert_details(X509 *cert, char *buf, size_t buflen)
2357{
2358 EVP_PKEY *pkey = X509_get_pubkey(cert);
2359 char pkeybuf[64] = { 0 };
2360 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2361
2362 char sig[128] = { 0 };
2363 int signature_nid = X509_get_signature_nid(cert);
2364 if (signature_nid != 0)
2365 {
2366 snprintf(sig, sizeof(sig), ", signature: %s", OBJ_nid2sn(signature_nid));
2367 }
2368
2369 snprintf(buf, buflen, ", peer certificate: %s%s", pkeybuf, sig);
2370
2371 EVP_PKEY_free(pkey);
2372}
2373
2374static void
2375print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
2376{
2377 EVP_PKEY *pkey = NULL;
2378 SSL_get_peer_tmp_key(ssl, &pkey);
2379 if (!pkey)
2380 {
2381 return;
2382 }
2383
2384 char pkeybuf[128] = { 0 };
2385 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2386
2387 snprintf(buf, buflen, ", peer temporary key: %s", pkeybuf);
2388
2389 EVP_PKEY_free(pkey);
2390}
2391
2392#if !defined(LIBRESSL_VERSION_NUMBER) \
2393 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2399static const char *
2400get_sigtype(int nid)
2401{
2402 /* Fix a few OpenSSL names to be better understandable */
2403 switch (nid)
2404 {
2405 case EVP_PKEY_RSA:
2406 /* will otherwise say rsaEncryption */
2407 return "RSA";
2408
2409 case EVP_PKEY_DSA:
2410 /* dsaEncryption otherwise */
2411 return "DSA";
2412
2413 case EVP_PKEY_EC:
2414 /* will say id-ecPublicKey */
2415 return "ECDSA";
2416
2417 case -1:
2418 return "(error getting name)";
2419
2420 default:
2421 return OBJ_nid2sn(nid);
2422 }
2423}
2424#endif /* ifndef LIBRESSL_VERSION_NUMBER */
2425
2430static void
2431print_peer_signature(SSL *ssl, char *buf, size_t buflen)
2432{
2433 int peer_sig_type_nid = NID_undef;
2434 const char *peer_sig_unknown = "unknown";
2435 const char *peer_sig = peer_sig_unknown;
2436 const char *peer_sig_type = "unknown type";
2437
2438 const char *signame = NULL;
2439 SSL_get0_peer_signature_name(ssl, &signame);
2440 if (signame)
2441 {
2442 peer_sig = signame;
2443 }
2444
2445#if !defined(LIBRESSL_VERSION_NUMBER) \
2446 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2447 /* LibreSSL 3.7.x and 3.8.x implement this function but do not export it
2448 * and fail linking with an unresolved symbol */
2449 if (SSL_get_peer_signature_type_nid(ssl, &peer_sig_type_nid) && peer_sig_type_nid != NID_undef)
2450 {
2451 peer_sig_type = get_sigtype(peer_sig_type_nid);
2452 }
2453#endif
2454
2455 if (peer_sig == peer_sig_unknown && peer_sig_type_nid == NID_undef)
2456 {
2457 return;
2458 }
2459
2460 snprintf(buf, buflen, ", peer signing digest/type: %s %s", peer_sig, peer_sig_type);
2461}
2462
2463#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2464void
2465print_tls_key_agreement_group(SSL *ssl, char *buf, size_t buflen)
2466{
2467 const char *groupname = SSL_get0_group_name(ssl);
2468 if (!groupname)
2469 {
2470 snprintf(buf, buflen, ", key agreement: (error fetching group)");
2471 }
2472 else
2473 {
2474 snprintf(buf, buflen, ", key agreement: %s", groupname);
2475 }
2476}
2477#endif
2478
2479/* **************************************
2480 *
2481 * Information functions
2482 *
2483 * Print information for the end user.
2484 *
2485 ***************************************/
2486void
2487print_details(struct key_state_ssl *ks_ssl, const char *prefix)
2488{
2489 const SSL_CIPHER *ciph;
2490 char s1[256];
2491 char s2[256];
2492 char s3[256];
2493 char s4[256];
2494 char s5[256];
2495
2496 s1[0] = s2[0] = s3[0] = s4[0] = s5[0] = 0;
2497 ciph = SSL_get_current_cipher(ks_ssl->ssl);
2498 snprintf(s1, sizeof(s1), "%s %s, cipher %s %s", prefix, SSL_get_version(ks_ssl->ssl),
2499 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
2500 X509 *cert = SSL_get_peer_certificate(ks_ssl->ssl);
2501
2502 if (cert)
2503 {
2504 print_cert_details(cert, s2, sizeof(s2));
2505 X509_free(cert);
2506 }
2507 print_server_tempkey(ks_ssl->ssl, s3, sizeof(s3));
2508 print_peer_signature(ks_ssl->ssl, s4, sizeof(s4));
2509#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2510 print_tls_key_agreement_group(ks_ssl->ssl, s5, sizeof(s5));
2511#endif
2512
2513 msg(D_HANDSHAKE, "%s%s%s%s%s", s1, s2, s3, s4, s5);
2514}
2515
2516void
2517show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
2518{
2519 struct tls_root_ctx tls_ctx;
2520
2521 tls_ctx.ctx = SSL_CTX_new(SSLv23_method());
2522 if (!tls_ctx.ctx)
2523 {
2524 crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
2525 }
2526
2527#if defined(TLS1_3_VERSION)
2528 if (tls13)
2529 {
2530 SSL_CTX_set_min_proto_version(tls_ctx.ctx, openssl_tls_version(TLS_VER_1_3));
2531 tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list);
2532 }
2533 else
2534#endif
2535 {
2536 SSL_CTX_set_max_proto_version(tls_ctx.ctx, TLS1_2_VERSION);
2537 tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
2538 }
2539
2540 tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
2541
2542 SSL *ssl = SSL_new(tls_ctx.ctx);
2543 if (!ssl)
2544 {
2545 crypto_msg(M_FATAL, "Cannot create SSL object");
2546 }
2547
2548#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC)
2549 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
2550#else
2551 STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
2552#endif
2553 for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++)
2554 {
2555 const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
2556
2557 const char *cipher_name = SSL_CIPHER_get_name(c);
2558
2559 const tls_cipher_name_pair *pair =
2560 tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
2561
2562 if (tls13)
2563 {
2564 printf("%s\n", cipher_name);
2565 }
2566 else if (NULL == pair)
2567 {
2568 /* No translation found, print warning */
2569 printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n", cipher_name);
2570 }
2571 else
2572 {
2573 printf("%s\n", pair->iana_name);
2574 }
2575 }
2576#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
2577 sk_SSL_CIPHER_free(sk);
2578#endif
2579 SSL_free(ssl);
2580 SSL_CTX_free(tls_ctx.ctx);
2581}
2582
2583/*
2584 * Show the Elliptic curves that are available for us to use
2585 * in the OpenSSL library.
2586 */
2587void
2588show_available_curves(void)
2589{
2590 printf("Consider using 'openssl ecparam -list_curves' as alternative to running\n"
2591 "this command.\n"
2592 "Note this output does only list curves/groups that OpenSSL considers as\n"
2593 "builtin EC curves. It does not list additional curves nor X448 or X25519\n");
2594#ifndef OPENSSL_NO_EC
2595 EC_builtin_curve *curves = NULL;
2596 size_t crv_len = 0;
2597 size_t n = 0;
2598
2599 crv_len = EC_get_builtin_curves(NULL, 0);
2600 ALLOC_ARRAY(curves, EC_builtin_curve, crv_len);
2601 if (EC_get_builtin_curves(curves, crv_len))
2602 {
2603 printf("\nAvailable Elliptic curves/groups:\n");
2604 for (n = 0; n < crv_len; n++)
2605 {
2606 const char *sname;
2607 sname = OBJ_nid2sn(curves[n].nid);
2608 if (sname == NULL)
2609 {
2610 sname = "";
2611 }
2612
2613 printf("%s\n", sname);
2614 }
2615 }
2616 else
2617 {
2618 crypto_msg(M_FATAL, "Cannot get list of builtin curves");
2619 }
2620 free(curves);
2621#else /* ifndef OPENSSL_NO_EC */
2622 msg(M_WARN, "Your OpenSSL library was built without elliptic curve support. "
2623 "No curves available.");
2624#endif /* ifndef OPENSSL_NO_EC */
2625}
2626
2627const char *
2628get_ssl_library_version(void)
2629{
2630 return OpenSSL_version(OPENSSL_VERSION);
2631}
2632
2633
2635#ifdef HAVE_XKEY_PROVIDER
2636static int
2637provider_load(OSSL_PROVIDER *prov, void *dest_libctx)
2638{
2639 const char *name = OSSL_PROVIDER_get0_name(prov);
2640 OSSL_PROVIDER_load(dest_libctx, name);
2641 return 1;
2642}
2643
2644static int
2645provider_unload(OSSL_PROVIDER *prov, void *unused)
2646{
2647 (void)unused;
2648 OSSL_PROVIDER_unload(prov);
2649 return 1;
2650}
2651#endif /* HAVE_XKEY_PROVIDER */
2652
2660void
2661load_xkey_provider(void)
2662{
2663#ifdef HAVE_XKEY_PROVIDER
2664
2665 /* Make a new library context for use in TLS context */
2666 if (!tls_libctx)
2667 {
2668 tls_libctx = OSSL_LIB_CTX_new();
2669 check_malloc_return(tls_libctx);
2670
2671 /* Load all providers in default LIBCTX into this libctx.
2672 * OpenSSL has a child libctx functionality to automate this,
2673 * but currently that is usable only from within providers.
2674 * So we do something close to it manually here.
2675 */
2676 OSSL_PROVIDER_do_all(NULL, provider_load, tls_libctx);
2677 }
2678
2679 if (!OSSL_PROVIDER_available(tls_libctx, "ovpn.xkey"))
2680 {
2681 OSSL_PROVIDER_add_builtin(tls_libctx, "ovpn.xkey", xkey_provider_init);
2682 if (!OSSL_PROVIDER_load(tls_libctx, "ovpn.xkey"))
2683 {
2684 msg(M_NONFATAL, "ERROR: failed loading external key provider: "
2685 "Signing with external keys will not work.");
2686 }
2687 }
2688
2689 /* We only implement minimal functionality in ovpn.xkey, so we do not want
2690 * methods in xkey to be picked unless absolutely required (i.e, when the key
2691 * is external). Ensure this by setting a default propquery for the custom
2692 * libctx that unprefers, but does not forbid, ovpn.xkey. See also man page
2693 * of "property" in OpenSSL 3.0.
2694 */
2695 EVP_set_default_properties(tls_libctx, "?provider!=ovpn.xkey");
2696
2697#endif /* HAVE_XKEY_PROVIDER */
2698}
2699
2703static void
2704unload_xkey_provider(void)
2705{
2706#ifdef HAVE_XKEY_PROVIDER
2707 if (tls_libctx)
2708 {
2709 OSSL_PROVIDER_do_all(tls_libctx, provider_unload, NULL);
2710 OSSL_LIB_CTX_free(tls_libctx);
2711 }
2712#endif /* HAVE_XKEY_PROVIDER */
2713 tls_libctx = NULL;
2714}
2715
2716#endif /* defined(ENABLE_CRYPTO_OPENSSL) */
gc_malloc
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition buffer.c:336
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:649
format_hex
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
Definition buffer.h:503
BPTR
#define BPTR(buf)
Definition buffer.h:123
ALLOC_ARRAY_CLEAR_GC
#define ALLOC_ARRAY_CLEAR_GC(dptr, type, n, gc)
Definition buffer.h:1064
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition buffer.h:539
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:414
BLEN
#define BLEN(buf)
Definition buffer.h:126
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1085
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
ALLOC_ARRAY
#define ALLOC_ARRAY(dptr, type, n)
Definition buffer.h:1048
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1007
ptr_type
unsigned long ptr_type
Definition common.h:57
ptr_format
#define ptr_format
Definition common.h:48
strsep
char * strsep(char **stringp, const char *delim)
Definition compat-strsep.c:35
print_key_filename
const char * print_key_filename(const char *str, bool is_inline)
To be used when printing a string that may contain inline data.
Definition crypto.c:1273
crypto_print_openssl_errors
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
Definition crypto_openssl.c:230
crypto_msg
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
Definition crypto_openssl.h:116
SSL_CTX_use_CryptoAPI_certificate
int SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
Definition cryptoapi.c:59
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition errlevel.h:76
D_TLS_DEBUG_MED
#define D_TLS_DEBUG_MED
Definition errlevel.h:156
D_HANDSHAKE_VERBOSE
#define D_HANDSHAKE_VERBOSE
Definition errlevel.h:155
D_HANDSHAKE
#define D_HANDSHAKE
Definition errlevel.h:71
D_TLS_ERRORS
#define D_TLS_ERRORS
Definition errlevel.h:58
D_LOW
#define D_LOW
Definition errlevel.h:96
M_INFO
#define M_INFO
Definition errlevel.h:54
D_TLS_DEBUG
#define D_TLS_DEBUG
Definition errlevel.h:164
KS_PRIMARY
#define KS_PRIMARY
Primary key state index.
Definition ssl_common.h:465
key_state_read_plaintext
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract plaintext data from the TLS module.
Definition ssl_openssl.c:2266
key_state_write_ciphertext
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition ssl_openssl.c:2251
key_state_read_ciphertext
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract ciphertext data from the TLS module.
Definition ssl_openssl.c:2237
key_state_write_plaintext_const
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition ssl_openssl.c:2223
key_state_write_plaintext
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition ssl_openssl.c:2208
verify_callback
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer's certificate allows setting up a VPN tunnel.
constrain_int
static int constrain_int(int x, int min, int max)
Definition integer.h:118
status
static SERVICE_STATUS status
Definition interactive.c:51
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3106
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3768
VALGRIND_MAKE_READABLE
#define VALGRIND_MAKE_READABLE(addr, len)
Definition memdbg.h:53
purge_user_pass
void purge_user_pass(struct user_pass *up, const bool force)
Definition misc.c:465
GET_USER_PASS_MANAGEMENT
#define GET_USER_PASS_MANAGEMENT
Definition misc.h:110
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:112
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:150
openssl_compat.h
OpenSSL compatibility stub.
OSSL_PROVIDER
void OSSL_PROVIDER
Definition openssl_compat.h:128
SSL_get0_peer_signature_name
static int SSL_get0_peer_signature_name(SSL *ssl, const char **sigalg)
Definition openssl_compat.h:174
OSSL_LIB_CTX
void OSSL_LIB_CTX
Definition openssl_compat.h:127
EVP_PKEY_get_group_name
static int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, size_t *gname_len)
Definition openssl_compat.h:90
SSL_CTX_set1_groups
#define SSL_CTX_set1_groups
Definition openssl_compat.h:50
SSL_CTX_new_ex
#define SSL_CTX_new_ex(libctx, propq, method)
Reduce SSL_CTX_new_ex() to SSL_CTX_new() for OpenSSL < 3.
Definition openssl_compat.h:124
CLEAR
#define CLEAR(x)
Definition basic.h:32
M_FATAL
#define M_FATAL
Definition error.h:88
M_NONFATAL
#define M_NONFATAL
Definition error.h:89
dmsg
#define dmsg(flags,...)
Definition error.h:170
msg
#define msg(flags,...)
Definition error.h:150
ASSERT
#define ASSERT(x)
Definition error.h:217
M_DEBUG
#define M_DEBUG
Definition error.h:91
M_WARN
#define M_WARN
Definition error.h:90
streq
#define streq(x, y)
Definition options.h:727
perf_push
static void perf_push(int type)
Definition perf.h:77
PERF_BIO_READ_PLAINTEXT
#define PERF_BIO_READ_PLAINTEXT
Definition perf.h:37
PERF_BIO_WRITE_CIPHERTEXT
#define PERF_BIO_WRITE_CIPHERTEXT
Definition perf.h:40
perf_pop
static void perf_pop(void)
Definition perf.h:81
PERF_BIO_READ_CIPHERTEXT
#define PERF_BIO_READ_CIPHERTEXT
Definition perf.h:39
PERF_BIO_WRITE_PLAINTEXT
#define PERF_BIO_WRITE_PLAINTEXT
Definition perf.h:38
platform_fopen
FILE * platform_fopen(const char *path, const char *mode)
Definition platform.c:504
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition base64.c:157
openvpn_base64_encode
int openvpn_base64_encode(const void *data, int size, char **str)
Definition base64.c:51
pem_password_callback
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user's password.
Definition ssl.c:260
ssl_backend.h
Control Channel SSL library backend module.
TLS_VER_1_0
#define TLS_VER_1_0
Definition ssl_backend.h:105
TLS_VER_1_2
#define TLS_VER_1_2
Definition ssl_backend.h:107
TLS_VER_1_3
#define TLS_VER_1_3
Definition ssl_backend.h:108
TLS_VER_1_1
#define TLS_VER_1_1
Definition ssl_backend.h:106
ssl_common.h
Control Channel Common Data Structures.
SSLF_TLS_VERSION_MAX_SHIFT
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition ssl_common.h:432
UP_TYPE_PRIVATE_KEY
#define UP_TYPE_PRIVATE_KEY
Definition ssl_common.h:42
SSLF_CLIENT_CERT_OPTIONAL
#define SSLF_CLIENT_CERT_OPTIONAL
Definition ssl_common.h:425
SSLF_CLIENT_CERT_NOT_REQUIRED
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition ssl_common.h:424
SSLF_TLS_VERSION_MAX_MASK
#define SSLF_TLS_VERSION_MAX_MASK
Definition ssl_common.h:433
SSLF_TLS_VERSION_MIN_SHIFT
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition ssl_common.h:430
SSLF_TLS_VERSION_MIN_MASK
#define SSLF_TLS_VERSION_MIN_MASK
Definition ssl_common.h:431
tls_ctx_set_tls_groups
void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
Set the (elliptic curve) group allowed for signatures and key exchange.
Definition ssl_openssl.c:558
tls_ctx_free
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition ssl_openssl.c:139
bio_read
static int bio_read(BIO *bio, struct buffer *buf, const char *desc)
Definition ssl_openssl.c:2097
get_ssl_library_version
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition ssl_openssl.c:2628
openvpn_extkey_ec_finish
static void openvpn_extkey_ec_finish(EC_KEY *ec)
Definition ssl_openssl.c:1578
tls_ctx_set_tls_versions
static bool tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Definition ssl_openssl.c:276
bio_write
static int bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
Definition ssl_openssl.c:2036
openvpn_extkey_rsa_finish
static int openvpn_extkey_rsa_finish(RSA *rsa)
Definition ssl_openssl.c:1427
tls_ctx_use_external_ec_key
static int tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1642
openssl_tls_version
static int openssl_tls_version(int ver)
Convert internal version number to openssl version number.
Definition ssl_openssl.c:239
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition ssl_openssl.c:155
load_xkey_provider
void load_xkey_provider(void)
Some helper routines for provider load/unload.
Definition ssl_openssl.c:2661
print_pkey_details
static void print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
Definition ssl_openssl.c:2280
print_server_tempkey
static void print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
Definition ssl_openssl.c:2375
rsa_pub_enc
static int rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1403
tls_ctx_add_extra_certs
static void tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
Definition ssl_openssl.c:1046
show_available_tls_ciphers_list
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
Show the TLS ciphers that are available for us to use in the library depending on the TLS version.
Definition ssl_openssl.c:2517
load_pkey_from_uri
static void * load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
Load private key from OSSL_STORE URI or file uri : URI of object or filename ssl_ctx : SSL_CTX for UI...
Definition ssl_openssl.c:830
tls_ctx_server_new
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition ssl_openssl.c:103
show_available_curves
void show_available_curves(void)
Show the available elliptic curves in the crypto library.
Definition ssl_openssl.c:2588
key_state_ssl_free
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition ssl_openssl.c:2193
ecdsa_sign
static int ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
Definition ssl_openssl.c:1590
tls_ctx_load_priv_file
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
Definition ssl_openssl.c:1264
key_state_ssl_shutdown
void key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
Sets a TLS session to be shutdown state, so the TLS library will generate a shutdown alert.
Definition ssl_openssl.c:2187
tls_ctx_load_extra_certs
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, bool extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1930
print_peer_signature
static void print_peer_signature(SSL *ssl, char *buf, size_t buflen)
Get the type of the signature that is used by the peer during the TLS handshake.
Definition ssl_openssl.c:2431
tls_libctx
OSSL_LIB_CTX * tls_libctx
Definition ssl_openssl.c:78
get_sigtype
static const char * get_sigtype(int nid)
Translate an OpenSSL NID into a more human readable name.
Definition ssl_openssl.c:2400
mydata_index
int mydata_index
Allocate space in SSL objects in which to store a struct tls_session pointer back to parent.
Definition ssl_openssl.c:88
print_cert_details
static void print_cert_details(X509 *cert, char *buf, size_t buflen)
Print human readable information about the certificate into buf.
Definition ssl_openssl.c:2356
ecdsa_sign_setup
static int ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
Definition ssl_openssl.c:1611
tls_ctx_check_cert_time
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition ssl_openssl.c:616
tls_ctx_restrict_ciphers_tls13
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher.
Definition ssl_openssl.c:489
cert_uri_supported
static bool cert_uri_supported(void)
Definition ssl_openssl.c:1079
rsa_priv_dec
static int rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1419
INFO_CALLBACK_SSL_CONST
#define INFO_CALLBACK_SSL_CONST
Definition ssl_openssl.c:177
rsa_pub_dec
static int rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1411
bio_write_post
static void bio_write_post(const int status, struct buffer *buf)
Definition ssl_openssl.c:2084
tls_ctx_load_pkcs12
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context.
Definition ssl_openssl.c:899
tls_ctx_initialised
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition ssl_openssl.c:148
key_state_ssl_init
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition ssl_openssl.c:2146
tls_free_lib
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition ssl_openssl.c:98
unload_xkey_provider
static void unload_xkey_provider(void)
Undo steps in load_xkey_provider.
Definition ssl_openssl.c:2704
get_rsa_padding_name
const char * get_rsa_padding_name(const int padding)
Definition ssl_openssl.c:1442
tls_ctx_load_ecdh_params
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:710
get_sig_from_man
static int get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig, unsigned int siglen, const char *algorithm)
Pass the input hash in 'dgst' to management and get the signature back.
Definition ssl_openssl.c:1469
tls_ctx_load_cert_uri
static void tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
Definition ssl_openssl.c:1089
rsa_priv_enc
static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1494
convert_tls_list_to_openssl
static void convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:354
tls_ctx_load_cert_pem_file
static void tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Definition ssl_openssl.c:1191
tls_init_lib
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition ssl_openssl.c:91
print_details
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Print a one line summary of SSL/TLS session handshake.
Definition ssl_openssl.c:2487
info_callback
static void info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
Definition ssl_openssl.c:180
tls_version_max
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation.
Definition ssl_openssl.c:203
backend_tls_ctx_reload_crl
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition ssl_openssl.c:1318
tls_ctx_restrict_ciphers
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below.
Definition ssl_openssl.c:428
tls_ctx_load_ca
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1783
tls_ctx_set_cert_profile
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition ssl_openssl.c:517
tls_ctx_use_management_external_key
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
Definition ssl_openssl.c:1704
tls_ctx_use_external_rsa_key
static int tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1511
ecdsa_sign_sig
static ECDSA_SIG * ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *ec)
Definition ssl_openssl.c:1621
tls_ctx_load_cryptoapi
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition ssl_openssl.c:1032
convert_tls13_list_to_openssl
static void convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:464
tls_ctx_set_options
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition ssl_openssl.c:306
tls_ctx_load_dh_params
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:652
tls_ctx_client_new
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition ssl_openssl.c:121
sk_x509_name_cmp
static int sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
Definition ssl_openssl.c:1777
tls_ctx_load_cert_file
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Load certificate file into the given TLS context.
Definition ssl_openssl.c:1251
get_num_elements
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number e...
Definition ssl_util.c:294
tls_get_cipher_name_pair
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition ssl_util.c:275
ssl_util.h
SSL utility functions.
ssl_verify_openssl.h
Control Channel Verification Module OpenSSL backend.
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
key_state_ssl
Definition ssl_mbedtls.h:138
key_state_ssl::ct_in
BIO * ct_in
Definition ssl_openssl.h:50
key_state_ssl::ssl
SSL * ssl
Definition ssl_openssl.h:48
key_state_ssl::ssl_bio
BIO * ssl_bio
Definition ssl_openssl.h:49
key_state_ssl::ct_out
BIO * ct_out
Definition ssl_openssl.h:51
signame
Definition sig.c:47
tls_cipher_name_pair
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name.
Definition ssl_util.h:77
tls_cipher_name_pair::iana_name
const char * iana_name
Definition ssl_util.h:79
tls_cipher_name_pair::openssl_name
const char * openssl_name
Definition ssl_util.h:78
tls_root_ctx
Structure that wraps the TLS context.
Definition ssl_mbedtls.h:116
tls_root_ctx::ctx
SSL_CTX * ctx
Definition ssl_openssl.h:41
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:490
user_pass
Definition misc.h:52
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:68
cleanup
static int cleanup(void **state)
Definition test_pkcs11.c:289
i
int i
Definition test_push_update_msg.c:120
gc
struct gc_arena gc
Definition test_ssl.c:154
xkey_common.h
Generated by doxygen 1.9.8