OpenVPN
ssl_openssl.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9 * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
24
30#ifdef HAVE_CONFIG_H
31#include "config.h"
32#endif
33
34#include "syshead.h"
35
36#if defined(ENABLE_CRYPTO_OPENSSL)
37
38#include "errlevel.h"
39#include "buffer.h"
40#include "misc.h"
41#include "manage.h"
42#include "memdbg.h"
43#include "ssl_backend.h"
44#include "ssl_common.h"
45#include "base64.h"
46#include "openssl_compat.h"
47#include "xkey_common.h"
48
49#ifdef ENABLE_CRYPTOAPI
50#include "cryptoapi.h"
51#endif
52
53#include "ssl_verify_openssl.h"
54#include "ssl_util.h"
55
56#include <openssl/bn.h>
57#include <openssl/crypto.h>
58#include <openssl/dh.h>
59#include <openssl/dsa.h>
60#include <openssl/err.h>
61#include <openssl/pkcs12.h>
62#include <openssl/rsa.h>
63#include <openssl/x509.h>
64#include <openssl/ssl.h>
65#ifndef OPENSSL_NO_EC
66#include <openssl/ec.h>
67#endif
68
69#if OPENSSL_VERSION_NUMBER >= 0x30000000L
70#define HAVE_OPENSSL_STORE_API
71#include <openssl/ui.h>
72#include <openssl/store.h>
73#endif
74
75#if defined(_MSC_VER) && !defined(_M_ARM64)
76#include <openssl/applink.c>
77#endif
78
79OSSL_LIB_CTX *tls_libctx; /* Global */
80
81static void unload_xkey_provider(void);
82
83/*
84 * Allocate space in SSL objects in which to store a struct tls_session
85 * pointer back to parent.
86 *
87 */
88
89int mydata_index; /* GLOBAL */
90
91void
92tls_init_lib(void)
93{
94 mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
95 ASSERT(mydata_index >= 0);
96}
97
98void
99tls_free_lib(void)
100{
101}
102
103void
104tls_ctx_server_new(struct tls_root_ctx *ctx)
105{
106 ASSERT(NULL != ctx);
107
108 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_server_method());
109
110 if (ctx->ctx == NULL)
111 {
112 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
113 }
114 if (ERR_peek_error() != 0)
115 {
116 crypto_msg(M_WARN, "Warning: TLS server context initialisation "
117 "has warnings.");
118 }
119}
120
121void
122tls_ctx_client_new(struct tls_root_ctx *ctx)
123{
124 ASSERT(NULL != ctx);
125
126 ctx->ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_client_method());
127
128 if (ctx->ctx == NULL)
129 {
130 crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
131 }
132 if (ERR_peek_error() != 0)
133 {
134 crypto_msg(M_WARN, "Warning: TLS client context initialisation "
135 "has warnings.");
136 }
137}
138
139void
140tls_ctx_free(struct tls_root_ctx *ctx)
141{
142 ASSERT(NULL != ctx);
143 SSL_CTX_free(ctx->ctx);
144 ctx->ctx = NULL;
145 unload_xkey_provider(); /* in case it is loaded */
146}
147
148bool
149tls_ctx_initialised(struct tls_root_ctx *ctx)
150{
151 ASSERT(NULL != ctx);
152 return NULL != ctx->ctx;
153}
154
155bool
156key_state_export_keying_material(struct tls_session *session,
157 const char *label, size_t label_size,
158 void *ekm, size_t ekm_size)
159
160{
161 SSL *ssl = session->key[KS_PRIMARY].ks_ssl.ssl;
162
163 if (SSL_export_keying_material(ssl, ekm, ekm_size, label,
164 label_size, NULL, 0, 0) == 1)
165 {
166 return true;
167 }
168 else
169 {
170 secure_memzero(ekm, ekm_size);
171 return false;
172 }
173}
174
175/*
176 * Print debugging information on SSL/TLS session negotiation.
177 */
178
179#ifndef INFO_CALLBACK_SSL_CONST
180#define INFO_CALLBACK_SSL_CONST const
181#endif
182static void
183info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
184{
185 if (where & SSL_CB_LOOP)
186 {
187 dmsg(D_HANDSHAKE_VERBOSE, "SSL state (%s): %s",
188 where & SSL_ST_CONNECT ? "connect" :
189 where &SSL_ST_ACCEPT ? "accept" :
190 "undefined", SSL_state_string_long(s));
191 }
192 else if (where & SSL_CB_ALERT)
193 {
194 dmsg(D_TLS_DEBUG_LOW, "%s %s SSL alert: %s",
195 where & SSL_CB_READ ? "Received" : "Sent",
196 SSL_alert_type_string_long(ret),
197 SSL_alert_desc_string_long(ret));
198 }
199}
200
201/*
202 * Return maximum TLS version supported by local OpenSSL library.
203 * Assume that presence of SSL_OP_NO_TLSvX macro indicates that
204 * TLSvX is supported.
205 */
206int
207tls_version_max(void)
208{
209#if defined(TLS1_3_VERSION)
210 /* If this is defined we can safely assume TLS 1.3 support */
211 return TLS_VER_1_3;
212#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
213 /*
214 * If TLS_VER_1_3 is not defined, we were compiled against a version that
215 * did not support TLS 1.3.
216 *
217 * However, the library we are *linked* against might be OpenSSL 1.1.1
218 * and therefore supports TLS 1.3. This needs to be checked at runtime
219 * since we can be compiled against 1.1.0 and then the library can be
220 * upgraded to 1.1.1.
221 * We only need to check this for OpenSSL versions that can be
222 * upgraded to 1.1.1 without recompile (>= 1.1.0)
223 */
224 if (OpenSSL_version_num() >= 0x1010100fL)
225 {
226 return TLS_VER_1_3;
227 }
228 else
229 {
230 return TLS_VER_1_2;
231 }
232#elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2)
233 return TLS_VER_1_2;
234#elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1)
235 return TLS_VER_1_1;
236#else /* if defined(TLS1_3_VERSION) */
237 return TLS_VER_1_0;
238#endif
239}
240
242static int
243openssl_tls_version(int ver)
244{
245 if (ver == TLS_VER_1_0)
246 {
247 return TLS1_VERSION;
248 }
249 else if (ver == TLS_VER_1_1)
250 {
251 return TLS1_1_VERSION;
252 }
253 else if (ver == TLS_VER_1_2)
254 {
255 return TLS1_2_VERSION;
256 }
257 else if (ver == TLS_VER_1_3)
258 {
259 /*
260 * Supporting the library upgraded to TLS1.3 without recompile
261 * is enough to support here with a simple constant that the same
262 * as in the TLS 1.3, so spec it is very unlikely that OpenSSL
263 * will change this constant
264 */
265#ifndef TLS1_3_VERSION
266 /*
267 * We do not want to define TLS_VER_1_3 if not defined
268 * since other parts of the code use the existance of this macro
269 * as proxy for TLS 1.3 support
270 */
271 return 0x0304;
272#else
273 return TLS1_3_VERSION;
274#endif
275 }
276 return 0;
277}
278
279static bool
280tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
281{
282 int tls_ver_min = openssl_tls_version(
283 (ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) & SSLF_TLS_VERSION_MIN_MASK);
284 int tls_ver_max = openssl_tls_version(
285 (ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK);
286
287 if (!tls_ver_min)
288 {
289 /* Enforce at least TLS 1.0 */
290 int cur_min = SSL_CTX_get_min_proto_version(ctx->ctx);
291 tls_ver_min = cur_min < TLS1_VERSION ? TLS1_VERSION : cur_min;
292 }
293
294 if (!SSL_CTX_set_min_proto_version(ctx->ctx, tls_ver_min))
295 {
296 msg(D_TLS_ERRORS, "%s: failed to set minimum TLS version", __func__);
297 return false;
298 }
299
300 if (tls_ver_max && !SSL_CTX_set_max_proto_version(ctx->ctx, tls_ver_max))
301 {
302 msg(D_TLS_ERRORS, "%s: failed to set maximum TLS version", __func__);
303 return false;
304 }
305
306 return true;
307}
308
309bool
310tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
311{
312 ASSERT(NULL != ctx);
313
314 /* process SSL options */
315 long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET;
316#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
317 sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE;
318#endif
319 sslopt |= SSL_OP_NO_COMPRESSION;
320 /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL
321 * session and does not depend on this feature. And TLS renegotiations have
322 * been problematic in the past */
323#ifdef SSL_OP_NO_RENEGOTIATION
324 sslopt |= SSL_OP_NO_RENEGOTIATION;
325#endif
326
327 SSL_CTX_set_options(ctx->ctx, sslopt);
328
329 if (!tls_ctx_set_tls_versions(ctx, ssl_flags))
330 {
331 return false;
332 }
333
334#ifdef SSL_MODE_RELEASE_BUFFERS
335 SSL_CTX_set_mode(ctx->ctx, SSL_MODE_RELEASE_BUFFERS);
336#endif
337 SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_OFF);
338 SSL_CTX_set_default_passwd_cb(ctx->ctx, pem_password_callback);
339
340 /* Require peer certificate verification */
341 int verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
342 if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
343 {
344 verify_flags = 0;
345 }
346 else if (ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
347 {
348 verify_flags = SSL_VERIFY_PEER;
349 }
350 SSL_CTX_set_verify(ctx->ctx, verify_flags, verify_callback);
351
352 SSL_CTX_set_info_callback(ctx->ctx, info_callback);
353
354 return true;
355}
356
357static void
358convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
359{
360 /* Parse supplied cipher list and pass on to OpenSSL */
361 size_t begin_of_cipher, end_of_cipher;
362
363 const char *current_cipher;
364 size_t current_cipher_len;
365
366 const tls_cipher_name_pair *cipher_pair;
367
368 size_t openssl_ciphers_len = 0;
369 openssl_ciphers[0] = '\0';
370
371 /* Translate IANA cipher suite names to OpenSSL names */
372 begin_of_cipher = end_of_cipher = 0;
373 for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
374 {
375 end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
376 cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
377
378 if (NULL == cipher_pair)
379 {
380 /* No translation found, use original */
381 current_cipher = &ciphers[begin_of_cipher];
382 current_cipher_len = end_of_cipher - begin_of_cipher;
383
384 /* Issue warning on missing translation */
385 /* %.*s format specifier expects length of type int, so guarantee */
386 /* that length is small enough and cast to int. */
387 msg(D_LOW, "No valid translation found for TLS cipher '%.*s'",
388 constrain_int(current_cipher_len, 0, 256), current_cipher);
389 }
390 else
391 {
392 /* Use OpenSSL name */
393 current_cipher = cipher_pair->openssl_name;
394 current_cipher_len = strlen(current_cipher);
395
396 if (end_of_cipher - begin_of_cipher == current_cipher_len
397 && 0 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name,
398 end_of_cipher - begin_of_cipher))
399 {
400 /* Non-IANA name used, show warning */
401 msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'", cipher_pair->openssl_name, cipher_pair->iana_name);
402 }
403 }
404
405 /* Make sure new cipher name fits in cipher string */
406 if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
407 || (len - 1) < (openssl_ciphers_len + current_cipher_len))
408 {
409 msg(M_FATAL,
410 "Failed to set restricted TLS cipher list, too long (>%d).",
411 (int)(len - 1));
412 }
413
414 /* Concatenate cipher name to OpenSSL cipher string */
415 memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
416 openssl_ciphers_len += current_cipher_len;
417 openssl_ciphers[openssl_ciphers_len] = ':';
418 openssl_ciphers_len++;
419
420 end_of_cipher++;
421 }
422
423 if (openssl_ciphers_len > 0)
424 {
425 openssl_ciphers[openssl_ciphers_len-1] = '\0';
426 }
427}
428
429void
430tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
431{
432 if (ciphers == NULL)
433 {
434 /* Use sane default TLS cipher list */
435 if (!SSL_CTX_set_cipher_list(ctx->ctx,
436 /* Use openssl's default list as a basis */
437 "DEFAULT"
438 /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */
439 ":!EXP:!LOW:!MEDIUM"
440 /* Disable static (EC)DH keys (no forward secrecy) */
441 ":!kDH:!kECDH"
442 /* Disable DSA private keys */
443 ":!DSS"
444 /* Disable unsupported TLS modes */
445 ":!PSK:!SRP:!kRSA"))
446 {
447 crypto_msg(M_FATAL, "Failed to set default TLS cipher list.");
448 }
449 return;
450 }
451
452 char openssl_ciphers[4096];
453 convert_tls_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
454
455 ASSERT(NULL != ctx);
456
457 /* Set OpenSSL cipher list */
458 if (!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers))
459 {
460 crypto_msg(M_FATAL, "Failed to set restricted TLS cipher list: %s", openssl_ciphers);
461 }
462}
463
464static void
465convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len,
466 const char *ciphers)
467{
468 /*
469 * OpenSSL (and official IANA) cipher names have _ in them. We
470 * historically used names with - in them. Silently convert names
471 * with - to names with _ to support both
472 */
473 if (strlen(ciphers) >= (len - 1))
474 {
475 msg(M_FATAL,
476 "Failed to set restricted TLS 1.3 cipher list, too long (>%d).",
477 (int) (len - 1));
478 }
479
480 strncpy(openssl_ciphers, ciphers, len);
481
482 for (size_t i = 0; i < strlen(openssl_ciphers); i++)
483 {
484 if (openssl_ciphers[i] == '-')
485 {
486 openssl_ciphers[i] = '_';
487 }
488 }
489}
490
491void
492tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
493{
494 if (ciphers == NULL)
495 {
496 /* default cipher list of OpenSSL 1.1.1 is sane, do not set own
497 * default as we do with tls-cipher */
498 return;
499 }
500
501#if !defined(TLS1_3_VERSION)
502 crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
503 "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
504 ciphers);
505#else
506 ASSERT(NULL != ctx);
507
508 char openssl_ciphers[4096];
509 convert_tls13_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers),
510 ciphers);
511
512 if (!SSL_CTX_set_ciphersuites(ctx->ctx, openssl_ciphers))
513 {
514 crypto_msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list: %s",
515 openssl_ciphers);
516 }
517#endif
518}
519
520void
521tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
522{
523#if OPENSSL_VERSION_NUMBER > 0x10100000L \
524 && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3060000fL)
525 /* OpenSSL does not have certificate profiles, but a complex set of
526 * callbacks that we could try to implement to achieve something similar.
527 * For now, use OpenSSL's security levels to achieve similar (but not equal)
528 * behaviour. */
529 if (!profile || 0 == strcmp(profile, "legacy"))
530 {
531 SSL_CTX_set_security_level(ctx->ctx, 1);
532 }
533 else if (0 == strcmp(profile, "insecure"))
534 {
535 SSL_CTX_set_security_level(ctx->ctx, 0);
536 }
537 else if (0 == strcmp(profile, "preferred"))
538 {
539 SSL_CTX_set_security_level(ctx->ctx, 2);
540 }
541 else if (0 == strcmp(profile, "suiteb"))
542 {
543 SSL_CTX_set_security_level(ctx->ctx, 3);
544 SSL_CTX_set_cipher_list(ctx->ctx, "SUITEB128");
545 }
546 else
547 {
548 msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
549 }
550#else /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
551 if (profile)
552 {
553 msg(M_WARN, "WARNING: OpenSSL 1.1.0 and LibreSSL do not support "
554 "--tls-cert-profile, ignoring user-set profile: '%s'", profile);
555 }
556#endif /* if OPENSSL_VERSION_NUMBER > 0x10100000L */
557}
558
559void
560tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
561{
562 ASSERT(ctx);
563#if OPENSSL_VERSION_NUMBER < 0x30000000L
564 struct gc_arena gc = gc_new();
565 /* This method could be as easy as
566 * SSL_CTX_set1_groups_list(ctx->ctx, groups)
567 * but OpenSSL (< 3.0) does not like the name secp256r1 for prime256v1
568 * This is one of the important curves.
569 * To support the same name for OpenSSL and mbedTLS, we do
570 * this dance.
571 * Also note that the code is wrong in the presence of OpenSSL3 providers.
572 */
573
574 int groups_count = get_num_elements(groups, ':');
575
576 int *glist;
577 /* Allocate an array for them */
578 ALLOC_ARRAY_CLEAR_GC(glist, int, groups_count, &gc);
579
580 /* Parse allowed ciphers, getting IDs */
581 int glistlen = 0;
582 char *tmp_groups = string_alloc(groups, &gc);
583
584 const char *token;
585 while ((token = strsep(&tmp_groups, ":")))
586 {
587 if (streq(token, "secp256r1"))
588 {
589 token = "prime256v1";
590 }
591 int nid = OBJ_sn2nid(token);
592
593 if (nid == 0)
594 {
595 msg(M_WARN, "Warning unknown curve/group specified: %s", token);
596 }
597 else
598 {
599 glist[glistlen] = nid;
600 glistlen++;
601 }
602 }
603
604 if (!SSL_CTX_set1_groups(ctx->ctx, glist, glistlen))
605 {
606 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s",
607 groups);
608 }
609 gc_free(&gc);
610#else /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
611 if (!SSL_CTX_set1_groups_list(ctx->ctx, groups))
612 {
613 crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s",
614 groups);
615 }
616#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
617}
618
619void
620tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
621{
622 int ret;
623 const X509 *cert;
624
625 ASSERT(ctx);
626
627 cert = SSL_CTX_get0_certificate(ctx->ctx);
628
629 if (cert == NULL)
630 {
631 return; /* Nothing to check if there is no certificate */
632 }
633
634 ret = X509_cmp_time(X509_get0_notBefore(cert), NULL);
635 if (ret == 0)
636 {
637 msg(D_TLS_DEBUG_MED, "Failed to read certificate notBefore field.");
638 }
639 if (ret > 0)
640 {
641 msg(M_WARN, "WARNING: Your certificate is not yet valid!");
642 }
643
644 ret = X509_cmp_time(X509_get0_notAfter(cert), NULL);
645 if (ret == 0)
646 {
647 msg(D_TLS_DEBUG_MED, "Failed to read certificate notAfter field.");
648 }
649 if (ret < 0)
650 {
651 msg(M_WARN, "WARNING: Your certificate has expired!");
652 }
653}
654
655void
656tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
657 bool dh_file_inline)
658{
659 BIO *bio;
660
661 ASSERT(NULL != ctx);
662
663 if (dh_file_inline)
664 {
665 if (!(bio = BIO_new_mem_buf((char *)dh_file, -1)))
666 {
667 crypto_msg(M_FATAL, "Cannot open memory BIO for inline DH parameters");
668 }
669 }
670 else
671 {
672 /* Get Diffie Hellman Parameters */
673 if (!(bio = BIO_new_file(dh_file, "r")))
674 {
675 crypto_msg(M_FATAL, "Cannot open %s for DH parameters", dh_file);
676 }
677 }
678
679#if OPENSSL_VERSION_NUMBER >= 0x30000000L
680 EVP_PKEY *dh = PEM_read_bio_Parameters(bio, NULL);
681 BIO_free(bio);
682
683 if (!dh)
684 {
685 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
686 print_key_filename(dh_file, dh_file_inline));
687 }
688 if (!SSL_CTX_set0_tmp_dh_pkey(ctx->ctx, dh))
689 {
690 crypto_msg(M_FATAL, "SSL_CTX_set0_tmp_dh_pkey");
691 }
692
693 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
694 8 * EVP_PKEY_get_size(dh));
695#else /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
696 DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
697 BIO_free(bio);
698
699 if (!dh)
700 {
701 crypto_msg(M_FATAL, "Cannot load DH parameters from %s",
702 print_key_filename(dh_file, dh_file_inline));
703 }
704 if (!SSL_CTX_set_tmp_dh(ctx->ctx, dh))
705 {
706 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_dh");
707 }
708
709 msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
710 8 * DH_size(dh));
711
712 DH_free(dh);
713#endif /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
714}
715
716void
717tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
718{
719#if OPENSSL_VERSION_NUMBER >= 0x30000000L
720 if (curve_name != NULL)
721 {
722 msg(M_WARN, "WARNING: OpenSSL 3.0+ builds do not support specifying an "
723 "ECDH curve with --ecdh-curve, using default curves. Use "
724 "--tls-groups to specify groups.");
725 }
726#elif !defined(OPENSSL_NO_EC)
727 int nid = NID_undef;
728 EC_KEY *ecdh = NULL;
729 const char *sname = NULL;
730
731 /* Generate a new ECDH key for each SSL session (for non-ephemeral ECDH) */
732 SSL_CTX_set_options(ctx->ctx, SSL_OP_SINGLE_ECDH_USE);
733
734 if (curve_name != NULL)
735 {
736 /* Use user supplied curve if given */
737 msg(D_TLS_DEBUG, "Using user specified ECDH curve (%s)", curve_name);
738 nid = OBJ_sn2nid(curve_name);
739 }
740 else
741 {
742 return;
743 }
744
745 /* Translate NID back to name , just for kicks */
746 sname = OBJ_nid2sn(nid);
747 if (sname == NULL)
748 {
749 sname = "(Unknown)";
750 }
751
752 /* Create new EC key and set as ECDH key */
753 if (NID_undef == nid || NULL == (ecdh = EC_KEY_new_by_curve_name(nid)))
754 {
755 /* Creating key failed, fall back on sane default */
756 ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
757 const char *source = (NULL == curve_name) ?
758 "extract curve from certificate" : "use supplied curve";
759 msg(D_TLS_DEBUG_LOW,
760 "Failed to %s (%s), using secp384r1 instead.", source, sname);
761 sname = OBJ_nid2sn(NID_secp384r1);
762 }
763
764 if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
765 {
766 crypto_msg(M_FATAL, "SSL_CTX_set_tmp_ecdh: cannot add curve");
767 }
768
769 msg(D_TLS_DEBUG_LOW, "ECDH curve %s added", sname);
770
771 EC_KEY_free(ecdh);
772#else /* ifndef OPENSSL_NO_EC */
773 msg(D_LOW, "Your OpenSSL library was built without elliptic curve support."
774 " Skipping ECDH parameter loading.");
775#endif /* OPENSSL_NO_EC */
776}
777
778#if defined(HAVE_OPENSSL_STORE_API)
784static int
785ui_reader(UI *ui, UI_STRING *uis)
786{
787 SSL_CTX *ctx = UI_get0_user_data(ui);
788
789 if (UI_get_string_type(uis) == UIT_PROMPT)
790 {
791 const char *prompt = UI_get0_output_string(uis);
792
793 /* If pkcs#11 Use custom prompt similar to pkcs11-helper */
794 if (strstr(prompt, "PKCS#11"))
795 {
796 struct user_pass up;
797 CLEAR(up);
798 get_user_pass(&up, NULL, "PKCS#11 token", GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY);
799 UI_set_result(ui, uis, up.password);
800 purge_user_pass(&up, true);
801 }
802 else /* use our generic 'Private Key' passphrase callback */
803 {
804 char password[64];
805 pem_password_cb *cb = SSL_CTX_get_default_passwd_cb(ctx);
806 void *d = SSL_CTX_get_default_passwd_cb_userdata(ctx);
807
808 cb(password, sizeof(password), 0, d);
809 UI_set_result(ui, uis, password);
810 secure_memzero(password, sizeof(password));
811 }
812
813 return 1;
814 }
815 return 0;
816}
817
818static void
819clear_ossl_store_error(OSSL_STORE_CTX *store_ctx)
820{
821 if (OSSL_STORE_error(store_ctx))
822 {
823 ERR_clear_error();
824 }
825}
826#endif /* defined(HAVE_OPENSSL_STORE_API) */
827
836static void *
837load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
838{
839 EVP_PKEY *pkey = NULL;
840
841#if !defined(HAVE_OPENSSL_STORE_API)
842
843 /* Treat the uri as file name */
844 BIO *in = BIO_new_file(uri, "r");
845 if (!in)
846 {
847 return NULL;
848 }
849 pkey = PEM_read_bio_PrivateKey(in, NULL,
850 SSL_CTX_get_default_passwd_cb(ssl_ctx),
851 SSL_CTX_get_default_passwd_cb_userdata(ssl_ctx));
852 BIO_free(in);
853
854#else /* defined(HAVE_OPENSSL_STORE_API) */
855
856 OSSL_STORE_CTX *store_ctx = NULL;
857 OSSL_STORE_INFO *info = NULL;
858
859 UI_METHOD *ui_method = UI_create_method("openvpn");
860 if (!ui_method)
861 {
862 msg(M_WARN, "OpenSSL UI creation failed");
863 return NULL;
864 }
865 UI_method_set_reader(ui_method, ui_reader);
866
867 store_ctx = OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, ssl_ctx,
868 NULL, NULL, NULL);
869 if (!store_ctx)
870 {
871 goto end;
872 }
873 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_PKEY) != 1)
874 {
875 goto end;
876 }
877 while (1)
878 {
879 info = OSSL_STORE_load(store_ctx);
880 if (info || OSSL_STORE_eof(store_ctx))
881 {
882 break;
883 }
884 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
885 * ref: man OPENSSL_STORE_open
886 * Clear error and recurse through the file if info = NULL and eof not reached
887 */
888 clear_ossl_store_error(store_ctx);
889 }
890 if (!info)
891 {
892 goto end;
893 }
894 pkey = OSSL_STORE_INFO_get1_PKEY(info);
895 OSSL_STORE_INFO_free(info);
896 msg(D_TLS_DEBUG_MED, "Found pkey in store using URI: %s", uri);
897
898end:
899 OSSL_STORE_close(store_ctx);
900 UI_destroy_method(ui_method);
901
902#endif /* defined(HAVE_OPENSSL_STORE_API) */
903
904 return pkey;
905}
906
907int
908tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
909 bool pkcs12_file_inline, bool load_ca_file)
910{
911 FILE *fp;
912 EVP_PKEY *pkey;
913 X509 *cert;
914 STACK_OF(X509) *ca = NULL;
915 PKCS12 *p12;
916 int i;
917 char password[256];
918
919 ASSERT(NULL != ctx);
920
921 if (pkcs12_file_inline)
922 {
923 BIO *b64 = BIO_new(BIO_f_base64());
924 BIO *bio = BIO_new_mem_buf((void *) pkcs12_file,
925 (int) strlen(pkcs12_file));
926 ASSERT(b64 && bio);
927 BIO_push(b64, bio);
928 p12 = d2i_PKCS12_bio(b64, NULL);
929 if (!p12)
930 {
931 crypto_msg(M_FATAL, "Error reading inline PKCS#12 file");
932 }
933 BIO_free(b64);
934 BIO_free(bio);
935 }
936 else
937 {
938 /* Load the PKCS #12 file */
939 if (!(fp = platform_fopen(pkcs12_file, "rb")))
940 {
941 crypto_msg(M_FATAL, "Error opening file %s", pkcs12_file);
942 }
943 p12 = d2i_PKCS12_fp(fp, NULL);
944 fclose(fp);
945 if (!p12)
946 {
947 crypto_msg(M_FATAL, "Error reading PKCS#12 file %s", pkcs12_file);
948 }
949 }
950
951 /* Parse the PKCS #12 file */
952 if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
953 {
954 pem_password_callback(password, sizeof(password) - 1, 0, NULL);
955 /* Reparse the PKCS #12 file with password */
956 ca = NULL;
957 if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
958 {
959 crypto_msg(M_WARN, "Decoding PKCS12 failed. Probably wrong password "
960 "or unsupported/legacy encryption");
961#ifdef ENABLE_MANAGEMENT
962 if (management && (ERR_GET_REASON(ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
963 {
964 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
965 }
966#endif
967 PKCS12_free(p12);
968 return 1;
969 }
970 }
971 PKCS12_free(p12);
972
973 /* Load Certificate */
974 if (!SSL_CTX_use_certificate(ctx->ctx, cert))
975 {
976 crypto_print_openssl_errors(M_WARN);
977 crypto_msg(M_FATAL, "Cannot use certificate");
978 }
979
980 /* Load Private Key */
981 if (!SSL_CTX_use_PrivateKey(ctx->ctx, pkey))
982 {
983 crypto_msg(M_FATAL, "Cannot use private key");
984 }
985
986 /* Check Private Key */
987 if (!SSL_CTX_check_private_key(ctx->ctx))
988 {
989 crypto_msg(M_FATAL, "Private key does not match the certificate");
990 }
991
992 /* Set Certificate Verification chain */
993 if (load_ca_file)
994 {
995 /* Add CAs from PKCS12 to the cert store and mark them as trusted.
996 * They're also used to fill in the chain of intermediate certs as
997 * necessary.
998 */
999 if (ca && sk_X509_num(ca))
1000 {
1001 for (i = 0; i < sk_X509_num(ca); i++)
1002 {
1003 X509_STORE *cert_store = SSL_CTX_get_cert_store(ctx->ctx);
1004 if (!X509_STORE_add_cert(cert_store, sk_X509_value(ca, i)))
1005 {
1006 crypto_msg(M_FATAL, "Cannot add certificate to certificate chain (X509_STORE_add_cert)");
1007 }
1008 if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))
1009 {
1010 crypto_msg(M_FATAL, "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
1011 }
1012 }
1013 }
1014 }
1015 else
1016 {
1017 /* If trusted CA certs were loaded from a PEM file, and we ignore the
1018 * ones in PKCS12, do load PKCS12-provided certs to the client extra
1019 * certs chain just in case they include intermediate CAs needed to
1020 * prove my identity to the other end. This does not make them trusted.
1021 */
1022 if (ca && sk_X509_num(ca))
1023 {
1024 for (i = 0; i < sk_X509_num(ca); i++)
1025 {
1026 if (!SSL_CTX_add_extra_chain_cert(ctx->ctx, sk_X509_value(ca, i)))
1027 {
1028 crypto_msg(M_FATAL, "Cannot add extra certificate to chain (SSL_CTX_add_extra_chain_cert)");
1029 }
1030 }
1031 }
1032 }
1033 return 0;
1034}
1035
1036#ifdef ENABLE_CRYPTOAPI
1037void
1038tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
1039{
1040 ASSERT(NULL != ctx);
1041
1042 /* Load Certificate and Private Key */
1043 if (!SSL_CTX_use_CryptoAPI_certificate(ctx->ctx, cryptoapi_cert))
1044 {
1045 crypto_msg(M_FATAL, "Cannot load certificate \"%s\" from Microsoft Certificate Store", cryptoapi_cert);
1046 }
1047}
1048#endif /* ENABLE_CRYPTOAPI */
1049
1050static void
1051tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
1052{
1053 X509 *cert;
1054 while (true)
1055 {
1056 cert = NULL;
1057 if (!PEM_read_bio_X509(bio, &cert, NULL, NULL))
1058 {
1059 /* a PEM_R_NO_START_LINE "Error" indicates that no certificate
1060 * is found in the buffer. If loading more certificates is
1061 * optional, break without raising an error
1062 */
1063 if (optional
1064 && ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
1065 {
1066 /* remove that error from error stack */
1067 (void)ERR_get_error();
1068 break;
1069 }
1070
1071 /* Otherwise, bail out with error */
1072 crypto_msg(M_FATAL, "Error reading extra certificate");
1073 }
1074 /* takes ownership of cert like a set1 method */
1075 if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
1076 {
1077 crypto_msg(M_FATAL, "Error adding extra certificate");
1078 }
1079 /* We loaded at least one certificate, so loading more is optional */
1080 optional = true;
1081 }
1082}
1083
1084static bool
1085cert_uri_supported(void)
1086{
1087#if defined(HAVE_OPENSSL_STORE_API)
1088 return 1;
1089#else
1090 return 0;
1091#endif
1092}
1093
1094static void
1095tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
1096{
1097#if defined(HAVE_OPENSSL_STORE_API)
1098 X509 *x = NULL;
1099 int ret = 0;
1100 OSSL_STORE_CTX *store_ctx = NULL;
1101 OSSL_STORE_INFO *info = NULL;
1102
1103 ASSERT(NULL != tls_ctx);
1104
1105 UI_METHOD *ui_method = UI_create_method("openvpn");
1106 if (!ui_method)
1107 {
1108 msg(M_WARN, "OpenSSL UI method creation failed");
1109 goto end;
1110 }
1111 UI_method_set_reader(ui_method, ui_reader);
1112
1113 store_ctx = OSSL_STORE_open_ex(uri, tls_libctx, NULL, ui_method, tls_ctx->ctx,
1114 NULL, NULL, NULL);
1115 if (!store_ctx)
1116 {
1117 goto end;
1118 }
1119 if (OSSL_STORE_expect(store_ctx, OSSL_STORE_INFO_CERT) != 1)
1120 {
1121 goto end;
1122 }
1123
1124 while (1)
1125 {
1126 info = OSSL_STORE_load(store_ctx);
1127 if (info || OSSL_STORE_eof(store_ctx))
1128 {
1129 break;
1130 }
1131 /* OPENSSL_STORE_load can return error and still have usable objects to follow.
1132 * ref: man OPENSSL_STORE_open
1133 * Clear error and recurse through the file if info = NULL and eof not reached.
1134 */
1135 clear_ossl_store_error(store_ctx);
1136 }
1137 if (!info)
1138 {
1139 goto end;
1140 }
1141
1142 x = OSSL_STORE_INFO_get0_CERT(info);
1143 if (x == NULL)
1144 {
1145 goto end;
1146 }
1147 msg(D_TLS_DEBUG_MED, "Found cert in store using URI: %s", uri);
1148
1149 ret = SSL_CTX_use_certificate(tls_ctx->ctx, x);
1150 if (!ret)
1151 {
1152 goto end;
1153 }
1154 OSSL_STORE_INFO_free(info);
1155
1156 /* iterate through the store and add extra certificates if any to the chain */
1157 while (!OSSL_STORE_eof(store_ctx))
1158 {
1159 info = OSSL_STORE_load(store_ctx);
1160 if (!info)
1161 {
1162 clear_ossl_store_error(store_ctx);
1163 continue;
1164 }
1165 x = OSSL_STORE_INFO_get1_CERT(info);
1166 if (x && SSL_CTX_add_extra_chain_cert(tls_ctx->ctx, x) != 1)
1167 {
1168 X509_free(x);
1169 crypto_msg(M_FATAL, "Error adding extra certificate");
1170 break;
1171 }
1172 OSSL_STORE_INFO_free(info);
1173 }
1174
1175end:
1176 if (!ret)
1177 {
1178 crypto_print_openssl_errors(M_WARN);
1179 crypto_msg(M_FATAL, "Cannot load certificate from URI <%s>", uri);
1180 }
1181 else
1182 {
1183 crypto_print_openssl_errors(M_DEBUG);
1184 }
1185
1186 UI_destroy_method(ui_method);
1187 OSSL_STORE_INFO_free(info);
1188 OSSL_STORE_close(store_ctx);
1189#else /* defined(HAVE_OPENSSL_STORE_API */
1190 ASSERT(0);
1191#endif /* defined(HAVE_OPENSSL_STORE_API */
1192}
1193
1194static void
1195tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file,
1196 bool cert_file_inline)
1197{
1198 BIO *in = NULL;
1199 X509 *x = NULL;
1200 int ret = 0;
1201
1202 ASSERT(NULL != ctx);
1203
1204 if (cert_file_inline)
1205 {
1206 in = BIO_new_mem_buf((char *) cert_file, -1);
1207 }
1208 else
1209 {
1210 in = BIO_new_file((char *) cert_file, "r");
1211 }
1212
1213 if (in == NULL)
1214 {
1215 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
1216 goto end;
1217 }
1218
1219 x = PEM_read_bio_X509(in, NULL,
1220 SSL_CTX_get_default_passwd_cb(ctx->ctx),
1221 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1222 if (x == NULL)
1223 {
1224 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
1225 goto end;
1226 }
1227
1228 ret = SSL_CTX_use_certificate(ctx->ctx, x);
1229 if (ret)
1230 {
1231 tls_ctx_add_extra_certs(ctx, in, true);
1232 }
1233
1234end:
1235 if (!ret)
1236 {
1237 crypto_print_openssl_errors(M_WARN);
1238 if (cert_file_inline)
1239 {
1240 crypto_msg(M_FATAL, "Cannot load inline certificate file");
1241 }
1242 else
1243 {
1244 crypto_msg(M_FATAL, "Cannot load certificate file %s", cert_file);
1245 }
1246 }
1247 else
1248 {
1249 crypto_print_openssl_errors(M_DEBUG);
1250 }
1251
1252 BIO_free(in);
1253 X509_free(x);
1254}
1255
1256void
1257tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file,
1258 bool cert_file_inline)
1259{
1260 if (cert_uri_supported() && !cert_file_inline)
1261 {
1262 tls_ctx_load_cert_uri(ctx, cert_file);
1263 }
1264 else
1265 {
1266 tls_ctx_load_cert_pem_file(ctx, cert_file, cert_file_inline);
1267 }
1268}
1269
1270int
1271tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
1272 bool priv_key_file_inline)
1273{
1274 SSL_CTX *ssl_ctx = NULL;
1275 BIO *in = NULL;
1276 EVP_PKEY *pkey = NULL;
1277 int ret = 1;
1278
1279 ASSERT(NULL != ctx);
1280
1281 ssl_ctx = ctx->ctx;
1282
1283 if (priv_key_file_inline)
1284 {
1285 in = BIO_new_mem_buf((char *) priv_key_file, -1);
1286 if (in == NULL)
1287 {
1288 goto end;
1289 }
1290 pkey = PEM_read_bio_PrivateKey(in, NULL,
1291 SSL_CTX_get_default_passwd_cb(ctx->ctx),
1292 SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
1293 }
1294 else
1295 {
1296 pkey = load_pkey_from_uri(priv_key_file, ssl_ctx);
1297 }
1298
1299 if (!pkey || !SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1300 {
1301#ifdef ENABLE_MANAGEMENT
1302 if (management && (ERR_GET_REASON(ERR_peek_error()) == EVP_R_BAD_DECRYPT))
1303 {
1304 management_auth_failure(management, UP_TYPE_PRIVATE_KEY, NULL);
1305 }
1306#endif
1307 crypto_msg(M_WARN, "Cannot load private key file %s",
1308 print_key_filename(priv_key_file, priv_key_file_inline));
1309 goto end;
1310 }
1311
1312 /* Check Private Key */
1313 if (!SSL_CTX_check_private_key(ssl_ctx))
1314 {
1315 crypto_msg(M_FATAL, "Private key does not match the certificate");
1316 }
1317 ret = 0;
1318
1319end:
1320 EVP_PKEY_free(pkey);
1321 BIO_free(in);
1322 return ret;
1323}
1324
1325void
1326backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file,
1327 bool crl_inline)
1328{
1329 BIO *in = NULL;
1330
1331 X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx->ctx);
1332 if (!store)
1333 {
1334 crypto_msg(M_FATAL, "Cannot get certificate store");
1335 }
1336
1337 /* Always start with a cleared CRL list, for that we
1338 * we need to manually find the CRL object from the stack
1339 * and remove it */
1340 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
1341 for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
1342 {
1343 X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
1344 ASSERT(obj);
1345 if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
1346 {
1347 sk_X509_OBJECT_delete(objs, i);
1348 X509_OBJECT_free(obj);
1349 }
1350 }
1351
1352 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1353
1354 if (crl_inline)
1355 {
1356 in = BIO_new_mem_buf((char *) crl_file, -1);
1357 }
1358 else
1359 {
1360 in = BIO_new_file(crl_file, "r");
1361 }
1362
1363 if (in == NULL)
1364 {
1365 msg(M_WARN, "CRL: cannot read: %s",
1366 print_key_filename(crl_file, crl_inline));
1367 goto end;
1368 }
1369
1370 int num_crls_loaded = 0;
1371 while (true)
1372 {
1373 X509_CRL *crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
1374 if (crl == NULL)
1375 {
1376 /*
1377 * PEM_R_NO_START_LINE can be considered equivalent to EOF.
1378 */
1379 bool eof = ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE;
1380 /* but warn if no CRLs have been loaded */
1381 if (num_crls_loaded > 0 && eof)
1382 {
1383 /* remove that error from error stack */
1384 (void)ERR_get_error();
1385 break;
1386 }
1387
1388 crypto_msg(M_WARN, "CRL: cannot read CRL from file %s",
1389 print_key_filename(crl_file, crl_inline));
1390 break;
1391 }
1392
1393 if (!X509_STORE_add_crl(store, crl))
1394 {
1395 X509_CRL_free(crl);
1396 crypto_msg(M_WARN, "CRL: cannot add %s to store",
1397 print_key_filename(crl_file, crl_inline));
1398 break;
1399 }
1400 X509_CRL_free(crl);
1401 num_crls_loaded++;
1402 }
1403 msg(M_INFO, "CRL: loaded %d CRLs from file %s", num_crls_loaded, crl_file);
1404end:
1405 BIO_free(in);
1406}
1407
1408
1409#if defined(ENABLE_MANAGEMENT) && !defined(HAVE_XKEY_PROVIDER)
1410
1411/* encrypt */
1412static int
1413rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1414{
1415 ASSERT(0);
1416 return -1;
1417}
1418
1419/* verify arbitrary data */
1420static int
1421rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1422{
1423 ASSERT(0);
1424 return -1;
1425}
1426
1427/* decrypt */
1428static int
1429rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
1430{
1431 ASSERT(0);
1432 return -1;
1433}
1434
1435/* called at RSA_free */
1436static int
1437openvpn_extkey_rsa_finish(RSA *rsa)
1438{
1439 /* meth was allocated in tls_ctx_use_management_external_key() ; since
1440 * this function is called when the parent RSA object is destroyed,
1441 * it is no longer used after this point so kill it. */
1442 const RSA_METHOD *meth = RSA_get_method(rsa);
1443 RSA_meth_free((RSA_METHOD *)meth);
1444 return 1;
1445}
1446
1447/*
1448 * Convert OpenSSL's constant to the strings used in the management
1449 * interface query
1450 */
1451const char *
1452get_rsa_padding_name(const int padding)
1453{
1454 switch (padding)
1455 {
1456 case RSA_PKCS1_PADDING:
1457 return "RSA_PKCS1_PADDING";
1458
1459 case RSA_NO_PADDING:
1460 return "RSA_NO_PADDING";
1461
1462 default:
1463 return "UNKNOWN";
1464 }
1465}
1466
1478static int
1479get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen,
1480 unsigned char *sig, unsigned int siglen,
1481 const char *algorithm)
1482{
1483 char *in_b64 = NULL;
1484 char *out_b64 = NULL;
1485 int len = -1;
1486
1487 int bencret = openvpn_base64_encode(dgst, dgstlen, &in_b64);
1488
1489 if (management && bencret > 0)
1490 {
1491 out_b64 = management_query_pk_sig(management, in_b64, algorithm);
1492
1493 }
1494 if (out_b64)
1495 {
1496 len = openvpn_base64_decode(out_b64, sig, siglen);
1497 }
1498
1499 free(in_b64);
1500 free(out_b64);
1501 return len;
1502}
1503
1504/* sign arbitrary data */
1505static int
1506rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
1507 int padding)
1508{
1509 unsigned int len = RSA_size(rsa);
1510 int ret = -1;
1511
1512 if (padding != RSA_PKCS1_PADDING && padding != RSA_NO_PADDING)
1513 {
1514 RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
1515 return -1;
1516 }
1517
1518 ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name(padding));
1519
1520 return (ret == len) ? ret : -1;
1521}
1522
1523static int
1524tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1525{
1526 RSA *rsa = NULL;
1527 RSA_METHOD *rsa_meth;
1528
1529 ASSERT(NULL != ctx);
1530
1531 const RSA *pub_rsa = EVP_PKEY_get0_RSA(pkey);
1532 ASSERT(NULL != pub_rsa);
1533
1534 /* allocate custom RSA method object */
1535 rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method",
1536 RSA_METHOD_FLAG_NO_CHECK);
1537 check_malloc_return(rsa_meth);
1538 RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc);
1539 RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec);
1540 RSA_meth_set_priv_enc(rsa_meth, rsa_priv_enc);
1541 RSA_meth_set_priv_dec(rsa_meth, rsa_priv_dec);
1542 RSA_meth_set_init(rsa_meth, NULL);
1543 RSA_meth_set_finish(rsa_meth, openvpn_extkey_rsa_finish);
1544 RSA_meth_set0_app_data(rsa_meth, NULL);
1545
1546 /* allocate RSA object */
1547 rsa = RSA_new();
1548 if (rsa == NULL)
1549 {
1550 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
1551 goto err;
1552 }
1553
1554 /* initialize RSA object */
1555 const BIGNUM *n = NULL;
1556 const BIGNUM *e = NULL;
1557 RSA_get0_key(pub_rsa, &n, &e, NULL);
1558 RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL);
1559 RSA_set_flags(rsa, RSA_flags(rsa) | RSA_FLAG_EXT_PKEY);
1560 if (!RSA_set_method(rsa, rsa_meth))
1561 {
1562 RSA_meth_free(rsa_meth);
1563 goto err;
1564 }
1565 /* from this point rsa_meth will get freed with rsa */
1566
1567 /* bind our custom RSA object to ssl_ctx */
1568 if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
1569 {
1570 goto err;
1571 }
1572
1573 RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
1574 return 1;
1575
1576err:
1577 if (rsa)
1578 {
1579 RSA_free(rsa);
1580 }
1581 else if (rsa_meth)
1582 {
1583 RSA_meth_free(rsa_meth);
1584 }
1585 return 0;
1586}
1587
1588#if !defined(OPENSSL_NO_EC)
1589
1590/* called when EC_KEY is destroyed */
1591static void
1592openvpn_extkey_ec_finish(EC_KEY *ec)
1593{
1594 /* release the method structure */
1595 const EC_KEY_METHOD *ec_meth = EC_KEY_get_method(ec);
1596 EC_KEY_METHOD_free((EC_KEY_METHOD *) ec_meth);
1597}
1598
1599/* EC_KEY_METHOD callback: sign().
1600 * Sign the hash using EC key and return DER encoded signature in sig,
1601 * its length in siglen. Return value is 1 on success, 0 on error.
1602 */
1603static int
1604ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig,
1605 unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
1606{
1607 int capacity = ECDSA_size(ec);
1608 /*
1609 * ECDSA does not seem to have proper constants for paddings since
1610 * there are only signatures without padding at the moment, use
1611 * a generic ECDSA for the moment
1612 */
1613 int len = get_sig_from_man(dgst, dgstlen, sig, capacity, "ECDSA");
1614
1615 if (len > 0)
1616 {
1617 *siglen = len;
1618 return 1;
1619 }
1620 return 0;
1621}
1622
1623/* EC_KEY_METHOD callback: sign_setup(). We do no precomputations */
1624static int
1625ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
1626{
1627 return 1;
1628}
1629
1630/* EC_KEY_METHOD callback: sign_sig().
1631 * Sign the hash and return the result as a newly allocated ECDS_SIG
1632 * struct or NULL on error.
1633 */
1634static ECDSA_SIG *
1635ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv,
1636 const BIGNUM *in_r, EC_KEY *ec)
1637{
1638 ECDSA_SIG *ecsig = NULL;
1639 unsigned int len = ECDSA_size(ec);
1640 struct gc_arena gc = gc_new();
1641
1642 unsigned char *buf = gc_malloc(len, false, &gc);
1643 if (ecdsa_sign(0, dgst, dgstlen, buf, &len, NULL, NULL, ec) != 1)
1644 {
1645 goto out;
1646 }
1647 /* const char ** should be avoided: not up to us, so we cast our way through */
1648 ecsig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&buf, len);
1649
1650out:
1651 gc_free(&gc);
1652 return ecsig;
1653}
1654
1655static int
1656tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
1657{
1658 EC_KEY *ec = NULL;
1659 EVP_PKEY *privkey = NULL;
1660 EC_KEY_METHOD *ec_method;
1661
1662 ASSERT(ctx);
1663
1664 ec_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
1665 if (!ec_method)
1666 {
1667 goto err;
1668 }
1669
1670 /* Among init methods, we only need the finish method */
1671 EC_KEY_METHOD_set_init(ec_method, NULL, openvpn_extkey_ec_finish, NULL, NULL, NULL, NULL);
1672#ifdef OPENSSL_IS_AWSLC
1673 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, NULL, ecdsa_sign_sig);
1674#else
1675 EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, ecdsa_sign_setup, ecdsa_sign_sig);
1676#endif
1677
1678 ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pkey));
1679 if (!ec)
1680 {
1681 EC_KEY_METHOD_free(ec_method);
1682 goto err;
1683 }
1684 if (!EC_KEY_set_method(ec, ec_method))
1685 {
1686 EC_KEY_METHOD_free(ec_method);
1687 goto err;
1688 }
1689 /* from this point ec_method will get freed when ec is freed */
1690
1691 privkey = EVP_PKEY_new();
1692 if (!EVP_PKEY_assign_EC_KEY(privkey, ec))
1693 {
1694 goto err;
1695 }
1696 /* from this point ec will get freed when privkey is freed */
1697
1698 if (!SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1699 {
1700 ec = NULL; /* avoid double freeing it below */
1701 goto err;
1702 }
1703
1704 EVP_PKEY_free(privkey); /* this will down ref privkey and ec */
1705 return 1;
1706
1707err:
1708 /* Reach here only when ec and privkey can be independenly freed */
1709 EVP_PKEY_free(privkey);
1710 EC_KEY_free(ec);
1711 return 0;
1712}
1713#endif /* !defined(OPENSSL_NO_EC) */
1714#endif /* ENABLE_MANAGEMENT && !HAVE_XKEY_PROVIDER */
1715
1716#ifdef ENABLE_MANAGEMENT
1717int
1718tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
1719{
1720 int ret = 1;
1721
1722 ASSERT(NULL != ctx);
1723
1724 X509 *cert = SSL_CTX_get0_certificate(ctx->ctx);
1725
1726 ASSERT(NULL != cert);
1727
1728 /* get the public key */
1729 EVP_PKEY *pkey = X509_get0_pubkey(cert);
1730 ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */
1731
1732#ifdef HAVE_XKEY_PROVIDER
1733 EVP_PKEY *privkey = xkey_load_management_key(tls_libctx, pkey);
1734 if (!privkey
1735 || !SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
1736 {
1737 EVP_PKEY_free(privkey);
1738 goto cleanup;
1739 }
1740 EVP_PKEY_free(privkey);
1741#else /* ifdef HAVE_XKEY_PROVIDER */
1742#if OPENSSL_VERSION_NUMBER < 0x30000000L
1743 if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
1744#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1745 if (EVP_PKEY_is_a(pkey, "RSA"))
1746#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1747 {
1748 if (!tls_ctx_use_external_rsa_key(ctx, pkey))
1749 {
1750 goto cleanup;
1751 }
1752 }
1753#if !defined(OPENSSL_NO_EC)
1754#if OPENSSL_VERSION_NUMBER < 0x30000000L
1755 else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
1756#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1757 else if (EVP_PKEY_is_a(pkey, "EC"))
1758#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
1759 {
1760 if (!tls_ctx_use_external_ec_key(ctx, pkey))
1761 {
1762 goto cleanup;
1763 }
1764 }
1765 else
1766 {
1767 crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate");
1768 goto cleanup;
1769 }
1770#else /* !defined(OPENSSL_NO_EC) */
1771 else
1772 {
1773 crypto_msg(M_WARN, "management-external-key requires an RSA certificate");
1774 goto cleanup;
1775 }
1776#endif /* !defined(OPENSSL_NO_EC) */
1777
1778#endif /* HAVE_XKEY_PROVIDER */
1779
1780 ret = 0;
1781cleanup:
1782 if (ret)
1783 {
1784 crypto_msg(M_FATAL, "Cannot enable SSL external private key capability");
1785 }
1786 return ret;
1787}
1788
1789#endif /* ifdef ENABLE_MANAGEMENT */
1790
1791static int
1792sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
1793{
1794 return X509_NAME_cmp(*a, *b);
1795}
1796
1797void
1798tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file,
1799 bool ca_file_inline, const char *ca_path, bool tls_server)
1800{
1801 STACK_OF(X509_INFO) *info_stack = NULL;
1802 STACK_OF(X509_NAME) *cert_names = NULL;
1803 X509_LOOKUP *lookup = NULL;
1804 X509_STORE *store = NULL;
1805 X509_NAME *xn = NULL;
1806 BIO *in = NULL;
1807 int i, added = 0, prev = 0;
1808
1809 ASSERT(NULL != ctx);
1810
1811 store = SSL_CTX_get_cert_store(ctx->ctx);
1812 if (!store)
1813 {
1814 crypto_msg(M_FATAL, "Cannot get certificate store");
1815 }
1816
1817 /* Try to add certificates and CRLs from ca_file */
1818 if (ca_file)
1819 {
1820 if (ca_file_inline)
1821 {
1822 in = BIO_new_mem_buf((char *)ca_file, -1);
1823 }
1824 else
1825 {
1826 in = BIO_new_file(ca_file, "r");
1827 }
1828
1829 if (in)
1830 {
1831 info_stack = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
1832 }
1833
1834 if (info_stack)
1835 {
1836 for (i = 0; i < sk_X509_INFO_num(info_stack); i++)
1837 {
1838 X509_INFO *info = sk_X509_INFO_value(info_stack, i);
1839 if (info->crl)
1840 {
1841 X509_STORE_add_crl(store, info->crl);
1842 }
1843
1844 if (tls_server && !info->x509)
1845 {
1846 crypto_msg(M_FATAL, "X509 name was missing in TLS mode");
1847 }
1848
1849 if (info->x509)
1850 {
1851 X509_STORE_add_cert(store, info->x509);
1852 added++;
1853
1854 if (!tls_server)
1855 {
1856 continue;
1857 }
1858
1859 /* Use names of CAs as a client CA list */
1860 if (cert_names == NULL)
1861 {
1862 cert_names = sk_X509_NAME_new(sk_x509_name_cmp);
1863 if (!cert_names)
1864 {
1865 continue;
1866 }
1867 }
1868
1869 xn = X509_get_subject_name(info->x509);
1870 if (!xn)
1871 {
1872 continue;
1873 }
1874
1875 /* Don't add duplicate CA names */
1876 if (sk_X509_NAME_find(cert_names, xn) == -1)
1877 {
1878 xn = X509_NAME_dup(xn);
1879 if (!xn)
1880 {
1881 continue;
1882 }
1883 sk_X509_NAME_push(cert_names, xn);
1884 }
1885 }
1886
1887 if (tls_server)
1888 {
1889 int cnum = sk_X509_NAME_num(cert_names);
1890 if (cnum != (prev + 1))
1891 {
1892 crypto_msg(M_WARN,
1893 "Cannot load CA certificate file %s (entry %d did not validate)",
1894 print_key_filename(ca_file, ca_file_inline),
1895 added);
1896 }
1897 prev = cnum;
1898 }
1899 }
1900 sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
1901 }
1902 int cnum;
1903 if (tls_server)
1904 {
1905 cnum = sk_X509_NAME_num(cert_names);
1906 SSL_CTX_set_client_CA_list(ctx->ctx, cert_names);
1907 }
1908
1909 if (!added)
1910 {
1911 crypto_msg(M_FATAL,
1912 "Cannot load CA certificate file %s (no entries were read)",
1913 print_key_filename(ca_file, ca_file_inline));
1914 }
1915
1916 if (tls_server)
1917 {
1918 if (cnum != added)
1919 {
1920 crypto_msg(M_FATAL, "Cannot load CA certificate file %s (only %d "
1921 "of %d entries were valid X509 names)",
1922 print_key_filename(ca_file, ca_file_inline), cnum,
1923 added);
1924 }
1925 }
1926
1927 BIO_free(in);
1928 }
1929
1930 /* Set a store for certs (CA & CRL) with a lookup on the "capath" hash directory */
1931 if (ca_path)
1932 {
1933 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
1934 if (lookup && X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM))
1935 {
1936 msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);
1937 }
1938 else
1939 {
1940 crypto_msg(M_FATAL, "Cannot add lookup at --capath %s", ca_path);
1941 }
1942 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1943 }
1944}
1945
1946void
1947tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file,
1948 bool extra_certs_file_inline)
1949{
1950 BIO *in;
1951 if (extra_certs_file_inline)
1952 {
1953 in = BIO_new_mem_buf((char *)extra_certs_file, -1);
1954 }
1955 else
1956 {
1957 in = BIO_new_file(extra_certs_file, "r");
1958 }
1959
1960 if (in == NULL)
1961 {
1962 crypto_msg(M_FATAL, "Cannot load extra-certs file: %s",
1963 print_key_filename(extra_certs_file,
1964 extra_certs_file_inline));
1965
1966 }
1967 else
1968 {
1969 tls_ctx_add_extra_certs(ctx, in, false);
1970 }
1971
1972 BIO_free(in);
1973}
1974
1975/* **************************************
1976 *
1977 * Key-state specific functions
1978 *
1979 ***************************************/
1980/*
1981 *
1982 * BIO functions
1983 *
1984 */
1985
1986#ifdef BIO_DEBUG
1987
1988#warning BIO_DEBUG defined
1989
1990static FILE *biofp; /* GLOBAL */
1991static bool biofp_toggle; /* GLOBAL */
1992static time_t biofp_last_open; /* GLOBAL */
1993static const int biofp_reopen_interval = 600; /* GLOBAL */
1994
1995static void
1996close_biofp(void)
1997{
1998 if (biofp)
1999 {
2000 ASSERT(!fclose(biofp));
2001 biofp = NULL;
2002 }
2003}
2004
2005static void
2006open_biofp(void)
2007{
2008 const time_t current = time(NULL);
2009 const pid_t pid = getpid();
2010
2011 if (biofp_last_open + biofp_reopen_interval < current)
2012 {
2013 close_biofp();
2014 }
2015 if (!biofp)
2016 {
2017 char fn[256];
2018 snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
2019 biofp = fopen(fn, "w");
2020 ASSERT(biofp);
2021 biofp_last_open = time(NULL);
2022 biofp_toggle ^= 1;
2023 }
2024}
2025
2026static void
2027bio_debug_data(const char *mode, BIO *bio, const uint8_t *buf, int len, const char *desc)
2028{
2029 struct gc_arena gc = gc_new();
2030 if (len > 0)
2031 {
2032 open_biofp();
2033 fprintf(biofp, "BIO_%s %s time=%" PRIi64 " bio=" ptr_format " len=%d data=%s\n",
2034 mode, desc, (int64_t)time(NULL), (ptr_type)bio, len, format_hex(buf, len, 0, &gc));
2035 fflush(biofp);
2036 }
2037 gc_free(&gc);
2038}
2039
2040static void
2041bio_debug_oc(const char *mode, BIO *bio)
2042{
2043 open_biofp();
2044 fprintf(biofp, "BIO %s time=%" PRIi64 " bio=" ptr_format "\n",
2045 mode, (int64_t)time(NULL), (ptr_type)bio);
2046 fflush(biofp);
2047}
2048
2049#endif /* ifdef BIO_DEBUG */
2050
2051/*
2052 * Write to an OpenSSL BIO in non-blocking mode.
2053 */
2054static int
2055bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
2056{
2057 int i;
2058 int ret = 0;
2059 ASSERT(size >= 0);
2060 if (size)
2061 {
2062 /*
2063 * Free the L_TLS lock prior to calling BIO routines
2064 * so that foreground thread can still call
2065 * tls_pre_decrypt or tls_pre_encrypt,
2066 * allowing tunnel packet forwarding to continue.
2067 */
2068#ifdef BIO_DEBUG
2069 bio_debug_data("write", bio, data, size, desc);
2070#endif
2071 i = BIO_write(bio, data, size);
2072
2073 if (i < 0)
2074 {
2075 if (!BIO_should_retry(bio))
2076 {
2077 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s error", desc);
2078 ret = -1;
2079 ERR_clear_error();
2080 }
2081 }
2082 else if (i != size)
2083 {
2084 crypto_msg(D_TLS_ERRORS, "TLS ERROR: BIO write %s incomplete %d/%d",
2085 desc, i, size);
2086 ret = -1;
2087 ERR_clear_error();
2088 }
2089 else
2090 { /* successful write */
2091 dmsg(D_HANDSHAKE_VERBOSE, "BIO write %s %d bytes", desc, i);
2092 ret = 1;
2093 }
2094 }
2095 return ret;
2096}
2097
2098/*
2099 * Inline functions for reading from and writing
2100 * to BIOs.
2101 */
2102
2103static void
2104bio_write_post(const int status, struct buffer *buf)
2105{
2106 if (status == 1) /* success status return from bio_write? */
2107 {
2108 memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
2109 buf->len = 0;
2110 }
2111}
2112
2113/*
2114 * Read from an OpenSSL BIO in non-blocking mode.
2115 */
2116static int
2117bio_read(BIO *bio, struct buffer *buf, const char *desc)
2118{
2119 ASSERT(buf->len >= 0);
2120 if (buf->len)
2121 {
2122 /* we only want to write empty buffers, ignore read request
2123 * if the buffer is not empty */
2124 return 0;
2125 }
2126 int len = buf_forward_capacity(buf);
2127
2128 /*
2129 * BIO_read brackets most of the serious RSA
2130 * key negotiation number crunching.
2131 */
2132 int i = BIO_read(bio, BPTR(buf), len);
2133
2134 VALGRIND_MAKE_READABLE((void *) &i, sizeof(i));
2135
2136#ifdef BIO_DEBUG
2137 bio_debug_data("read", bio, BPTR(buf), i, desc);
2138#endif
2139
2140 int ret = 0;
2141 if (i < 0)
2142 {
2143 if (!BIO_should_retry(bio))
2144 {
2145 crypto_msg(D_TLS_ERRORS, "TLS_ERROR: BIO read %s error", desc);
2146 buf->len = 0;
2147 ret = -1;
2148 ERR_clear_error();
2149 }
2150 }
2151 else if (!i)
2152 {
2153 buf->len = 0;
2154 }
2155 else
2156 { /* successful read */
2157 dmsg(D_HANDSHAKE_VERBOSE, "BIO read %s %d bytes", desc, i);
2158 buf->len = i;
2159 ret = 1;
2160 VALGRIND_MAKE_READABLE((void *) BPTR(buf), BLEN(buf));
2161 }
2162 return ret;
2163}
2164
2165void
2166key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
2167{
2168 ASSERT(NULL != ssl_ctx);
2169 ASSERT(ks_ssl);
2170 CLEAR(*ks_ssl);
2171
2172 ks_ssl->ssl = SSL_new(ssl_ctx->ctx);
2173 if (!ks_ssl->ssl)
2174 {
2175 crypto_msg(M_FATAL, "SSL_new failed");
2176 }
2177
2178 /* put session * in ssl object so we can access it
2179 * from verify callback*/
2180 SSL_set_ex_data(ks_ssl->ssl, mydata_index, session);
2181
2182 ASSERT((ks_ssl->ssl_bio = BIO_new(BIO_f_ssl())));
2183 ASSERT((ks_ssl->ct_in = BIO_new(BIO_s_mem())));
2184 ASSERT((ks_ssl->ct_out = BIO_new(BIO_s_mem())));
2185
2186#ifdef BIO_DEBUG
2187 bio_debug_oc("open ssl_bio", ks_ssl->ssl_bio);
2188 bio_debug_oc("open ct_in", ks_ssl->ct_in);
2189 bio_debug_oc("open ct_out", ks_ssl->ct_out);
2190#endif
2191
2192 if (is_server)
2193 {
2194 SSL_set_accept_state(ks_ssl->ssl);
2195 }
2196 else
2197 {
2198 SSL_set_connect_state(ks_ssl->ssl);
2199 }
2200
2201 SSL_set_bio(ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
2202 BIO_set_ssl(ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
2203}
2204
2205void
2206key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
2207{
2208 SSL_set_shutdown(ks_ssl->ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2209}
2210
2211void
2212key_state_ssl_free(struct key_state_ssl *ks_ssl)
2213{
2214 if (ks_ssl->ssl)
2215 {
2216#ifdef BIO_DEBUG
2217 bio_debug_oc("close ssl_bio", ks_ssl->ssl_bio);
2218 bio_debug_oc("close ct_in", ks_ssl->ct_in);
2219 bio_debug_oc("close ct_out", ks_ssl->ct_out);
2220#endif
2221 BIO_free_all(ks_ssl->ssl_bio);
2222 SSL_free(ks_ssl->ssl);
2223 }
2224}
2225
2226int
2227key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2228{
2229 int ret = 0;
2230 perf_push(PERF_BIO_WRITE_PLAINTEXT);
2231
2232 ASSERT(NULL != ks_ssl);
2233
2234 ret = bio_write(ks_ssl->ssl_bio, BPTR(buf), BLEN(buf),
2235 "tls_write_plaintext");
2236 bio_write_post(ret, buf);
2237
2238 perf_pop();
2239 return ret;
2240}
2241
2242int
2243key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
2244{
2245 int ret = 0;
2246 perf_push(PERF_BIO_WRITE_PLAINTEXT);
2247
2248 ASSERT(NULL != ks_ssl);
2249
2250 ret = bio_write(ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
2251
2252 perf_pop();
2253 return ret;
2254}
2255
2256int
2257key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2258{
2259 int ret = 0;
2260 perf_push(PERF_BIO_READ_CIPHERTEXT);
2261
2262 ASSERT(NULL != ks_ssl);
2263
2264 ret = bio_read(ks_ssl->ct_out, buf, "tls_read_ciphertext");
2265
2266 perf_pop();
2267 return ret;
2268}
2269
2270int
2271key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2272{
2273 int ret = 0;
2274 perf_push(PERF_BIO_WRITE_CIPHERTEXT);
2275
2276 ASSERT(NULL != ks_ssl);
2277
2278 ret = bio_write(ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
2279 bio_write_post(ret, buf);
2280
2281 perf_pop();
2282 return ret;
2283}
2284
2285int
2286key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
2287{
2288 int ret = 0;
2289 perf_push(PERF_BIO_READ_PLAINTEXT);
2290
2291 ASSERT(NULL != ks_ssl);
2292
2293 ret = bio_read(ks_ssl->ssl_bio, buf, "tls_read_plaintext");
2294
2295 perf_pop();
2296 return ret;
2297}
2298
2299static void
2300print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
2301{
2302 const char *curve = "";
2303 const char *type = "(error getting type)";
2304
2305 if (pkey == NULL)
2306 {
2307 buf[0] = 0;
2308 return;
2309 }
2310
2311 int typeid = EVP_PKEY_id(pkey);
2312#if OPENSSL_VERSION_NUMBER < 0x30000000L
2313 bool is_ec = typeid == EVP_PKEY_EC;
2314#else
2315 bool is_ec = EVP_PKEY_is_a(pkey, "EC");
2316#endif
2317
2318#ifndef OPENSSL_NO_EC
2319 char groupname[64];
2320 if (is_ec)
2321 {
2322 size_t len;
2323 if (EVP_PKEY_get_group_name(pkey, groupname, sizeof(groupname), &len))
2324 {
2325 curve = groupname;
2326 }
2327 else
2328 {
2329 curve = "(error getting curve name)";
2330 }
2331 }
2332#endif
2333 if (typeid != 0)
2334 {
2335#if OPENSSL_VERSION_NUMBER < 0x30000000L
2336 type = OBJ_nid2sn(typeid);
2337
2338 /* OpenSSL reports rsaEncryption, dsaEncryption and
2339 * id-ecPublicKey, map these values to nicer ones */
2340 if (typeid == EVP_PKEY_RSA)
2341 {
2342 type = "RSA";
2343 }
2344 else if (typeid == EVP_PKEY_DSA)
2345 {
2346 type = "DSA";
2347 }
2348 else if (typeid == EVP_PKEY_EC)
2349 {
2350 /* EC gets the curve appended after the type */
2351 type = "EC, curve ";
2352 }
2353 else if (type == NULL)
2354 {
2355 type = "unknown type";
2356 }
2357#else /* OpenSSL >= 3 */
2358 type = EVP_PKEY_get0_type_name(pkey);
2359 if (type == NULL)
2360 {
2361 type = "(error getting public key type)";
2362 }
2363#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
2364 }
2365
2366 snprintf(buf, buflen, "%d bits %s%s",
2367 EVP_PKEY_bits(pkey), type, curve);
2368}
2369
2376static void
2377print_cert_details(X509 *cert, char *buf, size_t buflen)
2378{
2379 EVP_PKEY *pkey = X509_get_pubkey(cert);
2380 char pkeybuf[64] = { 0 };
2381 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2382
2383 char sig[128] = { 0 };
2384 int signature_nid = X509_get_signature_nid(cert);
2385 if (signature_nid != 0)
2386 {
2387 snprintf(sig, sizeof(sig), ", signature: %s",
2388 OBJ_nid2sn(signature_nid));
2389 }
2390
2391 snprintf(buf, buflen, ", peer certificate: %s%s",
2392 pkeybuf, sig);
2393
2394 EVP_PKEY_free(pkey);
2395}
2396
2397static void
2398print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
2399{
2400 EVP_PKEY *pkey = NULL;
2401 SSL_get_peer_tmp_key(ssl, &pkey);
2402 if (!pkey)
2403 {
2404 return;
2405 }
2406
2407 char pkeybuf[128] = { 0 };
2408 print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
2409
2410 snprintf(buf, buflen, ", peer temporary key: %s",
2411 pkeybuf);
2412
2413 EVP_PKEY_free(pkey);
2414}
2415
2416#if !defined(LIBRESSL_VERSION_NUMBER) \
2417 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2423static const char *
2424get_sigtype(int nid)
2425{
2426 /* Fix a few OpenSSL names to be better understandable */
2427 switch (nid)
2428 {
2429 case EVP_PKEY_RSA:
2430 /* will otherwise say rsaEncryption */
2431 return "RSA";
2432
2433 case EVP_PKEY_DSA:
2434 /* dsaEncryption otherwise */
2435 return "DSA";
2436
2437 case EVP_PKEY_EC:
2438 /* will say id-ecPublicKey */
2439 return "ECDSA";
2440
2441 case -1:
2442 return "(error getting name)";
2443
2444 default:
2445 return OBJ_nid2sn(nid);
2446 }
2447}
2448#endif /* ifndef LIBRESSL_VERSION_NUMBER */
2449
2454static void
2455print_peer_signature(SSL *ssl, char *buf, size_t buflen)
2456{
2457 int peer_sig_nid = NID_undef, peer_sig_type_nid = NID_undef;
2458 const char *peer_sig = "unknown";
2459 const char *peer_sig_type = "unknown type";
2460
2461 /* Even though these methods use the deprecated NIDs instead of using
2462 * string as new OpenSSL APIs do, there seem to be no API that replaces
2463 * it yet */
2464#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3050400fL
2465 if (SSL_get_peer_signature_nid(ssl, &peer_sig_nid)
2466 && peer_sig_nid != NID_undef)
2467 {
2468 peer_sig = OBJ_nid2sn(peer_sig_nid);
2469 }
2470#endif
2471
2472#if !defined(LIBRESSL_VERSION_NUMBER) \
2473 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
2474 /* LibreSSL 3.7.x and 3.8.x implement this function but do not export it
2475 * and fail linking with an unresolved symbol */
2476 if (SSL_get_peer_signature_type_nid(ssl, &peer_sig_type_nid)
2477 && peer_sig_type_nid != NID_undef)
2478 {
2479 peer_sig_type = get_sigtype(peer_sig_type_nid);
2480 }
2481#endif
2482
2483 if (peer_sig_nid == NID_undef && peer_sig_type_nid == NID_undef)
2484 {
2485 return;
2486 }
2487
2488 snprintf(buf, buflen, ", peer signing digest/type: %s %s",
2489 peer_sig, peer_sig_type);
2490}
2491
2492
2493
2494/* **************************************
2495 *
2496 * Information functions
2497 *
2498 * Print information for the end user.
2499 *
2500 ***************************************/
2501void
2502print_details(struct key_state_ssl *ks_ssl, const char *prefix)
2503{
2504 const SSL_CIPHER *ciph;
2505 char s1[256];
2506 char s2[256];
2507 char s3[256];
2508 char s4[256];
2509
2510 s1[0] = s2[0] = s3[0] = s4[0] = 0;
2511 ciph = SSL_get_current_cipher(ks_ssl->ssl);
2512 snprintf(s1, sizeof(s1), "%s %s, cipher %s %s",
2513 prefix,
2514 SSL_get_version(ks_ssl->ssl),
2515 SSL_CIPHER_get_version(ciph),
2516 SSL_CIPHER_get_name(ciph));
2517 X509 *cert = SSL_get_peer_certificate(ks_ssl->ssl);
2518
2519 if (cert)
2520 {
2521 print_cert_details(cert, s2, sizeof(s2));
2522 X509_free(cert);
2523 }
2524 print_server_tempkey(ks_ssl->ssl, s3, sizeof(s3));
2525 print_peer_signature(ks_ssl->ssl, s4, sizeof(s4));
2526
2527 msg(D_HANDSHAKE, "%s%s%s%s", s1, s2, s3, s4);
2528}
2529
2530void
2531show_available_tls_ciphers_list(const char *cipher_list,
2532 const char *tls_cert_profile,
2533 bool tls13)
2534{
2535 struct tls_root_ctx tls_ctx;
2536
2537 tls_ctx.ctx = SSL_CTX_new(SSLv23_method());
2538 if (!tls_ctx.ctx)
2539 {
2540 crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
2541 }
2542
2543#if defined(TLS1_3_VERSION)
2544 if (tls13)
2545 {
2546 SSL_CTX_set_min_proto_version(tls_ctx.ctx,
2547 openssl_tls_version(TLS_VER_1_3));
2548 tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list);
2549 }
2550 else
2551#endif
2552 {
2553 SSL_CTX_set_max_proto_version(tls_ctx.ctx, TLS1_2_VERSION);
2554 tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
2555 }
2556
2557 tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
2558
2559 SSL *ssl = SSL_new(tls_ctx.ctx);
2560 if (!ssl)
2561 {
2562 crypto_msg(M_FATAL, "Cannot create SSL object");
2563 }
2564
2565#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC)
2566 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
2567#else
2568 STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
2569#endif
2570 for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++)
2571 {
2572 const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
2573
2574 const char *cipher_name = SSL_CIPHER_get_name(c);
2575
2576 const tls_cipher_name_pair *pair =
2577 tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
2578
2579 if (tls13)
2580 {
2581 printf("%s\n", cipher_name);
2582 }
2583 else if (NULL == pair)
2584 {
2585 /* No translation found, print warning */
2586 printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n",
2587 cipher_name);
2588 }
2589 else
2590 {
2591 printf("%s\n", pair->iana_name);
2592 }
2593 }
2594#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
2595 sk_SSL_CIPHER_free(sk);
2596#endif
2597 SSL_free(ssl);
2598 SSL_CTX_free(tls_ctx.ctx);
2599}
2600
2601/*
2602 * Show the Elliptic curves that are available for us to use
2603 * in the OpenSSL library.
2604 */
2605void
2606show_available_curves(void)
2607{
2608 printf("Consider using 'openssl ecparam -list_curves' as alternative to running\n"
2609 "this command.\n"
2610 "Note this output does only list curves/groups that OpenSSL considers as\n"
2611 "builtin EC curves. It does not list additional curves nor X448 or X25519\n");
2612#ifndef OPENSSL_NO_EC
2613 EC_builtin_curve *curves = NULL;
2614 size_t crv_len = 0;
2615 size_t n = 0;
2616
2617 crv_len = EC_get_builtin_curves(NULL, 0);
2618 ALLOC_ARRAY(curves, EC_builtin_curve, crv_len);
2619 if (EC_get_builtin_curves(curves, crv_len))
2620 {
2621 printf("\nAvailable Elliptic curves/groups:\n");
2622 for (n = 0; n < crv_len; n++)
2623 {
2624 const char *sname;
2625 sname = OBJ_nid2sn(curves[n].nid);
2626 if (sname == NULL)
2627 {
2628 sname = "";
2629 }
2630
2631 printf("%s\n", sname);
2632 }
2633 }
2634 else
2635 {
2636 crypto_msg(M_FATAL, "Cannot get list of builtin curves");
2637 }
2638 free(curves);
2639#else /* ifndef OPENSSL_NO_EC */
2640 msg(M_WARN, "Your OpenSSL library was built without elliptic curve support. "
2641 "No curves available.");
2642#endif /* ifndef OPENSSL_NO_EC */
2643}
2644
2645const char *
2646get_ssl_library_version(void)
2647{
2648 return OpenSSL_version(OPENSSL_VERSION);
2649}
2650
2651
2653#ifdef HAVE_XKEY_PROVIDER
2654static int
2655provider_load(OSSL_PROVIDER *prov, void *dest_libctx)
2656{
2657 const char *name = OSSL_PROVIDER_get0_name(prov);
2658 OSSL_PROVIDER_load(dest_libctx, name);
2659 return 1;
2660}
2661
2662static int
2663provider_unload(OSSL_PROVIDER *prov, void *unused)
2664{
2665 (void) unused;
2666 OSSL_PROVIDER_unload(prov);
2667 return 1;
2668}
2669#endif /* HAVE_XKEY_PROVIDER */
2670
2678void
2679load_xkey_provider(void)
2680{
2681#ifdef HAVE_XKEY_PROVIDER
2682
2683 /* Make a new library context for use in TLS context */
2684 if (!tls_libctx)
2685 {
2686 tls_libctx = OSSL_LIB_CTX_new();
2687 check_malloc_return(tls_libctx);
2688
2689 /* Load all providers in default LIBCTX into this libctx.
2690 * OpenSSL has a child libctx functionality to automate this,
2691 * but currently that is usable only from within providers.
2692 * So we do something close to it manually here.
2693 */
2694 OSSL_PROVIDER_do_all(NULL, provider_load, tls_libctx);
2695 }
2696
2697 if (!OSSL_PROVIDER_available(tls_libctx, "ovpn.xkey"))
2698 {
2699 OSSL_PROVIDER_add_builtin(tls_libctx, "ovpn.xkey", xkey_provider_init);
2700 if (!OSSL_PROVIDER_load(tls_libctx, "ovpn.xkey"))
2701 {
2702 msg(M_NONFATAL, "ERROR: failed loading external key provider: "
2703 "Signing with external keys will not work.");
2704 }
2705 }
2706
2707 /* We only implement minimal functionality in ovpn.xkey, so we do not want
2708 * methods in xkey to be picked unless absolutely required (i.e, when the key
2709 * is external). Ensure this by setting a default propquery for the custom
2710 * libctx that unprefers, but does not forbid, ovpn.xkey. See also man page
2711 * of "property" in OpenSSL 3.0.
2712 */
2713 EVP_set_default_properties(tls_libctx, "?provider!=ovpn.xkey");
2714
2715#endif /* HAVE_XKEY_PROVIDER */
2716}
2717
2721static void
2722unload_xkey_provider(void)
2723{
2724#ifdef HAVE_XKEY_PROVIDER
2725 if (tls_libctx)
2726 {
2727 OSSL_PROVIDER_do_all(tls_libctx, provider_unload, NULL);
2728 OSSL_LIB_CTX_free(tls_libctx);
2729 }
2730#endif /* HAVE_XKEY_PROVIDER */
2731 tls_libctx = NULL;
2732}
2733
2734#endif /* defined(ENABLE_CRYPTO_OPENSSL) */
gc_malloc
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition buffer.c:336
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:649
format_hex
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
Definition buffer.h:505
BPTR
#define BPTR(buf)
Definition buffer.h:124
ALLOC_ARRAY_CLEAR_GC
#define ALLOC_ARRAY_CLEAR_GC(dptr, type, n, gc)
Definition buffer.h:1082
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition buffer.h:541
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:414
BLEN
#define BLEN(buf)
Definition buffer.h:127
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1103
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1033
ALLOC_ARRAY
#define ALLOC_ARRAY(dptr, type, n)
Definition buffer.h:1066
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1025
ptr_type
unsigned long ptr_type
Definition common.h:58
ptr_format
#define ptr_format
Definition common.h:49
strsep
char * strsep(char **stringp, const char *delim)
Definition compat-strsep.c:36
print_key_filename
const char * print_key_filename(const char *str, bool is_inline)
To be used when printing a string that may contain inline data.
Definition crypto.c:1310
crypto_print_openssl_errors
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
Definition crypto_openssl.c:236
crypto_msg
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
Definition crypto_openssl.h:116
SSL_CTX_use_CryptoAPI_certificate
int SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
Definition cryptoapi.c:59
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition errlevel.h:77
D_TLS_DEBUG_MED
#define D_TLS_DEBUG_MED
Definition errlevel.h:157
D_HANDSHAKE_VERBOSE
#define D_HANDSHAKE_VERBOSE
Definition errlevel.h:156
D_HANDSHAKE
#define D_HANDSHAKE
Definition errlevel.h:72
D_TLS_ERRORS
#define D_TLS_ERRORS
Definition errlevel.h:59
D_LOW
#define D_LOW
Definition errlevel.h:97
M_INFO
#define M_INFO
Definition errlevel.h:55
D_TLS_DEBUG
#define D_TLS_DEBUG
Definition errlevel.h:165
KS_PRIMARY
#define KS_PRIMARY
Primary key state index.
Definition ssl_common.h:456
key_state_read_plaintext
int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract plaintext data from the TLS module.
Definition ssl_openssl.c:2286
key_state_write_ciphertext
int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a ciphertext buffer into the TLS module.
Definition ssl_openssl.c:2271
key_state_read_ciphertext
int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Extract ciphertext data from the TLS module.
Definition ssl_openssl.c:2257
key_state_write_plaintext_const
int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
Insert plaintext data into the TLS module.
Definition ssl_openssl.c:2243
key_state_write_plaintext
int key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
Insert a plaintext buffer into the TLS module.
Definition ssl_openssl.c:2227
verify_callback
int verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint32_t *flags)
Verify that the remote OpenVPN peer's certificate allows setting up a VPN tunnel.
constrain_int
static int constrain_int(int x, int min, int max)
Definition integer.h:115
status
static SERVICE_STATUS status
Definition interactive.c:53
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3092
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3760
VALGRIND_MAKE_READABLE
#define VALGRIND_MAKE_READABLE(addr, len)
Definition memdbg.h:53
purge_user_pass
void purge_user_pass(struct user_pass *up, const bool force)
Definition misc.c:485
GET_USER_PASS_MANAGEMENT
#define GET_USER_PASS_MANAGEMENT
Definition misc.h:109
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:111
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:150
openssl_compat.h
OpenSSL compatibility stub.
OSSL_PROVIDER
void OSSL_PROVIDER
Definition openssl_compat.h:131
OSSL_LIB_CTX
void OSSL_LIB_CTX
Definition openssl_compat.h:130
EVP_PKEY_get_group_name
static int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, size_t *gname_len)
Definition openssl_compat.h:91
SSL_CTX_set1_groups
#define SSL_CTX_set1_groups
Definition openssl_compat.h:51
SSL_CTX_new_ex
#define SSL_CTX_new_ex(libctx, propq, method)
Reduce SSL_CTX_new_ex() to SSL_CTX_new() for OpenSSL < 3.
Definition openssl_compat.h:126
CLEAR
#define CLEAR(x)
Definition basic.h:33
M_FATAL
#define M_FATAL
Definition error.h:89
M_NONFATAL
#define M_NONFATAL
Definition error.h:90
dmsg
#define dmsg(flags,...)
Definition error.h:148
msg
#define msg(flags,...)
Definition error.h:144
ASSERT
#define ASSERT(x)
Definition error.h:195
M_DEBUG
#define M_DEBUG
Definition error.h:92
M_WARN
#define M_WARN
Definition error.h:91
streq
#define streq(x, y)
Definition options.h:725
perf_push
static void perf_push(int type)
Definition perf.h:78
PERF_BIO_READ_PLAINTEXT
#define PERF_BIO_READ_PLAINTEXT
Definition perf.h:38
PERF_BIO_WRITE_CIPHERTEXT
#define PERF_BIO_WRITE_CIPHERTEXT
Definition perf.h:41
perf_pop
static void perf_pop(void)
Definition perf.h:82
PERF_BIO_READ_CIPHERTEXT
#define PERF_BIO_READ_CIPHERTEXT
Definition perf.h:40
PERF_BIO_WRITE_PLAINTEXT
#define PERF_BIO_WRITE_PLAINTEXT
Definition perf.h:39
platform_fopen
FILE * platform_fopen(const char *path, const char *mode)
Definition platform.c:501
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition base64.c:158
openvpn_base64_encode
int openvpn_base64_encode(const void *data, int size, char **str)
Definition base64.c:52
pem_password_callback
int pem_password_callback(char *buf, int size, int rwflag, void *u)
Callback to retrieve the user's password.
Definition ssl.c:261
ssl_backend.h
Control Channel SSL library backend module.
TLS_VER_1_0
#define TLS_VER_1_0
Definition ssl_backend.h:106
TLS_VER_1_2
#define TLS_VER_1_2
Definition ssl_backend.h:108
TLS_VER_1_3
#define TLS_VER_1_3
Definition ssl_backend.h:109
TLS_VER_1_1
#define TLS_VER_1_1
Definition ssl_backend.h:107
ssl_common.h
Control Channel Common Data Structures.
SSLF_TLS_VERSION_MAX_SHIFT
#define SSLF_TLS_VERSION_MAX_SHIFT
Definition ssl_common.h:423
UP_TYPE_PRIVATE_KEY
#define UP_TYPE_PRIVATE_KEY
Definition ssl_common.h:43
SSLF_CLIENT_CERT_OPTIONAL
#define SSLF_CLIENT_CERT_OPTIONAL
Definition ssl_common.h:416
SSLF_CLIENT_CERT_NOT_REQUIRED
#define SSLF_CLIENT_CERT_NOT_REQUIRED
Definition ssl_common.h:415
SSLF_TLS_VERSION_MAX_MASK
#define SSLF_TLS_VERSION_MAX_MASK
Definition ssl_common.h:424
SSLF_TLS_VERSION_MIN_SHIFT
#define SSLF_TLS_VERSION_MIN_SHIFT
Definition ssl_common.h:421
SSLF_TLS_VERSION_MIN_MASK
#define SSLF_TLS_VERSION_MIN_MASK
Definition ssl_common.h:422
tls_ctx_set_tls_groups
void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
Set the (elliptic curve) group allowed for signatures and key exchange.
Definition ssl_openssl.c:560
tls_ctx_free
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
Definition ssl_openssl.c:140
bio_read
static int bio_read(BIO *bio, struct buffer *buf, const char *desc)
Definition ssl_openssl.c:2117
get_ssl_library_version
const char * get_ssl_library_version(void)
return a pointer to a static memory area containing the name and version number of the SSL library in...
Definition ssl_openssl.c:2646
openvpn_extkey_ec_finish
static void openvpn_extkey_ec_finish(EC_KEY *ec)
Definition ssl_openssl.c:1592
tls_ctx_set_tls_versions
static bool tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Definition ssl_openssl.c:280
bio_write
static int bio_write(BIO *bio, const uint8_t *data, int size, const char *desc)
Definition ssl_openssl.c:2055
openvpn_extkey_rsa_finish
static int openvpn_extkey_rsa_finish(RSA *rsa)
Definition ssl_openssl.c:1437
tls_ctx_use_external_ec_key
static int tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1656
openssl_tls_version
static int openssl_tls_version(int ver)
Convert internal version number to openssl version number.
Definition ssl_openssl.c:243
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition ssl_openssl.c:156
load_xkey_provider
void load_xkey_provider(void)
Some helper routines for provider load/unload.
Definition ssl_openssl.c:2679
print_pkey_details
static void print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
Definition ssl_openssl.c:2300
print_server_tempkey
static void print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
Definition ssl_openssl.c:2398
rsa_pub_enc
static int rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1413
tls_ctx_add_extra_certs
static void tls_ctx_add_extra_certs(struct tls_root_ctx *ctx, BIO *bio, bool optional)
Definition ssl_openssl.c:1051
show_available_tls_ciphers_list
void show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_profile, bool tls13)
Show the TLS ciphers that are available for us to use in the library depending on the TLS version.
Definition ssl_openssl.c:2531
load_pkey_from_uri
static void * load_pkey_from_uri(const char *uri, SSL_CTX *ssl_ctx)
Load private key from OSSL_STORE URI or file uri : URI of object or filename ssl_ctx : SSL_CTX for UI...
Definition ssl_openssl.c:837
tls_ctx_server_new
void tls_ctx_server_new(struct tls_root_ctx *ctx)
Initialise a library-specific TLS context for a server.
Definition ssl_openssl.c:104
show_available_curves
void show_available_curves(void)
Show the available elliptic curves in the crypto library.
Definition ssl_openssl.c:2606
key_state_ssl_free
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
Free the SSL channel part of the given key state.
Definition ssl_openssl.c:2212
ecdsa_sign
static int ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
Definition ssl_openssl.c:1604
tls_ctx_load_priv_file
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
Definition ssl_openssl.c:1271
key_state_ssl_shutdown
void key_state_ssl_shutdown(struct key_state_ssl *ks_ssl)
Sets a TLS session to be shutdown state, so the TLS library will generate a shutdown alert.
Definition ssl_openssl.c:2206
tls_ctx_load_extra_certs
void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_file, bool extra_certs_file_inline)
Load extra certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1947
print_peer_signature
static void print_peer_signature(SSL *ssl, char *buf, size_t buflen)
Get the type of the signature that is used by the peer during the TLS handshake.
Definition ssl_openssl.c:2455
tls_libctx
OSSL_LIB_CTX * tls_libctx
Definition ssl_openssl.c:79
get_sigtype
static const char * get_sigtype(int nid)
Translate an OpenSSL NID into a more human readable name.
Definition ssl_openssl.c:2424
mydata_index
int mydata_index
Allocate space in SSL objects in which to store a struct tls_session pointer back to parent.
Definition ssl_openssl.c:89
print_cert_details
static void print_cert_details(X509 *cert, char *buf, size_t buflen)
Print human readable information about the certificate into buf.
Definition ssl_openssl.c:2377
ecdsa_sign_setup
static int ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
Definition ssl_openssl.c:1625
tls_ctx_check_cert_time
void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
Check our certificate notBefore and notAfter fields, and warn if the cert is either not yet valid or ...
Definition ssl_openssl.c:620
tls_ctx_restrict_ciphers_tls13
void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 and higher.
Definition ssl_openssl.c:492
cert_uri_supported
static bool cert_uri_supported(void)
Definition ssl_openssl.c:1085
rsa_priv_dec
static int rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1429
INFO_CALLBACK_SSL_CONST
#define INFO_CALLBACK_SSL_CONST
Definition ssl_openssl.c:180
rsa_pub_dec
static int rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1421
bio_write_post
static void bio_write_post(const int status, struct buffer *buf)
Definition ssl_openssl.c:2104
tls_ctx_load_pkcs12
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, bool pkcs12_file_inline, bool load_ca_file)
Load PKCS #12 file for key, cert and (optionally) CA certs, and add to library-specific TLS context.
Definition ssl_openssl.c:908
tls_ctx_initialised
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
Checks whether the given TLS context is initialised.
Definition ssl_openssl.c:149
key_state_ssl_init
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
Initialise the SSL channel part of the given key state.
Definition ssl_openssl.c:2166
tls_free_lib
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition ssl_openssl.c:99
unload_xkey_provider
static void unload_xkey_provider(void)
Undo steps in load_xkey_provider.
Definition ssl_openssl.c:2722
get_rsa_padding_name
const char * get_rsa_padding_name(const int padding)
Definition ssl_openssl.c:1452
tls_ctx_load_ecdh_params
void tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
Load Elliptic Curve Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:717
get_sig_from_man
static int get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, unsigned char *sig, unsigned int siglen, const char *algorithm)
Pass the input hash in 'dgst' to management and get the signature back.
Definition ssl_openssl.c:1479
tls_ctx_load_cert_uri
static void tls_ctx_load_cert_uri(struct tls_root_ctx *tls_ctx, const char *uri)
Definition ssl_openssl.c:1095
rsa_priv_enc
static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition ssl_openssl.c:1506
convert_tls_list_to_openssl
static void convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:358
tls_ctx_load_cert_pem_file
static void tls_ctx_load_cert_pem_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Definition ssl_openssl.c:1195
tls_init_lib
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition ssl_openssl.c:92
print_details
void print_details(struct key_state_ssl *ks_ssl, const char *prefix)
Print a one line summary of SSL/TLS session handshake.
Definition ssl_openssl.c:2502
info_callback
static void info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
Definition ssl_openssl.c:183
tls_version_max
int tls_version_max(void)
Return the maximum TLS version (as a TLS_VER_x constant) supported by current SSL implementation.
Definition ssl_openssl.c:207
backend_tls_ctx_reload_crl
void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline)
Reload the Certificate Revocation List for the SSL channel.
Definition ssl_openssl.c:1326
tls_ctx_restrict_ciphers
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 and below.
Definition ssl_openssl.c:430
tls_ctx_load_ca
void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server)
Load certificate authority certificates from the given file or path.
Definition ssl_openssl.c:1798
tls_ctx_set_cert_profile
void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
Set the TLS certificate profile.
Definition ssl_openssl.c:521
tls_ctx_use_management_external_key
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
Tell the management interface to load the given certificate and the external private key matching the...
Definition ssl_openssl.c:1718
tls_ctx_use_external_rsa_key
static int tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
Definition ssl_openssl.c:1524
ecdsa_sign_sig
static ECDSA_SIG * ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *ec)
Definition ssl_openssl.c:1635
tls_ctx_load_cryptoapi
void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
Use Windows cryptoapi for key and cert, and add to library-specific TLS context.
Definition ssl_openssl.c:1038
convert_tls13_list_to_openssl
static void convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
Definition ssl_openssl.c:465
tls_ctx_set_options
bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
Set any library specific options.
Definition ssl_openssl.c:310
tls_ctx_load_dh_params
void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline)
Load Diffie Hellman Parameters, and load them into the library-specific TLS context.
Definition ssl_openssl.c:656
tls_ctx_client_new
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
Definition ssl_openssl.c:122
sk_x509_name_cmp
static int sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
Definition ssl_openssl.c:1792
tls_ctx_load_cert_file
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Load certificate file into the given TLS context.
Definition ssl_openssl.c:1257
get_num_elements
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number e...
Definition ssl_util.c:284
tls_get_cipher_name_pair
const tls_cipher_name_pair * tls_get_cipher_name_pair(const char *cipher_name, size_t len)
Definition ssl_util.c:265
ssl_util.h
SSL utility functions.
ssl_verify_openssl.h
Control Channel Verification Module OpenSSL backend.
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:61
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:66
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:117
key_state_ssl
Definition ssl_mbedtls.h:128
key_state_ssl::ct_in
BIO * ct_in
Definition ssl_openssl.h:49
key_state_ssl::ssl
SSL * ssl
Definition ssl_openssl.h:47
key_state_ssl::ssl_bio
BIO * ssl_bio
Definition ssl_openssl.h:48
key_state_ssl::ct_out
BIO * ct_out
Definition ssl_openssl.h:50
tls_cipher_name_pair
Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name.
Definition ssl_util.h:77
tls_cipher_name_pair::iana_name
const char * iana_name
Definition ssl_util.h:77
tls_cipher_name_pair::openssl_name
const char * openssl_name
Definition ssl_util.h:77
tls_root_ctx
Structure that wraps the TLS context.
Definition ssl_mbedtls.h:107
tls_root_ctx::ctx
SSL_CTX * ctx
Definition ssl_openssl.h:41
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:480
user_pass
Definition misc.h:57
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:73
cleanup
static int cleanup(void **state)
Definition test_pkcs11.c:290
gc
struct gc_arena gc
Definition test_ssl.c:155
xkey_common.h
Generated by doxygen 1.9.8