summaryrefslogtreecommitdiff
path: root/src/openvpn/ssl_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/ssl_openssl.c')
-rw-r--r--src/openvpn/ssl_openssl.c1175
1 files changed, 1175 insertions, 0 deletions
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
new file mode 100644
index 0000000..a727b60
--- /dev/null
+++ b/src/openvpn/ssl_openssl.c
@@ -0,0 +1,1175 @@
+/*
+ * OpenVPN -- An application to securely tunnel IP networks
+ * over a single TCP/UDP port, with support for SSL/TLS-based
+ * session authentication and key exchange,
+ * packet encryption, packet authentication, and
+ * packet compression.
+ *
+ * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+/**
+ * @file Control Channel OpenSSL Backend
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#elif defined(_MSC_VER)
+#include "config-msvc.h"
+#endif
+
+#include "syshead.h"
+
+#if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL)
+
+#include "errlevel.h"
+#include "buffer.h"
+#include "misc.h"
+#include "manage.h"
+#include "memdbg.h"
+#include "ssl_backend.h"
+#include "ssl_common.h"
+#include "base64.h"
+
+#ifdef ENABLE_CRYPTOAPI
+#include "cryptoapi.h"
+#endif
+
+#include "ssl_verify_openssl.h"
+
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+#include <openssl/x509.h>
+#include <openssl/crypto.h>
+
+/*
+ * Allocate space in SSL objects in which to store a struct tls_session
+ * pointer back to parent.
+ *
+ */
+
+int mydata_index; /* GLOBAL */
+
+void
+tls_init_lib()
+{
+ SSL_library_init();
+#ifndef ENABLE_SMALL
+ SSL_load_error_strings();
+#endif
+ OpenSSL_add_all_algorithms ();
+
+ mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
+ ASSERT (mydata_index >= 0);
+}
+
+void
+tls_free_lib()
+{
+ EVP_cleanup();
+#ifndef ENABLE_SMALL
+ ERR_free_strings();
+#endif
+}
+
+void
+tls_clear_error()
+{
+ ERR_clear_error ();
+}
+
+/*
+ * OpenSSL callback to get a temporary RSA key, mostly
+ * used for export ciphers.
+ */
+static RSA *
+tmp_rsa_cb (SSL * s, int is_export, int keylength)
+{
+ static RSA *rsa_tmp = NULL;
+ if (rsa_tmp == NULL)
+ {
+ msg (D_HANDSHAKE, "Generating temp (%d bit) RSA key", keylength);
+ rsa_tmp = RSA_generate_key (keylength, RSA_F4, NULL, NULL);
+ }
+ return (rsa_tmp);
+}
+
+void
+tls_ctx_server_new(struct tls_root_ctx *ctx)
+{
+ ASSERT(NULL != ctx);
+
+ ctx->ctx = SSL_CTX_new (TLSv1_server_method ());
+
+ if (ctx->ctx == NULL)
+ msg (M_SSLERR, "SSL_CTX_new TLSv1_server_method");
+
+ SSL_CTX_set_tmp_rsa_callback (ctx->ctx, tmp_rsa_cb);
+}
+
+void
+tls_ctx_client_new(struct tls_root_ctx *ctx)
+{
+ ASSERT(NULL != ctx);
+
+ ctx->ctx = SSL_CTX_new (TLSv1_client_method ());
+
+ if (ctx->ctx == NULL)
+ msg (M_SSLERR, "SSL_CTX_new TLSv1_client_method");
+}
+
+void
+tls_ctx_free(struct tls_root_ctx *ctx)
+{
+ ASSERT(NULL != ctx);
+ if (NULL != ctx->ctx)
+ SSL_CTX_free (ctx->ctx);
+ ctx->ctx = NULL;
+}
+
+bool tls_ctx_initialised(struct tls_root_ctx *ctx)
+{
+ ASSERT(NULL != ctx);
+ return NULL != ctx->ctx;
+}
+
+/*
+ * Print debugging information on SSL/TLS session negotiation.
+ */
+
+#ifndef INFO_CALLBACK_SSL_CONST
+#define INFO_CALLBACK_SSL_CONST const
+#endif
+static void
+info_callback (INFO_CALLBACK_SSL_CONST SSL * s, int where, int ret)
+{
+ if (where & SSL_CB_LOOP)
+ {
+ dmsg (D_HANDSHAKE_VERBOSE, "SSL state (%s): %s",
+ where & SSL_ST_CONNECT ? "connect" :
+ where & SSL_ST_ACCEPT ? "accept" :
+ "undefined", SSL_state_string_long (s));
+ }
+ else if (where & SSL_CB_ALERT)
+ {
+ dmsg (D_HANDSHAKE_VERBOSE, "SSL alert (%s): %s: %s",
+ where & SSL_CB_READ ? "read" : "write",
+ SSL_alert_type_string_long (ret),
+ SSL_alert_desc_string_long (ret));
+ }
+}
+
+void
+tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags)
+{
+ ASSERT(NULL != ctx);
+
+ SSL_CTX_set_session_cache_mode (ctx->ctx, SSL_SESS_CACHE_OFF);
+ SSL_CTX_set_options (ctx->ctx, SSL_OP_SINGLE_DH_USE);
+ SSL_CTX_set_default_passwd_cb (ctx->ctx, pem_password_callback);
+
+ /* Require peer certificate verification */
+#if P2MP_SERVER
+ if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
+ {
+ msg (M_WARN, "WARNING: POTENTIALLY DANGEROUS OPTION "
+ "--client-cert-not-required may accept clients which do not present "
+ "a certificate");
+ }
+ else
+#endif
+ SSL_CTX_set_verify (ctx->ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+ verify_callback);
+
+ SSL_CTX_set_info_callback (ctx->ctx, info_callback);
+}
+
+void
+tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
+{
+ ASSERT(NULL != ctx);
+
+ if(!SSL_CTX_set_cipher_list(ctx->ctx, ciphers))
+ msg(M_SSLERR, "Failed to set restricted TLS cipher list: %s", ciphers);
+}
+
+void
+tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file,
+ const char *dh_file_inline
+ )
+{
+ DH *dh;
+ BIO *bio;
+
+ ASSERT(NULL != ctx);
+
+ if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline)
+ {
+ if (!(bio = BIO_new_mem_buf ((char *)dh_file_inline, -1)))
+ msg (M_SSLERR, "Cannot open memory BIO for inline DH parameters");
+ }
+ else
+ {
+ /* Get Diffie Hellman Parameters */
+ if (!(bio = BIO_new_file (dh_file, "r")))
+ msg (M_SSLERR, "Cannot open %s for DH parameters", dh_file);
+ }
+
+ dh = PEM_read_bio_DHparams (bio, NULL, NULL, NULL);
+ BIO_free (bio);
+
+ if (!dh)
+ msg (M_SSLERR, "Cannot load DH parameters from %s", dh_file);
+ if (!SSL_CTX_set_tmp_dh (ctx->ctx, dh))
+ msg (M_SSLERR, "SSL_CTX_set_tmp_dh");
+
+ msg (D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
+ 8 * DH_size (dh));
+
+ DH_free (dh);
+}
+
+int
+tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
+ const char *pkcs12_file_inline,
+ bool load_ca_file
+ )
+{
+ FILE *fp;
+ EVP_PKEY *pkey;
+ X509 *cert;
+ STACK_OF(X509) *ca = NULL;
+ PKCS12 *p12;
+ int i;
+ char password[256];
+
+ ASSERT(NULL != ctx);
+
+ if (!strcmp (pkcs12_file, INLINE_FILE_TAG) && pkcs12_file_inline)
+ {
+ BIO *b64 = BIO_new(BIO_f_base64());
+ BIO *bio = BIO_new_mem_buf((void *) pkcs12_file_inline,
+ (int) strlen(pkcs12_file_inline));
+ ASSERT(b64 && bio);
+ BIO_push(b64, bio);
+ p12 = d2i_PKCS12_bio(b64, NULL);
+ if (!p12)
+ msg(M_SSLERR, "Error reading inline PKCS#12 file");
+ BIO_free(b64);
+ BIO_free(bio);
+ }
+ else
+ {
+ /* Load the PKCS #12 file */
+ if (!(fp = platform_fopen(pkcs12_file, "rb")))
+ msg(M_SSLERR, "Error opening file %s", pkcs12_file);
+ p12 = d2i_PKCS12_fp(fp, NULL);
+ fclose(fp);
+ if (!p12)
+ msg(M_SSLERR, "Error reading PKCS#12 file %s", pkcs12_file);
+ }
+
+ /* Parse the PKCS #12 file */
+ if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
+ {
+ pem_password_callback (password, sizeof(password) - 1, 0, NULL);
+ /* Reparse the PKCS #12 file with password */
+ ca = NULL;
+ if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
+ {
+#ifdef ENABLE_MANAGEMENT
+ if (management && (ERR_GET_REASON (ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
+ management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL);
+#endif
+ PKCS12_free(p12);
+ return 1;
+ }
+ }
+ PKCS12_free(p12);
+
+ /* Load Certificate */
+ if (!SSL_CTX_use_certificate (ctx->ctx, cert))
+ msg (M_SSLERR, "Cannot use certificate");
+
+ /* Load Private Key */
+ if (!SSL_CTX_use_PrivateKey (ctx->ctx, pkey))
+ msg (M_SSLERR, "Cannot use private key");
+ warn_if_group_others_accessible (pkcs12_file);
+
+ /* Check Private Key */
+ if (!SSL_CTX_check_private_key (ctx->ctx))
+ msg (M_SSLERR, "Private key does not match the certificate");
+
+ /* Set Certificate Verification chain */
+ if (load_ca_file)
+ {
+ if (ca && sk_X509_num(ca))
+ {
+ for (i = 0; i < sk_X509_num(ca); i++)
+ {
+ if (!X509_STORE_add_cert(ctx->ctx->cert_store,sk_X509_value(ca, i)))
+ msg (M_SSLERR, "Cannot add certificate to certificate chain (X509_STORE_add_cert)");
+ if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))
+ msg (M_SSLERR, "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
+ }
+ }
+ }
+ return 0;
+}
+
+#ifdef ENABLE_CRYPTOAPI
+void
+tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
+{
+ ASSERT(NULL != ctx);
+
+ /* Load Certificate and Private Key */
+ if (!SSL_CTX_use_CryptoAPI_certificate (ctx->ctx, cryptoapi_cert))
+ msg (M_SSLERR, "Cannot load certificate \"%s\" from Microsoft Certificate Store",
+ cryptoapi_cert);
+}
+#endif /* WIN32 */
+
+static void
+tls_ctx_add_extra_certs (struct tls_root_ctx *ctx, BIO *bio)
+{
+ X509 *cert;
+ for (;;)
+ {
+ cert = NULL;
+ if (!PEM_read_bio_X509 (bio, &cert, 0, NULL)) /* takes ownership of cert */
+ break;
+ if (!cert)
+ msg (M_SSLERR, "Error reading extra certificate");
+ if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
+ msg (M_SSLERR, "Error adding extra certificate");
+ }
+}
+
+void
+tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
+ const char *cert_file_inline, X509 **x509
+ )
+{
+ BIO *in = NULL;
+ X509 *x = NULL;
+ int ret = 0;
+ bool inline_file = false;
+
+ ASSERT (NULL != ctx);
+ if (NULL != x509)
+ ASSERT (NULL == *x509);
+
+ inline_file = (strcmp (cert_file, INLINE_FILE_TAG) == 0);
+
+ if (inline_file && cert_file_inline)
+ in = BIO_new_mem_buf ((char *)cert_file_inline, -1);
+ else
+ in = BIO_new_file (cert_file, "r");
+
+ if (in == NULL)
+ {
+ SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+ goto end;
+ }
+
+ x = PEM_read_bio_X509 (in, NULL, ctx->ctx->default_passwd_callback,
+ ctx->ctx->default_passwd_callback_userdata);
+ if (x == NULL)
+ {
+ SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
+ goto end;
+ }
+
+ ret = SSL_CTX_use_certificate (ctx->ctx, x);
+ if (ret)
+ tls_ctx_add_extra_certs (ctx, in);
+
+end:
+ if (!ret)
+ {
+ if (inline_file)
+ msg (M_SSLERR, "Cannot load inline certificate file");
+ else
+ msg (M_SSLERR, "Cannot load certificate file %s", cert_file);
+ }
+
+ if (in != NULL)
+ BIO_free(in);
+ if (x509)
+ *x509 = x;
+ else if (x)
+ X509_free (x);
+}
+
+void
+tls_ctx_free_cert_file (X509 *x509)
+{
+ X509_free(x509);
+}
+
+int
+tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,
+ const char *priv_key_file_inline
+ )
+{
+ int status;
+ SSL_CTX *ssl_ctx = NULL;
+ BIO *in = NULL;
+ EVP_PKEY *pkey = NULL;
+ int ret = 1;
+
+ ASSERT(NULL != ctx);
+
+ ssl_ctx = ctx->ctx;
+
+ if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline)
+ in = BIO_new_mem_buf ((char *)priv_key_file_inline, -1);
+ else
+ in = BIO_new_file (priv_key_file, "r");
+
+ if (!in)
+ goto end;
+
+ pkey = PEM_read_bio_PrivateKey (in, NULL,
+ ssl_ctx->default_passwd_callback,
+ ssl_ctx->default_passwd_callback_userdata);
+ if (!pkey)
+ goto end;
+
+ if (!SSL_CTX_use_PrivateKey (ssl_ctx, pkey))
+ {
+#ifdef ENABLE_MANAGEMENT
+ if (management && (ERR_GET_REASON (ERR_peek_error()) == EVP_R_BAD_DECRYPT))
+ management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL);
+#endif
+ msg (M_WARN|M_SSL, "Cannot load private key file %s", priv_key_file);
+ goto end;
+ }
+ warn_if_group_others_accessible (priv_key_file);
+
+ /* Check Private Key */
+ if (!SSL_CTX_check_private_key (ssl_ctx))
+ msg (M_SSLERR, "Private key does not match the certificate");
+ ret = 0;
+
+end:
+ if (pkey)
+ EVP_PKEY_free (pkey);
+ if (in)
+ BIO_free (in);
+ return ret;
+}
+
+#ifdef MANAGMENT_EXTERNAL_KEY
+
+/* encrypt */
+static int
+rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
+{
+ ASSERT(0);
+ return -1;
+}
+
+/* verify arbitrary data */
+static int
+rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
+{
+ ASSERT(0);
+ return -1;
+}
+
+/* decrypt */
+static int
+rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
+{
+ ASSERT(0);
+ return -1;
+}
+
+/* called at RSA_free */
+static int
+rsa_finish(RSA *rsa)
+{
+ free ((void*)rsa->meth);
+ rsa->meth = NULL;
+ return 1;
+}
+
+/* sign arbitrary data */
+static int
+rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
+{
+ /* optional app data in rsa->meth->app_data; */
+ char *in_b64 = NULL;
+ char *out_b64 = NULL;
+ int ret = -1;
+ int len;
+
+ if (padding != RSA_PKCS1_PADDING)
+ {
+ RSAerr (RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ goto done;
+ }
+
+ /* convert 'from' to base64 */
+ if (openvpn_base64_encode (from, flen, &in_b64) <= 0)
+ goto done;
+
+ /* call MI for signature */
+ if (management)
+ out_b64 = management_query_rsa_sig (management, in_b64);
+ if (!out_b64)
+ goto done;
+
+ /* decode base64 signature to binary */
+ len = RSA_size(rsa);
+ ret = openvpn_base64_decode (out_b64, to, len);
+
+ /* verify length */
+ if (ret != len)
+ ret = -1;
+
+ done:
+ if (in_b64)
+ free (in_b64);
+ if (out_b64)
+ free (out_b64);
+ return ret;
+}
+
+int
+tls_ctx_use_external_private_key (struct tls_root_ctx *ctx, X509 *cert)
+{
+ RSA *rsa = NULL;
+ RSA *pub_rsa;
+ RSA_METHOD *rsa_meth;
+
+ ASSERT (NULL != ctx);
+ ASSERT (NULL != cert);
+
+ /* allocate custom RSA method object */
+ ALLOC_OBJ_CLEAR (rsa_meth, RSA_METHOD);
+ rsa_meth->name = "OpenVPN external private key RSA Method";
+ rsa_meth->rsa_pub_enc = rsa_pub_enc;
+ rsa_meth->rsa_pub_dec = rsa_pub_dec;
+ rsa_meth->rsa_priv_enc = rsa_priv_enc;
+ rsa_meth->rsa_priv_dec = rsa_priv_dec;
+ rsa_meth->init = NULL;
+ rsa_meth->finish = rsa_finish;
+ rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
+ rsa_meth->app_data = NULL;
+
+ /* allocate RSA object */
+ rsa = RSA_new();
+ if (rsa == NULL)
+ {
+ SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* get the public key */
+ ASSERT(cert->cert_info->key->pkey); /* NULL before SSL_CTX_use_certificate() is called */
+ pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
+
+ /* initialize RSA object */
+ rsa->n = BN_dup(pub_rsa->n);
+ rsa->flags |= RSA_FLAG_EXT_PKEY;
+ if (!RSA_set_method(rsa, rsa_meth))
+ goto err;
+
+ /* bind our custom RSA object to ssl_ctx */
+ if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
+ goto err;
+
+ RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
+ return 1;
+
+ err:
+ if (rsa)
+ RSA_free(rsa);
+ else
+ {
+ if (rsa_meth)
+ free(rsa_meth);
+ }
+ msg (M_SSLERR, "Cannot enable SSL external private key capability");
+ return 0;
+}
+
+#endif
+
+static int
+sk_x509_name_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
+{
+ return X509_NAME_cmp (*a, *b);
+}
+
+void
+tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
+ const char *ca_file_inline,
+ const char *ca_path, bool tls_server
+ )
+{
+ STACK_OF(X509_INFO) *info_stack = NULL;
+ STACK_OF(X509_NAME) *cert_names = NULL;
+ X509_LOOKUP *lookup = NULL;
+ X509_STORE *store = NULL;
+ X509_NAME *xn = NULL;
+ BIO *in = NULL;
+ int i, added = 0;
+
+ ASSERT(NULL != ctx);
+
+ store = SSL_CTX_get_cert_store(ctx->ctx);
+ if (!store)
+ msg(M_SSLERR, "Cannot get certificate store (SSL_CTX_get_cert_store)");
+
+ /* Try to add certificates and CRLs from ca_file */
+ if (ca_file)
+ {
+ if (!strcmp (ca_file, INLINE_FILE_TAG) && ca_file_inline)
+ in = BIO_new_mem_buf ((char *)ca_file_inline, -1);
+ else
+ in = BIO_new_file (ca_file, "r");
+
+ if (in)
+ info_stack = PEM_X509_INFO_read_bio (in, NULL, NULL, NULL);
+
+ if (info_stack)
+ {
+ for (i = 0; i < sk_X509_INFO_num (info_stack); i++)
+ {
+ X509_INFO *info = sk_X509_INFO_value (info_stack, i);
+ if (info->crl)
+ X509_STORE_add_crl (store, info->crl);
+
+ if (info->x509)
+ {
+ X509_STORE_add_cert (store, info->x509);
+ added++;
+
+ if (!tls_server)
+ continue;
+
+ /* Use names of CAs as a client CA list */
+ if (cert_names == NULL)
+ {
+ cert_names = sk_X509_NAME_new (sk_x509_name_cmp);
+ if (!cert_names)
+ continue;
+ }
+
+ xn = X509_get_subject_name (info->x509);
+ if (!xn)
+ continue;
+
+ /* Don't add duplicate CA names */
+ if (sk_X509_NAME_find (cert_names, xn) == -1)
+ {
+ xn = X509_NAME_dup (xn);
+ if (!xn)
+ continue;
+ sk_X509_NAME_push (cert_names, xn);
+ }
+ }
+ }
+ sk_X509_INFO_pop_free (info_stack, X509_INFO_free);
+ }
+
+ if (tls_server)
+ SSL_CTX_set_client_CA_list (ctx->ctx, cert_names);
+
+ if (!added || (tls_server && sk_X509_NAME_num (cert_names) != added))
+ msg (M_SSLERR, "Cannot load CA certificate file %s", np(ca_file));
+ if (in)
+ BIO_free (in);
+ }
+
+ /* Set a store for certs (CA & CRL) with a lookup on the "capath" hash directory */
+ if (ca_path)
+ {
+ lookup = X509_STORE_add_lookup (store, X509_LOOKUP_hash_dir ());
+ if (lookup && X509_LOOKUP_add_dir (lookup, ca_path, X509_FILETYPE_PEM))
+ msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);
+ else
+ msg(M_SSLERR, "Cannot add lookup at --capath %s", ca_path);
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ X509_STORE_set_flags (store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
+#else
+ msg(M_WARN, "WARNING: this version of OpenSSL cannot handle CRL files in capath");
+#endif
+ }
+}
+
+void
+tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file,
+ const char *extra_certs_file_inline
+ )
+{
+ BIO *in;
+ if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)
+ in = BIO_new_mem_buf ((char *)extra_certs_file_inline, -1);
+ else
+ in = BIO_new_file (extra_certs_file, "r");
+
+ if (in == NULL)
+ msg (M_SSLERR, "Cannot load extra-certs file: %s", extra_certs_file);
+ else
+ tls_ctx_add_extra_certs (ctx, in);
+
+ BIO_free (in);
+}
+
+/* **************************************
+ *
+ * Key-state specific functions
+ *
+ ***************************************/
+/*
+ *
+ * BIO functions
+ *
+ */
+
+#ifdef BIO_DEBUG
+
+#warning BIO_DEBUG defined
+
+static FILE *biofp; /* GLOBAL */
+static bool biofp_toggle; /* GLOBAL */
+static time_t biofp_last_open; /* GLOBAL */
+static const int biofp_reopen_interval = 600; /* GLOBAL */
+
+static void
+close_biofp()
+{
+ if (biofp)
+ {
+ ASSERT (!fclose (biofp));
+ biofp = NULL;
+ }
+}
+
+static void
+open_biofp()
+{
+ const time_t current = time (NULL);
+ const pid_t pid = getpid ();
+
+ if (biofp_last_open + biofp_reopen_interval < current)
+ close_biofp();
+ if (!biofp)
+ {
+ char fn[256];
+ openvpn_snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
+ biofp = fopen (fn, "w");
+ ASSERT (biofp);
+ biofp_last_open = time (NULL);
+ biofp_toggle ^= 1;
+ }
+}
+
+static void
+bio_debug_data (const char *mode, BIO *bio, const uint8_t *buf, int len, const char *desc)
+{
+ struct gc_arena gc = gc_new ();
+ if (len > 0)
+ {
+ open_biofp();
+ fprintf(biofp, "BIO_%s %s time=" time_format " bio=" ptr_format " len=%d data=%s\n",
+ mode, desc, time (NULL), (ptr_type)bio, len, format_hex (buf, len, 0, &gc));
+ fflush (biofp);
+ }
+ gc_free (&gc);
+}
+
+static void
+bio_debug_oc (const char *mode, BIO *bio)
+{
+ open_biofp();
+ fprintf(biofp, "BIO %s time=" time_format " bio=" ptr_format "\n",
+ mode, time (NULL), (ptr_type)bio);
+ fflush (biofp);
+}
+
+#endif
+
+/*
+ * OpenVPN's interface to SSL/TLS authentication,
+ * encryption, and decryption is exclusively
+ * through "memory BIOs".
+ */
+static BIO *
+getbio (BIO_METHOD * type, const char *desc)
+{
+ BIO *ret;
+ ret = BIO_new (type);
+ if (!ret)
+ msg (M_SSLERR, "Error creating %s BIO", desc);
+ return ret;
+}
+
+/*
+ * Write to an OpenSSL BIO in non-blocking mode.
+ */
+static int
+bio_write (BIO *bio, const uint8_t *data, int size, const char *desc)
+{
+ int i;
+ int ret = 0;
+ ASSERT (size >= 0);
+ if (size)
+ {
+ /*
+ * Free the L_TLS lock prior to calling BIO routines
+ * so that foreground thread can still call
+ * tls_pre_decrypt or tls_pre_encrypt,
+ * allowing tunnel packet forwarding to continue.
+ */
+#ifdef BIO_DEBUG
+ bio_debug_data ("write", bio, data, size, desc);
+#endif
+ i = BIO_write (bio, data, size);
+
+ if (i < 0)
+ {
+ if (BIO_should_retry (bio))
+ {
+ ;
+ }
+ else
+ {
+ msg (D_TLS_ERRORS | M_SSL, "TLS ERROR: BIO write %s error",
+ desc);
+ ret = -1;
+ ERR_clear_error ();
+ }
+ }
+ else if (i != size)
+ {
+ msg (D_TLS_ERRORS | M_SSL,
+ "TLS ERROR: BIO write %s incomplete %d/%d", desc, i, size);
+ ret = -1;
+ ERR_clear_error ();
+ }
+ else
+ { /* successful write */
+ dmsg (D_HANDSHAKE_VERBOSE, "BIO write %s %d bytes", desc, i);
+ ret = 1;
+ }
+ }
+ return ret;
+}
+
+/*
+ * Inline functions for reading from and writing
+ * to BIOs.
+ */
+
+static void
+bio_write_post (const int status, struct buffer *buf)
+{
+ if (status == 1) /* success status return from bio_write? */
+ {
+ memset (BPTR (buf), 0, BLEN (buf)); /* erase data just written */
+ buf->len = 0;
+ }
+}
+
+/*
+ * Read from an OpenSSL BIO in non-blocking mode.
+ */
+static int
+bio_read (BIO *bio, struct buffer *buf, int maxlen, const char *desc)
+{
+ int i;
+ int ret = 0;
+ ASSERT (buf->len >= 0);
+ if (buf->len)
+ {
+ ;
+ }
+ else
+ {
+ int len = buf_forward_capacity (buf);
+ if (maxlen < len)
+ len = maxlen;
+
+ /*
+ * BIO_read brackets most of the serious RSA
+ * key negotiation number crunching.
+ */
+ i = BIO_read (bio, BPTR (buf), len);
+
+ VALGRIND_MAKE_READABLE ((void *) &i, sizeof (i));
+
+#ifdef BIO_DEBUG
+ bio_debug_data ("read", bio, BPTR (buf), i, desc);
+#endif
+ if (i < 0)
+ {
+ if (BIO_should_retry (bio))
+ {
+ ;
+ }
+ else
+ {
+ msg (D_TLS_ERRORS | M_SSL, "TLS_ERROR: BIO read %s error",
+ desc);
+ buf->len = 0;
+ ret = -1;
+ ERR_clear_error ();
+ }
+ }
+ else if (!i)
+ {
+ buf->len = 0;
+ }
+ else
+ { /* successful read */
+ dmsg (D_HANDSHAKE_VERBOSE, "BIO read %s %d bytes", desc, i);
+ buf->len = i;
+ ret = 1;
+ VALGRIND_MAKE_READABLE ((void *) BPTR (buf), BLEN (buf));
+ }
+ }
+ return ret;
+}
+
+void
+key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, void *session)
+{
+ ASSERT(NULL != ssl_ctx);
+ ASSERT(ks_ssl);
+ CLEAR (*ks_ssl);
+
+ ks_ssl->ssl = SSL_new (ssl_ctx->ctx);
+ if (!ks_ssl->ssl)
+ msg (M_SSLERR, "SSL_new failed");
+
+ /* put session * in ssl object so we can access it
+ from verify callback*/
+ SSL_set_ex_data (ks_ssl->ssl, mydata_index, session);
+
+ ks_ssl->ssl_bio = getbio (BIO_f_ssl (), "ssl_bio");
+ ks_ssl->ct_in = getbio (BIO_s_mem (), "ct_in");
+ ks_ssl->ct_out = getbio (BIO_s_mem (), "ct_out");
+
+#ifdef BIO_DEBUG
+ bio_debug_oc ("open ssl_bio", ks_ssl->ssl_bio);
+ bio_debug_oc ("open ct_in", ks_ssl->ct_in);
+ bio_debug_oc ("open ct_out", ks_ssl->ct_out);
+#endif
+
+ if (is_server)
+ SSL_set_accept_state (ks_ssl->ssl);
+ else
+ SSL_set_connect_state (ks_ssl->ssl);
+
+ SSL_set_bio (ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
+ BIO_set_ssl (ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
+}
+
+void key_state_ssl_free(struct key_state_ssl *ks_ssl)
+{
+ if (ks_ssl->ssl) {
+#ifdef BIO_DEBUG
+ bio_debug_oc ("close ssl_bio", ks_ssl->ssl_bio);
+ bio_debug_oc ("close ct_in", ks_ssl->ct_in);
+ bio_debug_oc ("close ct_out", ks_ssl->ct_out);
+#endif
+ BIO_free_all(ks_ssl->ssl_bio);
+ SSL_free (ks_ssl->ssl);
+ }
+}
+
+int
+key_state_write_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf)
+{
+ int ret = 0;
+ perf_push (PERF_BIO_WRITE_PLAINTEXT);
+
+#ifdef ENABLE_CRYPTO_OPENSSL
+ ASSERT (NULL != ks_ssl);
+
+ ret = bio_write (ks_ssl->ssl_bio, BPTR(buf), BLEN(buf),
+ "tls_write_plaintext");
+ bio_write_post (ret, buf);
+#endif /* ENABLE_CRYPTO_OPENSSL */
+
+ perf_pop ();
+ return ret;
+}
+
+int
+key_state_write_plaintext_const (struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
+{
+ int ret = 0;
+ perf_push (PERF_BIO_WRITE_PLAINTEXT);
+
+ ASSERT (NULL != ks_ssl);
+
+ ret = bio_write (ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
+
+ perf_pop ();
+ return ret;
+}
+
+int
+key_state_read_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf,
+ int maxlen)
+{
+ int ret = 0;
+ perf_push (PERF_BIO_READ_CIPHERTEXT);
+
+ ASSERT (NULL != ks_ssl);
+
+ ret = bio_read (ks_ssl->ct_out, buf, maxlen, "tls_read_ciphertext");
+
+ perf_pop ();
+ return ret;
+}
+
+int
+key_state_write_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf)
+{
+ int ret = 0;
+ perf_push (PERF_BIO_WRITE_CIPHERTEXT);
+
+ ASSERT (NULL != ks_ssl);
+
+ ret = bio_write (ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
+ bio_write_post (ret, buf);
+
+ perf_pop ();
+ return ret;
+}
+
+int
+key_state_read_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf,
+ int maxlen)
+{
+ int ret = 0;
+ perf_push (PERF_BIO_READ_PLAINTEXT);
+
+ ASSERT (NULL != ks_ssl);
+
+ ret = bio_read (ks_ssl->ssl_bio, buf, maxlen, "tls_read_plaintext");
+
+ perf_pop ();
+ return ret;
+}
+
+/* **************************************
+ *
+ * Information functions
+ *
+ * Print information for the end user.
+ *
+ ***************************************/
+void
+print_details (struct key_state_ssl * ks_ssl, const char *prefix)
+{
+ const SSL_CIPHER *ciph;
+ X509 *cert;
+ char s1[256];
+ char s2[256];
+
+ s1[0] = s2[0] = 0;
+ ciph = SSL_get_current_cipher (ks_ssl->ssl);
+ openvpn_snprintf (s1, sizeof (s1), "%s %s, cipher %s %s",
+ prefix,
+ SSL_get_version (ks_ssl->ssl),
+ SSL_CIPHER_get_version (ciph),
+ SSL_CIPHER_get_name (ciph));
+ cert = SSL_get_peer_certificate (ks_ssl->ssl);
+ if (cert != NULL)
+ {
+ EVP_PKEY *pkey = X509_get_pubkey (cert);
+ if (pkey != NULL)
+ {
+ if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
+ && pkey->pkey.rsa->n != NULL)
+ {
+ openvpn_snprintf (s2, sizeof (s2), ", %d bit RSA",
+ BN_num_bits (pkey->pkey.rsa->n));
+ }
+ else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
+ && pkey->pkey.dsa->p != NULL)
+ {
+ openvpn_snprintf (s2, sizeof (s2), ", %d bit DSA",
+ BN_num_bits (pkey->pkey.dsa->p));
+ }
+ EVP_PKEY_free (pkey);
+ }
+ X509_free (cert);
+ }
+ /* The SSL API does not allow us to look at temporary RSA/DH keys,
+ * otherwise we should print their lengths too */
+ msg (D_HANDSHAKE, "%s%s", s1, s2);
+}
+
+void
+show_available_tls_ciphers ()
+{
+ SSL_CTX *ctx;
+ SSL *ssl;
+ const char *cipher_name;
+ int priority = 0;
+
+ ctx = SSL_CTX_new (TLSv1_method ());
+ if (!ctx)
+ msg (M_SSLERR, "Cannot create SSL_CTX object");
+
+ ssl = SSL_new (ctx);
+ if (!ssl)
+ msg (M_SSLERR, "Cannot create SSL object");
+
+ printf ("Available TLS Ciphers,\n");
+ printf ("listed in order of preference:\n\n");
+ while ((cipher_name = SSL_get_cipher_list (ssl, priority++)))
+ printf ("%s\n", cipher_name);
+ printf ("\n");
+
+ SSL_free (ssl);
+ SSL_CTX_free (ctx);
+}
+
+void
+get_highest_preference_tls_cipher (char *buf, int size)
+{
+ SSL_CTX *ctx;
+ SSL *ssl;
+ const char *cipher_name;
+
+ ctx = SSL_CTX_new (TLSv1_method ());
+ if (!ctx)
+ msg (M_SSLERR, "Cannot create SSL_CTX object");
+ ssl = SSL_new (ctx);
+ if (!ssl)
+ msg (M_SSLERR, "Cannot create SSL object");
+
+ cipher_name = SSL_get_cipher_list (ssl, 0);
+ strncpynt (buf, cipher_name, size);
+
+ SSL_free (ssl);
+ SSL_CTX_free (ctx);
+}
+
+#endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) */