/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
* Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* @file Control Channel OpenSSL Backend
*/
#include "syshead.h"
#if defined(USE_SSL) && defined(USE_OPENSSL)
#include "errlevel.h"
#include "buffer.h"
#include "misc.h"
#include "manage.h"
#include "memdbg.h"
#include "ssl_backend.h"
#include "ssl_common.h"
#include "base64.h"
#ifdef ENABLE_CRYPTOAPI
#include "cryptoapi.h"
#endif
#include "ssl_verify_openssl.h"
#include <openssl/err.h>
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
#include <openssl/crypto.h>
/*
* Allocate space in SSL objects in which to store a struct tls_session
* pointer back to parent.
*
*/
int mydata_index; /* GLOBAL */
void
tls_init_lib()
{
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms ();
mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
ASSERT (mydata_index >= 0);
}
void
tls_free_lib()
{
EVP_cleanup();
ERR_free_strings();
}
void
tls_clear_error()
{
ERR_clear_error ();
}
/*
* OpenSSL callback to get a temporary RSA key, mostly
* used for export ciphers.
*/
static RSA *
tmp_rsa_cb (SSL * s, int is_export, int keylength)
{
static RSA *rsa_tmp = NULL;
if (rsa_tmp == NULL)
{
msg (D_HANDSHAKE, "Generating temp (%d bit) RSA key", keylength);
rsa_tmp = RSA_generate_key (keylength, RSA_F4, NULL, NULL);
}
return (rsa_tmp);
}
void
tls_ctx_server_new(struct tls_root_ctx *ctx)
{
ASSERT(NULL != ctx);
ctx->ctx = SSL_CTX_new (TLSv1_server_method ());
if (ctx->ctx == NULL)
msg (M_SSLERR, "SSL_CTX_new TLSv1_server_method");
SSL_CTX_set_tmp_rsa_callback (ctx->ctx, tmp_rsa_cb);
}
void
tls_ctx_client_new(struct tls_root_ctx *ctx)
{
ASSERT(NULL != ctx);
ctx->ctx = SSL_CTX_new (TLSv1_client_method ());
if (ctx->ctx == NULL)
msg (M_SSLERR, "SSL_CTX_new TLSv1_client_method");
}
void
tls_ctx_free(struct tls_root_ctx *ctx)
{
ASSERT(NULL != ctx);
if (NULL != ctx->ctx)
SSL_CTX_free (ctx->ctx);
ctx->ctx = NULL;
}
bool tls_ctx_initialised(struct tls_root_ctx *ctx)
{
ASSERT(NULL != ctx);
return NULL != ctx->ctx;
}
/*
* Print debugging information on SSL/TLS session negotiation.
*/
#ifndef INFO_CALLBACK_SSL_CONST
#define INFO_CALLBACK_SSL_CONST const
#endif
static void
info_callback (INFO_CALLBACK_SSL_CONST SSL * s, int where, int ret)
{
if (where & SSL_CB_LOOP)
{
dmsg (D_HANDSHAKE_VERBOSE, "SSL state (%s): %s",
where & SSL_ST_CONNECT ? "connect" :
where & SSL_ST_ACCEPT ? "accept" :
"undefined", SSL_state_string_long (s));
}
else if (where & SSL_CB_ALERT)
{
dmsg (D_HANDSHAKE_VERBOSE, "SSL alert (%s): %s: %s",
where & SSL_CB_READ ? "read" : "write",
SSL_alert_type_string_long (ret),
SSL_alert_desc_string_long (ret));
}
}
void
tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags)
{
ASSERT(NULL != ctx);
SSL_CTX_set_session_cache_mode (ctx->ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_options (ctx->ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_default_passwd_cb (ctx->ctx, pem_password_callback);
/* Require peer certificate verification */
#if P2MP_SERVER
if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
{
msg (M_WARN, "WARNING: POTENTIALLY DANGEROUS OPTION "
"--client-cert-not-required may accept clients which do not present "
"a certificate");
}
else
#endif
SSL_CTX_set_verify (ctx->ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
SSL_CTX_set_info_callback (ctx->ctx, info_callback);
}
void
tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
{
ASSERT(NULL != ctx);
if(!SSL_CTX_set_cipher_list(ctx->ctx, ciphers))
msg(M_SSLERR, "Failed to set restricted TLS cipher list: %s", ciphers);
}
void
tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file
#if ENABLE_INLINE_FILES
, const char *dh_file_inline
#endif /* ENABLE_INLINE_FILES */
)
{
DH *dh;
BIO *bio;
ASSERT(NULL != ctx);
#if ENABLE_INLINE_FILES
if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline)
{
if (!(bio = BIO_new_mem_buf ((char *)dh_file_inline, -1)))
msg (M_SSLERR, "Cannot open memory BIO for inline DH parameters");
}
else
#endif /* ENABLE_INLINE_FILES */
{
/* Get Diffie Hellman Parameters */
if (!(bio = BIO_new_file (dh_file, "r")))
msg (M_SSLERR, "Cannot open %s for DH parameters", dh_file);
}
dh = PEM_read_bio_DHparams (bio, NULL, NULL, NULL);
BIO_free (bio);
if (!dh)
msg (M_SSLERR, "Cannot load DH parameters from %s", dh_file);
if (!SSL_CTX_set_tmp_dh (ctx->ctx, dh))
msg (M_SSLERR, "SSL_CTX_set_tmp_dh");
msg (D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
8 * DH_size (dh));
DH_free (dh);
}
int
tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
#if ENABLE_INLINE_FILES
const char *pkcs12_file_inline,
#endif /* ENABLE_INLINE_FILES */
bool load_ca_file
)
{
FILE *fp;
EVP_PKEY *pkey;
X509 *cert;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12;
int i;
char password[256];
ASSERT(NULL != ctx);
#if ENABLE_INLINE_FILES
if (!strcmp (pkcs12_file, INLINE_FILE_TAG) && pkcs12_file_inline)
{
BIO *b64 = BIO_new(BIO_f_base64());
BIO *bio = BIO_new_mem_buf((void *) pkcs12_file_inline,
(int) strlen(pkcs12_file_inline));
ASSERT(b64 && bio);
BIO_push(b64, bio);
p12 = d2i_PKCS12_bio(b64, NULL);
if (!p12)
msg(M_SSLERR, "Error reading inline PKCS#12 file");
BIO_free(b64);
BIO_free(bio);
}
else
#endif
{
/* Load the PKCS #12 file */
if (!(fp = openvpn_fopen(pkcs12_file, "rb")))
msg(M_SSLERR, "Error opening file %s", pkcs12_file);
p12 = d2i_PKCS12_fp(fp, NULL);
fclose(fp);
if (!p12)
msg(M_SSLERR, "Error reading PKCS#12 file %s", pkcs12_file);
}
/* Parse the PKCS #12 file */
if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
{
pem_password_callback (password, sizeof(password) - 1, 0, NULL);
/* Reparse the PKCS #12 file with password */
ca = NULL;
if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
{
#ifdef ENABLE_MANAGEMENT
if (management && (ERR_GET_REASON (ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL);
#endif
PKCS12_free(p12);
return 1;
}
}
PKCS12_free(p12);
/* Load Certificate */
if (!SSL_CTX_use_certificate (ctx->ctx, cert))
msg (M_SSLERR, "Cannot use certificate");
/* Load Private Key */
if (!SSL_CTX_use_PrivateKey (ctx->ctx, pkey))
msg (M_SSLERR, "Cannot use private key");
warn_if_group_others_accessible (pkcs12_file);
/* Check Private Key */
if (!SSL_CTX_check_private_key (ctx->ctx))
msg (M_SSLERR, "Private key does not match the certificate");
/* Set Certificate Verification chain */
if (load_ca_file)
{
if (ca && sk_X509_num(ca))
{
for (i = 0; i < sk_X509_num(ca); i++)
{
if (!X509_STORE_add_cert(ctx->ctx->cert_store,sk_X509_value(ca, i)))
msg (M_SSLERR, "Cannot add certificate to certificate chain (X509_STORE_add_cert)");
if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))
msg (M_SSLERR, "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
}
}
}
return 0;
}
#ifdef ENABLE_CRYPTOAPI
void
tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
{
ASSERT(NULL != ctx);
/* Load Certificate and Private Key */
if (!SSL_CTX_use_CryptoAPI_certificate (ctx->ctx, cryptoapi_cert))
msg (M_SSLERR, "Cannot load certificate \"%s\" from Microsoft Certificate Store",
cryptoapi_cert);
}
#endif /* WIN32 */
static void
tls_ctx_add_extra_certs (struct tls_root_ctx *ctx, BIO *bio)
{
X509 *cert;
for (;;)
{
cert = NULL;
if (!PEM_read_bio_X509 (bio, &cert, 0, NULL)) /* takes ownership of cert */
break;
if (!cert)
msg (M_SSLERR, "Error reading extra certificate");
if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
msg (M_SSLERR, "Error adding extra certificate");
}
}
void
tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
#if ENABLE_INLINE_FILES
const char *cert_file_inline,
#endif
X509 **x509
)
{
BIO *in = NULL;
X509 *x = NULL;
int ret = 0;
bool inline_file = false;
ASSERT (NULL != ctx);
if (NULL != x509)
ASSERT (NULL == *x509);
#if ENABLE_INLINE_FILES
inline_file = (strcmp (cert_file, INLINE_FILE_TAG) == 0);
if (inline_file && cert_file_inline)
in = BIO_new_mem_buf ((char *)cert_file_inline, -1);
else
#endif /* ENABLE_INLINE_FILES */
in = BIO_new_file (cert_file, "r");
if (in == NULL)
{
SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
goto end;
}
x = PEM_read_bio_X509 (in, NULL, ctx->ctx->default_passwd_callback,
ctx->ctx->default_passwd_callback_userdata);
if (x == NULL)
{
SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
goto end;
}
ret = SSL_CTX_use_certificate (ctx->ctx, x);
if (ret)
tls_ctx_add_extra_certs (ctx, in);
end:
if (!ret)
{
if (inline_file)
msg (M_SSLERR, "Cannot load inline certificate file");
else
msg (M_SSLERR, "Cannot load certificate file %s", cert_file);
}
if (in != NULL)
BIO_free(in);
if (x509)
*x509 = x;
else if (x)
X509_free (x);
}
void
tls_ctx_free_cert_file (X509 *x509)
{
X509_free(x509);
}
int
tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file
#if ENABLE_INLINE_FILES
, const char *priv_key_file_inline
#endif
)
{
int status;
SSL_CTX *ssl_ctx = NULL;
BIO *in = NULL;
EVP_PKEY *pkey = NULL;
int ret = 1;
ASSERT(NULL != ctx);
ssl_ctx = ctx->ctx;
#if ENABLE_INLINE_FILES
if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline)
in = BIO_new_mem_buf ((char *)priv_key_file_inline, -1);
else
#endif /* ENABLE_INLINE_FILES */
in = BIO_new_file (priv_key_file, "r");
if (!in)
goto end;
pkey = PEM_read_bio_PrivateKey (in, NULL,
ssl_ctx->default_passwd_callback,
ssl_ctx->default_passwd_callback_userdata);
if (!pkey)
goto end;
if (!SSL_CTX_use_PrivateKey (ssl_ctx, pkey))
{
#ifdef ENABLE_MANAGEMENT
if (management && (ERR_GET_REASON (ERR_peek_error()) == EVP_R_BAD_DECRYPT))
management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL);
#endif
msg (M_WARN|M_SSL, "Cannot load private key file %s", priv_key_file);
goto end;
}
warn_if_group_others_accessible (priv_key_file);
/* Check Private Key */
if (!SSL_CTX_check_private_key (ssl_ctx))
msg (M_SSLERR, "Private key does not match the certificate");
ret = 0;
end:
if (pkey)
EVP_PKEY_free (pkey);
if (in)
BIO_free (in);
return ret;
}
#ifdef MANAGMENT_EXTERNAL_KEY
/* encrypt */
static int
rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
{
ASSERT(0);
return -1;
}
/* verify arbitrary data */
static int
rsa_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
{
ASSERT(0);
return -1;
}
/* decrypt */
static int
rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
{
ASSERT(0);
return -1;
}
/* called at RSA_free */
static int
rsa_finish(RSA *rsa)
{
free ((void*)rsa->meth);
rsa->meth = NULL;
return 1;
}
/* sign arbitrary data */
static int
rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
{
/* optional app data in rsa->meth->app_data; */
char *in_b64 = NULL;
char *out_b64 = NULL;
int ret = -1;
int len;
if (padding != RSA_PKCS1_PADDING)
{
RSAerr (RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto done;
}
/* convert 'from' to base64 */
if (openvpn_base64_encode (from, flen, &in_b64) <= 0)
goto done;
/* call MI for signature */
if (management)
out_b64 = management_query_rsa_sig (management, in_b64);
if (!out_b64)
goto done;
/* decode base64 signature to binary */
len = RSA_size(rsa);
ret = openvpn_base64_decode (out_b64, to, len);
/* verify length */
if (ret != len)
ret = -1;
done:
if (in_b64)
free (in_b64);
if (out_b64)
free (out_b64);
return ret;
}
int
tls_ctx_use_external_private_key (struct tls_root_ctx *ctx, X509 *cert)
{
RSA *rsa = NULL;
RSA *pub_rsa;
RSA_METHOD *rsa_meth;
ASSERT (NULL != ctx);
ASSERT (NULL != cert);
/* allocate custom RSA method object */
ALLOC_OBJ_CLEAR (rsa_meth, RSA_METHOD);
rsa_meth->name = "OpenVPN external private key RSA Method";
rsa_meth->rsa_pub_enc = rsa_pub_enc;
rsa_meth->rsa_pub_dec = rsa_pub_dec;
rsa_meth->rsa_priv_enc = rsa_priv_enc;
rsa_meth->rsa_priv_dec = rsa_priv_dec;
rsa_meth->init = NULL;
rsa_meth->finish = rsa_finish;
rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
rsa_meth->app_data = NULL;
/* allocate RSA object */
rsa = RSA_new();
if (rsa == NULL)
{
SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
/* get the public key */
ASSERT(cert->cert_info->key->pkey); /* NULL before SSL_CTX_use_certificate() is called */
pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
/* initialize RSA object */
rsa->n = BN_dup(pub_rsa->n);
rsa->flags |= RSA_FLAG_EXT_PKEY;
if (!RSA_set_method(rsa, rsa_meth))
goto err;
/* bind our custom RSA object to ssl_ctx */
if (!SSL_CTX_use_RSAPrivateKey(ctx->ctx, rsa))
goto err;
RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
return 1;
err:
if (rsa)
RSA_free(rsa);
else
{
if (rsa_meth)
free(rsa_meth);
}
msg (M_SSLERR, "Cannot enable SSL external private key capability");
return 0;
}
#endif
static int
sk_x509_name_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
{
return X509_NAME_cmp (*a, *b);
}
void
tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
#if ENABLE_INLINE_FILES
const char *ca_file_inline,
#endif
const char *ca_path, bool tls_server
)
{
STACK_OF(X509_INFO) *info_stack = NULL;
STACK_OF(X509_NAME) *cert_names = NULL;
X509_LOOKUP *lookup = NULL;
X509_STORE *store = NULL;
X509_NAME *xn = NULL;
BIO *in = NULL;
int i, added = 0;
ASSERT(NULL != ctx);
store = SSL_CTX_get_cert_store(ctx->ctx);
if (!store)
msg(M_SSLERR, "Cannot get certificate store (SSL_CTX_get_cert_store)");
/* Try to add certificates and CRLs from ca_file */
if (ca_file)
{
#if ENABLE_INLINE_FILES
if (!strcmp (ca_file, INLINE_FILE_TAG) && ca_file_inline)
in = BIO_new_mem_buf ((char *)ca_file_inline, -1);
else
#endif
in = BIO_new_file (ca_file, "r");
if (in)
info_stack = PEM_X509_INFO_read_bio (in, NULL, NULL, NULL);
if (info_stack)
{
for (i = 0; i < sk_X509_INFO_num (info_stack); i++)
{
X509_INFO *info = sk_X509_INFO_value (info_stack, i);
if (info->crl)
X509_STORE_add_crl (store, info->crl);
if (info->x509)
{
X509_STORE_add_cert (store, info->x509);
added++;
if (!tls_server)
continue;
/* Use names of CAs as a client CA list */
if (cert_names == NULL)
{
cert_names = sk_X509_NAME_new (sk_x509_name_cmp);
if (!cert_names)
continue;
}
xn = X509_get_subject_name (info->x509);
if (!xn)
continue;
/* Don't add duplicate CA names */
if (sk_X509_NAME_find (cert_names, xn) == -1)
{
xn = X509_NAME_dup (xn);
if (!xn)
continue;
sk_X509_NAME_push (cert_names, xn);
}
}
}
sk_X509_INFO_pop_free (info_stack, X509_INFO_free);
}
if (tls_server)
SSL_CTX_set_client_CA_list (ctx->ctx, cert_names);
if (!added || (tls_server && sk_X509_NAME_num (cert_names) != added))
msg (M_SSLERR, "Cannot load CA certificate file %s", np(ca_file));
if (in)
BIO_free (in);
}
/* Set a store for certs (CA & CRL) with a lookup on the "capath" hash directory */
if (ca_path)
{
lookup = X509_STORE_add_lookup (store, X509_LOOKUP_hash_dir ());
if (lookup && X509_LOOKUP_add_dir (lookup, ca_path, X509_FILETYPE_PEM))
msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);
else
msg(M_SSLERR, "Cannot add lookup at --capath %s", ca_path);
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
X509_STORE_set_flags (store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
#else
msg(M_WARN, "WARNING: this version of OpenSSL cannot handle CRL files in capath");
#endif
}
}
void
tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file
#if ENABLE_INLINE_FILES
, const char *extra_certs_file_inline
#endif
)
{
BIO *in;
#if ENABLE_INLINE_FILES
if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)
in = BIO_new_mem_buf ((char *)extra_certs_file_inline, -1);
else
#endif
in = BIO_new_file (extra_certs_file, "r");
if (in == NULL)
msg (M_SSLERR, "Cannot load extra-certs file: %s", extra_certs_file);
else
tls_ctx_add_extra_certs (ctx, in);
BIO_free (in);
}
/* **************************************
*
* Key-state specific functions
*
***************************************/
/*
*
* BIO functions
*
*/
#ifdef BIO_DEBUG
#warning BIO_DEBUG defined
static FILE *biofp; /* GLOBAL */
static bool biofp_toggle; /* GLOBAL */
static time_t biofp_last_open; /* GLOBAL */
static const int biofp_reopen_interval = 600; /* GLOBAL */
static void
close_biofp()
{
if (biofp)
{
ASSERT (!fclose (biofp));
biofp = NULL;
}
}
static void
open_biofp()
{
const time_t current = time (NULL);
const pid_t pid = getpid ();
if (biofp_last_open + biofp_reopen_interval < current)
close_biofp();
if (!biofp)
{
char fn[256];
openvpn_snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
biofp = fopen (fn, "w");
ASSERT (biofp);
biofp_last_open = time (NULL);
biofp_toggle ^= 1;
}
}
static void
bio_debug_data (const char *mode, BIO *bio, const uint8_t *buf, int len, const char *desc)
{
struct gc_arena gc = gc_new ();
if (len > 0)
{
open_biofp();
fprintf(biofp, "BIO_%s %s time=" time_format " bio=" ptr_format " len=%d data=%s\n",
mode, desc, time (NULL), (ptr_type)bio, len, format_hex (buf, len, 0, &gc));
fflush (biofp);
}
gc_free (&gc);
}
static void
bio_debug_oc (const char *mode, BIO *bio)
{
open_biofp();
fprintf(biofp, "BIO %s time=" time_format " bio=" ptr_format "\n",
mode, time (NULL), (ptr_type)bio);
fflush (biofp);
}
#endif
/*
* OpenVPN's interface to SSL/TLS authentication,
* encryption, and decryption is exclusively
* through "memory BIOs".
*/
static BIO *
getbio (BIO_METHOD * type, const char *desc)
{
BIO *ret;
ret = BIO_new (type);
if (!ret)
msg (M_SSLERR, "Error creating %s BIO", desc);
return ret;
}
/*
* Write to an OpenSSL BIO in non-blocking mode.
*/
static int
bio_write (BIO *bio, const uint8_t *data, int size, const char *desc)
{
int i;
int ret = 0;
ASSERT (size >= 0);
if (size)
{
/*
* Free the L_TLS lock prior to calling BIO routines
* so that foreground thread can still call
* tls_pre_decrypt or tls_pre_encrypt,
* allowing tunnel packet forwarding to continue.
*/
#ifdef BIO_DEBUG
bio_debug_data ("write", bio, data, size, desc);
#endif
i = BIO_write (bio, data, size);
if (i < 0)
{
if (BIO_should_retry (bio))
{
;
}
else
{
msg (D_TLS_ERRORS | M_SSL, "TLS ERROR: BIO write %s error",
desc);
ret = -1;
ERR_clear_error ();
}
}
else if (i != size)
{
msg (D_TLS_ERRORS | M_SSL,
"TLS ERROR: BIO write %s incomplete %d/%d", desc, i, size);
ret = -1;
ERR_clear_error ();
}
else
{ /* successful write */
dmsg (D_HANDSHAKE_VERBOSE, "BIO write %s %d bytes", desc, i);
ret = 1;
}
}
return ret;
}
/*
* Inline functions for reading from and writing
* to BIOs.
*/
static void
bio_write_post (const int status, struct buffer *buf)
{
if (status == 1) /* success status return from bio_write? */
{
memset (BPTR (buf), 0, BLEN (buf)); /* erase data just written */
buf->len = 0;
}
}
/*
* Read from an OpenSSL BIO in non-blocking mode.
*/
static int
bio_read (BIO *bio, struct buffer *buf, int maxlen, const char *desc)
{
int i;
int ret = 0;
ASSERT (buf->len >= 0);
if (buf->len)
{
;
}
else
{
int len = buf_forward_capacity (buf);
if (maxlen < len)
len = maxlen;
/*
* BIO_read brackets most of the serious RSA
* key negotiation number crunching.
*/
i = BIO_read (bio, BPTR (buf), len);
VALGRIND_MAKE_READABLE ((void *) &i, sizeof (i));
#ifdef BIO_DEBUG
bio_debug_data ("read", bio, BPTR (buf), i, desc);
#endif
if (i < 0)
{
if (BIO_should_retry (bio))
{
;
}
else
{
msg (D_TLS_ERRORS | M_SSL, "TLS_ERROR: BIO read %s error",
desc);
buf->len = 0;
ret = -1;
ERR_clear_error ();
}
}
else if (!i)
{
buf->len = 0;
}
else
{ /* successful read */
dmsg (D_HANDSHAKE_VERBOSE, "BIO read %s %d bytes", desc, i);
buf->len = i;
ret = 1;
VALGRIND_MAKE_READABLE ((void *) BPTR (buf), BLEN (buf));
}
}
return ret;
}
void
key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, void *session)
{
ASSERT(NULL != ssl_ctx);
ASSERT(ks_ssl);
CLEAR (*ks_ssl);
ks_ssl->ssl = SSL_new (ssl_ctx->ctx);
if (!ks_ssl->ssl)
msg (M_SSLERR, "SSL_new failed");
/* put session * in ssl object so we can access it
from verify callback*/
SSL_set_ex_data (ks_ssl->ssl, mydata_index, session);
ks_ssl->ssl_bio = getbio (BIO_f_ssl (), "ssl_bio");
ks_ssl->ct_in = getbio (BIO_s_mem (), "ct_in");
ks_ssl->ct_out = getbio (BIO_s_mem (), "ct_out");
#ifdef BIO_DEBUG
bio_debug_oc ("open ssl_bio", ks_ssl->ssl_bio);
bio_debug_oc ("open ct_in", ks_ssl->ct_in);
bio_debug_oc ("open ct_out", ks_ssl->ct_out);
#endif
if (is_server)
SSL_set_accept_state (ks_ssl->ssl);
else
SSL_set_connect_state (ks_ssl->ssl);
SSL_set_bio (ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
BIO_set_ssl (ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
}
void key_state_ssl_free(struct key_state_ssl *ks_ssl)
{
if (ks_ssl->ssl) {
#ifdef BIO_DEBUG
bio_debug_oc ("close ssl_bio", ks_ssl->ssl_bio);
bio_debug_oc ("close ct_in", ks_ssl->ct_in);
bio_debug_oc ("close ct_out", ks_ssl->ct_out);
#endif
BIO_free_all(ks_ssl->ssl_bio);
SSL_free (ks_ssl->ssl);
}
}
int
key_state_write_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf)
{
int ret = 0;
perf_push (PERF_BIO_WRITE_PLAINTEXT);
#ifdef USE_OPENSSL
ASSERT (NULL != ks_ssl);
ret = bio_write (ks_ssl->ssl_bio, BPTR(buf), BLEN(buf),
"tls_write_plaintext");
bio_write_post (ret, buf);
#endif /* USE_OPENSSL */
perf_pop ();
return ret;
}
int
key_state_write_plaintext_const (struct key_state_ssl *ks_ssl, const uint8_t *data, int len)
{
int ret = 0;
perf_push (PERF_BIO_WRITE_PLAINTEXT);
ASSERT (NULL != ks_ssl);
ret = bio_write (ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
perf_pop ();
return ret;
}
int
key_state_read_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf,
int maxlen)
{
int ret = 0;
perf_push (PERF_BIO_READ_CIPHERTEXT);
ASSERT (NULL != ks_ssl);
ret = bio_read (ks_ssl->ct_out, buf, maxlen, "tls_read_ciphertext");
perf_pop ();
return ret;
}
int
key_state_write_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf)
{
int ret = 0;
perf_push (PERF_BIO_WRITE_CIPHERTEXT);
ASSERT (NULL != ks_ssl);
ret = bio_write (ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
bio_write_post (ret, buf);
perf_pop ();
return ret;
}
int
key_state_read_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf,
int maxlen)
{
int ret = 0;
perf_push (PERF_BIO_READ_PLAINTEXT);
ASSERT (NULL != ks_ssl);
ret = bio_read (ks_ssl->ssl_bio, buf, maxlen, "tls_read_plaintext");
perf_pop ();
return ret;
}
/* **************************************
*
* Information functions
*
* Print information for the end user.
*
***************************************/
void
print_details (struct key_state_ssl * ks_ssl, const char *prefix)
{
const SSL_CIPHER *ciph;
X509 *cert;
char s1[256];
char s2[256];
s1[0] = s2[0] = 0;
ciph = SSL_get_current_cipher (ks_ssl->ssl);
openvpn_snprintf (s1, sizeof (s1), "%s %s, cipher %s %s",
prefix,
SSL_get_version (ks_ssl->ssl),
SSL_CIPHER_get_version (ciph),
SSL_CIPHER_get_name (ciph));
cert = SSL_get_peer_certificate (ks_ssl->ssl);
if (cert != NULL)
{
EVP_PKEY *pkey = X509_get_pubkey (cert);
if (pkey != NULL)
{
if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
&& pkey->pkey.rsa->n != NULL)
{
openvpn_snprintf (s2, sizeof (s2), ", %d bit RSA",
BN_num_bits (pkey->pkey.rsa->n));
}
else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
&& pkey->pkey.dsa->p != NULL)
{
openvpn_snprintf (s2, sizeof (s2), ", %d bit DSA",
BN_num_bits (pkey->pkey.dsa->p));
}
EVP_PKEY_free (pkey);
}
X509_free (cert);
}
/* The SSL API does not allow us to look at temporary RSA/DH keys,
* otherwise we should print their lengths too */
msg (D_HANDSHAKE, "%s%s", s1, s2);
}
void
show_available_tls_ciphers ()
{
SSL_CTX *ctx;
SSL *ssl;
const char *cipher_name;
int priority = 0;
ctx = SSL_CTX_new (TLSv1_method ());
if (!ctx)
msg (M_SSLERR, "Cannot create SSL_CTX object");
ssl = SSL_new (ctx);
if (!ssl)
msg (M_SSLERR, "Cannot create SSL object");
printf ("Available TLS Ciphers,\n");
printf ("listed in order of preference:\n\n");
while ((cipher_name = SSL_get_cipher_list (ssl, priority++)))
printf ("%s\n", cipher_name);
printf ("\n");
SSL_free (ssl);
SSL_CTX_free (ctx);
}
void
get_highest_preference_tls_cipher (char *buf, int size)
{
SSL_CTX *ctx;
SSL *ssl;
const char *cipher_name;
ctx = SSL_CTX_new (TLSv1_method ());
if (!ctx)
msg (M_SSLERR, "Cannot create SSL_CTX object");
ssl = SSL_new (ctx);
if (!ssl)
msg (M_SSLERR, "Cannot create SSL object");
cipher_name = SSL_get_cipher_list (ssl, 0);
strncpynt (buf, cipher_name, size);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
#endif /* defined(USE_SSL) && defined(USE_OPENSSL) */