With OpenSSL 3.0 the name with MD5 no longer makes sense as it affects
not only MD5 but also SHA1 and number of other settings. So replace the
define with a more fitting name.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This allows use to load non default providers while also not touching
the default library context. THis is necessary to have profile with and
without legacy library for example
Signed-off-by: Arne Schwabe <arne@openvpn.net>
We currently use a custom function to implement the TLS1 PRF function.
Deprecate the custom function and use the function of the OpenSSL
library instead where available.
This also allows us to work on system that run in FIPS mode and no
longer allow using MD5/SHA1 without workarounds.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
In OpenSSL 3.0 algorithm are no longer guaranteed to be present if the
nid/method is present. Use the udpdated EVP_CIPHER_fetch API to fetch
the ciphers instead as these will return nullptr if the algorithm is
not available.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Various components like HTTP clients etc already overwrite this
to TLS 1.2 anyway and this can be still lower to 1.0 by explicitly
overriding it.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Example with ovpncli:
EVENT: WARN Proto: Using a 64-bit block cipher that is vulnerable to the SWEET32 attack. Please inform your admin to upgrade to a stronger algorithm. Support for 64-bit block cipher will be dropped in the future.
VENT: WARN TLS: received certificate signed with SHA1. Please inform your admin to upgrade to a stronger algorithm. Support for SHA1 signatures will be dropped in the future
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This code was originally used in the Connect clients to allow PKIs that
use the (not commonly used) Name constraints feature. This is a
potential security risk but was done to allow PKIs that used that
feature. OpenSSL natively supports Name constraints and will check these.
Remove this hacky feature as feature as it also breaks compiling with
an unpatched mbed TLS and is not used by code anymore.
OpenSSL 1.1+ by default only allows signatures and key exchange from the
default list of X25519:secp256r1:X448:secp521r1:secp384r1. Since in
TLS1.3 key exchange is independent from the signature/key of the
certificates, allowing all groups per default is not a sensible choice
anymore and the shorter lister is reasonable.
However, when using certificates with exotic curves the signatures of
this certificates will no longer be accepted. This option allows to
modify the list for these corner cases.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This option has been very likely been to fix some incompatibilities
between some TLS libraries. But nobody really remember what it fixes
and its usage today is questionable. So remove the option instead
of supporting an option we cannot even test anymore.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This also changes the mbed TLS implementation from using the AES GCM
specific API to the generic AEAD API in mbed TLS. As result we can
refactor the commonly used parts of AEAD and normal cipher into a
common class.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This is the mbed TLS counter part to the OpenSSL change in
commit e0fd92f30756. These two methods are generic and not
tied to the MbedTLSContext in any particular way.
This is needed to be able to add a unit test for the x509_get_*()
functions.
Signed-off-by: David Sommerseth <davids@openvpn.net>
const modifies on primitive return types (int, bool, etc.) do not
do anything and Clang complains about these.
Zero initialisation in C++ is done by = {} or class().
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This information is only send if push-peer-info is enabled. It is meant
to have an easy way for centrally adminstrated to spot clients using
outdated SSL libraries.
For example, the following client directive will push the SNI name
"test@example.com" to the server:
sni "test@example.com"
Signed-off-by: James Yonan <james@openvpn.net>
auth_cert() can now be const because OpenSSL rebuild_authcert()
is never called unless authcert has already been allocated,
making
authcert.reset(new AuthCert());
redundant. Once the above statement is removed,
rebuild_authcert() becomes const.
Signed-off-by: James Yonan <james@openvpn.net>
Attempting to build a standalone program that includes
openvpn/openssl/pki/pkey.hpp will fail because it depends
on the PKType enum in openvpn/ssl/sslapi.hpp which
is not explicitly included by pkey.hpp.
Rather than having pkey.hpp include sslapi.hpp (which
seems like a dependency inversion), put PKType into
its own header file.
Signed-off-by: James Yonan <james@openvpn.net>
On the server side, we add the abstract base class
SNIHandlerBase to provide a hook (sni_hello) where
servers can inspect the SNI name given in the client
hello message and possibly return a different SSLFactoryAPI.
In other changes, we rename the ENABLE_SNI flag to
ENABLE_CLIENT_SNI to be clear that this flag only affects
the client-side SNI implementation.
We also add the NO_VERIFY_HOSTNAME flag on the client side
to allow the SNI name to be transmitted to the server
without requiring a match between the SNI name and the
common name or subject alternative name in the server
certificate.
Signed-off-by: James Yonan <james@openvpn.net>
The Clang++ compiler is not happy about this missing declaration on
virtual methods, which is a fair complaint.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Returns true if we did a full SSL handshake/negotiation.
or false for cached, reused, or persisted sessions.
Signed-off-by: James Yonan <james@openvpn.net>
This is an initial client and server-side implementation
for OpenSSL 1.0.2.
Note that this functionality is intended for use with
HTTP sessions, and should not be used with the OpenVPN
protocol.
Signed-off-by: James Yonan <james@openvpn.net>
Removed set_enable_renegotiation from SSLConfigAPI and underlying
SSL implementations (OpenSSL, MbedTLS) since we are not currently
using it and TLS 1.3 standardizes on a session ticket model rather
than server-side session caching.
Signed-off-by: James Yonan <james@openvpn.net>
In TLS 1.3 the RSA-PSS padding is required in addition to the
traditional PKCS1 padding used in TLS 1.2 and below. Add an
argument to the external sign function to signal what padding
is required. As quirkyness OpenSSL calls out requesting a NONE
padding instead of RSA-PASS.
We might need to move from RSA_method to EVP_PKEY_method in the
future.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
The commit 8b22a7b2 had two mistakes:
Accidentally moving the #endif to the wrong line during reformat.
Forgetting to include mbedtls/version.h so the version check was always
false.
Add PEMAPI to allow OpenVPN core to encode/decode PEM
format using {mbed,Open}SSL API.
Needed to decode tls-crypt-v2 keys.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
This is super unlikely to fail but be better safe than sorry.
The function needs mbed TLS 2.7.0 which should be fine for every
still supported platform of us.
Without this patch you get still specify a client EC certificate and
connect to a RSA server. The connection will be established until the
external pki sign will fail in "interesting" ways.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
To bundle ptcore and openvpncli into the same shared library for
OpenVPN Connect, the two libraries need both to include OpenVPN (or
parts of it).
Ptcore defines OPENVPN_EXTERN as extern to define the symbols as extern
in that library but a few places are missing proper weak symbol (inline)
or extern declaration.
Introduce profile flag "allow-name-constraints".
mbedTLS doesn't support x509v3 'Name Constrains'
extension. To allow client to connect, make mbedTLS
not to fail on this extension and drop a warning to UI.
This depends on "Enable allowing unsupported critical extensions in runtime"
patch to mbedTLS.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
