From patchwork Tue Jun  3 14:01:01 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 4274
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:9994:b0:667:60b:5921 with SMTP id d20csp3226213mav;
        Tue, 3 Jun 2025 07:04:36 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCU9NxH77g+AU3U12K69+1HnnbxNkmGGZIAgJyLXxOXVOW2EMjZ/2wVQCQhN+eWJPAsb5t1LDcstvcM=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IFRa8khfMwT2S/MKg3PWLK7G6ga92vWpgOtDT77K+0AlUDV2X7S7FVvCqDClCUKBZkbEqGk
X-Received: by 2002:a05:6830:2106:b0:735:9df1:5274 with SMTP id
 46e09a7af769-736ecda9e7fmr11999023a34.3.1748959475902;
        Tue, 03 Jun 2025 07:04:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1748959475; cv=none;
        d=google.com; s=arc-20240605;
        b=ekOEuAOzCkY/flCc70LJTeadb8+viRFY9wYprGVKn22jBfk3s2vUOYndUmcaemwJGc
         hkD/eHEeyHqINrhAnr7gqi1SfX3885KLCAymbqZmX2jEoGXtVb0zhEKlCzTUi3uSOcNC
         NV/pKP5w1F+UGEefQM5iSSfPHIidm6Wy8fPRvRGLtHXCSAfKY46YVmd498GJYPPwAXpC
         1RBKVTvPvFTsiVlPNbWEPGDMOH/NenFAEBNGDZBJHT3Z1K/RCR+HlT/ykXyRmlut7kni
         HggHewi/4D1OI/OEkrd/2MtmUkmQG0vNw1Sgof4RjeYA8B8WqTsUZiaVnQZQugBH9i3j
         szYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=IbEJVf1CExvX8aGILFmgEAMCmvqnMWJYKymYtuYaOrQ=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=CHsmLfk6H7HjeoMZ04lDPl+iWnmn2+l0rxbd7bnUYd/+GYWIhRQO49wD+h1U4kyujW
         BK6i4KxspIbWOblrXP5VtftqAf7zfVVkgewXDfNMmGU10i19jwwav8yaULwvQfpAg/lI
         aqLImNvg/TGpl+YASNwN0Gnq3t5u5yyZIWHzWU4fg59iuJPDcZvPIafsjiovdo8H2oLW
         9TDeB7lOtkAMg43EvUBNNEGzg9IeGVN5R2r971y/i772KJw460yAkWB68dW5zKT1bHmg
         bCOGkdmA9nd/J9+F5ohB9DDLbRkygcF885uV400WL6UJXEcKFHf5vBY7xHPkzWCvqJjA
         yydw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=CjdtnnhQ;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=K1uLGCUO;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b="jB0XrWD/";
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 46e09a7af769-735af9b4cc8si6248419a34.169.2025.06.03.07.04.35
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 03 Jun 2025 07:04:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=CjdtnnhQ;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=K1uLGCUO;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b="jB0XrWD/";
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=IbEJVf1CExvX8aGILFmgEAMCmvqnMWJYKymYtuYaOrQ=; b=CjdtnnhQ+jZFwQ/CXaG92FLfbZ
	XMI2riHyZbRTMdT05hxIJQCxARsMb8pKbNhUBI8rnrQb0bdyQoBjQXXm9KU1tpTbgnS0rqU3WVXZk
	Vjv/QU0uN8ecFnQlSZtdF69+eXAGrEes8POwpbHgpSKZYW3AfqoGZMjKdcb+T3Eoqdio=;
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1uMSFh-0007DL-Vg;
	Tue, 03 Jun 2025 14:04:29 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gert@blue4.greenie.muc.de>) id 1uMSFg-0007DB-A2
 for openvpn-devel@lists.sourceforge.net;
 Tue, 03 Jun 2025 14:04:28 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=gZ3zI/6uZdVHOXwTaqQY7Dd3qfeXximDANipKmaNRdg=; b=K1uLGCUO3kcUVvj5BxCUe1RBFd
 ja9ZOumGRq7oy0OFziGOh9u1NpoS6s9Xt/Vq7lnBnUDG9J+tFX+HhblfmbqAKz/wrUge/n+s85VkP
 18TsY7BOBBa9FFYQf0UWasxSOIDb4/R6spwnwDZfE5MUnTSyivpaWxScIxbxX7Hep0BA=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=gZ3zI/6uZdVHOXwTaqQY7Dd3qfeXximDANipKmaNRdg=; b=jB0XrWD/O0MLa+8ApLtm6HIAR4
 Rgjq8ZkipqYUiLnShLbq+f6/BKVD/eTf5p0aiUtO2RZVpHLArofDoF5ESLU5jZeUx8qDKxAeiq1fA
 dO2uu2Ao+AcMI1Ekyt+W3LRRVNCO7kAOcEsc2d6QGc99x4KdXnPaANekoQAH05EgELOM=;
Received: from [193.149.48.143] (helo=blue.greenie.muc.de)
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1uMSFe-0004KM-P0 for openvpn-devel@lists.sourceforge.net;
 Tue, 03 Jun 2025 14:04:28 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 553E4EP1011342
 for <openvpn-devel@lists.sourceforge.net>; Tue, 3 Jun 2025 16:04:14 +0200
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 553E4EDY011341
 for openvpn-devel@lists.sourceforge.net; Tue, 3 Jun 2025 16:04:14 +0200
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Tue,  3 Jun 2025 16:01:01 +0200
Message-ID: <20250603140414.10970-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.49.0
In-Reply-To: 
 <gerrit.1747746380000.I1204bc2ff85952160a86f0b9d1caae90e5065bc4@gerrit.openvpn.net>
References: 
 <gerrit.1747746380000.I1204bc2ff85952160a86f0b9d1caae90e5065bc4@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.7 (+)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 Mbed
 TLS now has an implementation of the TLS-Exporter feature (though not yet
 in a released version). Use it if it's available. v2: Rebased,
 changed feature
 detection in configure.ac
 Content analysis details:   (1.7 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [193.149.48.143 listed in sa-accredit.habeas.com]
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [193.149.48.143 listed in bl.score.senderscore.com]
 0.4 NO_DNS_FOR_FROM        DNS: Envelope sender has no MX or A DNS records
 0.0 SPF_NONE               SPF: sender does not publish an SPF Record
 0.0 SPF_HELO_FAIL          SPF: HELO does not match SPF record (fail)
 [SPF failed: Rejected by SPF record]
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1uMSFe-0004KM-P0
Subject: [Openvpn-devel] [PATCH v3] Use mbedtls_ssl_export_keying_material()
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1833916931440841095?=
X-GMAIL-MSGID: =?utf-8?q?1833916931440841095?=

From: Max Fillinger <maximilian.fillinger@foxcrypto.com>

Mbed TLS now has an implementation of the TLS-Exporter feature (though
not yet in a released version). Use it if it's available.

v2: Rebased, changed feature detection in configure.ac

Change-Id: I1204bc2ff85952160a86f0b9d1caae90e5065bc4
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1041
This mail reflects revision 3 of this Change.

Acked-by according to Gerrit (reflected above):
Frank Lichtenheld <frank@lichtenheld.com>

diff --git a/configure.ac b/configure.ac
index 1b908e6..7fa2284 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1072,7 +1072,10 @@
 			[AC_DEFINE([HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB], [0], [no])]
 		)
 		if test "x$ac_cv_func_mbedtls_ssl_set_export_keys_cb" != xyes; then
-			AC_MSG_ERROR(This version of mbed TLS has no support for exporting key material.)
+			AC_CHECK_FUNC([mbedtls_ssl_export_keying_material])
+			if test "x$ac_cv_func_mbedtls_ssl_export_keying_material" != xyes; then
+				AC_MSG_ERROR(This version of mbed TLS has no support for exporting key material.)
+			fi
 		fi
 	fi
 
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 6474f80..0159166 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -251,8 +251,8 @@
     memcpy(cache->master_secret, secret, sizeof(cache->master_secret));
     cache->tls_prf_type = tls_prf_type;
 }
-#else  /* if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */
-#error either mbedtls_ssl_conf_export_keys_ext_cb or mbedtls_ssl_set_export_keys_cb must be available in mbed TLS
+#elif !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT)
+#error mbedtls_ssl_conf_export_keys_ext_cb, mbedtls_ssl_set_export_keys_cb or mbedtls_ssl_export_keying_material must be available in mbed TLS
 #endif /* HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */
 
 bool
@@ -262,6 +262,20 @@
 {
     ASSERT(strlen(label) == label_size);
 
+#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT)
+    /* Our version of mbed TLS has a built-in TLS-Exporter. */
+
+    mbedtls_ssl_context *ctx = session->key[KS_PRIMARY].ks_ssl.ctx;
+    if (mbed_ok(mbedtls_ssl_export_keying_material(ctx, ekm, ekm_size, label, label_size, NULL, 0, 0)))
+    {
+        return true;
+    }
+    else
+    {
+        return false;
+    }
+
+#else  /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */
     struct tls_key_cache *cache = &session->key[KS_PRIMARY].ks_ssl.tls_key_cache;
 
     /* If the type is NONE, we either have no cached secrets or
@@ -286,6 +300,7 @@
         secure_memzero(ekm, session->opt->ekm_size);
         return false;
     }
+#endif  /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */
 }
 
 bool
@@ -1226,7 +1241,7 @@
         mbedtls_ssl_conf_max_tls_version(ks_ssl->ssl_config, version);
     }
 
-#if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
+#if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB && !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT)
     /* Initialize keying material exporter, old style. */
     mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config,
                                         mbedtls_ssl_export_keys_cb, session);
@@ -1241,7 +1256,7 @@
      * verification. */
     ASSERT(mbed_ok(mbedtls_ssl_set_hostname(ks_ssl->ctx, NULL)));
 
-#if HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
+#if HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB && !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT)
     /* Initialize keying material exporter, new style. */
     mbedtls_ssl_set_export_keys_cb(ks_ssl->ctx, mbedtls_ssl_export_keys_cb, session);
 #endif
diff --git a/src/openvpn/ssl_mbedtls.h b/src/openvpn/ssl_mbedtls.h
index 9ebb2ce..6354231 100644
--- a/src/openvpn/ssl_mbedtls.h
+++ b/src/openvpn/ssl_mbedtls.h
@@ -85,14 +85,21 @@
     void *sign_ctx;
 };
 
-/** struct to cache TLS secrets for keying material exporter (RFC 5705).
- * The constants (64 and 48) are inherent to TLS version and
- * the whole keying material export will likely change when they change */
+#if !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT)
+/**
+ * struct to cache TLS secrets for keying material exporter (RFC 5705).
+ * Not needed if the library itself implements the keying material exporter.
+ *
+ * The constants 64 and 48 are inherent to TLS 1.2. For TLS 1.3, it is not
+ * possible to obtain the exporter master secret from mbed TLS. */
 struct tls_key_cache {
     unsigned char client_server_random[64];
     mbedtls_tls_prf_types tls_prf_type;
     unsigned char master_secret[48];
 };
+#else  /* !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */
+struct tls_key_cache { };
+#endif
 
 /**
  * Structure that wraps the TLS context. Contents differ depending on the