Also print key agreement when printing negotiated details

With TLS 1.0 to 1.2, the used key agreement was depended on the certificates
themselves. With TLS 1.3 this is no longer the case but basically always
X25519 was used.  So this information has not been very interesting so far.

With OpenSSL 3.5.0 and the new X25519MLKEM768 hybrid key agreement, the used
key agreement group actually becomes interesting information.

This commit adds printing this information for OpenSSL 3.0.0+ and uses
a compat version for OpenSSL 3.0-3.1 to avoid an additional ifdef in the
code itself.

This also renames SSL Handshake to TLS Handshake since we never actually
supported SSL and renames c_ssl to ssl as it is no longer const.

Jira: OVPN3-1341
Signed-off-by: Arne Schwabe <[email protected]>

Author: schwabe

openvpn/openssl/compat.hpp

@@ -111,3 +111,13 @@ EVP_MD_free(const EVP_MD *md)
 }
 
 #endif
+#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+static inline const char *
+SSL_get0_group_name(SSL *s)
+{
+    /* int is the return type according the manual page but gcc complains that
+     * this a long to int conversion. So explicitly cast to int */
+    int nid = static_cast<int>(SSL_get_negotiated_group(s));
+    return SSL_group_to_name(s, nid);
+}
+#endif

openvpn/openssl/ssl/sslctx.hpp

@@ -1054,11 +1054,11 @@ class OpenSSLContext : public SSLFactoryAPI
         }
 
         // Print a one line summary of SSL/TLS session handshake.
-        static std::string ssl_handshake_details(const ::SSL *c_ssl)
+        static std::string ssl_handshake_details(::SSL *ssl)
         {
             std::ostringstream os;
 
-            ::X509 *cert = SSL_get_peer_certificate(c_ssl);
+            ::X509 *cert = SSL_get_peer_certificate(ssl);
 
             if (cert)
                 os << "peer certificate: CN=" << OpenSSLPKI::x509_get_field(cert, NID_commonName);
@@ -1100,7 +1100,7 @@ class OpenSSLContext : public SSLFactoryAPI
                 X509_free(cert);
             }
 
-            const SSL_CIPHER *ciph = SSL_get_current_cipher(c_ssl);
+            const SSL_CIPHER *ciph = SSL_get_current_cipher(ssl);
             if (ciph)
             {
                 char *desc = SSL_CIPHER_description(ciph, nullptr, 0);
@@ -1110,15 +1110,26 @@ class OpenSSLContext : public SSLFactoryAPI
                 }
                 else
                 {
-                    os << ", cipher: " << desc;
+                    std::string cipher_str(desc);
+                    // remove \n at the end and any other excess whitespace
+                    string::trim(cipher_str);
+                    os << ", cipher: " << cipher_str;
                     OPENSSL_free(desc);
                 }
             }
-            // This has been changed in upstream SSL to have a const
-            // parameter, so we cast away const for older versions compatibility
-            // (Upstream commit: c04b66b18d1a90f0c6326858e4b8367be5444582)
-            if (SSL_session_reused(const_cast<::SSL *>(c_ssl)))
+
+            if (SSL_session_reused(ssl))
                 os << " [REUSED]";
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+            const char *key_agreement = SSL_get0_group_name(ssl);
+            if (!key_agreement)
+            {
+                key_agreement = "(error fetching key-agreeement)";
+            }
+            os << ", key-agreement: " << key_agreement;
+#endif
+
             return os.str();
         }
 

openvpn/ssl/proto.hpp

@@ -2928,7 +2928,7 @@ class ProtoContext : public logging::LoggingMixin<OPENVPN_DEBUG_PROTO,
 
         void active()
         {
-            OVPN_LOG_INFO("SSL Handshake: " << Base::ssl_handshake_details());
+            OVPN_LOG_INFO("TLS Handshake: " << Base::ssl_handshake_details());
 
             /* Our internal state machine only decides after push request what protocol
              * options we want to use. Therefore we also have to postpone data key