OpenVPN
crypto_openssl.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #elif defined(_MSC_VER)
32 #include "config-msvc.h"
33 #endif
34 
35 #include "syshead.h"
36 
37 #if defined(ENABLE_CRYPTO_OPENSSL)
38 
39 #include "basic.h"
40 #include "buffer.h"
41 #include "integer.h"
42 #include "crypto.h"
43 #include "crypto_backend.h"
44 #include "openssl_compat.h"
45 
46 #include <openssl/des.h>
47 #include <openssl/err.h>
48 #include <openssl/evp.h>
49 #include <openssl/objects.h>
50 #include <openssl/rand.h>
51 #include <openssl/ssl.h>
52 
53 /*
54  * Check for key size creepage.
55  */
56 
57 #if MAX_CIPHER_KEY_LENGTH < EVP_MAX_KEY_LENGTH
58 #warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH
59 #endif
60 
61 #if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE
62 #warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH
63 #endif
64 
65 #if HAVE_OPENSSL_ENGINE
66 #include <openssl/engine.h>
67 
68 static bool engine_initialized = false; /* GLOBAL */
69 
70 static ENGINE *engine_persist = NULL; /* GLOBAL */
71 
72 /* Try to load an engine in a shareable library */
73 static ENGINE *
74 try_load_engine(const char *engine)
75 {
76  ENGINE *e = ENGINE_by_id("dynamic");
77  if (e)
78  {
79  if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
80  || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
81  {
82  ENGINE_free(e);
83  e = NULL;
84  }
85  }
86  return e;
87 }
88 
89 static ENGINE *
90 setup_engine(const char *engine)
91 {
92  ENGINE *e = NULL;
93 
94  ENGINE_load_builtin_engines();
95 
96  if (engine)
97  {
98  if (strcmp(engine, "auto") == 0)
99  {
100  msg(M_INFO, "Initializing OpenSSL auto engine support");
101  ENGINE_register_all_complete();
102  return NULL;
103  }
104  if ((e = ENGINE_by_id(engine)) == NULL
105  && (e = try_load_engine(engine)) == NULL)
106  {
107  crypto_msg(M_FATAL, "OpenSSL error: cannot load engine '%s'",
108  engine);
109  }
110 
111  if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
112  {
114  "OpenSSL error: ENGINE_set_default failed on engine '%s'",
115  engine);
116  }
117 
118  msg(M_INFO, "Initializing OpenSSL support for engine '%s'",
119  ENGINE_get_id(e));
120  }
121  return e;
122 }
123 
124 #endif /* HAVE_OPENSSL_ENGINE */
125 
126 void
127 crypto_init_lib_engine(const char *engine_name)
128 {
129 #if HAVE_OPENSSL_ENGINE
130  if (!engine_initialized)
131  {
132  ASSERT(engine_name);
133  ASSERT(!engine_persist);
134  engine_persist = setup_engine(engine_name);
135  engine_initialized = true;
136  }
137 #else /* if HAVE_OPENSSL_ENGINE */
138  msg(M_WARN, "Note: OpenSSL hardware crypto engine functionality is not available");
139 #endif
140 }
141 
142 /*
143  *
144  * Functions related to the core crypto library
145  *
146  */
147 
148 void
150 {
151  /*
152  * If you build the OpenSSL library and OpenVPN with
153  * CRYPTO_MDEBUG, you will get a listing of OpenSSL
154  * memory leaks on program termination.
155  */
156 
157 #ifdef CRYPTO_MDEBUG
158  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
159 #endif
160 }
161 
162 void
164 {
165 #ifdef CRYPTO_MDEBUG
166  FILE *fp = fopen("sdlog", "w");
167  ASSERT(fp);
168  CRYPTO_mem_leaks_fp(fp);
169  fclose(fp);
170 #endif
171 
172 #if HAVE_OPENSSL_ENGINE
173  if (engine_initialized)
174  {
175  ENGINE_cleanup();
176  engine_persist = NULL;
177  engine_initialized = false;
178  }
179 #endif
180 }
181 
182 void
184 {
185  ERR_clear_error();
186 }
187 
188 void
190 {
191  size_t err = 0;
192 
193  while ((err = ERR_get_error()))
194  {
195  /* Be more clear about frequently occurring "no shared cipher" error */
196  if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER)
197  {
198  msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites "
199  "in common with the client. Your --tls-cipher setting might be "
200  "too restrictive.");
201  }
202  else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL)
203  {
204  msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically "
205  "indicates that client and server have no common TLS version enabled. "
206  "This can be caused by mismatched tls-version-min and tls-version-max "
207  "options on client and server. "
208  "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
209  "tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
210  "instead of TLS 1.0 only");
211  }
212  msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL));
213  }
214 }
215 
216 
217 /*
218  *
219  * OpenSSL memory debugging. If dmalloc debugging is enabled, tell
220  * OpenSSL to use our private malloc/realloc/free functions so that
221  * we can dispatch them to dmalloc.
222  *
223  */
224 
225 #ifdef DMALLOC
226 static void *
227 crypto_malloc(size_t size, const char *file, int line)
228 {
229  return dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0);
230 }
231 
232 static void *
233 crypto_realloc(void *ptr, size_t size, const char *file, int line)
234 {
235  return dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
236 }
237 
238 static void
239 crypto_free(void *ptr)
240 {
241  dmalloc_free(__FILE__, __LINE__, ptr, DMALLOC_FUNC_FREE);
242 }
243 
244 void
245 crypto_init_dmalloc(void)
246 {
247  CRYPTO_set_mem_ex_functions(crypto_malloc,
248  crypto_realloc,
249  crypto_free);
250 }
251 #endif /* DMALLOC */
252 
254  { "AES-128-GCM", "id-aes128-GCM" },
255  { "AES-192-GCM", "id-aes192-GCM" },
256  { "AES-256-GCM", "id-aes256-GCM" },
257  { "CHACHA20-POLY1305", "ChaCha20-Poly1305" },
258 };
260  sizeof(cipher_name_translation_table) / sizeof(*cipher_name_translation_table);
261 
262 
263 static int
264 cipher_name_cmp(const void *a, const void *b)
265 {
266  const EVP_CIPHER *const *cipher_a = a;
267  const EVP_CIPHER *const *cipher_b = b;
268 
269  const char *cipher_name_a =
270  translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_a));
271  const char *cipher_name_b =
272  translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_b));
273 
274  return strcmp(cipher_name_a, cipher_name_b);
275 }
276 
277 void
279 {
280  int nid;
281  size_t i;
282 
283  /* If we ever exceed this, we must be more selective */
284  const EVP_CIPHER *cipher_list[1000];
285  size_t num_ciphers = 0;
286 #ifndef ENABLE_SMALL
287  printf("The following ciphers and cipher modes are available for use\n"
288  "with " PACKAGE_NAME ". Each cipher shown below may be use as a\n"
289  "parameter to the --cipher option. The default key size is\n"
290  "shown as well as whether or not it can be changed with the\n"
291  "--keysize directive. Using a CBC or GCM mode is recommended.\n"
292  "In static key mode only CBC mode is allowed.\n\n");
293 #endif
294 
295  for (nid = 0; nid < 10000; ++nid)
296  {
297  const EVP_CIPHER *cipher = EVP_get_cipherbynid(nid);
298  if (cipher && (cipher_kt_mode_cbc(cipher)
299 #ifdef ENABLE_OFB_CFB_MODE
300  || cipher_kt_mode_ofb_cfb(cipher)
301 #endif
303  || cipher_kt_mode_aead(cipher)
304 #endif
305  ))
306  {
307  cipher_list[num_ciphers++] = cipher;
308  }
309  if (num_ciphers == (sizeof(cipher_list)/sizeof(*cipher_list)))
310  {
311  msg(M_WARN, "WARNING: Too many ciphers, not showing all");
312  break;
313  }
314  }
315 
316  qsort(cipher_list, num_ciphers, sizeof(*cipher_list), cipher_name_cmp);
317 
318  for (i = 0; i < num_ciphers; i++)
319  {
320  if (!cipher_kt_insecure(cipher_list[i]))
321  {
322  print_cipher(cipher_list[i]);
323  }
324  }
325 
326  printf("\nThe following ciphers have a block size of less than 128 bits, \n"
327  "and are therefore deprecated. Do not use unless you have to.\n\n");
328  for (i = 0; i < num_ciphers; i++)
329  {
330  if (cipher_kt_insecure(cipher_list[i]))
331  {
332  print_cipher(cipher_list[i]);
333  }
334  }
335  printf("\n");
336 }
337 
338 void
340 {
341  int nid;
342 
343 #ifndef ENABLE_SMALL
344  printf("The following message digests are available for use with\n"
345  PACKAGE_NAME ". A message digest is used in conjunction with\n"
346  "the HMAC function, to authenticate received packets.\n"
347  "You can specify a message digest as parameter to\n"
348  "the --auth option.\n\n");
349 #endif
350 
351  for (nid = 0; nid < 10000; ++nid)
352  {
353  const EVP_MD *digest = EVP_get_digestbynid(nid);
354  if (digest)
355  {
356  printf("%s %d bit digest size\n",
357  OBJ_nid2sn(nid), EVP_MD_size(digest) * 8);
358  }
359  }
360  printf("\n");
361 }
362 
363 void
365 {
366 #if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */
367  ENGINE *e;
368 
369  printf("OpenSSL Crypto Engines\n\n");
370 
371  ENGINE_load_builtin_engines();
372 
373  e = ENGINE_get_first();
374  while (e)
375  {
376  printf("%s [%s]\n",
377  ENGINE_get_name(e),
378  ENGINE_get_id(e));
379  e = ENGINE_get_next(e);
380  }
381  ENGINE_cleanup();
382 #else /* if HAVE_OPENSSL_ENGINE */
383  printf("Sorry, OpenSSL hardware crypto engine functionality is not available.\n");
384 #endif
385 }
386 
387 
388 bool
389 crypto_pem_encode(const char *name, struct buffer *dst,
390  const struct buffer *src, struct gc_arena *gc)
391 {
392  bool ret = false;
393  BIO *bio = BIO_new(BIO_s_mem());
394  if (!bio || !PEM_write_bio(bio, name, "", BPTR(src), BLEN(src)))
395  {
396  ret = false;
397  goto cleanup;
398  }
399 
400  BUF_MEM *bptr;
401  BIO_get_mem_ptr(bio, &bptr);
402 
403  *dst = alloc_buf_gc(bptr->length, gc);
404  ASSERT(buf_write(dst, bptr->data, bptr->length));
405 
406  ret = true;
407 cleanup:
408  if (!BIO_free(bio))
409  {
410  ret = false;
411  }
412 
413  return ret;
414 }
415 
416 bool
417 crypto_pem_decode(const char *name, struct buffer *dst,
418  const struct buffer *src)
419 {
420  bool ret = false;
421 
422  BIO *bio = BIO_new_mem_buf((char *)BPTR(src), BLEN(src));
423  if (!bio)
424  {
425  crypto_msg(M_FATAL, "Cannot open memory BIO for PEM decode");
426  }
427 
428  char *name_read = NULL;
429  char *header_read = NULL;
430  uint8_t *data_read = NULL;
431  long data_read_len = 0;
432  if (!PEM_read_bio(bio, &name_read, &header_read, &data_read,
433  &data_read_len))
434  {
435  dmsg(D_CRYPT_ERRORS, "%s: PEM decode failed", __func__);
436  goto cleanup;
437  }
438 
439  if (strcmp(name, name_read))
440  {
442  "%s: unexpected PEM name (got '%s', expected '%s')",
443  __func__, name_read, name);
444  goto cleanup;
445  }
446 
447  uint8_t *dst_data = buf_write_alloc(dst, data_read_len);
448  if (!dst_data)
449  {
450  dmsg(D_CRYPT_ERRORS, "%s: dst too small (%i, needs %li)", __func__,
451  BCAP(dst), data_read_len);
452  goto cleanup;
453  }
454  memcpy(dst_data, data_read, data_read_len);
455 
456  ret = true;
457 cleanup:
458  OPENSSL_free(name_read);
459  OPENSSL_free(header_read);
460  OPENSSL_free(data_read);
461  if (!BIO_free(bio))
462  {
463  ret = false;
464  }
465 
466  return ret;
467 }
468 
469 /*
470  *
471  * Random number functions, used in cases where we want
472  * reasonably strong cryptographic random number generation
473  * without depleting our entropy pool. Used for random
474  * IV values and a number of other miscellaneous tasks.
475  *
476  */
477 
478 int
479 rand_bytes(uint8_t *output, int len)
480 {
481  if (unlikely(1 != RAND_bytes(output, len)))
482  {
483  crypto_msg(D_CRYPT_ERRORS, "RAND_bytes() failed");
484  return 0;
485  }
486  return 1;
487 }
488 
489 /*
490  *
491  * Key functions, allow manipulation of keys.
492  *
493  */
494 
495 
496 int
497 key_des_num_cblocks(const EVP_CIPHER *kt)
498 {
499  int ret = 0;
500  const char *name = OBJ_nid2sn(EVP_CIPHER_nid(kt));
501  if (name)
502  {
503  if (!strncmp(name, "DES-", 4))
504  {
505  ret = EVP_CIPHER_key_length(kt) / sizeof(DES_cblock);
506  }
507  else if (!strncmp(name, "DESX-", 5))
508  {
509  ret = 1;
510  }
511  }
512  dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
513  return ret;
514 }
515 
516 bool
517 key_des_check(uint8_t *key, int key_len, int ndc)
518 {
519  int i;
520  struct buffer b;
521 
522  buf_set_read(&b, key, key_len);
523 
524  for (i = 0; i < ndc; ++i)
525  {
526  DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock));
527  if (!dc)
528  {
530  "CRYPTO INFO: check_key_DES: insufficient key material");
531  goto err;
532  }
533  if (DES_is_weak_key(dc))
534  {
536  "CRYPTO INFO: check_key_DES: weak key detected");
537  goto err;
538  }
539  if (!DES_check_key_parity(dc))
540  {
542  "CRYPTO INFO: check_key_DES: bad parity detected");
543  goto err;
544  }
545  }
546  return true;
547 
548 err:
549  ERR_clear_error();
550  return false;
551 }
552 
553 void
554 key_des_fixup(uint8_t *key, int key_len, int ndc)
555 {
556  int i;
557  struct buffer b;
558 
559  buf_set_read(&b, key, key_len);
560  for (i = 0; i < ndc; ++i)
561  {
562  DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock));
563  if (!dc)
564  {
565  msg(D_CRYPT_ERRORS, "CRYPTO INFO: fixup_key_DES: insufficient key material");
566  ERR_clear_error();
567  return;
568  }
569  DES_set_odd_parity(dc);
570  }
571 }
572 
573 
574 /*
575  *
576  * Generic cipher key type functions
577  *
578  */
579 
580 
581 const EVP_CIPHER *
582 cipher_kt_get(const char *ciphername)
583 {
584  const EVP_CIPHER *cipher = NULL;
585 
586  ASSERT(ciphername);
587 
588  cipher = EVP_get_cipherbyname(ciphername);
589 
590  if (NULL == cipher)
591  {
592  crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername);
593  return NULL;
594  }
595 
596 
597  if (EVP_CIPHER_key_length(cipher) > MAX_CIPHER_KEY_LENGTH)
598  {
599  msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%d bytes) "
600  "which is larger than " PACKAGE_NAME "'s current maximum key size "
601  "(%d bytes)", ciphername, EVP_CIPHER_key_length(cipher),
603  return NULL;
604  }
605 
606  return cipher;
607 }
608 
609 const char *
610 cipher_kt_name(const EVP_CIPHER *cipher_kt)
611 {
612  if (NULL == cipher_kt)
613  {
614  return "[null-cipher]";
615  }
616  return EVP_CIPHER_name(cipher_kt);
617 }
618 
619 int
620 cipher_kt_key_size(const EVP_CIPHER *cipher_kt)
621 {
622  return EVP_CIPHER_key_length(cipher_kt);
623 }
624 
625 int
626 cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
627 {
628  return EVP_CIPHER_iv_length(cipher_kt);
629 }
630 
631 int
632 cipher_kt_block_size(const EVP_CIPHER *cipher)
633 {
634  /*
635  * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work
636  * around that, try to replace the mode with 'CBC' and return the block size
637  * reported for that cipher, if possible. If that doesn't work, just return
638  * the value reported by OpenSSL.
639  */
640  char *name = NULL;
641  char *mode_str = NULL;
642  const char *orig_name = NULL;
643  const EVP_CIPHER *cbc_cipher = NULL;
644 
645  int block_size = EVP_CIPHER_block_size(cipher);
646 
647  orig_name = cipher_kt_name(cipher);
648  if (!orig_name)
649  {
650  goto cleanup;
651  }
652 
653  name = string_alloc(translate_cipher_name_to_openvpn(orig_name), NULL);
654  mode_str = strrchr(name, '-');
655  if (!mode_str || strlen(mode_str) < 4)
656  {
657  goto cleanup;
658  }
659 
660  strcpy(mode_str, "-CBC");
661 
662  cbc_cipher = EVP_get_cipherbyname(translate_cipher_name_from_openvpn(name));
663  if (cbc_cipher)
664  {
665  block_size = EVP_CIPHER_block_size(cbc_cipher);
666  }
667 
668 cleanup:
669  free(name);
670  return block_size;
671 }
672 
673 int
674 cipher_kt_tag_size(const EVP_CIPHER *cipher_kt)
675 {
676  if (cipher_kt_mode_aead(cipher_kt))
677  {
679  }
680  else
681  {
682  return 0;
683  }
684 }
685 
686 bool
687 cipher_kt_insecure(const EVP_CIPHER *cipher)
688 {
689  return !(cipher_kt_block_size(cipher) >= 128 / 8
690 #ifdef NID_chacha20_poly1305
691  || EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305
692 #endif
693  );
694 }
695 
696 int
697 cipher_kt_mode(const EVP_CIPHER *cipher_kt)
698 {
699  ASSERT(NULL != cipher_kt);
700  return EVP_CIPHER_mode(cipher_kt);
701 }
702 
703 bool
705 {
706  return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
707 #ifdef EVP_CIPH_FLAG_AEAD_CIPHER
708  /* Exclude AEAD cipher modes, they require a different API */
709  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
710 #endif
711  ;
712 }
713 
714 bool
716 {
717  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB
718  || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB)
719 #ifdef EVP_CIPH_FLAG_AEAD_CIPHER
720  /* Exclude AEAD cipher modes, they require a different API */
721  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
722 #endif
723  ;
724 }
725 
726 bool
728 {
729 #ifdef HAVE_AEAD_CIPHER_MODES
730  if (cipher)
731  {
732  switch (EVP_CIPHER_nid(cipher))
733  {
734  case NID_aes_128_gcm:
735  case NID_aes_192_gcm:
736  case NID_aes_256_gcm:
737 #ifdef NID_chacha20_poly1305
738  case NID_chacha20_poly1305:
739 #endif
740  return true;
741  }
742  }
743 #endif
744 
745  return false;
746 }
747 
748 /*
749  *
750  * Generic cipher context functions
751  *
752  */
753 
754 cipher_ctx_t *
756 {
757  EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
758  check_malloc_return(ctx);
759  return ctx;
760 }
761 
762 void
763 cipher_ctx_free(EVP_CIPHER_CTX *ctx)
764 {
765  EVP_CIPHER_CTX_free(ctx);
766 }
767 
768 void
769 cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len,
770  const EVP_CIPHER *kt, int enc)
771 {
772  ASSERT(NULL != kt && NULL != ctx);
773 
774  EVP_CIPHER_CTX_init(ctx);
775  if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc))
776  {
777  crypto_msg(M_FATAL, "EVP cipher init #1");
778  }
779 #ifdef HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH
780  if (!EVP_CIPHER_CTX_set_key_length(ctx, key_len))
781  {
782  crypto_msg(M_FATAL, "EVP set key size");
783  }
784 #endif
785  if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc))
786  {
787  crypto_msg(M_FATAL, "EVP cipher init #2");
788  }
789 
790  /* make sure we used a big enough key */
791  ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= key_len);
792 }
793 
794 void
795 cipher_ctx_cleanup(EVP_CIPHER_CTX *ctx)
796 {
797  EVP_CIPHER_CTX_cleanup(ctx);
798 }
799 
800 int
801 cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
802 {
803  return EVP_CIPHER_CTX_iv_length(ctx);
804 }
805 
806 int
807 cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
808 {
809 #ifdef HAVE_AEAD_CIPHER_MODES
810  return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, tag_size, tag_buf);
811 #else
812  ASSERT(0);
813 #endif
814 }
815 
816 int
817 cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
818 {
819  return EVP_CIPHER_CTX_block_size(ctx);
820 }
821 
822 int
823 cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
824 {
825  return EVP_CIPHER_CTX_mode(ctx);
826 }
827 
828 const cipher_kt_t *
830 {
831  return ctx ? EVP_CIPHER_CTX_cipher(ctx) : NULL;
832 }
833 
834 
835 int
836 cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
837 {
838  return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
839 }
840 
841 int
842 cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
843 {
844 #ifdef HAVE_AEAD_CIPHER_MODES
845  int len;
846  if (!EVP_CipherUpdate(ctx, NULL, &len, src, src_len))
847  {
848  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
849  }
850  return 1;
851 #else /* ifdef HAVE_AEAD_CIPHER_MODES */
852  ASSERT(0);
853 #endif
854 }
855 
856 int
857 cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
858  uint8_t *src, int src_len)
859 {
860  if (!EVP_CipherUpdate(ctx, dst, dst_len, src, src_len))
861  {
862  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
863  }
864  return 1;
865 }
866 
867 int
868 cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
869 {
870  return EVP_CipherFinal(ctx, dst, dst_len);
871 }
872 
873 int
874 cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
875  uint8_t *tag, size_t tag_len)
876 {
877 #ifdef HAVE_AEAD_CIPHER_MODES
878  ASSERT(tag_len < SIZE_MAX);
879  if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, tag_len, tag))
880  {
881  return 0;
882  }
883 
884  return cipher_ctx_final(ctx, dst, dst_len);
885 #else /* ifdef HAVE_AEAD_CIPHER_MODES */
886  ASSERT(0);
887 #endif
888 }
889 
890 void
892  unsigned char *src,
893  unsigned char *dst)
894 {
895  DES_key_schedule sched;
896 
897  DES_set_key_unchecked((DES_cblock *)key, &sched);
898  DES_ecb_encrypt((DES_cblock *)src, (DES_cblock *)dst, &sched, DES_ENCRYPT);
899 }
900 
901 /*
902  *
903  * Generic message digest information functions
904  *
905  */
906 
907 
908 const EVP_MD *
909 md_kt_get(const char *digest)
910 {
911  const EVP_MD *md = NULL;
912  ASSERT(digest);
913  md = EVP_get_digestbyname(digest);
914  if (!md)
915  {
916  crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
917  }
918  if (EVP_MD_size(md) > MAX_HMAC_KEY_LENGTH)
919  {
920  crypto_msg(M_FATAL, "Message hash algorithm '%s' uses a default hash "
921  "size (%d bytes) which is larger than " PACKAGE_NAME "'s current "
922  "maximum hash size (%d bytes)",
923  digest, EVP_MD_size(md), MAX_HMAC_KEY_LENGTH);
924  }
925  return md;
926 }
927 
928 const char *
929 md_kt_name(const EVP_MD *kt)
930 {
931  if (NULL == kt)
932  {
933  return "[null-digest]";
934  }
935  return EVP_MD_name(kt);
936 }
937 
938 int
939 md_kt_size(const EVP_MD *kt)
940 {
941  return EVP_MD_size(kt);
942 }
943 
944 
945 /*
946  *
947  * Generic message digest functions
948  *
949  */
950 
951 int
952 md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
953 {
954  unsigned int in_md_len = 0;
955 
956  return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL);
957 }
958 
959 EVP_MD_CTX *
961 {
962  EVP_MD_CTX *ctx = EVP_MD_CTX_new();
963  check_malloc_return(ctx);
964  return ctx;
965 }
966 
967 void
968 md_ctx_free(EVP_MD_CTX *ctx)
969 {
970  EVP_MD_CTX_free(ctx);
971 }
972 
973 void
974 md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
975 {
976  ASSERT(NULL != ctx && NULL != kt);
977 
978  EVP_MD_CTX_init(ctx);
979  EVP_DigestInit(ctx, kt);
980 }
981 
982 void
983 md_ctx_cleanup(EVP_MD_CTX *ctx)
984 {
985  EVP_MD_CTX_reset(ctx);
986 }
987 
988 int
989 md_ctx_size(const EVP_MD_CTX *ctx)
990 {
991  return EVP_MD_CTX_size(ctx);
992 }
993 
994 void
995 md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
996 {
997  EVP_DigestUpdate(ctx, src, src_len);
998 }
999 
1000 void
1001 md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
1002 {
1003  unsigned int in_md_len = 0;
1004 
1005  EVP_DigestFinal(ctx, dst, &in_md_len);
1006 }
1007 
1008 
1009 /*
1010  *
1011  * Generic HMAC functions
1012  *
1013  */
1014 
1015 HMAC_CTX *
1017 {
1018  HMAC_CTX *ctx = HMAC_CTX_new();
1019  check_malloc_return(ctx);
1020  return ctx;
1021 }
1022 
1023 void
1024 hmac_ctx_free(HMAC_CTX *ctx)
1025 {
1026  HMAC_CTX_free(ctx);
1027 }
1028 
1029 void
1030 hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
1031  const EVP_MD *kt)
1032 {
1033  ASSERT(NULL != kt && NULL != ctx);
1034 
1035  HMAC_CTX_reset(ctx);
1036  HMAC_Init_ex(ctx, key, key_len, kt, NULL);
1037 
1038  /* make sure we used a big enough key */
1039  ASSERT(HMAC_size(ctx) <= key_len);
1040 }
1041 
1042 void
1043 hmac_ctx_cleanup(HMAC_CTX *ctx)
1044 {
1045  HMAC_CTX_reset(ctx);
1046 }
1047 
1048 int
1049 hmac_ctx_size(const HMAC_CTX *ctx)
1050 {
1051  return HMAC_size(ctx);
1052 }
1053 
1054 void
1055 hmac_ctx_reset(HMAC_CTX *ctx)
1056 {
1057  HMAC_Init_ex(ctx, NULL, 0, NULL, NULL);
1058 }
1059 
1060 void
1061 hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
1062 {
1063  HMAC_Update(ctx, src, src_len);
1064 }
1065 
1066 void
1067 hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
1068 {
1069  unsigned int in_hmac_len = 0;
1070 
1071  HMAC_Final(ctx, dst, &in_hmac_len);
1072 }
1073 
1074 #endif /* ENABLE_CRYPTO_OPENSSL */
int cipher_kt_tag_size(const EVP_CIPHER *cipher_kt)
void md_ctx_cleanup(EVP_MD_CTX *ctx)
#define D_CRYPT_ERRORS
Definition: errlevel.h:58
int md_ctx_size(const EVP_MD_CTX *ctx)
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
bool cipher_kt_insecure(const EVP_CIPHER *cipher)
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:688
#define D_CRYPTO_DEBUG
Definition: errlevel.h:144
int hmac_ctx_size(const HMAC_CTX *ctx)
#define M_INFO
Definition: errlevel.h:55
const size_t cipher_name_translation_table_count
int cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
static uint8_t * buf_read_alloc(struct buffer *buf, int size)
Definition: buffer.h:675
#define ASSERT(x)
Definition: error.h:221
#define unlikely(x)
Definition: syshead.h:36
static uint8_t * buf_write_alloc(struct buffer *buf, int size)
Definition: buffer.h:656
#define OPENVPN_MODE_OFB
Cipher is in OFB mode.
void hmac_ctx_reset(HMAC_CTX *ctx)
static int cipher_name_cmp(const void *a, const void *b)
#define OPENVPN_MODE_CFB
Cipher is in CFB mode.
void show_available_ciphers(void)
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
int md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
const EVP_CIPHER * cipher_kt_get(const char *ciphername)
Return cipher parameters, based on the given cipher name.
#define M_FATAL
Definition: error.h:94
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
void hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
void crypto_init_lib_engine(const char *engine_name)
cipher_ctx_t * cipher_ctx_new(void)
Generic cipher functions.
const cipher_kt_t * cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
Returns the static cipher parameters for this context.
static int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
Reset a message digest context.
void md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
int cipher_kt_block_size(const EVP_CIPHER *cipher)
#define MAX_CIPHER_KEY_LENGTH
int cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
void hmac_ctx_cleanup(HMAC_CTX *ctx)
int cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
void md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
#define D_LOW
Definition: errlevel.h:97
void cipher_ctx_free(EVP_CIPHER_CTX *ctx)
#define BCAP(buf)
Definition: buffer.h:130
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
static HMAC_CTX * HMAC_CTX_new(void)
Allocate a new HMAC context object.
HMAC_CTX * hmac_ctx_new(void)
void print_cipher(const cipher_kt_t *cipher)
Print a cipher list entry.
Definition: crypto.c:1779
static bool buf_write(struct buffer *dest, const void *src, int size)
Definition: buffer.h:689
void md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
#define BPTR(buf)
Definition: buffer.h:124
void show_available_engines(void)
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
#define OPENVPN_MODE_CBC
Cipher is in CBC mode.
const EVP_MD * md_kt_get(const char *digest)
Return message digest parameters, based on the given digest name.
#define PACKAGE_NAME
Definition: config.h:730
const char * md_kt_name(const EVP_MD *kt)
void hmac_ctx_free(HMAC_CTX *ctx)
bool key_des_check(uint8_t *key, int key_len, int ndc)
void hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, const EVP_MD *kt)
int md_kt_size(const EVP_MD *kt)
#define HAVE_AEAD_CIPHER_MODES
Definition: config-msvc.h:8
void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], unsigned char *src, unsigned char *dst)
mbedtls_cipher_info_t cipher_kt_t
Generic cipher key type context.
void hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
Free an existing message digest context.
int cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
bool cipher_kt_mode_aead(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported AEAD mode cipher.
const char * cipher_kt_name(const EVP_CIPHER *cipher_kt)
int cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
uint8_t * data
Pointer to the allocated memory.
Definition: buffer.h:68
#define dmsg
Definition: error.h:174
void cipher_ctx_cleanup(EVP_CIPHER_CTX *ctx)
#define ENABLE_OFB_CFB_MODE
Definition: config.h:65
void key_des_fixup(uint8_t *key, int key_len, int ndc)
void cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len, const EVP_CIPHER *kt, int enc)
#define MAX_HMAC_KEY_LENGTH
int cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
static int HMAC_CTX_reset(HMAC_CTX *ctx)
Reset a HMAC context.
#define BLEN(buf)
Definition: buffer.h:127
void md_ctx_free(EVP_MD_CTX *ctx)
unsigned __int8 uint8_t
Definition: config-msvc.h:123
static EVP_MD_CTX * EVP_MD_CTX_new(void)
Allocate a new message digest object.
static void HMAC_CTX_free(HMAC_CTX *ctx)
Cleanup and free an existing HMAC context.
static void check_malloc_return(const void *p)
Definition: buffer.h:1093
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.
int cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
EVP_MD_CTX * md_ctx_new(void)
#define msg
Definition: error.h:173
Struct used in cipher name translation table.
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
const char * translate_cipher_name_to_openvpn(const char *cipher_name)
Translate a crypto library cipher name to an OpenVPN cipher name.
Definition: crypto.c:1840
int cipher_kt_key_size(const EVP_CIPHER *cipher_kt)
void crypto_clear_error(void)
const char * translate_cipher_name_from_openvpn(const char *cipher_name)
Translate a data channel cipher name from the crypto library specific name to the OpenVPN config file...
Definition: crypto.c:1827
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
int cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
#define free
Definition: cmocka.c:1850
void crypto_init_lib(void)
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
#define OPENVPN_AEAD_TAG_LENGTH
int cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
char * dst
Definition: compat-lz4.h:455
bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported CBC mode cipher.
void crypto_uninit_lib(void)
int key_des_num_cblocks(const EVP_CIPHER *kt)
#define DES_KEY_LENGTH
void show_available_digests(void)
static void buf_set_read(struct buffer *buf, const uint8_t *data, int size)
Definition: buffer.h:335
int cipher_kt_mode(const EVP_CIPHER *cipher_kt)
bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
#define M_WARN
Definition: error.h:96
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
int cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)