OpenVPN
crypto_openssl.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #elif defined(_MSC_VER)
32 #include "config-msvc.h"
33 #endif
34 
35 #include "syshead.h"
36 
37 #if defined(ENABLE_CRYPTO_OPENSSL)
38 
39 #include "basic.h"
40 #include "buffer.h"
41 #include "integer.h"
42 #include "crypto.h"
43 #include "crypto_backend.h"
44 #include "openssl_compat.h"
45 
46 #include <openssl/conf.h>
47 #include <openssl/des.h>
48 #include <openssl/err.h>
49 #include <openssl/evp.h>
50 #include <openssl/objects.h>
51 #include <openssl/rand.h>
52 #include <openssl/ssl.h>
53 
54 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
55 #include <openssl/kdf.h>
56 #endif
57 
58 /*
59  * Check for key size creepage.
60  */
61 
62 #if MAX_CIPHER_KEY_LENGTH < EVP_MAX_KEY_LENGTH
63 #warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH
64 #endif
65 
66 #if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE
67 #warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH
68 #endif
69 
70 #if HAVE_OPENSSL_ENGINE
71 #include <openssl/ui.h>
72 #include <openssl/engine.h>
73 
74 static bool engine_initialized = false; /* GLOBAL */
75 
76 static ENGINE *engine_persist = NULL; /* GLOBAL */
77 
78 /* Try to load an engine in a shareable library */
79 static ENGINE *
80 try_load_engine(const char *engine)
81 {
82  ENGINE *e = ENGINE_by_id("dynamic");
83  if (e)
84  {
85  if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
86  || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
87  {
88  ENGINE_free(e);
89  e = NULL;
90  }
91  }
92  return e;
93 }
94 
95 static ENGINE *
96 setup_engine(const char *engine)
97 {
98  ENGINE *e = NULL;
99 
100  ENGINE_load_builtin_engines();
101 
102  if (engine)
103  {
104  if (strcmp(engine, "auto") == 0)
105  {
106  msg(M_INFO, "Initializing OpenSSL auto engine support");
107  ENGINE_register_all_complete();
108  return NULL;
109  }
110  if ((e = ENGINE_by_id(engine)) == NULL
111  && (e = try_load_engine(engine)) == NULL)
112  {
113  crypto_msg(M_FATAL, "OpenSSL error: cannot load engine '%s'",
114  engine);
115  }
116 
117  if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
118  {
120  "OpenSSL error: ENGINE_set_default failed on engine '%s'",
121  engine);
122  }
123 
124  msg(M_INFO, "Initializing OpenSSL support for engine '%s'",
125  ENGINE_get_id(e));
126  }
127  return e;
128 }
129 
130 #endif /* HAVE_OPENSSL_ENGINE */
131 
132 void
134 {
135 #if HAVE_OPENSSL_ENGINE
136  if (!engine_initialized)
137  {
138  ASSERT(engine_name);
139  ASSERT(!engine_persist);
140  engine_persist = setup_engine(engine_name);
141  engine_initialized = true;
142  }
143 #else /* if HAVE_OPENSSL_ENGINE */
144  msg(M_WARN, "Note: OpenSSL hardware crypto engine functionality is not available");
145 #endif
146 }
147 
148 /*
149  *
150  * Functions related to the core crypto library
151  *
152  */
153 
154 void
156 {
157 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
158  OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
159 #else
160  OPENSSL_config(NULL);
161 #endif
162  /*
163  * If you build the OpenSSL library and OpenVPN with
164  * CRYPTO_MDEBUG, you will get a listing of OpenSSL
165  * memory leaks on program termination.
166  */
167 
168 #ifdef CRYPTO_MDEBUG
169  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
170 #endif
171 }
172 
173 void
175 {
176 #ifdef CRYPTO_MDEBUG
177  FILE *fp = fopen("sdlog", "w");
178  ASSERT(fp);
179  CRYPTO_mem_leaks_fp(fp);
180  fclose(fp);
181 #endif
182 
183 #if HAVE_OPENSSL_ENGINE
184  if (engine_initialized)
185  {
186  ENGINE_cleanup();
187  engine_persist = NULL;
188  engine_initialized = false;
189  }
190 #endif
191 }
192 
193 void
195 {
196  ERR_clear_error();
197 }
198 
199 void
201 {
202  unsigned long err = 0;
203 
204  while ((err = ERR_get_error()))
205  {
206  /* Be more clear about frequently occurring "no shared cipher" error */
207  if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER)
208  {
209  msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites "
210  "in common with the client. Your --tls-cipher setting might be "
211  "too restrictive.");
212  }
213  else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL)
214  {
215  msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically "
216  "indicates that client and server have no common TLS version enabled. "
217  "This can be caused by mismatched tls-version-min and tls-version-max "
218  "options on client and server. "
219  "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
220  "tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
221  "instead of TLS 1.0 only");
222  }
223  msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL));
224  }
225 }
226 
227 
228 /*
229  *
230  * OpenSSL memory debugging. If dmalloc debugging is enabled, tell
231  * OpenSSL to use our private malloc/realloc/free functions so that
232  * we can dispatch them to dmalloc.
233  *
234  */
235 
236 #ifdef DMALLOC
237 static void *
238 crypto_malloc(size_t size, const char *file, int line)
239 {
240  return dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0);
241 }
242 
243 static void *
244 crypto_realloc(void *ptr, size_t size, const char *file, int line)
245 {
246  return dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
247 }
248 
249 static void
250 crypto_free(void *ptr)
251 {
252  dmalloc_free(__FILE__, __LINE__, ptr, DMALLOC_FUNC_FREE);
253 }
254 
255 void
256 crypto_init_dmalloc(void)
257 {
258  CRYPTO_set_mem_ex_functions(crypto_malloc,
259  crypto_realloc,
260  crypto_free);
261 }
262 #endif /* DMALLOC */
263 
265  { "AES-128-GCM", "id-aes128-GCM" },
266  { "AES-192-GCM", "id-aes192-GCM" },
267  { "AES-256-GCM", "id-aes256-GCM" },
268  { "CHACHA20-POLY1305", "ChaCha20-Poly1305" },
269 };
271  sizeof(cipher_name_translation_table) / sizeof(*cipher_name_translation_table);
272 
273 
274 static int
275 cipher_name_cmp(const void *a, const void *b)
276 {
277  const EVP_CIPHER *const *cipher_a = a;
278  const EVP_CIPHER *const *cipher_b = b;
279 
280  return strcmp(cipher_kt_name(*cipher_a), cipher_kt_name(*cipher_b));
281 }
282 
283 void
285 {
286  int nid;
287  size_t i;
288 
289  /* If we ever exceed this, we must be more selective */
290  const EVP_CIPHER *cipher_list[1000];
291  size_t num_ciphers = 0;
292 #ifndef ENABLE_SMALL
293  printf("The following ciphers and cipher modes are available for use\n"
294  "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n"
295  "parameter to the --data-ciphers (or --cipher) option. In static \n"
296  "key mode only CBC mode is allowed.\n\n");
297 #endif
298 
299  for (nid = 0; nid < 10000; ++nid)
300  {
301  const EVP_CIPHER *cipher = EVP_get_cipherbynid(nid);
302  if (cipher && (cipher_kt_mode_cbc(cipher)
303 #ifdef ENABLE_OFB_CFB_MODE
304  || cipher_kt_mode_ofb_cfb(cipher)
305 #endif
306  || cipher_kt_mode_aead(cipher)
307  ))
308  {
309  cipher_list[num_ciphers++] = cipher;
310  }
311  if (num_ciphers == (sizeof(cipher_list)/sizeof(*cipher_list)))
312  {
313  msg(M_WARN, "WARNING: Too many ciphers, not showing all");
314  break;
315  }
316  }
317 
318  /* cast to non-const to prevent warning */
319  qsort((EVP_CIPHER *)cipher_list, num_ciphers, sizeof(*cipher_list), cipher_name_cmp);
320 
321  for (i = 0; i < num_ciphers; i++)
322  {
323  if (!cipher_kt_insecure(cipher_list[i]))
324  {
325  print_cipher(cipher_list[i]);
326  }
327  }
328 
329  printf("\nThe following ciphers have a block size of less than 128 bits, \n"
330  "and are therefore deprecated. Do not use unless you have to.\n\n");
331  for (i = 0; i < num_ciphers; i++)
332  {
333  if (cipher_kt_insecure(cipher_list[i]))
334  {
335  print_cipher(cipher_list[i]);
336  }
337  }
338  printf("\n");
339 }
340 
341 void
343 {
344  int nid;
345 
346 #ifndef ENABLE_SMALL
347  printf("The following message digests are available for use with\n"
348  PACKAGE_NAME ". A message digest is used in conjunction with\n"
349  "the HMAC function, to authenticate received packets.\n"
350  "You can specify a message digest as parameter to\n"
351  "the --auth option.\n\n");
352 #endif
353 
354  for (nid = 0; nid < 10000; ++nid)
355  {
356  const EVP_MD *digest = EVP_get_digestbynid(nid);
357  if (digest)
358  {
359  printf("%s %d bit digest size\n",
360  OBJ_nid2sn(nid), EVP_MD_size(digest) * 8);
361  }
362  }
363  printf("\n");
364 }
365 
366 void
368 {
369 #if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */
370  ENGINE *e;
371 
372  printf("OpenSSL Crypto Engines\n\n");
373 
374  ENGINE_load_builtin_engines();
375 
376  e = ENGINE_get_first();
377  while (e)
378  {
379  printf("%s [%s]\n",
380  ENGINE_get_name(e),
381  ENGINE_get_id(e));
382  e = ENGINE_get_next(e);
383  }
384  ENGINE_cleanup();
385 #else /* if HAVE_OPENSSL_ENGINE */
386  printf("Sorry, OpenSSL hardware crypto engine functionality is not available.\n");
387 #endif
388 }
389 
390 
391 bool
392 crypto_pem_encode(const char *name, struct buffer *dst,
393  const struct buffer *src, struct gc_arena *gc)
394 {
395  bool ret = false;
396  BIO *bio = BIO_new(BIO_s_mem());
397  if (!bio || !PEM_write_bio(bio, name, "", BPTR(src), BLEN(src)))
398  {
399  ret = false;
400  goto cleanup;
401  }
402 
403  BUF_MEM *bptr;
404  BIO_get_mem_ptr(bio, &bptr);
405 
406  *dst = alloc_buf_gc(bptr->length, gc);
407  ASSERT(buf_write(dst, bptr->data, bptr->length));
408 
409  ret = true;
410 cleanup:
411  if (!BIO_free(bio))
412  {
413  ret = false;
414  }
415 
416  return ret;
417 }
418 
419 bool
420 crypto_pem_decode(const char *name, struct buffer *dst,
421  const struct buffer *src)
422 {
423  bool ret = false;
424 
425  BIO *bio = BIO_new_mem_buf((char *)BPTR(src), BLEN(src));
426  if (!bio)
427  {
428  crypto_msg(M_FATAL, "Cannot open memory BIO for PEM decode");
429  }
430 
431  char *name_read = NULL;
432  char *header_read = NULL;
433  uint8_t *data_read = NULL;
434  long data_read_len = 0;
435  if (!PEM_read_bio(bio, &name_read, &header_read, &data_read,
436  &data_read_len))
437  {
438  dmsg(D_CRYPT_ERRORS, "%s: PEM decode failed", __func__);
439  goto cleanup;
440  }
441 
442  if (strcmp(name, name_read))
443  {
445  "%s: unexpected PEM name (got '%s', expected '%s')",
446  __func__, name_read, name);
447  goto cleanup;
448  }
449 
450  uint8_t *dst_data = buf_write_alloc(dst, data_read_len);
451  if (!dst_data)
452  {
453  dmsg(D_CRYPT_ERRORS, "%s: dst too small (%i, needs %li)", __func__,
454  BCAP(dst), data_read_len);
455  goto cleanup;
456  }
457  memcpy(dst_data, data_read, data_read_len);
458 
459  ret = true;
460 cleanup:
461  OPENSSL_free(name_read);
462  OPENSSL_free(header_read);
463  OPENSSL_free(data_read);
464  if (!BIO_free(bio))
465  {
466  ret = false;
467  }
468 
469  return ret;
470 }
471 
472 /*
473  *
474  * Random number functions, used in cases where we want
475  * reasonably strong cryptographic random number generation
476  * without depleting our entropy pool. Used for random
477  * IV values and a number of other miscellaneous tasks.
478  *
479  */
480 
481 int
482 rand_bytes(uint8_t *output, int len)
483 {
484  if (unlikely(1 != RAND_bytes(output, len)))
485  {
486  crypto_msg(D_CRYPT_ERRORS, "RAND_bytes() failed");
487  return 0;
488  }
489  return 1;
490 }
491 
492 /*
493  *
494  * Key functions, allow manipulation of keys.
495  *
496  */
497 
498 
499 int
500 key_des_num_cblocks(const EVP_CIPHER *kt)
501 {
502  int ret = 0;
503  const char *name = OBJ_nid2sn(EVP_CIPHER_nid(kt));
504  if (name)
505  {
506  if (!strncmp(name, "DES-", 4))
507  {
508  ret = EVP_CIPHER_key_length(kt) / sizeof(DES_cblock);
509  }
510  else if (!strncmp(name, "DESX-", 5))
511  {
512  ret = 1;
513  }
514  }
515  dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
516  return ret;
517 }
518 
519 bool
520 key_des_check(uint8_t *key, int key_len, int ndc)
521 {
522  int i;
523  struct buffer b;
524 
525  buf_set_read(&b, key, key_len);
526 
527  for (i = 0; i < ndc; ++i)
528  {
529  DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock));
530  if (!dc)
531  {
533  "CRYPTO INFO: check_key_DES: insufficient key material");
534  goto err;
535  }
536  if (DES_is_weak_key(dc))
537  {
539  "CRYPTO INFO: check_key_DES: weak key detected");
540  goto err;
541  }
542  if (!DES_check_key_parity(dc))
543  {
545  "CRYPTO INFO: check_key_DES: bad parity detected");
546  goto err;
547  }
548  }
549  return true;
550 
551 err:
552  ERR_clear_error();
553  return false;
554 }
555 
556 void
557 key_des_fixup(uint8_t *key, int key_len, int ndc)
558 {
559  int i;
560  struct buffer b;
561 
562  buf_set_read(&b, key, key_len);
563  for (i = 0; i < ndc; ++i)
564  {
565  DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock));
566  if (!dc)
567  {
568  msg(D_CRYPT_ERRORS, "CRYPTO INFO: fixup_key_DES: insufficient key material");
569  ERR_clear_error();
570  return;
571  }
572  DES_set_odd_parity(dc);
573  }
574 }
575 
576 
577 /*
578  *
579  * Generic cipher key type functions
580  *
581  */
582 
583 
584 const EVP_CIPHER *
585 cipher_kt_get(const char *ciphername)
586 {
587  const EVP_CIPHER *cipher = NULL;
588 
589  ASSERT(ciphername);
590 
591  ciphername = translate_cipher_name_from_openvpn(ciphername);
592  cipher = EVP_get_cipherbyname(ciphername);
593 
594  if (NULL == cipher)
595  {
596  crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername);
597  return NULL;
598  }
599 
600 
601  if (EVP_CIPHER_key_length(cipher) > MAX_CIPHER_KEY_LENGTH)
602  {
603  msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%d bytes) "
604  "which is larger than " PACKAGE_NAME "'s current maximum key size "
605  "(%d bytes)", ciphername, EVP_CIPHER_key_length(cipher),
607  return NULL;
608  }
609 
610  return cipher;
611 }
612 
613 const char *
614 cipher_kt_name(const EVP_CIPHER *cipher_kt)
615 {
616  if (NULL == cipher_kt)
617  {
618  return "[null-cipher]";
619  }
620 
621  const char *name = EVP_CIPHER_name(cipher_kt);
623 }
624 
625 int
626 cipher_kt_key_size(const EVP_CIPHER *cipher_kt)
627 {
628  return EVP_CIPHER_key_length(cipher_kt);
629 }
630 
631 int
632 cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
633 {
634  return EVP_CIPHER_iv_length(cipher_kt);
635 }
636 
637 int
638 cipher_kt_block_size(const EVP_CIPHER *cipher)
639 {
640  /*
641  * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work
642  * around that, try to replace the mode with 'CBC' and return the block size
643  * reported for that cipher, if possible. If that doesn't work, just return
644  * the value reported by OpenSSL.
645  */
646  char *name = NULL;
647  char *mode_str = NULL;
648  const char *orig_name = NULL;
649  const EVP_CIPHER *cbc_cipher = NULL;
650 
651  int block_size = EVP_CIPHER_block_size(cipher);
652 
653  orig_name = EVP_CIPHER_name(cipher);
654  if (!orig_name)
655  {
656  goto cleanup;
657  }
658 
659  name = string_alloc(translate_cipher_name_to_openvpn(orig_name), NULL);
660  mode_str = strrchr(name, '-');
661  if (!mode_str || strlen(mode_str) < 4)
662  {
663  goto cleanup;
664  }
665 
666  strcpy(mode_str, "-CBC");
667 
668  cbc_cipher = EVP_get_cipherbyname(translate_cipher_name_from_openvpn(name));
669  if (cbc_cipher)
670  {
671  block_size = EVP_CIPHER_block_size(cbc_cipher);
672  }
673 
674 cleanup:
675  free(name);
676  return block_size;
677 }
678 
679 int
680 cipher_kt_tag_size(const EVP_CIPHER *cipher_kt)
681 {
682  if (cipher_kt_mode_aead(cipher_kt))
683  {
685  }
686  else
687  {
688  return 0;
689  }
690 }
691 
692 bool
693 cipher_kt_insecure(const EVP_CIPHER *cipher)
694 {
695  return !(cipher_kt_block_size(cipher) >= 128 / 8
696 #ifdef NID_chacha20_poly1305
697  || EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305
698 #endif
699  );
700 }
701 
702 int
703 cipher_kt_mode(const EVP_CIPHER *cipher_kt)
704 {
705  ASSERT(NULL != cipher_kt);
706  return EVP_CIPHER_mode(cipher_kt);
707 }
708 
709 bool
711 {
712  return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
713  /* Exclude AEAD cipher modes, they require a different API */
714  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
715 }
716 
717 bool
719 {
720  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB
721  || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB)
722  /* Exclude AEAD cipher modes, they require a different API */
723  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
724 }
725 
726 bool
728 {
729  if (cipher)
730  {
731  if (EVP_CIPHER_mode(cipher) == OPENVPN_MODE_GCM)
732  {
733  return true;
734  }
735 
736 #ifdef NID_chacha20_poly1305
737  if (EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305)
738  {
739  return true;
740  }
741 #endif
742  }
743 
744  return false;
745 }
746 
747 /*
748  *
749  * Generic cipher context functions
750  *
751  */
752 
753 cipher_ctx_t *
755 {
756  EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
757  check_malloc_return(ctx);
758  return ctx;
759 }
760 
761 void
762 cipher_ctx_free(EVP_CIPHER_CTX *ctx)
763 {
764  EVP_CIPHER_CTX_free(ctx);
765 }
766 
767 void
768 cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len,
769  const EVP_CIPHER *kt, int enc)
770 {
771  ASSERT(NULL != kt && NULL != ctx);
772 
774  if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc))
775  {
776  crypto_msg(M_FATAL, "EVP cipher init #1");
777  }
778  if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc))
779  {
780  crypto_msg(M_FATAL, "EVP cipher init #2");
781  }
782 
783  /* make sure we used a big enough key */
784  ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= key_len);
785 }
786 
787 int
788 cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
789 {
790  return EVP_CIPHER_CTX_iv_length(ctx);
791 }
792 
793 int
794 cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
795 {
796  return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_size, tag_buf);
797 }
798 
799 int
800 cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
801 {
802  return EVP_CIPHER_CTX_block_size(ctx);
803 }
804 
805 int
806 cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
807 {
808  return EVP_CIPHER_CTX_mode(ctx);
809 }
810 
811 const cipher_kt_t *
813 {
814  return ctx ? EVP_CIPHER_CTX_cipher(ctx) : NULL;
815 }
816 
817 
818 int
819 cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
820 {
821  return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
822 }
823 
824 int
825 cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
826 {
827  int len;
828  if (!EVP_CipherUpdate(ctx, NULL, &len, src, src_len))
829  {
830  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
831  }
832  return 1;
833 }
834 
835 int
836 cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
837  uint8_t *src, int src_len)
838 {
839  if (!EVP_CipherUpdate(ctx, dst, dst_len, src, src_len))
840  {
841  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
842  }
843  return 1;
844 }
845 
846 int
847 cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
848 {
849  return EVP_CipherFinal(ctx, dst, dst_len);
850 }
851 
852 int
853 cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
854  uint8_t *tag, size_t tag_len)
855 {
856  ASSERT(tag_len < SIZE_MAX);
857  if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
858  {
859  return 0;
860  }
861 
862  return cipher_ctx_final(ctx, dst, dst_len);
863 }
864 
865 void
867  unsigned char src[DES_KEY_LENGTH],
868  unsigned char dst[DES_KEY_LENGTH])
869 {
870  DES_key_schedule sched;
871 
872  DES_set_key_unchecked((DES_cblock *)key, &sched);
873  DES_ecb_encrypt((DES_cblock *)src, (DES_cblock *)dst, &sched, DES_ENCRYPT);
874 }
875 
876 /*
877  *
878  * Generic message digest information functions
879  *
880  */
881 
882 
883 const EVP_MD *
884 md_kt_get(const char *digest)
885 {
886  const EVP_MD *md = NULL;
887  ASSERT(digest);
888  md = EVP_get_digestbyname(digest);
889  if (!md)
890  {
891  crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
892  }
893  if (EVP_MD_size(md) > MAX_HMAC_KEY_LENGTH)
894  {
895  crypto_msg(M_FATAL, "Message hash algorithm '%s' uses a default hash "
896  "size (%d bytes) which is larger than " PACKAGE_NAME "'s current "
897  "maximum hash size (%d bytes)",
898  digest, EVP_MD_size(md), MAX_HMAC_KEY_LENGTH);
899  }
900  return md;
901 }
902 
903 const char *
904 md_kt_name(const EVP_MD *kt)
905 {
906  if (NULL == kt)
907  {
908  return "[null-digest]";
909  }
910  return EVP_MD_name(kt);
911 }
912 
913 unsigned char
914 md_kt_size(const EVP_MD *kt)
915 {
916  return (unsigned char)EVP_MD_size(kt);
917 }
918 
919 
920 /*
921  *
922  * Generic message digest functions
923  *
924  */
925 
926 int
927 md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
928 {
929  unsigned int in_md_len = 0;
930 
931  return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL);
932 }
933 
934 EVP_MD_CTX *
936 {
937  EVP_MD_CTX *ctx = EVP_MD_CTX_new();
938  check_malloc_return(ctx);
939  return ctx;
940 }
941 
942 void
943 md_ctx_free(EVP_MD_CTX *ctx)
944 {
945  EVP_MD_CTX_free(ctx);
946 }
947 
948 void
949 md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
950 {
951  ASSERT(NULL != ctx && NULL != kt);
952 
953  EVP_MD_CTX_init(ctx);
954  if (!EVP_DigestInit(ctx, kt))
955  {
956  crypto_msg(M_FATAL, "EVP_DigestInit failed");
957  }
958 }
959 
960 void
961 md_ctx_cleanup(EVP_MD_CTX *ctx)
962 {
963  EVP_MD_CTX_reset(ctx);
964 }
965 
966 int
967 md_ctx_size(const EVP_MD_CTX *ctx)
968 {
969  return EVP_MD_CTX_size(ctx);
970 }
971 
972 void
973 md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
974 {
975  EVP_DigestUpdate(ctx, src, src_len);
976 }
977 
978 void
979 md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
980 {
981  unsigned int in_md_len = 0;
982 
983  EVP_DigestFinal(ctx, dst, &in_md_len);
984 }
985 
986 
987 /*
988  *
989  * Generic HMAC functions
990  *
991  */
992 
993 HMAC_CTX *
995 {
996  HMAC_CTX *ctx = HMAC_CTX_new();
997  check_malloc_return(ctx);
998  return ctx;
999 }
1000 
1001 void
1002 hmac_ctx_free(HMAC_CTX *ctx)
1003 {
1004  HMAC_CTX_free(ctx);
1005 }
1006 
1007 void
1008 hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
1009  const EVP_MD *kt)
1010 {
1011  ASSERT(NULL != kt && NULL != ctx);
1012 
1013  HMAC_CTX_reset(ctx);
1014  if (!HMAC_Init_ex(ctx, key, key_len, kt, NULL))
1015  {
1016  crypto_msg(M_FATAL, "HMAC_Init_ex failed");
1017  }
1018 
1019  /* make sure we used a big enough key */
1020  ASSERT(HMAC_size(ctx) <= key_len);
1021 }
1022 
1023 void
1024 hmac_ctx_cleanup(HMAC_CTX *ctx)
1025 {
1026  HMAC_CTX_reset(ctx);
1027 }
1028 
1029 int
1030 hmac_ctx_size(const HMAC_CTX *ctx)
1031 {
1032  return HMAC_size(ctx);
1033 }
1034 
1035 void
1036 hmac_ctx_reset(HMAC_CTX *ctx)
1037 {
1038  if (!HMAC_Init_ex(ctx, NULL, 0, NULL, NULL))
1039  {
1040  crypto_msg(M_FATAL, "HMAC_Init_ex failed");
1041  }
1042 }
1043 
1044 void
1045 hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
1046 {
1047  HMAC_Update(ctx, src, src_len);
1048 }
1049 
1050 void
1051 hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
1052 {
1053  unsigned int in_hmac_len = 0;
1054 
1055  HMAC_Final(ctx, dst, &in_hmac_len);
1056 }
1057 
1058 int
1059 memcmp_constant_time(const void *a, const void *b, size_t size)
1060 {
1061  return CRYPTO_memcmp(a, b, size);
1062 }
1063 
1064 #if HAVE_OPENSSL_ENGINE
1065 static int
1066 ui_reader(UI *ui, UI_STRING *uis)
1067 {
1068  SSL_CTX *ctx = UI_get0_user_data(ui);
1069 
1070  if (UI_get_string_type(uis) == UIT_PROMPT)
1071  {
1072  pem_password_cb *cb = SSL_CTX_get_default_passwd_cb(ctx);
1074  char password[64];
1075 
1076  cb(password, sizeof(password), 0, d);
1077  UI_set_result(ui, uis, password);
1078 
1079  return 1;
1080  }
1081  return 0;
1082 }
1083 #endif
1084 
1085 EVP_PKEY *
1086 engine_load_key(const char *file, SSL_CTX *ctx)
1087 {
1088 #if HAVE_OPENSSL_ENGINE
1089  UI_METHOD *ui;
1090  EVP_PKEY *pkey;
1091 
1092  if (!engine_persist)
1093  {
1094  return NULL;
1095  }
1096 
1097  /* this will print out the error from BIO_read */
1098  crypto_msg(M_INFO, "PEM_read_bio failed, now trying engine method to load private key");
1099 
1100  ui = UI_create_method("openvpn");
1101  if (!ui)
1102  {
1103  crypto_msg(M_FATAL, "Engine UI creation failed");
1104  return NULL;
1105  }
1106 
1107  UI_method_set_reader(ui, ui_reader);
1108 
1109  ENGINE_init(engine_persist);
1110  pkey = ENGINE_load_private_key(engine_persist, file, ui, ctx);
1111  ENGINE_finish(engine_persist);
1112  if (!pkey)
1113  {
1114  crypto_msg(M_FATAL, "Engine could not load key file");
1115  }
1116 
1117  UI_destroy_method(ui);
1118  return pkey;
1119 #else /* if HAVE_OPENSSL_ENGINE */
1120  return NULL;
1121 #endif /* if HAVE_OPENSSL_ENGINE */
1122 }
1123 
1124 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
1125 bool
1126 ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
1127  int secret_len, uint8_t *output, int output_len)
1128 {
1129  EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
1130  if (!pctx)
1131  {
1132  return false;
1133  }
1134 
1135  bool ret = false;
1136  if (!EVP_PKEY_derive_init(pctx))
1137  {
1138  goto out;
1139  }
1140 
1141  if (!EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_md5_sha1()))
1142  {
1143  goto out;
1144  }
1145 
1146  if (!EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, secret, secret_len))
1147  {
1148  goto out;
1149  }
1150 
1151  if (!EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seed_len))
1152  {
1153  goto out;
1154  }
1155 
1156  size_t out_len = output_len;
1157  if (!EVP_PKEY_derive(pctx, output, &out_len))
1158  {
1159  goto out;
1160  }
1161  if (out_len != output_len)
1162  {
1163  goto out;
1164  }
1165  ret = true;
1166 out:
1167  EVP_PKEY_CTX_free(pctx);
1168  return ret;
1169 }
1170 #else /* if OPENSSL_VERSION_NUMBER >= 0x10100000L */
1171 /*
1172  * Generate the hash required by for the \c tls1_PRF function.
1173  *
1174  * We cannot use our normal hmac_* function as they do not work
1175  * in a FIPS environment (no MD5 allowed, which we need). Instead
1176  * we need to directly use the EVP_MD_* API with the special
1177  * EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag.
1178  *
1179  * The function below is adapted from OpenSSL 1.0.2t
1180  *
1181  * @param md_kt Message digest to use
1182  * @param sec Secret to base the hash on
1183  * @param sec_len Length of the secret
1184  * @param seed Seed to hash
1185  * @param seed_len Length of the seed
1186  * @param out Output buffer
1187  * @param olen Length of the output buffer
1188  */
1189 static
1190 bool
1191 tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
1192  int sec_len, const void *seed, int seed_len,
1193  unsigned char *out, int olen)
1194 {
1195  int chunk;
1196  size_t j;
1197  EVP_MD_CTX ctx, ctx_tmp, ctx_init;
1198  EVP_PKEY *mac_key;
1199  unsigned char A1[EVP_MAX_MD_SIZE];
1200  size_t A1_len = EVP_MAX_MD_SIZE;
1201  int ret = false;
1202 
1203  chunk = EVP_MD_size(md);
1204  OPENSSL_assert(chunk >= 0);
1205 
1206  EVP_MD_CTX_init(&ctx);
1207  EVP_MD_CTX_init(&ctx_tmp);
1208  EVP_MD_CTX_init(&ctx_init);
1209  EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1210  mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
1211  if (!mac_key)
1212  {
1213  goto err;
1214  }
1215  if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key))
1216  {
1217  goto err;
1218  }
1219  if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
1220  {
1221  goto err;
1222  }
1223  if (!EVP_DigestSignUpdate(&ctx, seed, seed_len))
1224  {
1225  goto err;
1226  }
1227  if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
1228  {
1229  goto err;
1230  }
1231 
1232  for (;; )
1233  {
1234  /* Reinit mac contexts */
1235  if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
1236  {
1237  goto err;
1238  }
1239  if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
1240  {
1241  goto err;
1242  }
1243  if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx))
1244  {
1245  goto err;
1246  }
1247  if (!EVP_DigestSignUpdate(&ctx, seed, seed_len))
1248  {
1249  goto err;
1250  }
1251 
1252  if (olen > chunk)
1253  {
1254  j = olen;
1255  if (!EVP_DigestSignFinal(&ctx, out, &j))
1256  {
1257  goto err;
1258  }
1259  out += j;
1260  olen -= j;
1261  /* calc the next A1 value */
1262  if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
1263  {
1264  goto err;
1265  }
1266  }
1267  else
1268  {
1269  A1_len = EVP_MAX_MD_SIZE;
1270  /* last one */
1271  if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
1272  {
1273  goto err;
1274  }
1275  memcpy(out, A1, olen);
1276  break;
1277  }
1278  }
1279  ret = true;
1280 err:
1281  EVP_PKEY_free(mac_key);
1282  EVP_MD_CTX_cleanup(&ctx);
1283  EVP_MD_CTX_cleanup(&ctx_tmp);
1284  EVP_MD_CTX_cleanup(&ctx_init);
1285  OPENSSL_cleanse(A1, sizeof(A1));
1286  return ret;
1287 }
1288 
1289 
1290 /*
1291  * Use the TLS PRF function for generating data channel keys.
1292  * This code is based on the OpenSSL library.
1293  *
1294  * TLS generates keys as such:
1295  *
1296  * master_secret[48] = PRF(pre_master_secret[48], "master secret",
1297  * ClientHello.random[32] + ServerHello.random[32])
1298  *
1299  * key_block[] = PRF(SecurityParameters.master_secret[48],
1300  * "key expansion",
1301  * SecurityParameters.server_random[32] +
1302  * SecurityParameters.client_random[32]);
1303  *
1304  * Notes:
1305  *
1306  * (1) key_block contains a full set of 4 keys.
1307  * (2) The pre-master secret is generated by the client.
1308  */
1309 bool
1310 ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec,
1311  int slen, uint8_t *out1, int olen)
1312 {
1313  bool ret = true;
1314  struct gc_arena gc = gc_new();
1315  /* For some reason our md_kt_get("MD5") fails otherwise in the unit test */
1316  const md_kt_t *md5 = EVP_md5();
1317  const md_kt_t *sha1 = EVP_sha1();
1318 
1319  uint8_t *out2 = (uint8_t *)gc_malloc(olen, false, &gc);
1320 
1321  int len = slen/2;
1322  const uint8_t *S1 = sec;
1323  const uint8_t *S2 = &(sec[len]);
1324  len += (slen&1); /* add for odd, make longer */
1325 
1326  if (!tls1_P_hash(md5, S1, len, label, label_len, out1, olen))
1327  {
1328  ret = false;
1329  goto done;
1330  }
1331 
1332  if (!tls1_P_hash(sha1, S2, len, label, label_len, out2, olen))
1333  {
1334  ret = false;
1335  goto done;
1336  }
1337 
1338  for (int i = 0; i < olen; i++)
1339  {
1340  out1[i] ^= out2[i];
1341  }
1342 
1343  secure_memzero(out2, olen);
1344 
1345  dmsg(D_SHOW_KEY_SOURCE, "tls1_PRF out[%d]: %s", olen, format_hex(out1, olen, 0, &gc));
1346 done:
1347  gc_free(&gc);
1348  return ret;
1349 }
1350 #endif /* if OPENSSL_VERSION_NUMBER >= 0x10100000L */
1351 #endif /* ENABLE_CRYPTO_OPENSSL */
int cipher_kt_tag_size(const EVP_CIPHER *cipher_kt)
void md_ctx_cleanup(EVP_MD_CTX *ctx)
#define D_CRYPT_ERRORS
Definition: errlevel.h:58
int md_ctx_size(const EVP_MD_CTX *ctx)
EVP_PKEY * engine_load_key(const char *file, SSL_CTX *ctx)
Load a key file from an engine.
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
bool cipher_kt_insecure(const EVP_CIPHER *cipher)
static void * SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
Fetch the default password callback user data from the SSL context.
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:685
static uint8_t * buf_write_alloc(struct buffer *buf, size_t size)
Definition: buffer.h:656
#define D_CRYPTO_DEBUG
Definition: errlevel.h:146
int hmac_ctx_size(const HMAC_CTX *ctx)
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:401
#define M_INFO
Definition: errlevel.h:55
const size_t cipher_name_translation_table_count
int cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
static pem_password_cb * SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
Fetch the default password callback from the SSL context.
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1023
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
static uint8_t * buf_read_alloc(struct buffer *buf, int size)
Definition: buffer.h:675
#define unlikely(x)
Definition: syshead.h:36
#define OPENVPN_MODE_OFB
Cipher is in OFB mode.
void hmac_ctx_reset(HMAC_CTX *ctx)
static int cipher_name_cmp(const void *a, const void *b)
#define OPENVPN_MODE_CFB
Cipher is in CFB mode.
void show_available_ciphers(void)
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
int md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
const EVP_CIPHER * cipher_kt_get(const char *ciphername)
Return cipher parameters, based on the given cipher name.
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
Definition: buffer.h:526
void hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
#define EVP_CTRL_AEAD_GET_TAG
void crypto_init_lib_engine(const char *engine_name)
#define dmsg(flags,...)
Definition: error.h:157
cipher_ctx_t * cipher_ctx_new(void)
Generic cipher functions.
const cipher_kt_t * cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
Returns the static cipher parameters for this context.
static int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
Reset a message digest context.
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition: buffer.h:335
void md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
int cipher_kt_block_size(const EVP_CIPHER *cipher)
#define MAX_CIPHER_KEY_LENGTH
int cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
void hmac_ctx_cleanup(HMAC_CTX *ctx)
int cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
void md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
#define ASSERT(x)
Definition: error.h:204
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
#define D_LOW
Definition: errlevel.h:98
void cipher_ctx_free(EVP_CIPHER_CTX *ctx)
static char * engine_name
Definition: libtestengine.c:7
#define BCAP(buf)
Definition: buffer.h:130
list flags
#define OPENVPN_MODE_GCM
Cipher is in GCM mode.
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
static HMAC_CTX * HMAC_CTX_new(void)
Allocate a new HMAC context object.
HMAC_CTX * hmac_ctx_new(void)
void print_cipher(const cipher_kt_t *cipher)
Print a cipher list entry.
Definition: crypto.c:1787
void md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
#define BPTR(buf)
Definition: buffer.h:124
void show_available_engines(void)
void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], unsigned char src[DES_KEY_LENGTH], unsigned char dst[DES_KEY_LENGTH])
Encrypt the given block, using DES ECB mode.
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
#define OPENVPN_MODE_CBC
Cipher is in CBC mode.
static struct gc_arena gc_new(void)
Definition: buffer.h:1015
const EVP_MD * md_kt_get(const char *digest)
Return message digest parameters, based on the given digest name.
#define PACKAGE_NAME
Definition: config.h:730
const char * md_kt_name(const EVP_MD *kt)
void hmac_ctx_free(HMAC_CTX *ctx)
bool key_des_check(uint8_t *key, int key_len, int ndc)
void hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, const EVP_MD *kt)
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition: buffer.c:405
mbedtls_md_info_t md_kt_t
Generic message digest key type context.
mbedtls_cipher_info_t cipher_kt_t
Generic cipher key type context.
void hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
Free an existing message digest context.
int cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
bool cipher_kt_mode_aead(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported AEAD mode cipher.
const char * cipher_kt_name(const EVP_CIPHER *cipher_kt)
int cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
uint8_t * data
Pointer to the allocated memory.
Definition: buffer.h:68
#define ENABLE_OFB_CFB_MODE
Definition: config.h:65
void key_des_fixup(uint8_t *key, int key_len, int ndc)
void cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len, const EVP_CIPHER *kt, int enc)
#define MAX_HMAC_KEY_LENGTH
int cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
static int HMAC_CTX_reset(HMAC_CTX *ctx)
Reset a HMAC context.
#define BLEN(buf)
Definition: buffer.h:127
#define msg(flags,...)
Definition: error.h:153
#define D_SHOW_KEY_SOURCE
Definition: errlevel.h:120
unsigned char md_kt_size(const EVP_MD *kt)
void md_ctx_free(EVP_MD_CTX *ctx)
static EVP_MD_CTX * EVP_MD_CTX_new(void)
Allocate a new message digest object.
static void HMAC_CTX_free(HMAC_CTX *ctx)
Cleanup and free an existing HMAC context.
static void check_malloc_return(const void *p)
Definition: buffer.h:1093
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.
int cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
EVP_MD_CTX * md_ctx_new(void)
Struct used in cipher name translation table.
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define M_FATAL
Definition: error.h:98
const char * translate_cipher_name_to_openvpn(const char *cipher_name)
Translate a crypto library cipher name to an OpenVPN cipher name.
Definition: crypto.c:1848
int cipher_kt_key_size(const EVP_CIPHER *cipher_kt)
static bool tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, const void *seed, int seed_len, unsigned char *out, int olen)
void crypto_clear_error(void)
const char * translate_cipher_name_from_openvpn(const char *cipher_name)
Translate a data channel cipher name from the crypto library specific name to the OpenVPN config file...
Definition: crypto.c:1835
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
int cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
#define M_WARN
Definition: error.h:100
#define free
Definition: cmocka.c:1850
void crypto_init_lib(void)
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition: buffer.h:689
#define OPENVPN_AEAD_TAG_LENGTH
int cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported CBC mode cipher.
void crypto_uninit_lib(void)
int key_des_num_cblocks(const EVP_CIPHER *kt)
#define EVP_CIPHER_CTX_reset
#define DES_KEY_LENGTH
void show_available_digests(void)
#define EVP_CTRL_AEAD_SET_TAG
int cipher_kt_mode(const EVP_CIPHER *cipher_kt)
bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
bool ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec, int slen, uint8_t *out1, int olen)
Calculates the TLS 1.0-1.1 PRF function.
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
int cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)