OpenVPN
crypto_openssl.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #elif defined(_MSC_VER)
32 #include "config-msvc.h"
33 #endif
34 
35 #include "syshead.h"
36 
37 #if defined(ENABLE_CRYPTO_OPENSSL)
38 
39 #include "basic.h"
40 #include "buffer.h"
41 #include "integer.h"
42 #include "crypto.h"
43 #include "crypto_backend.h"
44 #include "openssl_compat.h"
45 
46 #include <openssl/des.h>
47 #include <openssl/err.h>
48 #include <openssl/evp.h>
49 #include <openssl/objects.h>
50 #include <openssl/rand.h>
51 #include <openssl/ssl.h>
52 
53 /*
54  * Check for key size creepage.
55  */
56 
57 #if MAX_CIPHER_KEY_LENGTH < EVP_MAX_KEY_LENGTH
58 #warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH
59 #endif
60 
61 #if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE
62 #warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH
63 #endif
64 
65 #if HAVE_OPENSSL_ENGINE
66 #include <openssl/engine.h>
67 
68 static bool engine_initialized = false; /* GLOBAL */
69 
70 static ENGINE *engine_persist = NULL; /* GLOBAL */
71 
72 /* Try to load an engine in a shareable library */
73 static ENGINE *
74 try_load_engine(const char *engine)
75 {
76  ENGINE *e = ENGINE_by_id("dynamic");
77  if (e)
78  {
79  if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
80  || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
81  {
82  ENGINE_free(e);
83  e = NULL;
84  }
85  }
86  return e;
87 }
88 
89 static ENGINE *
90 setup_engine(const char *engine)
91 {
92  ENGINE *e = NULL;
93 
94  ENGINE_load_builtin_engines();
95 
96  if (engine)
97  {
98  if (strcmp(engine, "auto") == 0)
99  {
100  msg(M_INFO, "Initializing OpenSSL auto engine support");
101  ENGINE_register_all_complete();
102  return NULL;
103  }
104  if ((e = ENGINE_by_id(engine)) == NULL
105  && (e = try_load_engine(engine)) == NULL)
106  {
107  crypto_msg(M_FATAL, "OpenSSL error: cannot load engine '%s'",
108  engine);
109  }
110 
111  if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
112  {
114  "OpenSSL error: ENGINE_set_default failed on engine '%s'",
115  engine);
116  }
117 
118  msg(M_INFO, "Initializing OpenSSL support for engine '%s'",
119  ENGINE_get_id(e));
120  }
121  return e;
122 }
123 
124 #endif /* HAVE_OPENSSL_ENGINE */
125 
126 void
127 crypto_init_lib_engine(const char *engine_name)
128 {
129 #if HAVE_OPENSSL_ENGINE
130  if (!engine_initialized)
131  {
132  ASSERT(engine_name);
133  ASSERT(!engine_persist);
134  engine_persist = setup_engine(engine_name);
135  engine_initialized = true;
136  }
137 #else /* if HAVE_OPENSSL_ENGINE */
138  msg(M_WARN, "Note: OpenSSL hardware crypto engine functionality is not available");
139 #endif
140 }
141 
142 /*
143  *
144  * Functions related to the core crypto library
145  *
146  */
147 
148 void
150 {
151  /*
152  * If you build the OpenSSL library and OpenVPN with
153  * CRYPTO_MDEBUG, you will get a listing of OpenSSL
154  * memory leaks on program termination.
155  */
156 
157 #ifdef CRYPTO_MDEBUG
158  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
159 #endif
160 }
161 
162 void
164 {
165 #ifdef CRYPTO_MDEBUG
166  FILE *fp = fopen("sdlog", "w");
167  ASSERT(fp);
168  CRYPTO_mem_leaks_fp(fp);
169  fclose(fp);
170 #endif
171 
172 #if HAVE_OPENSSL_ENGINE
173  if (engine_initialized)
174  {
175  ENGINE_cleanup();
176  engine_persist = NULL;
177  engine_initialized = false;
178  }
179 #endif
180 }
181 
182 void
184 {
185  ERR_clear_error();
186 }
187 
188 void
190 {
191  size_t err = 0;
192 
193  while ((err = ERR_get_error()))
194  {
195  /* Be more clear about frequently occurring "no shared cipher" error */
196  if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER)
197  {
198  msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites "
199  "in common with the client. Your --tls-cipher setting might be "
200  "too restrictive.");
201  }
202 
203  msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL));
204  }
205 }
206 
207 
208 /*
209  *
210  * OpenSSL memory debugging. If dmalloc debugging is enabled, tell
211  * OpenSSL to use our private malloc/realloc/free functions so that
212  * we can dispatch them to dmalloc.
213  *
214  */
215 
216 #ifdef DMALLOC
217 static void *
218 crypto_malloc(size_t size, const char *file, int line)
219 {
220  return dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0);
221 }
222 
223 static void *
224 crypto_realloc(void *ptr, size_t size, const char *file, int line)
225 {
226  return dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
227 }
228 
229 static void
230 crypto_free(void *ptr)
231 {
232  dmalloc_free(__FILE__, __LINE__, ptr, DMALLOC_FUNC_FREE);
233 }
234 
235 void
236 crypto_init_dmalloc(void)
237 {
238  CRYPTO_set_mem_ex_functions(crypto_malloc,
239  crypto_realloc,
240  crypto_free);
241 }
242 #endif /* DMALLOC */
243 
245  { "AES-128-GCM", "id-aes128-GCM" },
246  { "AES-192-GCM", "id-aes192-GCM" },
247  { "AES-256-GCM", "id-aes256-GCM" },
248  { "CHACHA20-POLY1305", "ChaCha20-Poly1305" },
249 };
251  sizeof(cipher_name_translation_table) / sizeof(*cipher_name_translation_table);
252 
253 
254 static int
255 cipher_name_cmp(const void *a, const void *b)
256 {
257  const EVP_CIPHER *const *cipher_a = a;
258  const EVP_CIPHER *const *cipher_b = b;
259 
260  const char *cipher_name_a =
261  translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_a));
262  const char *cipher_name_b =
263  translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_b));
264 
265  return strcmp(cipher_name_a, cipher_name_b);
266 }
267 
268 void
270 {
271  int nid;
272  size_t i;
273 
274  /* If we ever exceed this, we must be more selective */
275  const EVP_CIPHER *cipher_list[1000];
276  size_t num_ciphers = 0;
277 #ifndef ENABLE_SMALL
278  printf("The following ciphers and cipher modes are available for use\n"
279  "with " PACKAGE_NAME ". Each cipher shown below may be use as a\n"
280  "parameter to the --cipher option. The default key size is\n"
281  "shown as well as whether or not it can be changed with the\n"
282  "--keysize directive. Using a CBC or GCM mode is recommended.\n"
283  "In static key mode only CBC mode is allowed.\n\n");
284 #endif
285 
286  for (nid = 0; nid < 10000; ++nid)
287  {
288  const EVP_CIPHER *cipher = EVP_get_cipherbynid(nid);
289  if (cipher && (cipher_kt_mode_cbc(cipher)
290 #ifdef ENABLE_OFB_CFB_MODE
291  || cipher_kt_mode_ofb_cfb(cipher)
292 #endif
294  || cipher_kt_mode_aead(cipher)
295 #endif
296  ))
297  {
298  cipher_list[num_ciphers++] = cipher;
299  }
300  if (num_ciphers == (sizeof(cipher_list)/sizeof(*cipher_list)))
301  {
302  msg(M_WARN, "WARNING: Too many ciphers, not showing all");
303  break;
304  }
305  }
306 
307  qsort(cipher_list, num_ciphers, sizeof(*cipher_list), cipher_name_cmp);
308 
309  for (i = 0; i < num_ciphers; i++) {
310  if (!cipher_kt_insecure(cipher_list[i]))
311  {
312  print_cipher(cipher_list[i]);
313  }
314  }
315 
316  printf("\nThe following ciphers have a block size of less than 128 bits, \n"
317  "and are therefore deprecated. Do not use unless you have to.\n\n");
318  for (i = 0; i < num_ciphers; i++) {
319  if (cipher_kt_insecure(cipher_list[i]))
320  {
321  print_cipher(cipher_list[i]);
322  }
323  }
324  printf("\n");
325 }
326 
327 void
329 {
330  int nid;
331 
332 #ifndef ENABLE_SMALL
333  printf("The following message digests are available for use with\n"
334  PACKAGE_NAME ". A message digest is used in conjunction with\n"
335  "the HMAC function, to authenticate received packets.\n"
336  "You can specify a message digest as parameter to\n"
337  "the --auth option.\n\n");
338 #endif
339 
340  for (nid = 0; nid < 10000; ++nid)
341  {
342  const EVP_MD *digest = EVP_get_digestbynid(nid);
343  if (digest)
344  {
345  printf("%s %d bit digest size\n",
346  OBJ_nid2sn(nid), EVP_MD_size(digest) * 8);
347  }
348  }
349  printf("\n");
350 }
351 
352 void
354 {
355 #if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */
356  ENGINE *e;
357 
358  printf("OpenSSL Crypto Engines\n\n");
359 
360  ENGINE_load_builtin_engines();
361 
362  e = ENGINE_get_first();
363  while (e)
364  {
365  printf("%s [%s]\n",
366  ENGINE_get_name(e),
367  ENGINE_get_id(e));
368  e = ENGINE_get_next(e);
369  }
370  ENGINE_cleanup();
371 #else /* if HAVE_OPENSSL_ENGINE */
372  printf("Sorry, OpenSSL hardware crypto engine functionality is not available.\n");
373 #endif
374 }
375 
376 
377 bool
378 crypto_pem_encode(const char *name, struct buffer *dst,
379  const struct buffer *src, struct gc_arena *gc)
380 {
381  bool ret = false;
382  BIO *bio = BIO_new(BIO_s_mem());
383  if (!bio || !PEM_write_bio(bio, name, "", BPTR(src), BLEN(src)))
384  {
385  ret = false;
386  goto cleanup;
387  }
388 
389  BUF_MEM *bptr;
390  BIO_get_mem_ptr(bio, &bptr);
391 
392  *dst = alloc_buf_gc(bptr->length, gc);
393  ASSERT(buf_write(dst, bptr->data, bptr->length));
394 
395  ret = true;
396 cleanup:
397  if (!BIO_free(bio))
398  {
399  ret = false;;
400  }
401 
402  return ret;
403 }
404 
405 bool
406 crypto_pem_decode(const char *name, struct buffer *dst,
407  const struct buffer *src)
408 {
409  bool ret = false;
410 
411  BIO *bio = BIO_new_mem_buf((char *)BPTR(src), BLEN(src));
412  if (!bio)
413  {
414  crypto_msg(M_FATAL, "Cannot open memory BIO for PEM decode");
415  }
416 
417  char *name_read = NULL;
418  char *header_read = NULL;
419  uint8_t *data_read = NULL;
420  long data_read_len = 0;
421  if (!PEM_read_bio(bio, &name_read, &header_read, &data_read,
422  &data_read_len))
423  {
424  dmsg(D_CRYPT_ERRORS, "%s: PEM decode failed", __func__);
425  goto cleanup;
426  }
427 
428  if (strcmp(name, name_read))
429  {
431  "%s: unexpected PEM name (got '%s', expected '%s')",
432  __func__, name_read, name);
433  goto cleanup;
434  }
435 
436  uint8_t *dst_data = buf_write_alloc(dst, data_read_len);
437  if (!dst_data)
438  {
439  dmsg(D_CRYPT_ERRORS, "%s: dst too small (%i, needs %li)", __func__,
440  BCAP(dst), data_read_len);
441  goto cleanup;
442  }
443  memcpy(dst_data, data_read, data_read_len);
444 
445  ret = true;
446 cleanup:
447  OPENSSL_free(name_read);
448  OPENSSL_free(header_read);
449  OPENSSL_free(data_read);
450  if (!BIO_free(bio))
451  {
452  ret = false;;
453  }
454 
455  return ret;
456 }
457 
458 /*
459  *
460  * Random number functions, used in cases where we want
461  * reasonably strong cryptographic random number generation
462  * without depleting our entropy pool. Used for random
463  * IV values and a number of other miscellaneous tasks.
464  *
465  */
466 
467 int
468 rand_bytes(uint8_t *output, int len)
469 {
470  if (unlikely(1 != RAND_bytes(output, len)))
471  {
472  crypto_msg(D_CRYPT_ERRORS, "RAND_bytes() failed");
473  return 0;
474  }
475  return 1;
476 }
477 
478 /*
479  *
480  * Key functions, allow manipulation of keys.
481  *
482  */
483 
484 
485 int
486 key_des_num_cblocks(const EVP_CIPHER *kt)
487 {
488  int ret = 0;
489  const char *name = OBJ_nid2sn(EVP_CIPHER_nid(kt));
490  if (name)
491  {
492  if (!strncmp(name, "DES-", 4))
493  {
494  ret = EVP_CIPHER_key_length(kt) / sizeof(DES_cblock);
495  }
496  else if (!strncmp(name, "DESX-", 5))
497  {
498  ret = 1;
499  }
500  }
501  dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
502  return ret;
503 }
504 
505 bool
506 key_des_check(uint8_t *key, int key_len, int ndc)
507 {
508  int i;
509  struct buffer b;
510 
511  buf_set_read(&b, key, key_len);
512 
513  for (i = 0; i < ndc; ++i)
514  {
515  DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock));
516  if (!dc)
517  {
519  "CRYPTO INFO: check_key_DES: insufficient key material");
520  goto err;
521  }
522  if (DES_is_weak_key(dc))
523  {
525  "CRYPTO INFO: check_key_DES: weak key detected");
526  goto err;
527  }
528  if (!DES_check_key_parity(dc))
529  {
531  "CRYPTO INFO: check_key_DES: bad parity detected");
532  goto err;
533  }
534  }
535  return true;
536 
537 err:
538  ERR_clear_error();
539  return false;
540 }
541 
542 void
543 key_des_fixup(uint8_t *key, int key_len, int ndc)
544 {
545  int i;
546  struct buffer b;
547 
548  buf_set_read(&b, key, key_len);
549  for (i = 0; i < ndc; ++i)
550  {
551  DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock));
552  if (!dc)
553  {
554  msg(D_CRYPT_ERRORS, "CRYPTO INFO: fixup_key_DES: insufficient key material");
555  ERR_clear_error();
556  return;
557  }
558  DES_set_odd_parity(dc);
559  }
560 }
561 
562 
563 /*
564  *
565  * Generic cipher key type functions
566  *
567  */
568 
569 
570 const EVP_CIPHER *
571 cipher_kt_get(const char *ciphername)
572 {
573  const EVP_CIPHER *cipher = NULL;
574 
575  ASSERT(ciphername);
576 
577  cipher = EVP_get_cipherbyname(ciphername);
578 
579  if (NULL == cipher)
580  {
581  crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername);
582  return NULL;
583  }
584 
585 
586  if (EVP_CIPHER_key_length(cipher) > MAX_CIPHER_KEY_LENGTH)
587  {
588  msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%d bytes) "
589  "which is larger than " PACKAGE_NAME "'s current maximum key size "
590  "(%d bytes)", ciphername, EVP_CIPHER_key_length(cipher),
592  return NULL;
593  }
594 
595  return cipher;
596 }
597 
598 const char *
599 cipher_kt_name(const EVP_CIPHER *cipher_kt)
600 {
601  if (NULL == cipher_kt)
602  {
603  return "[null-cipher]";
604  }
605  return EVP_CIPHER_name(cipher_kt);
606 }
607 
608 int
609 cipher_kt_key_size(const EVP_CIPHER *cipher_kt)
610 {
611  return EVP_CIPHER_key_length(cipher_kt);
612 }
613 
614 int
615 cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
616 {
617  return EVP_CIPHER_iv_length(cipher_kt);
618 }
619 
620 int
621 cipher_kt_block_size(const EVP_CIPHER *cipher)
622 {
623  /*
624  * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work
625  * around that, try to replace the mode with 'CBC' and return the block size
626  * reported for that cipher, if possible. If that doesn't work, just return
627  * the value reported by OpenSSL.
628  */
629  char *name = NULL;
630  char *mode_str = NULL;
631  const char *orig_name = NULL;
632  const EVP_CIPHER *cbc_cipher = NULL;
633 
634  int block_size = EVP_CIPHER_block_size(cipher);
635 
636  orig_name = cipher_kt_name(cipher);
637  if (!orig_name)
638  {
639  goto cleanup;
640  }
641 
642  name = string_alloc(translate_cipher_name_to_openvpn(orig_name), NULL);
643  mode_str = strrchr(name, '-');
644  if (!mode_str || strlen(mode_str) < 4)
645  {
646  goto cleanup;
647  }
648 
649  strcpy(mode_str, "-CBC");
650 
651  cbc_cipher = EVP_get_cipherbyname(translate_cipher_name_from_openvpn(name));
652  if (cbc_cipher)
653  {
654  block_size = EVP_CIPHER_block_size(cbc_cipher);
655  }
656 
657 cleanup:
658  free(name);
659  return block_size;
660 }
661 
662 int
663 cipher_kt_tag_size(const EVP_CIPHER *cipher_kt)
664 {
665  if (cipher_kt_mode_aead(cipher_kt))
666  {
668  }
669  else
670  {
671  return 0;
672  }
673 }
674 
675 bool
676 cipher_kt_insecure(const EVP_CIPHER *cipher)
677 {
678  return !(cipher_kt_block_size(cipher) >= 128 / 8
679 #ifdef NID_chacha20_poly1305
680  || EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305
681 #endif
682  );
683 }
684 
685 int
686 cipher_kt_mode(const EVP_CIPHER *cipher_kt)
687 {
688  ASSERT(NULL != cipher_kt);
689  return EVP_CIPHER_mode(cipher_kt);
690 }
691 
692 bool
694 {
695  return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
696 #ifdef EVP_CIPH_FLAG_AEAD_CIPHER
697  /* Exclude AEAD cipher modes, they require a different API */
698  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
699 #endif
700  ;
701 }
702 
703 bool
705 {
706  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB
707  || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB)
708 #ifdef EVP_CIPH_FLAG_AEAD_CIPHER
709  /* Exclude AEAD cipher modes, they require a different API */
710  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
711 #endif
712  ;
713 }
714 
715 bool
717 {
718 #ifdef HAVE_AEAD_CIPHER_MODES
719  if (cipher)
720  {
721  switch (EVP_CIPHER_nid(cipher))
722  {
723  case NID_aes_128_gcm:
724  case NID_aes_192_gcm:
725  case NID_aes_256_gcm:
726 #ifdef NID_chacha20_poly1305
727  case NID_chacha20_poly1305:
728 #endif
729  return true;
730  }
731  }
732 #endif
733 
734  return false;
735 }
736 
737 /*
738  *
739  * Generic cipher context functions
740  *
741  */
742 
743 cipher_ctx_t *
745 {
746  EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
747  check_malloc_return(ctx);
748  return ctx;
749 }
750 
751 void
752 cipher_ctx_free(EVP_CIPHER_CTX *ctx)
753 {
754  EVP_CIPHER_CTX_free(ctx);
755 }
756 
757 void
758 cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len,
759  const EVP_CIPHER *kt, int enc)
760 {
761  ASSERT(NULL != kt && NULL != ctx);
762 
763  EVP_CIPHER_CTX_init(ctx);
764  if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc))
765  {
766  crypto_msg(M_FATAL, "EVP cipher init #1");
767  }
768 #ifdef HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH
769  if (!EVP_CIPHER_CTX_set_key_length(ctx, key_len))
770  {
771  crypto_msg(M_FATAL, "EVP set key size");
772  }
773 #endif
774  if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc))
775  {
776  crypto_msg(M_FATAL, "EVP cipher init #2");
777  }
778 
779  /* make sure we used a big enough key */
780  ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= key_len);
781 }
782 
783 void
784 cipher_ctx_cleanup(EVP_CIPHER_CTX *ctx)
785 {
786  EVP_CIPHER_CTX_cleanup(ctx);
787 }
788 
789 int
790 cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
791 {
792  return EVP_CIPHER_CTX_iv_length(ctx);
793 }
794 
795 int
796 cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
797 {
798 #ifdef HAVE_AEAD_CIPHER_MODES
799  return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, tag_size, tag_buf);
800 #else
801  ASSERT(0);
802 #endif
803 }
804 
805 int
806 cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
807 {
808  return EVP_CIPHER_CTX_block_size(ctx);
809 }
810 
811 int
812 cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
813 {
814  return EVP_CIPHER_CTX_mode(ctx);
815 }
816 
817 const cipher_kt_t *
819 {
820  return ctx ? EVP_CIPHER_CTX_cipher(ctx) : NULL;
821 }
822 
823 
824 int
825 cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
826 {
827  return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
828 }
829 
830 int
831 cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
832 {
833 #ifdef HAVE_AEAD_CIPHER_MODES
834  int len;
835  if (!EVP_CipherUpdate(ctx, NULL, &len, src, src_len))
836  {
837  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
838  }
839  return 1;
840 #else /* ifdef HAVE_AEAD_CIPHER_MODES */
841  ASSERT(0);
842 #endif
843 }
844 
845 int
846 cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
847  uint8_t *src, int src_len)
848 {
849  if (!EVP_CipherUpdate(ctx, dst, dst_len, src, src_len))
850  {
851  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
852  }
853  return 1;
854 }
855 
856 int
857 cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
858 {
859  return EVP_CipherFinal(ctx, dst, dst_len);
860 }
861 
862 int
863 cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
864  uint8_t *tag, size_t tag_len)
865 {
866 #ifdef HAVE_AEAD_CIPHER_MODES
867  ASSERT(tag_len < SIZE_MAX);
868  if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, tag_len, tag))
869  {
870  return 0;
871  }
872 
873  return cipher_ctx_final(ctx, dst, dst_len);
874 #else /* ifdef HAVE_AEAD_CIPHER_MODES */
875  ASSERT(0);
876 #endif
877 }
878 
879 void
881  unsigned char *src,
882  unsigned char *dst)
883 {
884  DES_key_schedule sched;
885 
886  DES_set_key_unchecked((DES_cblock *)key, &sched);
887  DES_ecb_encrypt((DES_cblock *)src, (DES_cblock *)dst, &sched, DES_ENCRYPT);
888 }
889 
890 /*
891  *
892  * Generic message digest information functions
893  *
894  */
895 
896 
897 const EVP_MD *
898 md_kt_get(const char *digest)
899 {
900  const EVP_MD *md = NULL;
901  ASSERT(digest);
902  md = EVP_get_digestbyname(digest);
903  if (!md)
904  {
905  crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
906  }
907  if (EVP_MD_size(md) > MAX_HMAC_KEY_LENGTH)
908  {
909  crypto_msg(M_FATAL, "Message hash algorithm '%s' uses a default hash "
910  "size (%d bytes) which is larger than " PACKAGE_NAME "'s current "
911  "maximum hash size (%d bytes)",
912  digest, EVP_MD_size(md), MAX_HMAC_KEY_LENGTH);
913  }
914  return md;
915 }
916 
917 const char *
918 md_kt_name(const EVP_MD *kt)
919 {
920  if (NULL == kt)
921  {
922  return "[null-digest]";
923  }
924  return EVP_MD_name(kt);
925 }
926 
927 int
928 md_kt_size(const EVP_MD *kt)
929 {
930  return EVP_MD_size(kt);
931 }
932 
933 
934 /*
935  *
936  * Generic message digest functions
937  *
938  */
939 
940 int
941 md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
942 {
943  unsigned int in_md_len = 0;
944 
945  return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL);
946 }
947 
948 EVP_MD_CTX *
950 {
951  EVP_MD_CTX *ctx = EVP_MD_CTX_new();
952  check_malloc_return(ctx);
953  return ctx;
954 }
955 
956 void md_ctx_free(EVP_MD_CTX *ctx)
957 {
958  EVP_MD_CTX_free(ctx);
959 }
960 
961 void
962 md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
963 {
964  ASSERT(NULL != ctx && NULL != kt);
965 
966  EVP_MD_CTX_init(ctx);
967  EVP_DigestInit(ctx, kt);
968 }
969 
970 void
971 md_ctx_cleanup(EVP_MD_CTX *ctx)
972 {
973  EVP_MD_CTX_reset(ctx);
974 }
975 
976 int
977 md_ctx_size(const EVP_MD_CTX *ctx)
978 {
979  return EVP_MD_CTX_size(ctx);
980 }
981 
982 void
983 md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
984 {
985  EVP_DigestUpdate(ctx, src, src_len);
986 }
987 
988 void
989 md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
990 {
991  unsigned int in_md_len = 0;
992 
993  EVP_DigestFinal(ctx, dst, &in_md_len);
994 }
995 
996 
997 /*
998  *
999  * Generic HMAC functions
1000  *
1001  */
1002 
1003 HMAC_CTX *
1005 {
1006  HMAC_CTX *ctx = HMAC_CTX_new();
1007  check_malloc_return(ctx);
1008  return ctx;
1009 }
1010 
1011 void
1012 hmac_ctx_free(HMAC_CTX *ctx)
1013 {
1014  HMAC_CTX_free(ctx);
1015 }
1016 
1017 void
1018 hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
1019  const EVP_MD *kt)
1020 {
1021  ASSERT(NULL != kt && NULL != ctx);
1022 
1023  HMAC_CTX_reset(ctx);
1024  HMAC_Init_ex(ctx, key, key_len, kt, NULL);
1025 
1026  /* make sure we used a big enough key */
1027  ASSERT(HMAC_size(ctx) <= key_len);
1028 }
1029 
1030 void
1031 hmac_ctx_cleanup(HMAC_CTX *ctx)
1032 {
1033  HMAC_CTX_reset(ctx);
1034 }
1035 
1036 int
1037 hmac_ctx_size(const HMAC_CTX *ctx)
1038 {
1039  return HMAC_size(ctx);
1040 }
1041 
1042 void
1043 hmac_ctx_reset(HMAC_CTX *ctx)
1044 {
1045  HMAC_Init_ex(ctx, NULL, 0, NULL, NULL);
1046 }
1047 
1048 void
1049 hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
1050 {
1051  HMAC_Update(ctx, src, src_len);
1052 }
1053 
1054 void
1055 hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
1056 {
1057  unsigned int in_hmac_len = 0;
1058 
1059  HMAC_Final(ctx, dst, &in_hmac_len);
1060 }
1061 
1062 #endif /* ENABLE_CRYPTO_OPENSSL */
int cipher_kt_tag_size(const EVP_CIPHER *cipher_kt)
void md_ctx_cleanup(EVP_MD_CTX *ctx)
#define D_CRYPT_ERRORS
Definition: errlevel.h:58
int md_ctx_size(const EVP_MD_CTX *ctx)
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
bool cipher_kt_insecure(const EVP_CIPHER *cipher)
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:680
#define D_CRYPTO_DEBUG
Definition: errlevel.h:144
int hmac_ctx_size(const HMAC_CTX *ctx)
#define M_INFO
Definition: errlevel.h:55
const size_t cipher_name_translation_table_count
int cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
static uint8_t * buf_read_alloc(struct buffer *buf, int size)
Definition: buffer.h:669
#define ASSERT(x)
Definition: error.h:221
#define unlikely(x)
Definition: syshead.h:36
static uint8_t * buf_write_alloc(struct buffer *buf, int size)
Definition: buffer.h:650
#define OPENVPN_MODE_OFB
Cipher is in OFB mode.
void hmac_ctx_reset(HMAC_CTX *ctx)
static int cipher_name_cmp(const void *a, const void *b)
#define OPENVPN_MODE_CFB
Cipher is in CFB mode.
void show_available_ciphers(void)
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
int md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
const EVP_CIPHER * cipher_kt_get(const char *ciphername)
Return cipher parameters, based on the given cipher name.
#define M_FATAL
Definition: error.h:94
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
void hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
void crypto_init_lib_engine(const char *engine_name)
cipher_ctx_t * cipher_ctx_new(void)
Generic cipher functions.
const cipher_kt_t * cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
Returns the static cipher parameters for this context.
static int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
Reset a message digest context.
void md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
int cipher_kt_block_size(const EVP_CIPHER *cipher)
#define MAX_CIPHER_KEY_LENGTH
int cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
void hmac_ctx_cleanup(HMAC_CTX *ctx)
int cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
void md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
#define D_LOW
Definition: errlevel.h:97
void cipher_ctx_free(EVP_CIPHER_CTX *ctx)
#define BCAP(buf)
Definition: buffer.h:130
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
static HMAC_CTX * HMAC_CTX_new(void)
Allocate a new HMAC context object.
HMAC_CTX * hmac_ctx_new(void)
void print_cipher(const cipher_kt_t *cipher)
Print a cipher list entry.
Definition: crypto.c:1773
static bool buf_write(struct buffer *dest, const void *src, int size)
Definition: buffer.h:683
void md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
#define BPTR(buf)
Definition: buffer.h:124
void show_available_engines(void)
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
#define OPENVPN_MODE_CBC
Cipher is in CBC mode.
const EVP_MD * md_kt_get(const char *digest)
Return message digest parameters, based on the given digest name.
#define PACKAGE_NAME
Definition: config.h:730
const char * md_kt_name(const EVP_MD *kt)
void hmac_ctx_free(HMAC_CTX *ctx)
bool key_des_check(uint8_t *key, int key_len, int ndc)
void hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, const EVP_MD *kt)
int md_kt_size(const EVP_MD *kt)
#define HAVE_AEAD_CIPHER_MODES
Definition: config-msvc.h:8
void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], unsigned char *src, unsigned char *dst)
mbedtls_cipher_info_t cipher_kt_t
Generic cipher key type context.
void hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
Free an existing message digest context.
int cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
bool cipher_kt_mode_aead(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported AEAD mode cipher.
const char * cipher_kt_name(const EVP_CIPHER *cipher_kt)
int cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
uint8_t * data
Pointer to the allocated memory.
Definition: buffer.h:68
#define dmsg
Definition: error.h:174
void cipher_ctx_cleanup(EVP_CIPHER_CTX *ctx)
#define ENABLE_OFB_CFB_MODE
Definition: config.h:65
void key_des_fixup(uint8_t *key, int key_len, int ndc)
void cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len, const EVP_CIPHER *kt, int enc)
#define MAX_HMAC_KEY_LENGTH
int cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
static int HMAC_CTX_reset(HMAC_CTX *ctx)
Reset a HMAC context.
#define BLEN(buf)
Definition: buffer.h:127
void md_ctx_free(EVP_MD_CTX *ctx)
unsigned __int8 uint8_t
Definition: config-msvc.h:123
static EVP_MD_CTX * EVP_MD_CTX_new(void)
Allocate a new message digest object.
static void HMAC_CTX_free(HMAC_CTX *ctx)
Cleanup and free an existing HMAC context.
static void check_malloc_return(const void *p)
Definition: buffer.h:1080
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.
int cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
EVP_MD_CTX * md_ctx_new(void)
#define msg
Definition: error.h:173
Struct used in cipher name translation table.
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
const char * translate_cipher_name_to_openvpn(const char *cipher_name)
Translate a crypto library cipher name to an OpenVPN cipher name.
Definition: crypto.c:1834
int cipher_kt_key_size(const EVP_CIPHER *cipher_kt)
void crypto_clear_error(void)
const char * translate_cipher_name_from_openvpn(const char *cipher_name)
Translate a data channel cipher name from the crypto library specific name to the OpenVPN config file...
Definition: crypto.c:1821
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
int cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
#define free
Definition: cmocka.c:1850
void crypto_init_lib(void)
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
#define OPENVPN_AEAD_TAG_LENGTH
int cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
char * dst
Definition: compat-lz4.h:455
bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported CBC mode cipher.
void crypto_uninit_lib(void)
int key_des_num_cblocks(const EVP_CIPHER *kt)
#define DES_KEY_LENGTH
void show_available_digests(void)
static void buf_set_read(struct buffer *buf, const uint8_t *data, int size)
Definition: buffer.h:335
int cipher_kt_mode(const EVP_CIPHER *cipher_kt)
bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
#define M_WARN
Definition: error.h:96
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
int cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)