OpenVPN
crypto_openssl.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #elif defined(_MSC_VER)
32 #include "config-msvc.h"
33 #endif
34 
35 #include "syshead.h"
36 
37 #if defined(ENABLE_CRYPTO_OPENSSL)
38 
39 #include "basic.h"
40 #include "buffer.h"
41 #include "integer.h"
42 #include "crypto.h"
43 #include "crypto_backend.h"
44 #include "openssl_compat.h"
45 
46 #include <openssl/des.h>
47 #include <openssl/err.h>
48 #include <openssl/evp.h>
49 #include <openssl/objects.h>
50 #include <openssl/rand.h>
51 #include <openssl/ssl.h>
52 
53 /*
54  * Check for key size creepage.
55  */
56 
57 #if MAX_CIPHER_KEY_LENGTH < EVP_MAX_KEY_LENGTH
58 #warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH
59 #endif
60 
61 #if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE
62 #warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH
63 #endif
64 
65 #if HAVE_OPENSSL_ENGINE
66 #include <openssl/engine.h>
67 
68 static bool engine_initialized = false; /* GLOBAL */
69 
70 static ENGINE *engine_persist = NULL; /* GLOBAL */
71 
72 /* Try to load an engine in a shareable library */
73 static ENGINE *
74 try_load_engine(const char *engine)
75 {
76  ENGINE *e = ENGINE_by_id("dynamic");
77  if (e)
78  {
79  if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
80  || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
81  {
82  ENGINE_free(e);
83  e = NULL;
84  }
85  }
86  return e;
87 }
88 
89 static ENGINE *
90 setup_engine(const char *engine)
91 {
92  ENGINE *e = NULL;
93 
94  ENGINE_load_builtin_engines();
95 
96  if (engine)
97  {
98  if (strcmp(engine, "auto") == 0)
99  {
100  msg(M_INFO, "Initializing OpenSSL auto engine support");
101  ENGINE_register_all_complete();
102  return NULL;
103  }
104  if ((e = ENGINE_by_id(engine)) == NULL
105  && (e = try_load_engine(engine)) == NULL)
106  {
107  crypto_msg(M_FATAL, "OpenSSL error: cannot load engine '%s'",
108  engine);
109  }
110 
111  if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
112  {
114  "OpenSSL error: ENGINE_set_default failed on engine '%s'",
115  engine);
116  }
117 
118  msg(M_INFO, "Initializing OpenSSL support for engine '%s'",
119  ENGINE_get_id(e));
120  }
121  return e;
122 }
123 
124 #endif /* HAVE_OPENSSL_ENGINE */
125 
126 void
127 crypto_init_lib_engine(const char *engine_name)
128 {
129 #if HAVE_OPENSSL_ENGINE
130  if (!engine_initialized)
131  {
132  ASSERT(engine_name);
133  ASSERT(!engine_persist);
134  engine_persist = setup_engine(engine_name);
135  engine_initialized = true;
136  }
137 #else /* if HAVE_OPENSSL_ENGINE */
138  msg(M_WARN, "Note: OpenSSL hardware crypto engine functionality is not available");
139 #endif
140 }
141 
142 /*
143  *
144  * Functions related to the core crypto library
145  *
146  */
147 
148 void
150 {
151  /*
152  * If you build the OpenSSL library and OpenVPN with
153  * CRYPTO_MDEBUG, you will get a listing of OpenSSL
154  * memory leaks on program termination.
155  */
156 
157 #ifdef CRYPTO_MDEBUG
158  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
159 #endif
160 }
161 
162 void
164 {
165 #ifdef CRYPTO_MDEBUG
166  FILE *fp = fopen("sdlog", "w");
167  ASSERT(fp);
168  CRYPTO_mem_leaks_fp(fp);
169  fclose(fp);
170 #endif
171 
172 #if HAVE_OPENSSL_ENGINE
173  if (engine_initialized)
174  {
175  ENGINE_cleanup();
176  engine_persist = NULL;
177  engine_initialized = false;
178  }
179 #endif
180 }
181 
182 void
184 {
185  ERR_clear_error();
186 }
187 
188 void
190 {
191  size_t err = 0;
192 
193  while ((err = ERR_get_error()))
194  {
195  /* Be more clear about frequently occurring "no shared cipher" error */
196  if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER)
197  {
198  msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites "
199  "in common with the client. Your --tls-cipher setting might be "
200  "too restrictive.");
201  }
202  else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL)
203  {
204  msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically "
205  "indicates that client and server have no common TLS version enabled. "
206  "This can be caused by mismatched tls-version-min and tls-version-max "
207  "options on client and server. "
208  "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
209  "tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
210  "instead of TLS 1.0 only");
211  }
212  msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL));
213  }
214 }
215 
216 
217 /*
218  *
219  * OpenSSL memory debugging. If dmalloc debugging is enabled, tell
220  * OpenSSL to use our private malloc/realloc/free functions so that
221  * we can dispatch them to dmalloc.
222  *
223  */
224 
225 #ifdef DMALLOC
226 static void *
227 crypto_malloc(size_t size, const char *file, int line)
228 {
229  return dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0);
230 }
231 
232 static void *
233 crypto_realloc(void *ptr, size_t size, const char *file, int line)
234 {
235  return dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
236 }
237 
238 static void
239 crypto_free(void *ptr)
240 {
241  dmalloc_free(__FILE__, __LINE__, ptr, DMALLOC_FUNC_FREE);
242 }
243 
244 void
245 crypto_init_dmalloc(void)
246 {
247  CRYPTO_set_mem_ex_functions(crypto_malloc,
248  crypto_realloc,
249  crypto_free);
250 }
251 #endif /* DMALLOC */
252 
254  { "AES-128-GCM", "id-aes128-GCM" },
255  { "AES-192-GCM", "id-aes192-GCM" },
256  { "AES-256-GCM", "id-aes256-GCM" },
257  { "CHACHA20-POLY1305", "ChaCha20-Poly1305" },
258 };
260  sizeof(cipher_name_translation_table) / sizeof(*cipher_name_translation_table);
261 
262 
263 static int
264 cipher_name_cmp(const void *a, const void *b)
265 {
266  const EVP_CIPHER *const *cipher_a = a;
267  const EVP_CIPHER *const *cipher_b = b;
268 
269  const char *cipher_name_a =
270  translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_a));
271  const char *cipher_name_b =
272  translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_b));
273 
274  return strcmp(cipher_name_a, cipher_name_b);
275 }
276 
277 void
279 {
280  int nid;
281  size_t i;
282 
283  /* If we ever exceed this, we must be more selective */
284  const EVP_CIPHER *cipher_list[1000];
285  size_t num_ciphers = 0;
286 #ifndef ENABLE_SMALL
287  printf("The following ciphers and cipher modes are available for use\n"
288  "with " PACKAGE_NAME ". Each cipher shown below may be use as a\n"
289  "parameter to the --cipher option. The default key size is\n"
290  "shown as well as whether or not it can be changed with the\n"
291  "--keysize directive. Using a CBC or GCM mode is recommended.\n"
292  "In static key mode only CBC mode is allowed.\n\n");
293 #endif
294 
295  for (nid = 0; nid < 10000; ++nid)
296  {
297  const EVP_CIPHER *cipher = EVP_get_cipherbynid(nid);
298  if (cipher && (cipher_kt_mode_cbc(cipher)
299 #ifdef ENABLE_OFB_CFB_MODE
300  || cipher_kt_mode_ofb_cfb(cipher)
301 #endif
303  || cipher_kt_mode_aead(cipher)
304 #endif
305  ))
306  {
307  cipher_list[num_ciphers++] = cipher;
308  }
309  if (num_ciphers == (sizeof(cipher_list)/sizeof(*cipher_list)))
310  {
311  msg(M_WARN, "WARNING: Too many ciphers, not showing all");
312  break;
313  }
314  }
315 
316  qsort(cipher_list, num_ciphers, sizeof(*cipher_list), cipher_name_cmp);
317 
318  for (i = 0; i < num_ciphers; i++)
319  {
320  if (!cipher_kt_insecure(cipher_list[i]))
321  {
322  print_cipher(cipher_list[i]);
323  }
324  }
325 
326  printf("\nThe following ciphers have a block size of less than 128 bits, \n"
327  "and are therefore deprecated. Do not use unless you have to.\n\n");
328  for (i = 0; i < num_ciphers; i++)
329  {
330  if (cipher_kt_insecure(cipher_list[i]))
331  {
332  print_cipher(cipher_list[i]);
333  }
334  }
335  printf("\n");
336 }
337 
338 void
340 {
341  int nid;
342 
343 #ifndef ENABLE_SMALL
344  printf("The following message digests are available for use with\n"
345  PACKAGE_NAME ". A message digest is used in conjunction with\n"
346  "the HMAC function, to authenticate received packets.\n"
347  "You can specify a message digest as parameter to\n"
348  "the --auth option.\n\n");
349 #endif
350 
351  for (nid = 0; nid < 10000; ++nid)
352  {
353  const EVP_MD *digest = EVP_get_digestbynid(nid);
354  if (digest)
355  {
356  printf("%s %d bit digest size\n",
357  OBJ_nid2sn(nid), EVP_MD_size(digest) * 8);
358  }
359  }
360  printf("\n");
361 }
362 
363 void
365 {
366 #if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */
367  ENGINE *e;
368 
369  printf("OpenSSL Crypto Engines\n\n");
370 
371  ENGINE_load_builtin_engines();
372 
373  e = ENGINE_get_first();
374  while (e)
375  {
376  printf("%s [%s]\n",
377  ENGINE_get_name(e),
378  ENGINE_get_id(e));
379  e = ENGINE_get_next(e);
380  }
381  ENGINE_cleanup();
382 #else /* if HAVE_OPENSSL_ENGINE */
383  printf("Sorry, OpenSSL hardware crypto engine functionality is not available.\n");
384 #endif
385 }
386 
387 
388 bool
389 crypto_pem_encode(const char *name, struct buffer *dst,
390  const struct buffer *src, struct gc_arena *gc)
391 {
392  bool ret = false;
393  BIO *bio = BIO_new(BIO_s_mem());
394  if (!bio || !PEM_write_bio(bio, name, "", BPTR(src), BLEN(src)))
395  {
396  ret = false;
397  goto cleanup;
398  }
399 
400  BUF_MEM *bptr;
401  BIO_get_mem_ptr(bio, &bptr);
402 
403  *dst = alloc_buf_gc(bptr->length + 1, gc);
404  ASSERT(buf_write(dst, bptr->data, bptr->length));
405  buf_null_terminate(dst);
406 
407  ret = true;
408 cleanup:
409  if (!BIO_free(bio))
410  {
411  ret = false;
412  }
413 
414  return ret;
415 }
416 
417 bool
418 crypto_pem_decode(const char *name, struct buffer *dst,
419  const struct buffer *src)
420 {
421  bool ret = false;
422 
423  BIO *bio = BIO_new_mem_buf((char *)BPTR(src), BLEN(src));
424  if (!bio)
425  {
426  crypto_msg(M_FATAL, "Cannot open memory BIO for PEM decode");
427  }
428 
429  char *name_read = NULL;
430  char *header_read = NULL;
431  uint8_t *data_read = NULL;
432  long data_read_len = 0;
433  if (!PEM_read_bio(bio, &name_read, &header_read, &data_read,
434  &data_read_len))
435  {
436  dmsg(D_CRYPT_ERRORS, "%s: PEM decode failed", __func__);
437  goto cleanup;
438  }
439 
440  if (strcmp(name, name_read))
441  {
443  "%s: unexpected PEM name (got '%s', expected '%s')",
444  __func__, name_read, name);
445  goto cleanup;
446  }
447 
448  uint8_t *dst_data = buf_write_alloc(dst, data_read_len);
449  if (!dst_data)
450  {
451  dmsg(D_CRYPT_ERRORS, "%s: dst too small (%i, needs %li)", __func__,
452  BCAP(dst), data_read_len);
453  goto cleanup;
454  }
455  memcpy(dst_data, data_read, data_read_len);
456 
457  ret = true;
458 cleanup:
459  OPENSSL_free(name_read);
460  OPENSSL_free(header_read);
461  OPENSSL_free(data_read);
462  if (!BIO_free(bio))
463  {
464  ret = false;
465  }
466 
467  return ret;
468 }
469 
470 /*
471  *
472  * Random number functions, used in cases where we want
473  * reasonably strong cryptographic random number generation
474  * without depleting our entropy pool. Used for random
475  * IV values and a number of other miscellaneous tasks.
476  *
477  */
478 
479 int
480 rand_bytes(uint8_t *output, int len)
481 {
482  if (unlikely(1 != RAND_bytes(output, len)))
483  {
484  crypto_msg(D_CRYPT_ERRORS, "RAND_bytes() failed");
485  return 0;
486  }
487  return 1;
488 }
489 
490 /*
491  *
492  * Key functions, allow manipulation of keys.
493  *
494  */
495 
496 
497 int
498 key_des_num_cblocks(const EVP_CIPHER *kt)
499 {
500  int ret = 0;
501  const char *name = OBJ_nid2sn(EVP_CIPHER_nid(kt));
502  if (name)
503  {
504  if (!strncmp(name, "DES-", 4))
505  {
506  ret = EVP_CIPHER_key_length(kt) / sizeof(DES_cblock);
507  }
508  else if (!strncmp(name, "DESX-", 5))
509  {
510  ret = 1;
511  }
512  }
513  dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
514  return ret;
515 }
516 
517 bool
518 key_des_check(uint8_t *key, int key_len, int ndc)
519 {
520  int i;
521  struct buffer b;
522 
523  buf_set_read(&b, key, key_len);
524 
525  for (i = 0; i < ndc; ++i)
526  {
527  DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock));
528  if (!dc)
529  {
531  "CRYPTO INFO: check_key_DES: insufficient key material");
532  goto err;
533  }
534  if (DES_is_weak_key(dc))
535  {
537  "CRYPTO INFO: check_key_DES: weak key detected");
538  goto err;
539  }
540  if (!DES_check_key_parity(dc))
541  {
543  "CRYPTO INFO: check_key_DES: bad parity detected");
544  goto err;
545  }
546  }
547  return true;
548 
549 err:
550  ERR_clear_error();
551  return false;
552 }
553 
554 void
555 key_des_fixup(uint8_t *key, int key_len, int ndc)
556 {
557  int i;
558  struct buffer b;
559 
560  buf_set_read(&b, key, key_len);
561  for (i = 0; i < ndc; ++i)
562  {
563  DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock));
564  if (!dc)
565  {
566  msg(D_CRYPT_ERRORS, "CRYPTO INFO: fixup_key_DES: insufficient key material");
567  ERR_clear_error();
568  return;
569  }
570  DES_set_odd_parity(dc);
571  }
572 }
573 
574 
575 /*
576  *
577  * Generic cipher key type functions
578  *
579  */
580 
581 
582 const EVP_CIPHER *
583 cipher_kt_get(const char *ciphername)
584 {
585  const EVP_CIPHER *cipher = NULL;
586 
587  ASSERT(ciphername);
588 
589  cipher = EVP_get_cipherbyname(ciphername);
590 
591  if (NULL == cipher)
592  {
593  crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername);
594  return NULL;
595  }
596 
597 
598  if (EVP_CIPHER_key_length(cipher) > MAX_CIPHER_KEY_LENGTH)
599  {
600  msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%d bytes) "
601  "which is larger than " PACKAGE_NAME "'s current maximum key size "
602  "(%d bytes)", ciphername, EVP_CIPHER_key_length(cipher),
604  return NULL;
605  }
606 
607  return cipher;
608 }
609 
610 const char *
611 cipher_kt_name(const EVP_CIPHER *cipher_kt)
612 {
613  if (NULL == cipher_kt)
614  {
615  return "[null-cipher]";
616  }
617  return EVP_CIPHER_name(cipher_kt);
618 }
619 
620 int
621 cipher_kt_key_size(const EVP_CIPHER *cipher_kt)
622 {
623  return EVP_CIPHER_key_length(cipher_kt);
624 }
625 
626 int
627 cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
628 {
629  return EVP_CIPHER_iv_length(cipher_kt);
630 }
631 
632 int
633 cipher_kt_block_size(const EVP_CIPHER *cipher)
634 {
635  /*
636  * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work
637  * around that, try to replace the mode with 'CBC' and return the block size
638  * reported for that cipher, if possible. If that doesn't work, just return
639  * the value reported by OpenSSL.
640  */
641  char *name = NULL;
642  char *mode_str = NULL;
643  const char *orig_name = NULL;
644  const EVP_CIPHER *cbc_cipher = NULL;
645 
646  int block_size = EVP_CIPHER_block_size(cipher);
647 
648  orig_name = cipher_kt_name(cipher);
649  if (!orig_name)
650  {
651  goto cleanup;
652  }
653 
654  name = string_alloc(translate_cipher_name_to_openvpn(orig_name), NULL);
655  mode_str = strrchr(name, '-');
656  if (!mode_str || strlen(mode_str) < 4)
657  {
658  goto cleanup;
659  }
660 
661  strcpy(mode_str, "-CBC");
662 
663  cbc_cipher = EVP_get_cipherbyname(translate_cipher_name_from_openvpn(name));
664  if (cbc_cipher)
665  {
666  block_size = EVP_CIPHER_block_size(cbc_cipher);
667  }
668 
669 cleanup:
670  free(name);
671  return block_size;
672 }
673 
674 int
675 cipher_kt_tag_size(const EVP_CIPHER *cipher_kt)
676 {
677  if (cipher_kt_mode_aead(cipher_kt))
678  {
680  }
681  else
682  {
683  return 0;
684  }
685 }
686 
687 bool
688 cipher_kt_insecure(const EVP_CIPHER *cipher)
689 {
690  return !(cipher_kt_block_size(cipher) >= 128 / 8
691 #ifdef NID_chacha20_poly1305
692  || EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305
693 #endif
694  );
695 }
696 
697 int
698 cipher_kt_mode(const EVP_CIPHER *cipher_kt)
699 {
700  ASSERT(NULL != cipher_kt);
701  return EVP_CIPHER_mode(cipher_kt);
702 }
703 
704 bool
706 {
707  return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
708 #ifdef EVP_CIPH_FLAG_AEAD_CIPHER
709  /* Exclude AEAD cipher modes, they require a different API */
710  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
711 #endif
712  ;
713 }
714 
715 bool
717 {
718  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB
719  || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB)
720 #ifdef EVP_CIPH_FLAG_AEAD_CIPHER
721  /* Exclude AEAD cipher modes, they require a different API */
722  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
723 #endif
724  ;
725 }
726 
727 bool
729 {
730 #ifdef HAVE_AEAD_CIPHER_MODES
731  if (cipher)
732  {
733  switch (EVP_CIPHER_nid(cipher))
734  {
735  case NID_aes_128_gcm:
736  case NID_aes_192_gcm:
737  case NID_aes_256_gcm:
738 #ifdef NID_chacha20_poly1305
739  case NID_chacha20_poly1305:
740 #endif
741  return true;
742  }
743  }
744 #endif
745 
746  return false;
747 }
748 
749 /*
750  *
751  * Generic cipher context functions
752  *
753  */
754 
755 cipher_ctx_t *
757 {
758  EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
759  check_malloc_return(ctx);
760  return ctx;
761 }
762 
763 void
764 cipher_ctx_free(EVP_CIPHER_CTX *ctx)
765 {
766  EVP_CIPHER_CTX_free(ctx);
767 }
768 
769 void
770 cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len,
771  const EVP_CIPHER *kt, int enc)
772 {
773  ASSERT(NULL != kt && NULL != ctx);
774 
775  EVP_CIPHER_CTX_init(ctx);
776  if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc))
777  {
778  crypto_msg(M_FATAL, "EVP cipher init #1");
779  }
780 #ifdef HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH
781  if (!EVP_CIPHER_CTX_set_key_length(ctx, key_len))
782  {
783  crypto_msg(M_FATAL, "EVP set key size");
784  }
785 #endif
786  if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc))
787  {
788  crypto_msg(M_FATAL, "EVP cipher init #2");
789  }
790 
791  /* make sure we used a big enough key */
792  ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= key_len);
793 }
794 
795 void
796 cipher_ctx_cleanup(EVP_CIPHER_CTX *ctx)
797 {
798  EVP_CIPHER_CTX_cleanup(ctx);
799 }
800 
801 int
802 cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
803 {
804  return EVP_CIPHER_CTX_iv_length(ctx);
805 }
806 
807 int
808 cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
809 {
810 #ifdef HAVE_AEAD_CIPHER_MODES
811  return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, tag_size, tag_buf);
812 #else
813  ASSERT(0);
814 #endif
815 }
816 
817 int
818 cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
819 {
820  return EVP_CIPHER_CTX_block_size(ctx);
821 }
822 
823 int
824 cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
825 {
826  return EVP_CIPHER_CTX_mode(ctx);
827 }
828 
829 const cipher_kt_t *
831 {
832  return ctx ? EVP_CIPHER_CTX_cipher(ctx) : NULL;
833 }
834 
835 
836 int
837 cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
838 {
839  return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
840 }
841 
842 int
843 cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
844 {
845 #ifdef HAVE_AEAD_CIPHER_MODES
846  int len;
847  if (!EVP_CipherUpdate(ctx, NULL, &len, src, src_len))
848  {
849  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
850  }
851  return 1;
852 #else /* ifdef HAVE_AEAD_CIPHER_MODES */
853  ASSERT(0);
854 #endif
855 }
856 
857 int
858 cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
859  uint8_t *src, int src_len)
860 {
861  if (!EVP_CipherUpdate(ctx, dst, dst_len, src, src_len))
862  {
863  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
864  }
865  return 1;
866 }
867 
868 int
869 cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
870 {
871  return EVP_CipherFinal(ctx, dst, dst_len);
872 }
873 
874 int
875 cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
876  uint8_t *tag, size_t tag_len)
877 {
878 #ifdef HAVE_AEAD_CIPHER_MODES
879  ASSERT(tag_len < SIZE_MAX);
880  if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, tag_len, tag))
881  {
882  return 0;
883  }
884 
885  return cipher_ctx_final(ctx, dst, dst_len);
886 #else /* ifdef HAVE_AEAD_CIPHER_MODES */
887  ASSERT(0);
888 #endif
889 }
890 
891 void
893  unsigned char *src,
894  unsigned char *dst)
895 {
896  DES_key_schedule sched;
897 
898  DES_set_key_unchecked((DES_cblock *)key, &sched);
899  DES_ecb_encrypt((DES_cblock *)src, (DES_cblock *)dst, &sched, DES_ENCRYPT);
900 }
901 
902 /*
903  *
904  * Generic message digest information functions
905  *
906  */
907 
908 
909 const EVP_MD *
910 md_kt_get(const char *digest)
911 {
912  const EVP_MD *md = NULL;
913  ASSERT(digest);
914  md = EVP_get_digestbyname(digest);
915  if (!md)
916  {
917  crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
918  }
919  if (EVP_MD_size(md) > MAX_HMAC_KEY_LENGTH)
920  {
921  crypto_msg(M_FATAL, "Message hash algorithm '%s' uses a default hash "
922  "size (%d bytes) which is larger than " PACKAGE_NAME "'s current "
923  "maximum hash size (%d bytes)",
924  digest, EVP_MD_size(md), MAX_HMAC_KEY_LENGTH);
925  }
926  return md;
927 }
928 
929 const char *
930 md_kt_name(const EVP_MD *kt)
931 {
932  if (NULL == kt)
933  {
934  return "[null-digest]";
935  }
936  return EVP_MD_name(kt);
937 }
938 
939 int
940 md_kt_size(const EVP_MD *kt)
941 {
942  return EVP_MD_size(kt);
943 }
944 
945 
946 /*
947  *
948  * Generic message digest functions
949  *
950  */
951 
952 int
953 md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
954 {
955  unsigned int in_md_len = 0;
956 
957  return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL);
958 }
959 
960 EVP_MD_CTX *
962 {
963  EVP_MD_CTX *ctx = EVP_MD_CTX_new();
964  check_malloc_return(ctx);
965  return ctx;
966 }
967 
968 void
969 md_ctx_free(EVP_MD_CTX *ctx)
970 {
971  EVP_MD_CTX_free(ctx);
972 }
973 
974 void
975 md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
976 {
977  ASSERT(NULL != ctx && NULL != kt);
978 
979  EVP_MD_CTX_init(ctx);
980  EVP_DigestInit(ctx, kt);
981 }
982 
983 void
984 md_ctx_cleanup(EVP_MD_CTX *ctx)
985 {
986  EVP_MD_CTX_reset(ctx);
987 }
988 
989 int
990 md_ctx_size(const EVP_MD_CTX *ctx)
991 {
992  return EVP_MD_CTX_size(ctx);
993 }
994 
995 void
996 md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
997 {
998  EVP_DigestUpdate(ctx, src, src_len);
999 }
1000 
1001 void
1002 md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
1003 {
1004  unsigned int in_md_len = 0;
1005 
1006  EVP_DigestFinal(ctx, dst, &in_md_len);
1007 }
1008 
1009 
1010 /*
1011  *
1012  * Generic HMAC functions
1013  *
1014  */
1015 
1016 HMAC_CTX *
1018 {
1019  HMAC_CTX *ctx = HMAC_CTX_new();
1020  check_malloc_return(ctx);
1021  return ctx;
1022 }
1023 
1024 void
1025 hmac_ctx_free(HMAC_CTX *ctx)
1026 {
1027  HMAC_CTX_free(ctx);
1028 }
1029 
1030 void
1031 hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
1032  const EVP_MD *kt)
1033 {
1034  ASSERT(NULL != kt && NULL != ctx);
1035 
1036  HMAC_CTX_reset(ctx);
1037  HMAC_Init_ex(ctx, key, key_len, kt, NULL);
1038 
1039  /* make sure we used a big enough key */
1040  ASSERT(HMAC_size(ctx) <= key_len);
1041 }
1042 
1043 void
1044 hmac_ctx_cleanup(HMAC_CTX *ctx)
1045 {
1046  HMAC_CTX_reset(ctx);
1047 }
1048 
1049 int
1050 hmac_ctx_size(const HMAC_CTX *ctx)
1051 {
1052  return HMAC_size(ctx);
1053 }
1054 
1055 void
1056 hmac_ctx_reset(HMAC_CTX *ctx)
1057 {
1058  HMAC_Init_ex(ctx, NULL, 0, NULL, NULL);
1059 }
1060 
1061 void
1062 hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
1063 {
1064  HMAC_Update(ctx, src, src_len);
1065 }
1066 
1067 void
1068 hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
1069 {
1070  unsigned int in_hmac_len = 0;
1071 
1072  HMAC_Final(ctx, dst, &in_hmac_len);
1073 }
1074 
1075 #endif /* ENABLE_CRYPTO_OPENSSL */
int cipher_kt_tag_size(const EVP_CIPHER *cipher_kt)
void md_ctx_cleanup(EVP_MD_CTX *ctx)
#define D_CRYPT_ERRORS
Definition: errlevel.h:58
int md_ctx_size(const EVP_MD_CTX *ctx)
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
bool cipher_kt_insecure(const EVP_CIPHER *cipher)
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:688
#define D_CRYPTO_DEBUG
Definition: errlevel.h:144
int hmac_ctx_size(const HMAC_CTX *ctx)
#define M_INFO
Definition: errlevel.h:55
const size_t cipher_name_translation_table_count
int cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
#define dmsg
Definition: error.h:174
static uint8_t * buf_read_alloc(struct buffer *buf, int size)
Definition: buffer.h:675
#define unlikely(x)
Definition: syshead.h:36
static uint8_t * buf_write_alloc(struct buffer *buf, int size)
Definition: buffer.h:656
#define OPENVPN_MODE_OFB
Cipher is in OFB mode.
void hmac_ctx_reset(HMAC_CTX *ctx)
static int cipher_name_cmp(const void *a, const void *b)
#define OPENVPN_MODE_CFB
Cipher is in CFB mode.
void show_available_ciphers(void)
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
int md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
const EVP_CIPHER * cipher_kt_get(const char *ciphername)
Return cipher parameters, based on the given cipher name.
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
void hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
void crypto_init_lib_engine(const char *engine_name)
cipher_ctx_t * cipher_ctx_new(void)
Generic cipher functions.
const cipher_kt_t * cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
Returns the static cipher parameters for this context.
static int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
Reset a message digest context.
void md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
int cipher_kt_block_size(const EVP_CIPHER *cipher)
#define MAX_CIPHER_KEY_LENGTH
int cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
void hmac_ctx_cleanup(HMAC_CTX *ctx)
int cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
void md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
#define ASSERT(x)
Definition: error.h:221
#define D_LOW
Definition: errlevel.h:97
void cipher_ctx_free(EVP_CIPHER_CTX *ctx)
#define BCAP(buf)
Definition: buffer.h:130
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
static HMAC_CTX * HMAC_CTX_new(void)
Allocate a new HMAC context object.
HMAC_CTX * hmac_ctx_new(void)
void print_cipher(const cipher_kt_t *cipher)
Print a cipher list entry.
Definition: crypto.c:1779
static bool buf_write(struct buffer *dest, const void *src, int size)
Definition: buffer.h:689
void md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
#define BPTR(buf)
Definition: buffer.h:124
void show_available_engines(void)
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
#define OPENVPN_MODE_CBC
Cipher is in CBC mode.
void buf_null_terminate(struct buffer *buf)
Definition: buffer.c:572
const EVP_MD * md_kt_get(const char *digest)
Return message digest parameters, based on the given digest name.
#define PACKAGE_NAME
Definition: config.h:730
const char * md_kt_name(const EVP_MD *kt)
void hmac_ctx_free(HMAC_CTX *ctx)
bool key_des_check(uint8_t *key, int key_len, int ndc)
void hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, const EVP_MD *kt)
int md_kt_size(const EVP_MD *kt)
#define HAVE_AEAD_CIPHER_MODES
Definition: config-msvc.h:8
void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], unsigned char *src, unsigned char *dst)
mbedtls_cipher_info_t cipher_kt_t
Generic cipher key type context.
void hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
Free an existing message digest context.
int cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
bool cipher_kt_mode_aead(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported AEAD mode cipher.
#define msg
Definition: error.h:173
const char * cipher_kt_name(const EVP_CIPHER *cipher_kt)
int cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
uint8_t * data
Pointer to the allocated memory.
Definition: buffer.h:68
void cipher_ctx_cleanup(EVP_CIPHER_CTX *ctx)
#define ENABLE_OFB_CFB_MODE
Definition: config.h:65
void key_des_fixup(uint8_t *key, int key_len, int ndc)
void cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len, const EVP_CIPHER *kt, int enc)
#define MAX_HMAC_KEY_LENGTH
int cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
static int HMAC_CTX_reset(HMAC_CTX *ctx)
Reset a HMAC context.
#define BLEN(buf)
Definition: buffer.h:127
void md_ctx_free(EVP_MD_CTX *ctx)
unsigned __int8 uint8_t
Definition: config-msvc.h:123
static EVP_MD_CTX * EVP_MD_CTX_new(void)
Allocate a new message digest object.
static void HMAC_CTX_free(HMAC_CTX *ctx)
Cleanup and free an existing HMAC context.
static void check_malloc_return(const void *p)
Definition: buffer.h:1093
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.
int cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
EVP_MD_CTX * md_ctx_new(void)
Struct used in cipher name translation table.
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define M_FATAL
Definition: error.h:94
const char * translate_cipher_name_to_openvpn(const char *cipher_name)
Translate a crypto library cipher name to an OpenVPN cipher name.
Definition: crypto.c:1840
int cipher_kt_key_size(const EVP_CIPHER *cipher_kt)
void crypto_clear_error(void)
const char * translate_cipher_name_from_openvpn(const char *cipher_name)
Translate a data channel cipher name from the crypto library specific name to the OpenVPN config file...
Definition: crypto.c:1827
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
int cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
#define M_WARN
Definition: error.h:96
#define free
Definition: cmocka.c:1850
void crypto_init_lib(void)
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
#define OPENVPN_AEAD_TAG_LENGTH
int cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
char * dst
Definition: compat-lz4.h:455
bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported CBC mode cipher.
void crypto_uninit_lib(void)
int key_des_num_cblocks(const EVP_CIPHER *kt)
#define DES_KEY_LENGTH
void show_available_digests(void)
static void buf_set_read(struct buffer *buf, const uint8_t *data, int size)
Definition: buffer.h:335
int cipher_kt_mode(const EVP_CIPHER *cipher_kt)
bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
int cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)