#include "syshead.h"#include "basic.h"#include "buffer.h"#include "integer.h"#include "crypto.h"#include "crypto_backend.h"#include "openssl_compat.h"#include <openssl/conf.h>#include <openssl/des.h>#include <openssl/err.h>#include <openssl/evp.h>#include <openssl/objects.h>#include <openssl/rand.h>#include <openssl/ssl.h>#include <openssl/kdf.h>
Go to the source code of this file.
Data Structures | |
| struct | collect_ciphers |
Functions | |
| void | crypto_init_lib_engine (const char *engine_name) |
| provider_t * | crypto_load_provider (const char *provider) |
| Load the given (OpenSSL) providers. More... | |
| void | crypto_unload_provider (const char *provname, provider_t *provider) |
| Unloads the given (OpenSSL) provider. More... | |
| void | crypto_init_lib (void) |
| void | crypto_uninit_lib (void) |
| void | crypto_clear_error (void) |
| void | crypto_print_openssl_errors (const unsigned int flags) |
| Retrieve any occurred OpenSSL errors and print those errors. More... | |
| static int | cipher_name_cmp (const void *a, const void *b) |
| static void | collect_ciphers (EVP_CIPHER *cipher, void *list) |
| void | show_available_ciphers (void) |
| void | print_digest (EVP_MD *digest, void *unused) |
| void | show_available_digests (void) |
| void | show_available_engines (void) |
| bool | crypto_pem_encode (const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc) |
| Encode binary data as PEM. More... | |
| bool | crypto_pem_decode (const char *name, struct buffer *dst, const struct buffer *src) |
| Decode a PEM buffer to binary data. More... | |
| int | rand_bytes (uint8_t *output, int len) |
| Wrapper for secure random number generator. More... | |
| static evp_cipher_type * | cipher_get (const char *ciphername) |
| bool | cipher_valid_reason (const char *ciphername, const char **reason) |
| Returns if the cipher is valid, based on the given cipher name and provides a reason if invalid. More... | |
| const char * | cipher_kt_name (const char *ciphername) |
| Retrieve a normalised string describing the cipher (e.g. More... | |
| int | cipher_kt_key_size (const char *ciphername) |
| Returns the size of keys used by the cipher, in bytes. More... | |
| int | cipher_kt_iv_size (const char *ciphername) |
| Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used. More... | |
| int | cipher_kt_block_size (const char *ciphername) |
| Returns the block size of the cipher, in bytes. More... | |
| int | cipher_kt_tag_size (const char *ciphername) |
| Returns the MAC tag size of the cipher, in bytes. More... | |
| bool | cipher_kt_insecure (const char *ciphername) |
| Returns true if we consider this cipher to be insecure. More... | |
| int | cipher_kt_mode (const EVP_CIPHER *cipher_kt) |
| bool | cipher_kt_mode_cbc (const char *ciphername) |
| Check if the supplied cipher is a supported CBC mode cipher. More... | |
| bool | cipher_kt_mode_ofb_cfb (const char *ciphername) |
| Check if the supplied cipher is a supported OFB or CFB mode cipher. More... | |
| bool | cipher_kt_mode_aead (const char *ciphername) |
| Check if the supplied cipher is a supported AEAD mode cipher. More... | |
| cipher_ctx_t * | cipher_ctx_new (void) |
| Generic cipher functions. More... | |
| void | cipher_ctx_free (EVP_CIPHER_CTX *ctx) |
| void | cipher_ctx_init (EVP_CIPHER_CTX *ctx, const uint8_t *key, const char *ciphername, crypto_operation_t enc) |
| int | cipher_ctx_iv_length (const EVP_CIPHER_CTX *ctx) |
| int | cipher_ctx_get_tag (EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size) |
| int | cipher_ctx_block_size (const EVP_CIPHER_CTX *ctx) |
| int | cipher_ctx_mode (const EVP_CIPHER_CTX *ctx) |
| bool | cipher_ctx_mode_cbc (const cipher_ctx_t *ctx) |
| Check if the supplied cipher is a supported CBC mode cipher. More... | |
| bool | cipher_ctx_mode_ofb_cfb (const cipher_ctx_t *ctx) |
| Check if the supplied cipher is a supported OFB or CFB mode cipher. More... | |
| bool | cipher_ctx_mode_aead (const cipher_ctx_t *ctx) |
| Check if the supplied cipher is a supported AEAD mode cipher. More... | |
| int | cipher_ctx_reset (EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf) |
| int | cipher_ctx_update_ad (EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len) |
| int | cipher_ctx_update (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len) |
| int | cipher_ctx_final (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len) |
| int | cipher_ctx_final_check_tag (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len) |
| static evp_md_type * | md_get (const char *digest) |
| bool | md_valid (const char *digest) |
| Return if a message digest parameters is valid given the name of the digest. More... | |
| const char * | md_kt_name (const char *mdname) |
| Retrieve a string describing the digest digest (e.g. More... | |
| unsigned char | md_kt_size (const char *mdname) |
| Returns the size of the message digest, in bytes. More... | |
| int | md_full (const char *mdname, const uint8_t *src, int src_len, uint8_t *dst) |
| Calculates the message digest for the given buffer. More... | |
| EVP_MD_CTX * | md_ctx_new (void) |
| void | md_ctx_free (EVP_MD_CTX *ctx) |
| void | md_ctx_init (EVP_MD_CTX *ctx, const char *mdname) |
| void | md_ctx_cleanup (EVP_MD_CTX *ctx) |
| int | md_ctx_size (const EVP_MD_CTX *ctx) |
| void | md_ctx_update (EVP_MD_CTX *ctx, const uint8_t *src, int src_len) |
| void | md_ctx_final (EVP_MD_CTX *ctx, uint8_t *dst) |
| HMAC_CTX * | hmac_ctx_new (void) |
| void | hmac_ctx_free (HMAC_CTX *ctx) |
| void | hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, const char *mdname) |
| void | hmac_ctx_cleanup (HMAC_CTX *ctx) |
| int | hmac_ctx_size (HMAC_CTX *ctx) |
| void | hmac_ctx_reset (HMAC_CTX *ctx) |
| void | hmac_ctx_update (HMAC_CTX *ctx, const uint8_t *src, int src_len) |
| void | hmac_ctx_final (HMAC_CTX *ctx, uint8_t *dst) |
| int | memcmp_constant_time (const void *a, const void *b, size_t size) |
| As memcmp(), but constant-time. More... | |
| bool | ssl_tls1_PRF (const uint8_t *seed, int seed_len, const uint8_t *secret, int secret_len, uint8_t *output, int output_len) |
| Calculates the TLS 1.0-1.1 PRF function. More... | |
Variables | |
| const cipher_name_pair | cipher_name_translation_table [] |
| Cipher name translation table. More... | |
| const size_t | cipher_name_translation_table_count |
| const cipher_name_pair | digest_name_translation_table [] |
| const size_t | digest_name_translation_table_count |
Function Documentation
◆ cipher_ctx_block_size()
| int cipher_ctx_block_size | ( | const EVP_CIPHER_CTX * | ctx | ) |
Definition at line 892 of file crypto_openssl.c.
◆ cipher_ctx_final()
| int cipher_ctx_final | ( | EVP_CIPHER_CTX * | ctx, |
| uint8_t * | dst, | ||
| int * | dst_len | ||
| ) |
Definition at line 990 of file crypto_openssl.c.
Referenced by cipher_ctx_final_check_tag().
◆ cipher_ctx_final_check_tag()
| int cipher_ctx_final_check_tag | ( | EVP_CIPHER_CTX * | ctx, |
| uint8_t * | dst, | ||
| int * | dst_len, | ||
| uint8_t * | tag, | ||
| size_t | tag_len | ||
| ) |
Definition at line 996 of file crypto_openssl.c.
References ASSERT, and cipher_ctx_final().
◆ cipher_ctx_free()
| void cipher_ctx_free | ( | EVP_CIPHER_CTX * | ctx | ) |
Definition at line 856 of file crypto_openssl.c.
◆ cipher_ctx_get_tag()
| int cipher_ctx_get_tag | ( | EVP_CIPHER_CTX * | ctx, |
| uint8_t * | tag_buf, | ||
| int | tag_size | ||
| ) |
Definition at line 886 of file crypto_openssl.c.
◆ cipher_ctx_init()
| void cipher_ctx_init | ( | EVP_CIPHER_CTX * | ctx, |
| const uint8_t * | key, | ||
| const char * | ciphername, | ||
| crypto_operation_t | enc | ||
| ) |
Definition at line 862 of file crypto_openssl.c.
References ASSERT, cipher_get(), crypto_msg, EVP_CIPHER_free(), evp_cipher_type, and M_FATAL.
◆ cipher_ctx_iv_length()
| int cipher_ctx_iv_length | ( | const EVP_CIPHER_CTX * | ctx | ) |
Definition at line 880 of file crypto_openssl.c.
◆ cipher_ctx_mode()
| int cipher_ctx_mode | ( | const EVP_CIPHER_CTX * | ctx | ) |
Definition at line 898 of file crypto_openssl.c.
◆ cipher_ctx_mode_aead()
| bool cipher_ctx_mode_aead | ( | const cipher_ctx_t * | ctx | ) |
Check if the supplied cipher is a supported AEAD mode cipher.
- Parameters
-
ctx Cipher's context. May not be NULL.
- Returns
- true iff the cipher is a AEAD mode cipher.
Definition at line 939 of file crypto_openssl.c.
Referenced by init_implicit_iv(), key_ctx_update_implicit_iv(), openvpn_decrypt(), openvpn_encrypt(), and test_crypto().
◆ cipher_ctx_mode_cbc()
| bool cipher_ctx_mode_cbc | ( | const cipher_ctx_t * | ctx | ) |
Check if the supplied cipher is a supported CBC mode cipher.
- Parameters
-
ctx Cipher's context. May not be NULL.
- Returns
- true iff the cipher is a CBC mode cipher.
Definition at line 905 of file crypto_openssl.c.
Referenced by openvpn_decrypt_v1(), and openvpn_encrypt_v1().
◆ cipher_ctx_mode_ofb_cfb()
| bool cipher_ctx_mode_ofb_cfb | ( | const cipher_ctx_t * | ctx | ) |
Check if the supplied cipher is a supported OFB or CFB mode cipher.
- Parameters
-
ctx Cipher's context. May not be NULL.
- Returns
- true iff the cipher is a OFB or CFB mode cipher.
Definition at line 924 of file crypto_openssl.c.
References EVP_CIPHER_CTX_get_mode.
Referenced by openvpn_decrypt_v1(), and openvpn_encrypt_v1().
◆ cipher_ctx_new()
| cipher_ctx_t* cipher_ctx_new | ( | void | ) |
Generic cipher functions.
Allocate a new cipher context
- Returns
- a new cipher context
Definition at line 848 of file crypto_openssl.c.
References check_malloc_return().
Referenced by init_key_ctx().
◆ cipher_ctx_reset()
| int cipher_ctx_reset | ( | EVP_CIPHER_CTX * | ctx, |
| const uint8_t * | iv_buf | ||
| ) |
Definition at line 962 of file crypto_openssl.c.
◆ cipher_ctx_update()
| int cipher_ctx_update | ( | EVP_CIPHER_CTX * | ctx, |
| uint8_t * | dst, | ||
| int * | dst_len, | ||
| uint8_t * | src, | ||
| int | src_len | ||
| ) |
Definition at line 979 of file crypto_openssl.c.
References crypto_msg, and M_FATAL.
◆ cipher_ctx_update_ad()
| int cipher_ctx_update_ad | ( | EVP_CIPHER_CTX * | ctx, |
| const uint8_t * | src, | ||
| int | src_len | ||
| ) |
Definition at line 968 of file crypto_openssl.c.
References crypto_msg, and M_FATAL.
◆ cipher_get()
|
static |
Definition at line 609 of file crypto_openssl.c.
References ASSERT, EVP_CIPHER_fetch(), and translate_cipher_name_from_openvpn().
Referenced by cipher_ctx_init(), cipher_kt_block_size(), cipher_kt_insecure(), cipher_kt_iv_size(), cipher_kt_key_size(), cipher_kt_mode_aead(), cipher_kt_mode_cbc(), cipher_kt_mode_ofb_cfb(), cipher_kt_name(), and cipher_valid_reason().
◆ cipher_kt_block_size()
| int cipher_kt_block_size | ( | const char * | ciphername | ) |
Returns the block size of the cipher, in bytes.
- Parameters
-
ciphername cipher name
- Returns
- Block size, in bytes.
Definition at line 697 of file crypto_openssl.c.
References cipher_get(), cleanup(), EVP_CIPHER_fetch(), EVP_CIPHER_free(), evp_cipher_type, string_alloc(), translate_cipher_name_from_openvpn(), and translate_cipher_name_to_openvpn().
Referenced by adjust_payload_max_cbc(), calculate_crypto_overhead(), cipher_kt_insecure(), init_key_ctx(), init_key_type(), print_cipher(), and warn_insecure_key_type().
◆ cipher_kt_insecure()
| bool cipher_kt_insecure | ( | const char * | ciphername | ) |
Returns true if we consider this cipher to be insecure.
Definition at line 759 of file crypto_openssl.c.
References cipher_get(), cipher_kt_block_size(), EVP_CIPHER_free(), and evp_cipher_type.
Referenced by show_available_ciphers(), tls_limit_reneg_bytes(), and warn_insecure_key_type().
◆ cipher_kt_iv_size()
| int cipher_kt_iv_size | ( | const char * | ciphername | ) |
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
- Parameters
-
ciphername cipher name to lookup
- Returns
- Size of the IV, in bytes, or 0 if the cipher does not use an IV.
Definition at line 688 of file crypto_openssl.c.
References cipher_get(), EVP_CIPHER_free(), and evp_cipher_type.
Referenced by calculate_crypto_overhead(), and init_key_ctx().
◆ cipher_kt_key_size()
| int cipher_kt_key_size | ( | const char * | ciphername | ) |
Returns the size of keys used by the cipher, in bytes.
If the cipher has a variable key size, return the default key size.
- Parameters
-
ciphername Cipher name to lookup
- Returns
- (Default) size of keys used by the cipher, in bytes.
Definition at line 679 of file crypto_openssl.c.
References cipher_get(), EVP_CIPHER_free(), and evp_cipher_type.
Referenced by dco_new_key(), init_key_ctx(), key_is_zero(), key_print(), options_string(), print_cipher(), read_key(), and write_key().
◆ cipher_kt_mode()
| int cipher_kt_mode | ( | const EVP_CIPHER * | cipher_kt | ) |
Definition at line 782 of file crypto_openssl.c.
References ASSERT.
Referenced by cipher_kt_mode_cbc(), and cipher_kt_mode_ofb_cfb().
◆ cipher_kt_mode_aead()
| bool cipher_kt_mode_aead | ( | const char * | ciphername | ) |
Check if the supplied cipher is a supported AEAD mode cipher.
- Parameters
-
ciphername name of the cipher
- Returns
- true iff the cipher is a AEAD mode cipher.
Definition at line 816 of file crypto_openssl.c.
References cipher_get(), EVP_CIPHER_free(), evp_cipher_type, and OPENVPN_MODE_GCM.
Referenced by calculate_crypto_overhead(), cipher_kt_tag_size(), collect_ciphers(), init_key_type(), mutate_ncp_cipher_list(), and tls_print_deferred_options_results().
◆ cipher_kt_mode_cbc()
| bool cipher_kt_mode_cbc | ( | const char * | ciphername | ) |
Check if the supplied cipher is a supported CBC mode cipher.
- Parameters
-
ciphername cipher name
- Returns
- true iff the cipher is a CBC mode cipher.
Definition at line 789 of file crypto_openssl.c.
References cipher_get(), cipher_kt_mode(), EVP_CIPHER_free(), evp_cipher_type, and OPENVPN_MODE_CBC.
Referenced by adjust_payload_max_cbc(), calculate_crypto_overhead(), collect_ciphers(), frame_calculate_fragment(), frame_calculate_payload_overhead(), init_key_type(), mutate_ncp_cipher_list(), and print_cipher().
◆ cipher_kt_mode_ofb_cfb()
| bool cipher_kt_mode_ofb_cfb | ( | const char * | ciphername | ) |
Check if the supplied cipher is a supported OFB or CFB mode cipher.
- Parameters
-
ciphername cipher name
- Returns
- true iff the cipher is a OFB or CFB mode cipher.
Definition at line 804 of file crypto_openssl.c.
References cipher_get(), cipher_kt_mode(), EVP_CIPHER_free(), evp_cipher_type, OPENVPN_MODE_CFB, and OPENVPN_MODE_OFB.
Referenced by calc_packet_id_size_dc(), collect_ciphers(), do_init_crypto_tls(), init_key_type(), mutate_ncp_cipher_list(), and tls_session_update_crypto_params_do_work().
◆ cipher_kt_name()
| const char* cipher_kt_name | ( | const char * | ciphername | ) |
Retrieve a normalised string describing the cipher (e.g.
AES-128-CBC). The returned name is normalised to the OpenVPN config name in case the name differs from the name used by the crypto library.
Returns [null-cipher] in case the ciphername is none. NULL if the cipher is not valid.
- Parameters
-
ciphername Name of the cipher
- Returns
- a statically allocated string describing the cipher.
Definition at line 659 of file crypto_openssl.c.
References ASSERT, cipher_get(), EVP_CIPHER_free(), evp_cipher_type, and translate_cipher_name_to_openvpn().
Referenced by init_key_ctx(), key_print(), mutate_ncp_cipher_list(), options_string(), p2p_mode_ncp(), print_cipher(), test_translate_cipher(), and tls_print_deferred_options_results().
◆ cipher_kt_tag_size()
| int cipher_kt_tag_size | ( | const char * | ciphername | ) |
Returns the MAC tag size of the cipher, in bytes.
- Parameters
-
ciphername Name of the cipher
- Returns
- Tag size in bytes, or 0 if the tag size could not be determined.
Definition at line 746 of file crypto_openssl.c.
References cipher_kt_mode_aead(), and OPENVPN_AEAD_TAG_LENGTH.
Referenced by calculate_crypto_overhead().
◆ cipher_name_cmp()
|
static |
Definition at line 327 of file crypto_openssl.c.
References EVP_CIPHER_get0_name.
Referenced by show_available_ciphers().
◆ cipher_valid_reason()
| bool cipher_valid_reason | ( | const char * | ciphername, |
| const char ** | reason | ||
| ) |
Returns if the cipher is valid, based on the given cipher name and provides a reason if invalid.
- Parameters
-
ciphername Name of the cipher to check for validity (e.g. AES-128-CBC). Will be translated to the library name from the openvpn config name if needed.reason Pointer where a static string indicating the reason for rejecting the cipher should be stored. It is set to NULL if the cipher is valid.
- Returns
- if the cipher is valid
Definition at line 618 of file crypto_openssl.c.
References cipher_get(), crypto_msg, D_LOW, EVP_CIPHER_free(), evp_cipher_type, MAX_CIPHER_KEY_LENGTH, msg, and PACKAGE_NAME.
Referenced by cipher_valid(), and print_cipher().
◆ collect_ciphers()
|
static |
Definition at line 342 of file crypto_openssl.c.
References cipher_kt_mode_aead(), cipher_kt_mode_cbc(), cipher_kt_mode_ofb_cfb(), ENABLE_OFB_CFB_MODE, EVP_CIPHER_get0_name, collect_ciphers::list, M_WARN, msg, collect_ciphers::num, and SIZE.
Referenced by show_available_ciphers().
◆ crypto_clear_error()
| void crypto_clear_error | ( | void | ) |
Definition at line 229 of file crypto_openssl.c.
Referenced by openvpn_decrypt_aead(), openvpn_decrypt_v1(), openvpn_encrypt_aead(), openvpn_encrypt_v1(), tls_crypt_unwrap(), and tls_crypt_wrap().
◆ crypto_init_lib()
| void crypto_init_lib | ( | void | ) |
Definition at line 194 of file crypto_openssl.c.
Referenced by init_ssl_lib().
◆ crypto_init_lib_engine()
| void crypto_init_lib_engine | ( | const char * | engine_name | ) |
Definition at line 144 of file crypto_openssl.c.
References ASSERT, M_WARN, and msg.
Referenced by init_crypto_pre().
◆ crypto_load_provider()
| provider_t* crypto_load_provider | ( | const char * | provider | ) |
Load the given (OpenSSL) providers.
- Parameters
-
provider name of providers to load
- Returns
- reference to the loaded provider
Definition at line 160 of file crypto_openssl.c.
References crypto_msg, M_FATAL, M_WARN, and msg.
Referenced by init_early(), and main().
◆ crypto_pem_decode()
Decode a PEM buffer to binary data.
- Parameters
-
name The name expected in the PEM header/footer. dst Destination buffer for decoded data. src Source buffer (PEM data).
- Returns
- true iff PEM decode succeeded.
Definition at line 530 of file crypto_openssl.c.
References BCAP, BLEN, BPTR, buf_write_alloc(), cleanup(), crypto_msg, D_CRYPT_ERRORS, dmsg, and M_FATAL.
Referenced by crypto_pem_encode_decode_loopback(), and read_pem_key_file().
◆ crypto_pem_encode()
| bool crypto_pem_encode | ( | const char * | name, |
| struct buffer * | dst, | ||
| const struct buffer * | src, | ||
| struct gc_arena * | gc | ||
| ) |
Encode binary data as PEM.
- Parameters
-
name The name to use in the PEM header/footer. dst Destination buffer for PEM-encoded data. Must be a valid pointer to an uninitialized buffer structure. Iff this function returns true, the buffer will contain memory allocated through the supplied gc. src Source buffer. gc The garbage collector to use when allocating memory for dst.
- Returns
- true iff PEM encode succeeded.
Definition at line 502 of file crypto_openssl.c.
References alloc_buf_gc(), ASSERT, BLEN, BPTR, buf_write(), cleanup(), and buffer::data.
Referenced by crypto_pem_encode_decode_loopback(), tls_crypt_v2_write_client_key_file(), and write_pem_key_file().
◆ crypto_print_openssl_errors()
| void crypto_print_openssl_errors | ( | const unsigned int | flags | ) |
Retrieve any occurred OpenSSL errors and print those errors.
Note that this function uses the not thread-safe OpenSSL error API.
- Parameters
-
flags Flags to indicate error type and priority.
Definition at line 235 of file crypto_openssl.c.
Referenced by tls_ctx_load_cert_file(), and tls_ctx_load_pkcs12().
◆ crypto_uninit_lib()
| void crypto_uninit_lib | ( | void | ) |
◆ crypto_unload_provider()
| void crypto_unload_provider | ( | const char * | provname, |
| provider_t * | provider | ||
| ) |
Unloads the given (OpenSSL) provider.
- Parameters
-
provname name of the provider to unload provider pointer to the provider to unload
Definition at line 177 of file crypto_openssl.c.
References crypto_msg, and M_FATAL.
Referenced by uninit_early().
◆ hmac_ctx_cleanup()
| void hmac_ctx_cleanup | ( | HMAC_CTX * | ctx | ) |
Definition at line 1217 of file crypto_openssl.c.
◆ hmac_ctx_final()
| void hmac_ctx_final | ( | HMAC_CTX * | ctx, |
| uint8_t * | dst | ||
| ) |
Definition at line 1244 of file crypto_openssl.c.
◆ hmac_ctx_free()
| void hmac_ctx_free | ( | HMAC_CTX * | ctx | ) |
Definition at line 1194 of file crypto_openssl.c.
◆ hmac_ctx_init()
| void hmac_ctx_init | ( | HMAC_CTX * | ctx, |
| const uint8_t * | key, | ||
| const char * | mdname | ||
| ) |
Definition at line 1200 of file crypto_openssl.c.
References ASSERT, crypto_msg, evp_md_type, M_FATAL, and md_get().
◆ hmac_ctx_new()
| HMAC_CTX* hmac_ctx_new | ( | void | ) |
Definition at line 1186 of file crypto_openssl.c.
References check_malloc_return().
Referenced by crypto_test_hmac(), gen_hmac_md5(), init_key_ctx(), init_static_hmac(), and session_id_hmac_init().
◆ hmac_ctx_reset()
| void hmac_ctx_reset | ( | HMAC_CTX * | ctx | ) |
Definition at line 1229 of file crypto_openssl.c.
References crypto_msg, and M_FATAL.
◆ hmac_ctx_size()
| int hmac_ctx_size | ( | HMAC_CTX * | ctx | ) |
Definition at line 1223 of file crypto_openssl.c.
◆ hmac_ctx_update()
| void hmac_ctx_update | ( | HMAC_CTX * | ctx, |
| const uint8_t * | src, | ||
| int | src_len | ||
| ) |
Definition at line 1238 of file crypto_openssl.c.
◆ md_ctx_cleanup()
| void md_ctx_cleanup | ( | EVP_MD_CTX * | ctx | ) |
Definition at line 1153 of file crypto_openssl.c.
◆ md_ctx_final()
| void md_ctx_final | ( | EVP_MD_CTX * | ctx, |
| uint8_t * | dst | ||
| ) |
Definition at line 1171 of file crypto_openssl.c.
◆ md_ctx_free()
| void md_ctx_free | ( | EVP_MD_CTX * | ctx | ) |
Definition at line 1133 of file crypto_openssl.c.
◆ md_ctx_init()
| void md_ctx_init | ( | EVP_MD_CTX * | ctx, |
| const char * | mdname | ||
| ) |
Definition at line 1139 of file crypto_openssl.c.
References ASSERT, crypto_msg, EVP_MD_free(), evp_md_type, M_FATAL, and md_get().
◆ md_ctx_new()
| EVP_MD_CTX* md_ctx_new | ( | void | ) |
Definition at line 1125 of file crypto_openssl.c.
References check_malloc_return().
Referenced by DigestCalcHA1(), DigestCalcResponse(), and process_incoming_push_reply().
◆ md_ctx_size()
| int md_ctx_size | ( | const EVP_MD_CTX * | ctx | ) |
Definition at line 1159 of file crypto_openssl.c.
◆ md_ctx_update()
| void md_ctx_update | ( | EVP_MD_CTX * | ctx, |
| const uint8_t * | src, | ||
| int | src_len | ||
| ) |
Definition at line 1165 of file crypto_openssl.c.
◆ md_full()
| int md_full | ( | const char * | mdname, |
| const uint8_t * | src, | ||
| int | src_len, | ||
| uint8_t * | dst | ||
| ) |
Calculates the message digest for the given buffer.
- Parameters
-
mdname message digest name src Buffer to digest. May not be NULL. src_len The length of the incoming buffer. dst Buffer to write the message digest to. May not be NULL.
- Returns
1on success,0on failure
Definition at line 1114 of file crypto_openssl.c.
References EVP_MD_free(), evp_md_type, and md_get().
Referenced by gen_md4_hash().
◆ md_get()
|
static |
Definition at line 1017 of file crypto_openssl.c.
References ASSERT, crypto_msg, EVP_MD_fetch(), evp_md_type, M_FATAL, MAX_HMAC_KEY_LENGTH, and PACKAGE_NAME.
Referenced by hmac_ctx_init(), md_ctx_init(), md_full(), md_kt_name(), and md_kt_size().
◆ md_kt_name()
| const char* md_kt_name | ( | const char * | mdname | ) |
Retrieve a string describing the digest digest (e.g.
SHA1).
- Parameters
-
mdname Message digest name
- Returns
- Statically allocated string describing the message digest.
Definition at line 1070 of file crypto_openssl.c.
References digest_name_translation_table, digest_name_translation_table_count, EVP_MD_free(), EVP_MD_get0_name, evp_md_type, cipher_name_pair::lib_name, md_get(), and cipher_name_pair::openvpn_name.
Referenced by init_key_ctx(), key_print(), options_string(), print_digest(), and tls_print_deferred_options_results().
◆ md_kt_size()
| unsigned char md_kt_size | ( | const char * | mdname | ) |
Returns the size of the message digest, in bytes.
- Parameters
-
mdname Message digest name
- Returns
- Message digest size, in bytes, or 0 if ctx was NULL.
Definition at line 1094 of file crypto_openssl.c.
References EVP_MD_free(), evp_md_type, and md_get().
Referenced by calculate_crypto_overhead(), crypto_test_hmac(), init_key_ctx(), init_key_type(), key_print(), read_key(), and write_key().
◆ md_valid()
| bool md_valid | ( | const char * | digest | ) |
Return if a message digest parameters is valid given the name of the digest.
- Parameters
-
digest Name of the digest to verify, e.g. MD5).
- Returns
- Whether a digest of the given name is available
Definition at line 1038 of file crypto_openssl.c.
References EVP_MD_fetch(), EVP_MD_free(), and evp_md_type.
Referenced by create_kt(), do_init_tls_wrap_key(), init_static_hmac(), main(), and session_id_hmac_init().
◆ memcmp_constant_time()
| int memcmp_constant_time | ( | const void * | a, |
| const void * | b, | ||
| size_t | size | ||
| ) |
As memcmp(), but constant-time.
Returns 0 when data is equal, non-zero otherwise.
Definition at line 1345 of file crypto_openssl.c.
Referenced by check_hmac_token(), check_session_id_hmac(), is_auth_token(), man_check_password(), openvpn_decrypt_v1(), tls_crypt_unwrap(), tls_crypt_v2_unwrap_client_key(), verify_auth_token(), and verify_cert().
◆ print_digest()
| void print_digest | ( | EVP_MD * | digest, |
| void * | unused | ||
| ) |
Definition at line 429 of file crypto_openssl.c.
References EVP_MD_get0_name, and md_kt_name().
Referenced by show_available_digests().
◆ rand_bytes()
| int rand_bytes | ( | uint8_t * | output, |
| int | len | ||
| ) |
Wrapper for secure random number generator.
Retrieves len bytes of random data, and places it in output.
- Parameters
-
output Output buffer len Length of the output buffer, in bytes
- Returns
1on success,0on failure
Definition at line 592 of file crypto_openssl.c.
References crypto_msg, D_CRYPT_ERRORS, and unlikely.
Referenced by do_data_channel_round_trip(), establish_http_proxy_passthru(), generate_auth_token(), generate_ephemeral_key(), generate_key_random(), init_crypto_options(), init_implicit_iv(), prng_bytes(), random_bytes_to_buf(), session_id_hmac_init(), test_crypto(), test_tls_crypt_v2_setup(), tls_crypt_v2_wrap_unwrap_dst_too_small(), tls_crypt_v2_wrap_unwrap_max_metadata(), tls_crypt_v2_write_client_key_file(), and write_pem_key_file().
◆ show_available_ciphers()
| void show_available_ciphers | ( | void | ) |
Definition at line 369 of file crypto_openssl.c.
References cipher_kt_insecure(), cipher_name_cmp(), collect_ciphers(), EVP_CIPHER_get0_name, collect_ciphers::list, collect_ciphers::num, PACKAGE_NAME, and print_cipher().
Referenced by print_openssl_info().
◆ show_available_digests()
| void show_available_digests | ( | void | ) |
Definition at line 436 of file crypto_openssl.c.
References PACKAGE_NAME, and print_digest().
Referenced by print_openssl_info().
◆ show_available_engines()
| void show_available_engines | ( | void | ) |
Definition at line 477 of file crypto_openssl.c.
Referenced by print_openssl_info().
◆ ssl_tls1_PRF()
| bool ssl_tls1_PRF | ( | const uint8_t * | seed, |
| int | seed_len, | ||
| const uint8_t * | secret, | ||
| int | secret_len, | ||
| uint8_t * | output, | ||
| int | output_len | ||
| ) |
Calculates the TLS 1.0-1.1 PRF function.
For the exact specification of the function definition see the TLS RFCs like RFC 4346.
- Parameters
-
seed seed to use seed_len length of the seed secret secret to use secret_len length of the secret output output destination output_len length of output/number of bytes to generate
- Returns
- true if successful, false on any error
Definition at line 1402 of file crypto_openssl.c.
Referenced by check_tls_prf_working(), crypto_test_tls_prf(), and openvpn_PRF().
Variable Documentation
◆ cipher_name_translation_table
| const cipher_name_pair cipher_name_translation_table[] |
Cipher name translation table.
Definition at line 316 of file crypto_openssl.c.
Referenced by get_cipher_name_pair().
◆ cipher_name_translation_table_count
| const size_t cipher_name_translation_table_count |
Definition at line 322 of file crypto_openssl.c.
Referenced by get_cipher_name_pair().
◆ digest_name_translation_table
| const cipher_name_pair digest_name_translation_table[] |
Definition at line 1053 of file crypto_openssl.c.
Referenced by md_kt_name().
◆ digest_name_translation_table_count
| const size_t digest_name_translation_table_count |
