OpenVPN
Functions | Variables
crypto_openssl.c File Reference
#include "syshead.h"
#include "basic.h"
#include "buffer.h"
#include "integer.h"
#include "crypto.h"
#include "crypto_backend.h"
#include "openssl_compat.h"
#include <openssl/conf.h>
#include <openssl/des.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/rand.h>
#include <openssl/ssl.h>
Include dependency graph for crypto_openssl.c:

Go to the source code of this file.

Functions

void crypto_init_lib_engine (const char *engine_name)
 
void crypto_init_lib (void)
 
void crypto_uninit_lib (void)
 
void crypto_clear_error (void)
 
void crypto_print_openssl_errors (const unsigned int flags)
 Retrieve any occurred OpenSSL errors and print those errors. More...
 
static int cipher_name_cmp (const void *a, const void *b)
 
void show_available_ciphers (void)
 
void show_available_digests (void)
 
void show_available_engines (void)
 
bool crypto_pem_encode (const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
 Encode binary data as PEM. More...
 
bool crypto_pem_decode (const char *name, struct buffer *dst, const struct buffer *src)
 Decode a PEM buffer to binary data. More...
 
int rand_bytes (uint8_t *output, int len)
 Wrapper for secure random number generator. More...
 
int key_des_num_cblocks (const EVP_CIPHER *kt)
 
bool key_des_check (uint8_t *key, int key_len, int ndc)
 
void key_des_fixup (uint8_t *key, int key_len, int ndc)
 
const EVP_CIPHER * cipher_kt_get (const char *ciphername)
 Return cipher parameters, based on the given cipher name. More...
 
const char * cipher_kt_name (const EVP_CIPHER *cipher_kt)
 
int cipher_kt_key_size (const EVP_CIPHER *cipher_kt)
 
int cipher_kt_iv_size (const EVP_CIPHER *cipher_kt)
 
int cipher_kt_block_size (const EVP_CIPHER *cipher)
 
int cipher_kt_tag_size (const EVP_CIPHER *cipher_kt)
 
bool cipher_kt_insecure (const EVP_CIPHER *cipher)
 
int cipher_kt_mode (const EVP_CIPHER *cipher_kt)
 
bool cipher_kt_mode_cbc (const cipher_kt_t *cipher)
 Check if the supplied cipher is a supported CBC mode cipher. More...
 
bool cipher_kt_mode_ofb_cfb (const cipher_kt_t *cipher)
 Check if the supplied cipher is a supported OFB or CFB mode cipher. More...
 
bool cipher_kt_mode_aead (const cipher_kt_t *cipher)
 Check if the supplied cipher is a supported AEAD mode cipher. More...
 
cipher_ctx_tcipher_ctx_new (void)
 Generic cipher functions. More...
 
void cipher_ctx_free (EVP_CIPHER_CTX *ctx)
 
void cipher_ctx_init (EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len, const EVP_CIPHER *kt, int enc)
 
int cipher_ctx_iv_length (const EVP_CIPHER_CTX *ctx)
 
int cipher_ctx_get_tag (EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
 
int cipher_ctx_block_size (const EVP_CIPHER_CTX *ctx)
 
int cipher_ctx_mode (const EVP_CIPHER_CTX *ctx)
 
const cipher_kt_tcipher_ctx_get_cipher_kt (const cipher_ctx_t *ctx)
 Returns the static cipher parameters for this context. More...
 
int cipher_ctx_reset (EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
 
int cipher_ctx_update_ad (EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
 
int cipher_ctx_update (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)
 
int cipher_ctx_final (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
 
int cipher_ctx_final_check_tag (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
 
void cipher_des_encrypt_ecb (const unsigned char key[DES_KEY_LENGTH], unsigned char src[DES_KEY_LENGTH], unsigned char dst[DES_KEY_LENGTH])
 Encrypt the given block, using DES ECB mode. More...
 
const EVP_MD * md_kt_get (const char *digest)
 Return message digest parameters, based on the given digest name. More...
 
const char * md_kt_name (const EVP_MD *kt)
 
unsigned char md_kt_size (const EVP_MD *kt)
 
int md_full (const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
 
EVP_MD_CTX * md_ctx_new (void)
 
void md_ctx_free (EVP_MD_CTX *ctx)
 
void md_ctx_init (EVP_MD_CTX *ctx, const EVP_MD *kt)
 
void md_ctx_cleanup (EVP_MD_CTX *ctx)
 
int md_ctx_size (const EVP_MD_CTX *ctx)
 
void md_ctx_update (EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
 
void md_ctx_final (EVP_MD_CTX *ctx, uint8_t *dst)
 
HMAC_CTX * hmac_ctx_new (void)
 
void hmac_ctx_free (HMAC_CTX *ctx)
 
void hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len, const EVP_MD *kt)
 
void hmac_ctx_cleanup (HMAC_CTX *ctx)
 
int hmac_ctx_size (const HMAC_CTX *ctx)
 
void hmac_ctx_reset (HMAC_CTX *ctx)
 
void hmac_ctx_update (HMAC_CTX *ctx, const uint8_t *src, int src_len)
 
void hmac_ctx_final (HMAC_CTX *ctx, uint8_t *dst)
 
int memcmp_constant_time (const void *a, const void *b, size_t size)
 As memcmp(), but constant-time. More...
 
EVP_PKEY * engine_load_key (const char *file, SSL_CTX *ctx)
 Load a key file from an engine. More...
 
static bool tls1_P_hash (const EVP_MD *md, const unsigned char *sec, int sec_len, const void *seed, int seed_len, unsigned char *out, int olen)
 
bool ssl_tls1_PRF (const uint8_t *label, int label_len, const uint8_t *sec, int slen, uint8_t *out1, int olen)
 Calculates the TLS 1.0-1.1 PRF function. More...
 

Variables

const cipher_name_pair cipher_name_translation_table []
 Cipher name translation table. More...
 
const size_t cipher_name_translation_table_count
 

Function Documentation

◆ cipher_ctx_block_size()

int cipher_ctx_block_size ( const EVP_CIPHER_CTX *  ctx)

Definition at line 812 of file crypto_openssl.c.

◆ cipher_ctx_final()

int cipher_ctx_final ( EVP_CIPHER_CTX *  ctx,
uint8_t *  dst,
int *  dst_len 
)

Definition at line 859 of file crypto_openssl.c.

Referenced by cipher_ctx_final_check_tag().

◆ cipher_ctx_final_check_tag()

int cipher_ctx_final_check_tag ( EVP_CIPHER_CTX *  ctx,
uint8_t *  dst,
int *  dst_len,
uint8_t *  tag,
size_t  tag_len 
)

Definition at line 865 of file crypto_openssl.c.

References ASSERT, cipher_ctx_final(), and EVP_CTRL_AEAD_SET_TAG.

◆ cipher_ctx_free()

void cipher_ctx_free ( EVP_CIPHER_CTX *  ctx)

Definition at line 774 of file crypto_openssl.c.

◆ cipher_ctx_get_cipher_kt()

const cipher_kt_t* cipher_ctx_get_cipher_kt ( const cipher_ctx_t ctx)

Returns the static cipher parameters for this context.

Parameters
ctxCipher's context.
Returns
Static cipher parameters for the supplied context, or NULL if unable to determine cipher parameters.

Definition at line 824 of file crypto_openssl.c.

Referenced by key_ctx_update_implicit_iv(), openvpn_decrypt(), openvpn_decrypt_aead(), openvpn_decrypt_v1(), openvpn_encrypt(), openvpn_encrypt_aead(), openvpn_encrypt_v1(), p2p_mode_ncp(), and test_crypto().

◆ cipher_ctx_get_tag()

int cipher_ctx_get_tag ( EVP_CIPHER_CTX *  ctx,
uint8_t *  tag_buf,
int  tag_size 
)

Definition at line 806 of file crypto_openssl.c.

References EVP_CTRL_AEAD_GET_TAG.

◆ cipher_ctx_init()

void cipher_ctx_init ( EVP_CIPHER_CTX *  ctx,
const uint8_t *  key,
int  key_len,
const EVP_CIPHER *  kt,
int  enc 
)

Definition at line 780 of file crypto_openssl.c.

References ASSERT, crypto_msg, EVP_CIPHER_CTX_reset, and M_FATAL.

◆ cipher_ctx_iv_length()

int cipher_ctx_iv_length ( const EVP_CIPHER_CTX *  ctx)

Definition at line 800 of file crypto_openssl.c.

◆ cipher_ctx_mode()

int cipher_ctx_mode ( const EVP_CIPHER_CTX *  ctx)

Definition at line 818 of file crypto_openssl.c.

◆ cipher_ctx_new()

cipher_ctx_t* cipher_ctx_new ( void  )

Generic cipher functions.

Allocate a new cipher context

Returns
a new cipher context

Definition at line 766 of file crypto_openssl.c.

References check_malloc_return().

Referenced by init_key_ctx().

◆ cipher_ctx_reset()

int cipher_ctx_reset ( EVP_CIPHER_CTX *  ctx,
const uint8_t *  iv_buf 
)

Definition at line 831 of file crypto_openssl.c.

◆ cipher_ctx_update()

int cipher_ctx_update ( EVP_CIPHER_CTX *  ctx,
uint8_t *  dst,
int *  dst_len,
uint8_t *  src,
int  src_len 
)

Definition at line 848 of file crypto_openssl.c.

References crypto_msg, and M_FATAL.

◆ cipher_ctx_update_ad()

int cipher_ctx_update_ad ( EVP_CIPHER_CTX *  ctx,
const uint8_t *  src,
int  src_len 
)

Definition at line 837 of file crypto_openssl.c.

References crypto_msg, buffer::len, and M_FATAL.

◆ cipher_des_encrypt_ecb()

void cipher_des_encrypt_ecb ( const unsigned char  key[DES_KEY_LENGTH],
unsigned char  src[DES_KEY_LENGTH],
unsigned char  dst[DES_KEY_LENGTH] 
)

Encrypt the given block, using DES ECB mode.

Parameters
keyDES key to use.
srcBuffer containing the 8-byte source.
dstBuffer containing the 8-byte destination

Definition at line 878 of file crypto_openssl.c.

Referenced by ntlm_phase_3().

◆ cipher_kt_block_size()

int cipher_kt_block_size ( const EVP_CIPHER *  cipher)

◆ cipher_kt_get()

const EVP_CIPHER* cipher_kt_get ( const char *  ciphername)

Return cipher parameters, based on the given cipher name.

The contents of these parameters are library-specific, and can be used to initialise encryption/decryption.

Parameters
ciphernameName of the cipher to retrieve parameters for (e.g. AES-128-CBC). Will be translated to the library name from the openvpn config name if needed.
Returns
A statically allocated structure containing parameters for the given cipher, or NULL if no matching parameters were found.

Definition at line 587 of file crypto_openssl.c.

References ASSERT, crypto_msg, D_LOW, MAX_CIPHER_KEY_LENGTH, msg, PACKAGE_NAME, and translate_cipher_name_from_openvpn().

Referenced by init_key_type(), mutate_ncp_cipher_list(), options_postprocess_setdefault_ncpciphers(), test_check_ncp_ciphers_list(), test_translate_cipher(), and tls_crypt_kt().

◆ cipher_kt_insecure()

bool cipher_kt_insecure ( const EVP_CIPHER *  cipher)

Definition at line 705 of file crypto_openssl.c.

References cipher_kt_block_size().

Referenced by show_available_ciphers().

◆ cipher_kt_iv_size()

int cipher_kt_iv_size ( const EVP_CIPHER *  cipher_kt)

Definition at line 644 of file crypto_openssl.c.

◆ cipher_kt_key_size()

int cipher_kt_key_size ( const EVP_CIPHER *  cipher_kt)

Definition at line 638 of file crypto_openssl.c.

◆ cipher_kt_mode()

int cipher_kt_mode ( const EVP_CIPHER *  cipher_kt)

Definition at line 715 of file crypto_openssl.c.

References ASSERT.

Referenced by cipher_kt_mode_cbc(), and cipher_kt_mode_ofb_cfb().

◆ cipher_kt_mode_aead()

bool cipher_kt_mode_aead ( const cipher_kt_t cipher)

Check if the supplied cipher is a supported AEAD mode cipher.

Parameters
cipherStatic cipher parameters.
Returns
true iff the cipher is a AEAD mode cipher.

Definition at line 739 of file crypto_openssl.c.

References OPENVPN_MODE_GCM.

Referenced by check_replay_consistency(), cipher_kt_tag_size(), crypto_adjust_frame_parameters(), init_key_type(), key_ctx_update_implicit_iv(), openvpn_decrypt(), openvpn_decrypt_aead(), openvpn_encrypt(), openvpn_encrypt_aead(), show_available_ciphers(), and test_crypto().

◆ cipher_kt_mode_cbc()

bool cipher_kt_mode_cbc ( const cipher_kt_t cipher)

Check if the supplied cipher is a supported CBC mode cipher.

Parameters
cipherStatic cipher parameters.
Returns
true iff the cipher is a CBC mode cipher.

Definition at line 722 of file crypto_openssl.c.

References cipher_kt_mode(), and OPENVPN_MODE_CBC.

Referenced by init_key_type(), openvpn_decrypt_v1(), openvpn_encrypt_v1(), print_cipher(), and show_available_ciphers().

◆ cipher_kt_mode_ofb_cfb()

bool cipher_kt_mode_ofb_cfb ( const cipher_kt_t cipher)

Check if the supplied cipher is a supported OFB or CFB mode cipher.

Parameters
cipherStatic cipher parameters.
Returns
true iff the cipher is a OFB or CFB mode cipher.

Definition at line 730 of file crypto_openssl.c.

References cipher_kt_mode(), OPENVPN_MODE_CFB, and OPENVPN_MODE_OFB.

Referenced by calc_options_string_link_mtu(), check_replay_consistency(), do_init_crypto_tls(), init_key_type(), openvpn_decrypt_v1(), openvpn_encrypt_v1(), show_available_ciphers(), and tls_session_update_crypto_params_do_work().

◆ cipher_kt_name()

const char* cipher_kt_name ( const EVP_CIPHER *  cipher_kt)

Definition at line 626 of file crypto_openssl.c.

References translate_cipher_name_to_openvpn().

Referenced by cipher_name_cmp().

◆ cipher_kt_tag_size()

int cipher_kt_tag_size ( const EVP_CIPHER *  cipher_kt)

Definition at line 692 of file crypto_openssl.c.

References cipher_kt_mode_aead(), and OPENVPN_AEAD_TAG_LENGTH.

◆ cipher_name_cmp()

static int cipher_name_cmp ( const void *  a,
const void *  b 
)
static

Definition at line 277 of file crypto_openssl.c.

References cipher_kt_name().

Referenced by show_available_ciphers().

◆ crypto_clear_error()

void crypto_clear_error ( void  )

◆ crypto_init_lib()

void crypto_init_lib ( void  )

Definition at line 155 of file crypto_openssl.c.

Referenced by init_ssl_lib().

◆ crypto_init_lib_engine()

void crypto_init_lib_engine ( const char *  engine_name)

Definition at line 133 of file crypto_openssl.c.

References ASSERT, M_WARN, and msg.

Referenced by init_crypto_pre().

◆ crypto_pem_decode()

bool crypto_pem_decode ( const char *  name,
struct buffer dst,
const struct buffer src 
)

Decode a PEM buffer to binary data.

Parameters
nameThe name expected in the PEM header/footer.
dstDestination buffer for decoded data.
srcSource buffer (PEM data).
Returns
true iff PEM decode succeeded.

Definition at line 422 of file crypto_openssl.c.

References BCAP, BLEN, BPTR, buf_write_alloc(), crypto_msg, D_CRYPT_ERRORS, dmsg, and M_FATAL.

Referenced by crypto_pem_encode_decode_loopback(), and read_pem_key_file().

◆ crypto_pem_encode()

bool crypto_pem_encode ( const char *  name,
struct buffer dst,
const struct buffer src,
struct gc_arena gc 
)

Encode binary data as PEM.

Parameters
nameThe name to use in the PEM header/footer.
dstDestination buffer for PEM-encoded data. Must be a valid pointer to an uninitialized buffer structure. Iff this function returns true, the buffer will contain memory allocated through the supplied gc.
srcSource buffer.
gcThe garbage collector to use when allocating memory for dst.
Returns
true iff PEM encode succeeded.

Definition at line 394 of file crypto_openssl.c.

References alloc_buf_gc(), ASSERT, BLEN, BPTR, buf_write(), and buffer::data.

Referenced by crypto_pem_encode_decode_loopback(), tls_crypt_v2_write_client_key_file(), and write_pem_key_file().

◆ crypto_print_openssl_errors()

void crypto_print_openssl_errors ( const unsigned int  flags)

Retrieve any occurred OpenSSL errors and print those errors.

Note that this function uses the not thread-safe OpenSSL error API.

Parameters
flagsFlags to indicate error type and priority.

Definition at line 202 of file crypto_openssl.c.

References D_CRYPT_ERRORS, and msg.

Referenced by tls_ctx_load_cert_file().

◆ crypto_uninit_lib()

void crypto_uninit_lib ( void  )

Definition at line 176 of file crypto_openssl.c.

References ASSERT.

Referenced by free_ssl_lib().

◆ engine_load_key()

EVP_PKEY* engine_load_key ( const char *  file,
SSL_CTX *  ctx 
)

Load a key file from an engine.

Parameters
fileThe engine file to load
uiThe UI method for the password prompt
dataThe data to pass to the UI method
Returns
The private key if successful or NULL if not

Definition at line 1098 of file crypto_openssl.c.

References crypto_msg, M_FATAL, M_INFO, and ssl_tls1_PRF().

Referenced by cipher_kt_var_key_size(), and tls_ctx_load_priv_file().

◆ hmac_ctx_cleanup()

void hmac_ctx_cleanup ( HMAC_CTX *  ctx)

Definition at line 1036 of file crypto_openssl.c.

References HMAC_CTX_reset().

◆ hmac_ctx_final()

void hmac_ctx_final ( HMAC_CTX *  ctx,
uint8_t *  dst 
)

Definition at line 1063 of file crypto_openssl.c.

◆ hmac_ctx_free()

void hmac_ctx_free ( HMAC_CTX *  ctx)

Definition at line 1014 of file crypto_openssl.c.

References HMAC_CTX_free().

◆ hmac_ctx_init()

void hmac_ctx_init ( HMAC_CTX *  ctx,
const uint8_t *  key,
int  key_len,
const EVP_MD *  kt 
)

Definition at line 1020 of file crypto_openssl.c.

References ASSERT, crypto_msg, HMAC_CTX_reset(), and M_FATAL.

◆ hmac_ctx_new()

HMAC_CTX* hmac_ctx_new ( void  )

Definition at line 1006 of file crypto_openssl.c.

References check_malloc_return(), and HMAC_CTX_new().

Referenced by gen_hmac_md5(), and init_key_ctx().

◆ hmac_ctx_reset()

void hmac_ctx_reset ( HMAC_CTX *  ctx)

Definition at line 1048 of file crypto_openssl.c.

References crypto_msg, and M_FATAL.

◆ hmac_ctx_size()

int hmac_ctx_size ( const HMAC_CTX *  ctx)

Definition at line 1042 of file crypto_openssl.c.

◆ hmac_ctx_update()

void hmac_ctx_update ( HMAC_CTX *  ctx,
const uint8_t *  src,
int  src_len 
)

Definition at line 1057 of file crypto_openssl.c.

◆ key_des_check()

bool key_des_check ( uint8_t *  key,
int  key_len,
int  ndc 
)

Definition at line 522 of file crypto_openssl.c.

References buf_read_alloc(), buf_set_read(), crypto_msg, and D_CRYPT_ERRORS.

Referenced by check_key().

◆ key_des_fixup()

void key_des_fixup ( uint8_t *  key,
int  key_len,
int  ndc 
)

Definition at line 559 of file crypto_openssl.c.

References buf_read_alloc(), buf_set_read(), D_CRYPT_ERRORS, and msg.

Referenced by create_des_keys(), and fixup_key().

◆ key_des_num_cblocks()

int key_des_num_cblocks ( const EVP_CIPHER *  kt)

Definition at line 502 of file crypto_openssl.c.

References D_CRYPTO_DEBUG, and dmsg.

◆ md_ctx_cleanup()

void md_ctx_cleanup ( EVP_MD_CTX *  ctx)

Definition at line 973 of file crypto_openssl.c.

References EVP_MD_CTX_reset().

◆ md_ctx_final()

void md_ctx_final ( EVP_MD_CTX *  ctx,
uint8_t *  dst 
)

Definition at line 991 of file crypto_openssl.c.

◆ md_ctx_free()

void md_ctx_free ( EVP_MD_CTX *  ctx)

Definition at line 955 of file crypto_openssl.c.

References EVP_MD_CTX_free().

◆ md_ctx_init()

void md_ctx_init ( EVP_MD_CTX *  ctx,
const EVP_MD *  kt 
)

Definition at line 961 of file crypto_openssl.c.

References ASSERT, crypto_msg, and M_FATAL.

◆ md_ctx_new()

EVP_MD_CTX* md_ctx_new ( void  )

◆ md_ctx_size()

int md_ctx_size ( const EVP_MD_CTX *  ctx)

Definition at line 979 of file crypto_openssl.c.

◆ md_ctx_update()

void md_ctx_update ( EVP_MD_CTX *  ctx,
const uint8_t *  src,
int  src_len 
)

Definition at line 985 of file crypto_openssl.c.

◆ md_full()

int md_full ( const EVP_MD *  kt,
const uint8_t *  src,
int  src_len,
uint8_t *  dst 
)

Definition at line 939 of file crypto_openssl.c.

◆ md_kt_get()

const EVP_MD* md_kt_get ( const char *  digest)

Return message digest parameters, based on the given digest name.

The contents of these parameters are library-specific, and can be used to initialise HMAC or message digest operations.

Parameters
digestName of the digest to retrieve parameters for (e.g. MD5).
Returns
A statically allocated structure containing parameters for the given message digest.

Definition at line 896 of file crypto_openssl.c.

References ASSERT, crypto_msg, M_FATAL, MAX_HMAC_KEY_LENGTH, and PACKAGE_NAME.

Referenced by auth_token_kt(), DigestCalcHA1(), DigestCalcResponse(), do_init_tls_wrap_key(), gen_hmac_md5(), gen_md4_hash(), init_key_type(), prng_init(), process_incoming_push_reply(), and tls_crypt_kt().

◆ md_kt_name()

const char* md_kt_name ( const EVP_MD *  kt)

Definition at line 916 of file crypto_openssl.c.

◆ md_kt_size()

unsigned char md_kt_size ( const EVP_MD *  kt)

Definition at line 926 of file crypto_openssl.c.

◆ memcmp_constant_time()

int memcmp_constant_time ( const void *  a,
const void *  b,
size_t  size 
)

As memcmp(), but constant-time.

Returns 0 when data is equal, non-zero otherwise.

Definition at line 1071 of file crypto_openssl.c.

References SSL_CTX_get_default_passwd_cb(), and SSL_CTX_get_default_passwd_cb_userdata().

Referenced by check_hmac_token(), is_auth_token(), openvpn_decrypt_v1(), tls_crypt_unwrap(), tls_crypt_v2_unwrap_client_key(), verify_auth_token(), and verify_cert().

◆ rand_bytes()

int rand_bytes ( uint8_t *  output,
int  len 
)

Wrapper for secure random number generator.

Retrieves len bytes of random data, and places it in output.

Parameters
outputOutput buffer
lenLength of the output buffer, in bytes
Returns
1 on success, 0 on failure

Definition at line 484 of file crypto_openssl.c.

References crypto_msg, D_CRYPT_ERRORS, and unlikely.

Referenced by establish_http_proxy_passthru(), generate_auth_token(), generate_ephemeral_key(), generate_key_random(), init_static(), prng_bytes(), prng_reset_nonce(), random_bytes_to_buf(), test_crypto(), test_tls_crypt_v2_setup(), tls_crypt_v2_wrap_unwrap_dst_too_small(), tls_crypt_v2_wrap_unwrap_max_metadata(), tls_crypt_v2_write_client_key_file(), and write_pem_key_file().

◆ show_available_ciphers()

void show_available_ciphers ( void  )

◆ show_available_digests()

void show_available_digests ( void  )

Definition at line 344 of file crypto_openssl.c.

References PACKAGE_NAME.

Referenced by print_openssl_info().

◆ show_available_engines()

void show_available_engines ( void  )

Definition at line 369 of file crypto_openssl.c.

Referenced by print_openssl_info().

◆ ssl_tls1_PRF()

bool ssl_tls1_PRF ( const uint8_t *  seed,
int  seed_len,
const uint8_t *  secret,
int  secret_len,
uint8_t *  output,
int  output_len 
)

Calculates the TLS 1.0-1.1 PRF function.

For the exact specification of the function definition see the TLS RFCs like RFC 4346.

Parameters
seedseed to use
seed_lenlength of the seed
secretsecret to use
secret_lenlength of the secret
outputoutput destination
output_lenlength of output/number of bytes to generate
Returns
true if successful, false on any error

Definition at line 1322 of file crypto_openssl.c.

References D_SHOW_KEY_SOURCE, dmsg, format_hex(), gc_free(), gc_malloc(), gc_new(), secure_memzero(), and tls1_P_hash().

Referenced by crypto_test_tls_prf(), engine_load_key(), and openvpn_PRF().

◆ tls1_P_hash()

static bool tls1_P_hash ( const EVP_MD *  md,
const unsigned char *  sec,
int  sec_len,
const void *  seed,
int  seed_len,
unsigned char *  out,
int  olen 
)
static

Definition at line 1203 of file crypto_openssl.c.

Referenced by ssl_tls1_PRF().

Variable Documentation

◆ cipher_name_translation_table

const cipher_name_pair cipher_name_translation_table[]
Initial value:
= {
{ "AES-128-GCM", "id-aes128-GCM" },
{ "AES-192-GCM", "id-aes192-GCM" },
{ "AES-256-GCM", "id-aes256-GCM" },
{ "CHACHA20-POLY1305", "ChaCha20-Poly1305" },
}

Cipher name translation table.

Definition at line 266 of file crypto_openssl.c.

Referenced by get_cipher_name_pair().

◆ cipher_name_translation_table_count

const size_t cipher_name_translation_table_count
Initial value:
=
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.

Definition at line 272 of file crypto_openssl.c.

Referenced by get_cipher_name_pair().