31 #elif defined(_MSC_VER) 37 #if defined(ENABLE_CRYPTO_OPENSSL) 46 #include <openssl/conf.h> 47 #include <openssl/des.h> 48 #include <openssl/err.h> 49 #include <openssl/evp.h> 50 #include <openssl/objects.h> 51 #include <openssl/rand.h> 52 #include <openssl/ssl.h> 58 #if MAX_CIPHER_KEY_LENGTH < EVP_MAX_KEY_LENGTH 59 #warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH 62 #if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE 63 #warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH 66 #if HAVE_OPENSSL_ENGINE 67 #include <openssl/ui.h> 68 #include <openssl/engine.h> 70 static bool engine_initialized =
false;
72 static ENGINE *engine_persist = NULL;
76 try_load_engine(
const char *engine)
78 ENGINE *e = ENGINE_by_id(
"dynamic");
81 if (!ENGINE_ctrl_cmd_string(e,
"SO_PATH", engine, 0)
82 || !ENGINE_ctrl_cmd_string(e,
"LOAD", NULL, 0))
92 setup_engine(
const char *engine)
96 ENGINE_load_builtin_engines();
100 if (strcmp(engine,
"auto") == 0)
102 msg(
M_INFO,
"Initializing OpenSSL auto engine support");
103 ENGINE_register_all_complete();
106 if ((e = ENGINE_by_id(engine)) == NULL
107 && (e = try_load_engine(engine)) == NULL)
113 if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
116 "OpenSSL error: ENGINE_set_default failed on engine '%s'",
120 msg(
M_INFO,
"Initializing OpenSSL support for engine '%s'",
131 #if HAVE_OPENSSL_ENGINE 132 if (!engine_initialized)
136 engine_persist = setup_engine(engine_name);
137 engine_initialized =
true;
140 msg(
M_WARN,
"Note: OpenSSL hardware crypto engine functionality is not available");
153 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) 154 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
156 OPENSSL_config(NULL);
165 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
173 FILE *fp = fopen(
"sdlog",
"w");
175 CRYPTO_mem_leaks_fp(fp);
179 #if HAVE_OPENSSL_ENGINE 180 if (engine_initialized)
183 engine_persist = NULL;
184 engine_initialized =
false;
200 while ((err = ERR_get_error()))
203 if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER)
206 "in common with the client. Your --tls-cipher setting might be " 209 else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL)
212 "indicates that client and server have no common TLS version enabled. " 213 "This can be caused by mismatched tls-version-min and tls-version-max " 214 "options on client and server. " 215 "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding " 216 "tls-version-min 1.0 to the client configuration to use TLS 1.0+ " 217 "instead of TLS 1.0 only");
219 msg(flags,
"OpenSSL: %s", ERR_error_string(err, NULL));
234 crypto_malloc(
size_t size,
const char *file,
int line)
236 return dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0);
240 crypto_realloc(
void *ptr,
size_t size,
const char *file,
int line)
242 return dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
246 crypto_free(
void *ptr)
248 dmalloc_free(__FILE__, __LINE__, ptr, DMALLOC_FUNC_FREE);
252 crypto_init_dmalloc(
void)
254 CRYPTO_set_mem_ex_functions(crypto_malloc,
261 {
"AES-128-GCM",
"id-aes128-GCM" },
262 {
"AES-192-GCM",
"id-aes192-GCM" },
263 {
"AES-256-GCM",
"id-aes256-GCM" },
264 {
"CHACHA20-POLY1305",
"ChaCha20-Poly1305" },
273 const EVP_CIPHER *
const *cipher_a = a;
274 const EVP_CIPHER *
const *cipher_b = b;
286 const EVP_CIPHER *cipher_list[1000];
287 size_t num_ciphers = 0;
289 printf(
"The following ciphers and cipher modes are available for use\n" 290 "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n" 291 "parameter to the --data-ciphers (or --cipher) option. The\n" 292 "default key size is shown as well as whether or not it can be\n" 293 "changed with the --keysize directive. Using a GCM or CBC mode\n" 294 "is recommended. In static key mode only CBC mode is allowed.\n\n");
297 for (nid = 0; nid < 10000; ++nid)
299 const EVP_CIPHER *cipher = EVP_get_cipherbynid(nid);
307 cipher_list[num_ciphers++] = cipher;
309 if (num_ciphers == (
sizeof(cipher_list)/
sizeof(*cipher_list)))
311 msg(
M_WARN,
"WARNING: Too many ciphers, not showing all");
317 qsort((EVP_CIPHER *)cipher_list, num_ciphers,
sizeof(*cipher_list),
cipher_name_cmp);
319 for (i = 0; i < num_ciphers; i++)
327 printf(
"\nThe following ciphers have a block size of less than 128 bits, \n" 328 "and are therefore deprecated. Do not use unless you have to.\n\n");
329 for (i = 0; i < num_ciphers; i++)
345 printf(
"The following message digests are available for use with\n" 346 PACKAGE_NAME ". A message digest is used in conjunction with\n" 347 "the HMAC function, to authenticate received packets.\n" 348 "You can specify a message digest as parameter to\n" 349 "the --auth option.\n\n");
352 for (nid = 0; nid < 10000; ++nid)
354 const EVP_MD *digest = EVP_get_digestbynid(nid);
357 printf(
"%s %d bit digest size\n",
358 OBJ_nid2sn(nid), EVP_MD_size(digest) * 8);
367 #if HAVE_OPENSSL_ENGINE 370 printf(
"OpenSSL Crypto Engines\n\n");
372 ENGINE_load_builtin_engines();
374 e = ENGINE_get_first();
380 e = ENGINE_get_next(e);
384 printf(
"Sorry, OpenSSL hardware crypto engine functionality is not available.\n");
394 BIO *bio = BIO_new(BIO_s_mem());
395 if (!bio || !PEM_write_bio(bio, name,
"",
BPTR(src),
BLEN(src)))
402 BIO_get_mem_ptr(bio, &bptr);
423 BIO *bio = BIO_new_mem_buf((
char *)
BPTR(src),
BLEN(src));
429 char *name_read = NULL;
430 char *header_read = NULL;
432 long data_read_len = 0;
433 if (!PEM_read_bio(bio, &name_read, &header_read, &data_read,
440 if (strcmp(name, name_read))
443 "%s: unexpected PEM name (got '%s', expected '%s')",
444 __func__, name_read, name);
452 BCAP(dst), data_read_len);
455 memcpy(dst_data, data_read, data_read_len);
459 OPENSSL_free(name_read);
460 OPENSSL_free(header_read);
461 OPENSSL_free(data_read);
482 if (
unlikely(1 != RAND_bytes(output, len)))
501 const char *name = OBJ_nid2sn(EVP_CIPHER_nid(kt));
504 if (!strncmp(name,
"DES-", 4))
506 ret = EVP_CIPHER_key_length(kt) /
sizeof(DES_cblock);
508 else if (!strncmp(name,
"DESX-", 5))
525 for (i = 0; i < ndc; ++i)
527 DES_cblock *dc = (DES_cblock *)
buf_read_alloc(&b,
sizeof(DES_cblock));
531 "CRYPTO INFO: check_key_DES: insufficient key material");
534 if (DES_is_weak_key(dc))
537 "CRYPTO INFO: check_key_DES: weak key detected");
540 if (!DES_check_key_parity(dc))
543 "CRYPTO INFO: check_key_DES: bad parity detected");
561 for (i = 0; i < ndc; ++i)
563 DES_cblock *dc = (DES_cblock *)
buf_read_alloc(&b,
sizeof(DES_cblock));
570 DES_set_odd_parity(dc);
585 const EVP_CIPHER *cipher = NULL;
590 cipher = EVP_get_cipherbyname(ciphername);
601 msg(
D_LOW,
"Cipher algorithm '%s' uses a default key size (%d bytes) " 602 "which is larger than " PACKAGE_NAME "'s current maximum key size " 603 "(%d bytes)", ciphername, EVP_CIPHER_key_length(cipher),
614 if (NULL == cipher_kt)
616 return "[null-cipher]";
619 const char *name = EVP_CIPHER_name(cipher_kt);
626 return EVP_CIPHER_key_length(cipher_kt);
632 return EVP_CIPHER_iv_length(cipher_kt);
645 char *mode_str = NULL;
646 const char *orig_name = NULL;
647 const EVP_CIPHER *cbc_cipher = NULL;
649 int block_size = EVP_CIPHER_block_size(cipher);
651 orig_name = EVP_CIPHER_name(cipher);
658 mode_str = strrchr(name,
'-');
659 if (!mode_str || strlen(mode_str) < 4)
664 strcpy(mode_str,
"-CBC");
669 block_size = EVP_CIPHER_block_size(cbc_cipher);
694 #ifdef NID_chacha20_poly1305 695 || EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305
703 ASSERT(NULL != cipher_kt);
704 return EVP_CIPHER_mode(cipher_kt);
712 && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
721 && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
729 switch (EVP_CIPHER_nid(cipher))
731 case NID_aes_128_gcm:
732 case NID_aes_192_gcm:
733 case NID_aes_256_gcm:
734 #ifdef NID_chacha20_poly1305 735 case NID_chacha20_poly1305:
753 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
761 EVP_CIPHER_CTX_free(ctx);
766 const EVP_CIPHER *kt,
int enc)
768 ASSERT(NULL != kt && NULL != ctx);
771 if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc))
775 #ifdef HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH 776 if (!EVP_CIPHER_CTX_set_key_length(ctx, key_len))
781 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc))
787 ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= key_len);
793 return EVP_CIPHER_CTX_iv_length(ctx);
799 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, tag_size, tag_buf);
805 return EVP_CIPHER_CTX_block_size(ctx);
811 return EVP_CIPHER_CTX_mode(ctx);
817 return ctx ? EVP_CIPHER_CTX_cipher(ctx) : NULL;
824 return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
831 if (!EVP_CipherUpdate(ctx, NULL, &len, src, src_len))
842 if (!EVP_CipherUpdate(ctx, dst, dst_len, src, src_len))
852 return EVP_CipherFinal(ctx, dst, dst_len);
859 ASSERT(tag_len < SIZE_MAX);
860 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, tag_len, tag))
873 DES_key_schedule sched;
875 DES_set_key_unchecked((DES_cblock *)
key, &sched);
876 DES_ecb_encrypt((DES_cblock *)src, (DES_cblock *)dst, &sched, DES_ENCRYPT);
889 const EVP_MD *md = NULL;
891 md = EVP_get_digestbyname(digest);
899 "size (%d bytes) which is larger than " PACKAGE_NAME "'s current " 900 "maximum hash size (%d bytes)",
911 return "[null-digest]";
913 return EVP_MD_name(kt);
919 return (
unsigned char)EVP_MD_size(kt);
932 unsigned int in_md_len = 0;
934 return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL);
954 ASSERT(NULL != ctx && NULL != kt);
956 EVP_MD_CTX_init(ctx);
957 if (!EVP_DigestInit(ctx, kt))
972 return EVP_MD_CTX_size(ctx);
978 EVP_DigestUpdate(ctx, src, src_len);
984 unsigned int in_md_len = 0;
986 EVP_DigestFinal(ctx, dst, &in_md_len);
1014 ASSERT(NULL != kt && NULL != ctx);
1017 if (!HMAC_Init_ex(ctx, key, key_len, kt, NULL))
1023 ASSERT(HMAC_size(ctx) <= key_len);
1035 return HMAC_size(ctx);
1041 if (!HMAC_Init_ex(ctx, NULL, 0, NULL, NULL))
1050 HMAC_Update(ctx, src, src_len);
1056 unsigned int in_hmac_len = 0;
1058 HMAC_Final(ctx, dst, &in_hmac_len);
1064 return CRYPTO_memcmp(a, b, size);
1067 #if HAVE_OPENSSL_ENGINE 1069 ui_reader(UI *ui, UI_STRING *uis)
1071 SSL_CTX *ctx = UI_get0_user_data(ui);
1073 if (UI_get_string_type(uis) == UIT_PROMPT)
1079 cb(password,
sizeof(password), 0, d);
1080 UI_set_result(ui, uis, password);
1091 #if HAVE_OPENSSL_ENGINE 1095 if (!engine_persist)
1101 crypto_msg(
M_INFO,
"PEM_read_bio failed, now trying engine method to load private key");
1103 ui = UI_create_method(
"openvpn");
1110 UI_method_set_reader(ui, ui_reader);
1112 ENGINE_init(engine_persist);
1113 pkey = ENGINE_load_private_key(engine_persist, file, ui, ctx);
1114 ENGINE_finish(engine_persist);
1120 UI_destroy_method(ui);
int cipher_kt_tag_size(const EVP_CIPHER *cipher_kt)
void md_ctx_cleanup(EVP_MD_CTX *ctx)
int md_ctx_size(const EVP_MD_CTX *ctx)
EVP_PKEY * engine_load_key(const char *file, SSL_CTX *ctx)
Load a key file from an engine.
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
bool cipher_kt_insecure(const EVP_CIPHER *cipher)
static void * SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
Fetch the default password callback user data from the SSL context.
char * string_alloc(const char *str, struct gc_arena *gc)
int hmac_ctx_size(const HMAC_CTX *ctx)
const size_t cipher_name_translation_table_count
int cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
static pem_password_cb * SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
Fetch the default password callback from the SSL context.
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
static uint8_t * buf_read_alloc(struct buffer *buf, int size)
static uint8_t * buf_write_alloc(struct buffer *buf, int size)
#define OPENVPN_MODE_OFB
Cipher is in OFB mode.
void hmac_ctx_reset(HMAC_CTX *ctx)
static int cipher_name_cmp(const void *a, const void *b)
#define OPENVPN_MODE_CFB
Cipher is in CFB mode.
void show_available_ciphers(void)
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
int md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
const EVP_CIPHER * cipher_kt_get(const char *ciphername)
Return cipher parameters, based on the given cipher name.
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
void hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
void crypto_init_lib_engine(const char *engine_name)
cipher_ctx_t * cipher_ctx_new(void)
Generic cipher functions.
const cipher_kt_t * cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
Returns the static cipher parameters for this context.
static int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
Reset a message digest context.
void md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
int cipher_kt_block_size(const EVP_CIPHER *cipher)
#define MAX_CIPHER_KEY_LENGTH
int cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
void hmac_ctx_cleanup(HMAC_CTX *ctx)
int cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
void md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
void cipher_ctx_free(EVP_CIPHER_CTX *ctx)
static char * engine_name
int len
Length in bytes of the actual content within the allocated memory.
static HMAC_CTX * HMAC_CTX_new(void)
Allocate a new HMAC context object.
HMAC_CTX * hmac_ctx_new(void)
void print_cipher(const cipher_kt_t *cipher)
Print a cipher list entry.
static bool buf_write(struct buffer *dest, const void *src, int size)
void md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
void show_available_engines(void)
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
#define OPENVPN_MODE_CBC
Cipher is in CBC mode.
const EVP_MD * md_kt_get(const char *digest)
Return message digest parameters, based on the given digest name.
const char * md_kt_name(const EVP_MD *kt)
void hmac_ctx_free(HMAC_CTX *ctx)
bool key_des_check(uint8_t *key, int key_len, int ndc)
void hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, const EVP_MD *kt)
void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], unsigned char *src, unsigned char *dst)
mbedtls_cipher_info_t cipher_kt_t
Generic cipher key type context.
void hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
Free an existing message digest context.
int cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
bool cipher_kt_mode_aead(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported AEAD mode cipher.
const char * cipher_kt_name(const EVP_CIPHER *cipher_kt)
int cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
uint8_t * data
Pointer to the allocated memory.
#define ENABLE_OFB_CFB_MODE
void key_des_fixup(uint8_t *key, int key_len, int ndc)
void cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len, const EVP_CIPHER *kt, int enc)
#define MAX_HMAC_KEY_LENGTH
int cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
static int HMAC_CTX_reset(HMAC_CTX *ctx)
Reset a HMAC context.
unsigned char md_kt_size(const EVP_MD *kt)
void md_ctx_free(EVP_MD_CTX *ctx)
static EVP_MD_CTX * EVP_MD_CTX_new(void)
Allocate a new message digest object.
static void HMAC_CTX_free(HMAC_CTX *ctx)
Cleanup and free an existing HMAC context.
static void check_malloc_return(const void *p)
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.
int cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
EVP_MD_CTX * md_ctx_new(void)
Struct used in cipher name translation table.
Wrapper structure for dynamically allocated memory.
const char * translate_cipher_name_to_openvpn(const char *cipher_name)
Translate a crypto library cipher name to an OpenVPN cipher name.
int cipher_kt_key_size(const EVP_CIPHER *cipher_kt)
void crypto_clear_error(void)
const char * translate_cipher_name_from_openvpn(const char *cipher_name)
Translate a data channel cipher name from the crypto library specific name to the OpenVPN config file...
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
int cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
void crypto_init_lib(void)
Garbage collection arena used to keep track of dynamically allocated memory.
#define OPENVPN_AEAD_TAG_LENGTH
int cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported CBC mode cipher.
void crypto_uninit_lib(void)
int key_des_num_cblocks(const EVP_CIPHER *kt)
#define EVP_CIPHER_CTX_reset
void show_available_digests(void)
static void buf_set_read(struct buffer *buf, const uint8_t *data, int size)
int cipher_kt_mode(const EVP_CIPHER *cipher_kt)
bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
Container for unidirectional cipher and HMAC key material.
int cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)