OpenVPN
crypto_openssl.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
30 #ifdef HAVE_CONFIG_H
31 #include "config.h"
32 #endif
33 
34 #include "syshead.h"
35 
36 #if defined(ENABLE_CRYPTO_OPENSSL)
37 
38 #include "basic.h"
39 #include "buffer.h"
40 #include "integer.h"
41 #include "crypto.h"
42 #include "crypto_backend.h"
43 #include "openssl_compat.h"
44 
45 #include <openssl/conf.h>
46 #include <openssl/des.h>
47 #include <openssl/err.h>
48 #include <openssl/evp.h>
49 #include <openssl/objects.h>
50 #include <openssl/rand.h>
51 #include <openssl/ssl.h>
52 
53 #if !defined(LIBRESSL_VERSION_NUMBER)
54 #include <openssl/kdf.h>
55 #endif
56 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
57 #include <openssl/provider.h>
58 #include <openssl/core_names.h>
59 #endif
60 
61 #if defined(_WIN32) && defined(OPENSSL_NO_EC)
62 #error Windows build with OPENSSL_NO_EC: disabling EC key is not supported.
63 #endif
64 
65 #ifdef _MSC_VER
66 /* mute ossl3 deprecation warnings treated as errors in msvc */
67 #pragma warning(disable: 4996)
68 #endif
69 
70 /*
71  * Check for key size creepage.
72  */
73 
74 #if MAX_CIPHER_KEY_LENGTH < EVP_MAX_KEY_LENGTH
75 #warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH
76 #endif
77 
78 #if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE
79 #warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH
80 #endif
81 
82 #if HAVE_OPENSSL_ENGINE
83 #include <openssl/ui.h>
84 #include <openssl/engine.h>
85 
86 static bool engine_initialized = false; /* GLOBAL */
87 
88 static ENGINE *engine_persist = NULL; /* GLOBAL */
89 
90 /* Try to load an engine in a shareable library */
91 static ENGINE *
92 try_load_engine(const char *engine)
93 {
94  ENGINE *e = ENGINE_by_id("dynamic");
95  if (e)
96  {
97  if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
98  || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
99  {
100  ENGINE_free(e);
101  e = NULL;
102  }
103  }
104  return e;
105 }
106 
107 static ENGINE *
108 setup_engine(const char *engine)
109 {
110  ENGINE *e = NULL;
111 
112  ENGINE_load_builtin_engines();
113 
114  if (engine)
115  {
116  if (strcmp(engine, "auto") == 0)
117  {
118  msg(M_INFO, "Initializing OpenSSL auto engine support");
119  ENGINE_register_all_complete();
120  return NULL;
121  }
122  if ((e = ENGINE_by_id(engine)) == NULL
123  && (e = try_load_engine(engine)) == NULL)
124  {
125  crypto_msg(M_FATAL, "OpenSSL error: cannot load engine '%s'",
126  engine);
127  }
128 
129  if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
130  {
132  "OpenSSL error: ENGINE_set_default failed on engine '%s'",
133  engine);
134  }
135 
136  msg(M_INFO, "Initializing OpenSSL support for engine '%s'",
137  ENGINE_get_id(e));
138  }
139  return e;
140 }
141 
142 #endif /* HAVE_OPENSSL_ENGINE */
143 
144 void
145 crypto_init_lib_engine(const char *engine_name)
146 {
147 #if HAVE_OPENSSL_ENGINE
148  if (!engine_initialized)
149  {
150  ASSERT(engine_name);
151  ASSERT(!engine_persist);
152  engine_persist = setup_engine(engine_name);
153  engine_initialized = true;
154  }
155 #else /* if HAVE_OPENSSL_ENGINE */
156  msg(M_WARN, "Note: OpenSSL hardware crypto engine functionality is not available");
157 #endif
158 }
159 
160 provider_t *
161 crypto_load_provider(const char *provider)
162 {
163 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
164  /* Load providers into the default (NULL) library context */
165  OSSL_PROVIDER *prov = OSSL_PROVIDER_load(NULL, provider);
166  if (!prov)
167  {
168  crypto_msg(M_FATAL, "failed to load provider '%s'", provider);
169  }
170  return prov;
171 #else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
172  msg(M_WARN, "Note: OpenSSL provider functionality is not available");
173  return NULL;
174 #endif
175 }
176 
177 void
178 crypto_unload_provider(const char *provname, provider_t *provider)
179 {
180 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
181  if (!OSSL_PROVIDER_unload(provider))
182  {
183  crypto_msg(M_FATAL, "failed to unload provider '%s'", provname);
184  }
185 #endif
186 }
187 
188 /*
189  *
190  * Functions related to the core crypto library
191  *
192  */
193 
194 void
196 {
197  OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
198  /*
199  * If you build the OpenSSL library and OpenVPN with
200  * CRYPTO_MDEBUG, you will get a listing of OpenSSL
201  * memory leaks on program termination.
202  */
203 
204 #ifdef CRYPTO_MDEBUG
205  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
206 #endif
207 }
208 
209 void
211 {
212 #ifdef CRYPTO_MDEBUG
213  FILE *fp = fopen("sdlog", "w");
214  ASSERT(fp);
215  CRYPTO_mem_leaks_fp(fp);
216  fclose(fp);
217 #endif
218 
219 #if HAVE_OPENSSL_ENGINE
220  if (engine_initialized)
221  {
222  ENGINE_cleanup();
223  engine_persist = NULL;
224  engine_initialized = false;
225  }
226 #endif
227 }
228 
229 void
231 {
232  ERR_clear_error();
233 }
234 
235 void
236 crypto_print_openssl_errors(const unsigned int flags)
237 {
238  unsigned long err = 0;
239  int line, errflags;
240  const char *file, *data, *func;
241 
242  while ((err = ERR_get_error_all(&file, &line, &func, &data, &errflags)) != 0)
243  {
244  if (!(errflags & ERR_TXT_STRING))
245  {
246  data = "";
247  }
248 
249  /* Be more clear about frequently occurring "no shared cipher" error */
250  if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER)
251  {
252  msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites "
253  "in common with the client. Your --tls-cipher setting might be "
254  "too restrictive.");
255  }
256  else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL)
257  {
258  msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically "
259  "indicates that client and server have no common TLS version enabled. "
260  "This can be caused by mismatched tls-version-min and tls-version-max "
261  "options on client and server. "
262  "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
263  "tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
264  "instead of TLS 1.0 only");
265  }
266 
267  /* print file and line if verb >=8 */
269  {
270  msg(flags, "OpenSSL: %s:%s", ERR_error_string(err, NULL), data);
271  }
272  else
273  {
274  msg(flags, "OpenSSL: %s:%s:%s:%d:%s", ERR_error_string(err, NULL),
275  data, file, line, func);
276  }
277  }
278 }
279 
280 
281 /*
282  *
283  * OpenSSL memory debugging. If dmalloc debugging is enabled, tell
284  * OpenSSL to use our private malloc/realloc/free functions so that
285  * we can dispatch them to dmalloc.
286  *
287  */
288 
289 #ifdef DMALLOC
290 static void *
291 crypto_malloc(size_t size, const char *file, int line)
292 {
293  return dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0);
294 }
295 
296 static void *
297 crypto_realloc(void *ptr, size_t size, const char *file, int line)
298 {
299  return dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
300 }
301 
302 static void
303 crypto_free(void *ptr)
304 {
305  dmalloc_free(__FILE__, __LINE__, ptr, DMALLOC_FUNC_FREE);
306 }
307 
308 void
309 crypto_init_dmalloc(void)
310 {
311  CRYPTO_set_mem_ex_functions(crypto_malloc,
312  crypto_realloc,
313  crypto_free);
314 }
315 #endif /* DMALLOC */
316 
318  { "AES-128-GCM", "id-aes128-GCM" },
319  { "AES-192-GCM", "id-aes192-GCM" },
320  { "AES-256-GCM", "id-aes256-GCM" },
321  { "CHACHA20-POLY1305", "ChaCha20-Poly1305" },
322 };
325 
326 
327 static int
328 cipher_name_cmp(const void *a, const void *b)
329 {
330  const EVP_CIPHER *const *cipher_a = a;
331  const EVP_CIPHER *const *cipher_b = b;
332 
333  return strcmp(EVP_CIPHER_get0_name(*cipher_a), EVP_CIPHER_get0_name(*cipher_b));
334 }
335 
337  /* If we ever exceed this, we must be more selective */
338  const EVP_CIPHER *list[1000];
339  size_t num;
340 };
341 
342 static void
343 collect_ciphers(EVP_CIPHER *cipher, void *list)
344 {
345  if (!cipher)
346  {
347  return;
348  }
349  struct collect_ciphers *cipher_list = list;
350  if (cipher_list->num == SIZE(cipher_list->list))
351  {
352  msg(M_WARN, "WARNING: Too many ciphers, not showing all");
353  return;
354  }
355 
356  const char *ciphername = EVP_CIPHER_get0_name(cipher);
357 
358  if (ciphername && (cipher_kt_mode_cbc(ciphername)
359 #ifdef ENABLE_OFB_CFB_MODE
360  || cipher_kt_mode_ofb_cfb(ciphername)
361 #endif
362  || cipher_kt_mode_aead(ciphername)
363  ))
364  {
365  cipher_list->list[cipher_list->num++] = cipher;
366  }
367 }
368 
369 void
371 {
372  struct collect_ciphers cipher_list = { 0 };
373 
374 #ifndef ENABLE_SMALL
375  printf("The following ciphers and cipher modes are available for use\n"
376  "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n"
377  "parameter to the --data-ciphers (or --cipher) option. In static \n"
378  "key mode only CBC mode is allowed.\n");
379  printf("See also openssl list -cipher-algorithms\n\n");
380 #endif
381 
382 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
383  EVP_CIPHER_do_all_provided(NULL, collect_ciphers, &cipher_list);
384 #else
385  for (int nid = 0; nid < 10000; ++nid)
386  {
387 #if defined(LIBRESSL_VERSION_NUMBER)
388  /* OpenBSD/LibreSSL reimplemented EVP_get_cipherbyname and broke
389  * calling EVP_get_cipherbynid with an invalid nid in the process
390  * so that it would segfault. */
391  const EVP_CIPHER *cipher = NULL;
392  const char *name = OBJ_nid2sn(nid);
393  if (name)
394  {
395  cipher = EVP_get_cipherbyname(name);
396  }
397 #else /* if defined(LIBRESSL_VERSION_NUMBER) */
398  const EVP_CIPHER *cipher = EVP_get_cipherbynid(nid);
399 #endif
400  /* We cast the const away so we can keep the function prototype
401  * compatible with EVP_CIPHER_do_all_provided */
402  collect_ciphers((EVP_CIPHER *) cipher, &cipher_list);
403  }
404 #endif
405 
406  /* cast to non-const to prevent warning */
407  qsort((EVP_CIPHER *)cipher_list.list, cipher_list.num, sizeof(*cipher_list.list), cipher_name_cmp);
408 
409  for (size_t i = 0; i < cipher_list.num; i++)
410  {
411  if (!cipher_kt_insecure(EVP_CIPHER_get0_name(cipher_list.list[i])))
412  {
413  print_cipher(EVP_CIPHER_get0_name(cipher_list.list[i]));
414  }
415  }
416 
417  printf("\nThe following ciphers have a block size of less than 128 bits, \n"
418  "and are therefore deprecated. Do not use unless you have to.\n\n");
419  for (int i = 0; i < cipher_list.num; i++)
420  {
421  if (cipher_kt_insecure(EVP_CIPHER_get0_name(cipher_list.list[i])))
422  {
423  print_cipher(EVP_CIPHER_get0_name(cipher_list.list[i]));
424  }
425  }
426  printf("\n");
427 }
428 
429 void
430 print_digest(EVP_MD *digest, void *unused)
431 {
432  printf("%s %d bit digest size\n", md_kt_name(EVP_MD_get0_name(digest)),
433  EVP_MD_size(digest) * 8);
434 }
435 
436 void
438 {
439 #ifndef ENABLE_SMALL
440  printf("The following message digests are available for use with\n"
441  PACKAGE_NAME ". A message digest is used in conjunction with\n"
442  "the HMAC function, to authenticate received packets.\n"
443  "You can specify a message digest as parameter to\n"
444  "the --auth option.\n");
445  printf("See also openssl list -digest-algorithms\n\n");
446 #endif
447 
448 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
449  EVP_MD_do_all_provided(NULL, print_digest, NULL);
450 #else
451  for (int nid = 0; nid < 10000; ++nid)
452  {
453  /* OpenBSD/LibreSSL reimplemented EVP_get_digestbyname and broke
454  * calling EVP_get_digestbynid with an invalid nid in the process
455  * so that it would segfault. */
456 #ifdef LIBRESSL_VERSION_NUMBER
457  const EVP_MD *digest = NULL;
458  const char *name = OBJ_nid2sn(nid);
459  if (name)
460  {
461  digest = EVP_get_digestbyname(name);
462  }
463 #else /* ifdef LIBRESSL_VERSION_NUMBER */
464  const EVP_MD *digest = EVP_get_digestbynid(nid);
465 #endif
466  if (digest)
467  {
468  /* We cast the const away so we can keep the function prototype
469  * compatible with EVP_MD_do_all_provided */
470  print_digest((EVP_MD *)digest, NULL);
471  }
472  }
473 #endif /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
474  printf("\n");
475 }
476 
477 void
479 {
480 #if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */
481  ENGINE *e;
482 
483  printf("OpenSSL Crypto Engines\n\n");
484 
485  ENGINE_load_builtin_engines();
486 
487  e = ENGINE_get_first();
488  while (e)
489  {
490  printf("%s [%s]\n",
491  ENGINE_get_name(e),
492  ENGINE_get_id(e));
493  e = ENGINE_get_next(e);
494  }
495  ENGINE_cleanup();
496 #else /* if HAVE_OPENSSL_ENGINE */
497  printf("Sorry, OpenSSL hardware crypto engine functionality is not available.\n");
498 #endif
499 }
500 
501 
502 bool
503 crypto_pem_encode(const char *name, struct buffer *dst,
504  const struct buffer *src, struct gc_arena *gc)
505 {
506  bool ret = false;
507  BIO *bio = BIO_new(BIO_s_mem());
508  if (!bio || !PEM_write_bio(bio, name, "", BPTR(src), BLEN(src)))
509  {
510  ret = false;
511  goto cleanup;
512  }
513 
514  BUF_MEM *bptr;
515  BIO_get_mem_ptr(bio, &bptr);
516 
517  *dst = alloc_buf_gc(bptr->length, gc);
518  ASSERT(buf_write(dst, bptr->data, bptr->length));
519 
520  ret = true;
521 cleanup:
522  if (!BIO_free(bio))
523  {
524  ret = false;
525  }
526 
527  return ret;
528 }
529 
530 bool
531 crypto_pem_decode(const char *name, struct buffer *dst,
532  const struct buffer *src)
533 {
534  bool ret = false;
535 
536  BIO *bio = BIO_new_mem_buf((char *)BPTR(src), BLEN(src));
537  if (!bio)
538  {
539  crypto_msg(M_FATAL, "Cannot open memory BIO for PEM decode");
540  }
541 
542  char *name_read = NULL;
543  char *header_read = NULL;
544  uint8_t *data_read = NULL;
545  long data_read_len = 0;
546  if (!PEM_read_bio(bio, &name_read, &header_read, &data_read,
547  &data_read_len))
548  {
549  dmsg(D_CRYPT_ERRORS, "%s: PEM decode failed", __func__);
550  goto cleanup;
551  }
552 
553  if (strcmp(name, name_read))
554  {
556  "%s: unexpected PEM name (got '%s', expected '%s')",
557  __func__, name_read, name);
558  goto cleanup;
559  }
560 
561  uint8_t *dst_data = buf_write_alloc(dst, data_read_len);
562  if (!dst_data)
563  {
564  dmsg(D_CRYPT_ERRORS, "%s: dst too small (%i, needs %li)", __func__,
565  BCAP(dst), data_read_len);
566  goto cleanup;
567  }
568  memcpy(dst_data, data_read, data_read_len);
569 
570  ret = true;
571 cleanup:
572  OPENSSL_free(name_read);
573  OPENSSL_free(header_read);
574  OPENSSL_free(data_read);
575  if (!BIO_free(bio))
576  {
577  ret = false;
578  }
579 
580  return ret;
581 }
582 
583 /*
584  *
585  * Random number functions, used in cases where we want
586  * reasonably strong cryptographic random number generation
587  * without depleting our entropy pool. Used for random
588  * IV values and a number of other miscellaneous tasks.
589  *
590  */
591 
592 int
593 rand_bytes(uint8_t *output, int len)
594 {
595  if (unlikely(1 != RAND_bytes(output, len)))
596  {
597  crypto_msg(D_CRYPT_ERRORS, "RAND_bytes() failed");
598  return 0;
599  }
600  return 1;
601 }
602 
603 /*
604  *
605  * Generic cipher key type functions
606  *
607  */
608 
609 static evp_cipher_type *
610 cipher_get(const char *ciphername)
611 {
612  ASSERT(ciphername);
613 
614  ciphername = translate_cipher_name_from_openvpn(ciphername);
615  return EVP_CIPHER_fetch(NULL, ciphername, NULL);
616 }
617 
618 bool
619 cipher_valid_reason(const char *ciphername, const char **reason)
620 {
621  bool ret = false;
622  evp_cipher_type *cipher = cipher_get(ciphername);
623  if (!cipher)
624  {
625  crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername);
626  *reason = "disabled because unknown";
627  goto out;
628  }
629 
630 #ifdef OPENSSL_FIPS
631  /* Rhel 8/CentOS 8 have a patched OpenSSL version that return a cipher
632  * here that is actually not usable if in FIPS mode */
633 
634  if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))
635  {
636  msg(D_LOW, "Cipher algorithm '%s' is known by OpenSSL library but "
637  "currently disabled by running in FIPS mode.", ciphername);
638  *reason = "disabled by FIPS mode";
639  goto out;
640  }
641 #endif
642  if (EVP_CIPHER_key_length(cipher) > MAX_CIPHER_KEY_LENGTH)
643  {
644  msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%d bytes) "
645  "which is larger than " PACKAGE_NAME "'s current maximum key size "
646  "(%d bytes)", ciphername, EVP_CIPHER_key_length(cipher),
648  *reason = "disabled due to key size too large";
649  goto out;
650  }
651 
652  ret = true;
653  *reason = NULL;
654 out:
655  EVP_CIPHER_free(cipher);
656  return ret;
657 }
658 
659 const char *
660 cipher_kt_name(const char *ciphername)
661 {
662  ASSERT(ciphername);
663  if (strcmp("none", ciphername) == 0)
664  {
665  return "[null-cipher]";
666  }
667 
668  evp_cipher_type *cipher_kt = cipher_get(ciphername);
669  if (!cipher_kt)
670  {
671  return NULL;
672  }
673 
674  const char *name = EVP_CIPHER_name(cipher_kt);
675  EVP_CIPHER_free(cipher_kt);
677 }
678 
679 int
680 cipher_kt_key_size(const char *ciphername)
681 {
682  evp_cipher_type *cipher = cipher_get(ciphername);
683  int size = EVP_CIPHER_key_length(cipher);
684  EVP_CIPHER_free(cipher);
685  return size;
686 }
687 
688 int
689 cipher_kt_iv_size(const char *ciphername)
690 {
691  evp_cipher_type *cipher = cipher_get(ciphername);
692  int ivsize = EVP_CIPHER_iv_length(cipher);
693  EVP_CIPHER_free(cipher);
694  return ivsize;
695 }
696 
697 int
698 cipher_kt_block_size(const char *ciphername)
699 {
700  /*
701  * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work
702  * around that, try to replace the mode with 'CBC' and return the block size
703  * reported for that cipher, if possible. If that doesn't work, just return
704  * the value reported by OpenSSL.
705  */
706  char *name = NULL;
707  char *mode_str = NULL;
708  const char *orig_name = NULL;
709  evp_cipher_type *cbc_cipher = NULL;
710  evp_cipher_type *cipher = cipher_get(ciphername);
711  if (!cipher)
712  {
713  return 0;
714  }
715 
716  int block_size = EVP_CIPHER_block_size(cipher);
717 
718  orig_name = EVP_CIPHER_name(cipher);
719  if (!orig_name)
720  {
721  goto cleanup;
722  }
723 
724  name = string_alloc(translate_cipher_name_to_openvpn(orig_name), NULL);
725  mode_str = strrchr(name, '-');
726  if (!mode_str || strlen(mode_str) < 4)
727  {
728  goto cleanup;
729  }
730 
731  strcpy(mode_str, "-CBC");
732 
733  cbc_cipher = EVP_CIPHER_fetch(NULL, translate_cipher_name_from_openvpn(name), NULL);
734  if (cbc_cipher)
735  {
736  block_size = EVP_CIPHER_block_size(cbc_cipher);
737  }
738 
739 cleanup:
740  EVP_CIPHER_free(cbc_cipher);
741  EVP_CIPHER_free(cipher);
742  free(name);
743  return block_size;
744 }
745 
746 int
747 cipher_kt_tag_size(const char *ciphername)
748 {
749  if (cipher_kt_mode_aead(ciphername))
750  {
752  }
753  else
754  {
755  return 0;
756  }
757 }
758 
759 bool
760 cipher_kt_insecure(const char *ciphername)
761 {
762 
763  if (cipher_kt_block_size(ciphername) >= 128 / 8)
764  {
765  return false;
766  }
767 #ifdef NID_chacha20_poly1305
768  evp_cipher_type *cipher = cipher_get(ciphername);
769  if (cipher)
770  {
771  bool ischachapoly = (EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305);
772  EVP_CIPHER_free(cipher);
773  if (ischachapoly)
774  {
775  return false;
776  }
777  }
778 #endif
779  return true;
780 }
781 
782 int
783 cipher_kt_mode(const EVP_CIPHER *cipher_kt)
784 {
785  ASSERT(NULL != cipher_kt);
786  return EVP_CIPHER_mode(cipher_kt);
787 }
788 
789 bool
790 cipher_kt_mode_cbc(const char *ciphername)
791 {
792  evp_cipher_type *cipher = cipher_get(ciphername);
793 
794  bool ret = cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
795  /* Exclude AEAD cipher modes, they require a different API */
796 #ifdef EVP_CIPH_FLAG_CTS
797  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS)
798 #endif
799  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER));
800  EVP_CIPHER_free(cipher);
801  return ret;
802 }
803 
804 bool
805 cipher_kt_mode_ofb_cfb(const char *ciphername)
806 {
807  evp_cipher_type *cipher = cipher_get(ciphername);
808  bool ofb_cfb = cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB
809  || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB)
810  /* Exclude AEAD cipher modes, they require a different API */
811  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
812  EVP_CIPHER_free(cipher);
813  return ofb_cfb;
814 }
815 
816 bool
817 cipher_kt_mode_aead(const char *ciphername)
818 {
819  bool isaead = false;
820 
821  evp_cipher_type *cipher = cipher_get(ciphername);
822  if (cipher)
823  {
824  if (EVP_CIPHER_mode(cipher) == OPENVPN_MODE_GCM)
825  {
826  isaead = true;
827  }
828 
829 #ifdef NID_chacha20_poly1305
830  if (EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305)
831  {
832  isaead = true;
833  }
834 #endif
835  }
836 
837  EVP_CIPHER_free(cipher);
838 
839  return isaead;
840 }
841 
842 /*
843  *
844  * Generic cipher context functions
845  *
846  */
847 
848 cipher_ctx_t *
850 {
851  EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
852  check_malloc_return(ctx);
853  return ctx;
854 }
855 
856 void
857 cipher_ctx_free(EVP_CIPHER_CTX *ctx)
858 {
859  EVP_CIPHER_CTX_free(ctx);
860 }
861 
862 void
863 cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key,
864  const char *ciphername, crypto_operation_t enc)
865 {
866  ASSERT(NULL != ciphername && NULL != ctx);
867  evp_cipher_type *kt = cipher_get(ciphername);
868 
869  EVP_CIPHER_CTX_reset(ctx);
870  if (!EVP_CipherInit_ex(ctx, kt, NULL, key, NULL, enc))
871  {
872  crypto_msg(M_FATAL, "EVP cipher init #2");
873  }
874 
875  /* make sure we used a big enough key */
876  ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= EVP_CIPHER_key_length(kt));
877  EVP_CIPHER_free(kt);
878 }
879 
880 int
881 cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
882 {
883  return EVP_CIPHER_CTX_iv_length(ctx);
884 }
885 
886 int
887 cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
888 {
889  return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_size, tag_buf);
890 }
891 
892 int
893 cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
894 {
895  return EVP_CIPHER_CTX_block_size(ctx);
896 }
897 
898 int
899 cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
900 {
901  return EVP_CIPHER_CTX_mode(ctx);
902 }
903 
904 
905 bool
907 {
908  if (!ctx)
909  {
910  return false;
911  }
912 
913  int flags = EVP_CIPHER_CTX_flags(ctx);
914  int mode = EVP_CIPHER_CTX_mode(ctx);
915 
916  return mode == EVP_CIPH_CBC_MODE
917  /* Exclude AEAD cipher modes, they require a different API */
918 #ifdef EVP_CIPH_FLAG_CTS
919  && !(flags & EVP_CIPH_FLAG_CTS)
920 #endif
921  && !(flags & EVP_CIPH_FLAG_AEAD_CIPHER);
922 }
923 
924 bool
926 {
927  if (!ctx)
928  {
929  return false;
930  }
931 
932  int mode = EVP_CIPHER_CTX_get_mode(ctx);
933 
934  return (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CFB_MODE)
935  /* Exclude AEAD cipher modes, they require a different API */
936  && !(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER);
937 }
938 
939 bool
941 {
942  if (ctx)
943  {
944  int flags = EVP_CIPHER_CTX_flags(ctx);
945  if (flags & EVP_CIPH_FLAG_AEAD_CIPHER)
946  {
947  return true;
948  }
949 
950 #if defined(NID_chacha20_poly1305) && OPENSSL_VERSION_NUMBER < 0x30000000L
951  if (EVP_CIPHER_CTX_nid(ctx) == NID_chacha20_poly1305)
952  {
953  return true;
954  }
955 #endif
956  }
957 
958  return false;
959 }
960 
961 
962 int
963 cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
964 {
965  return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
966 }
967 
968 int
969 cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
970 {
971  int len;
972  if (!EVP_CipherUpdate(ctx, NULL, &len, src, src_len))
973  {
974  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
975  }
976  return 1;
977 }
978 
979 int
980 cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
981  uint8_t *src, int src_len)
982 {
983  if (!EVP_CipherUpdate(ctx, dst, dst_len, src, src_len))
984  {
985  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
986  }
987  return 1;
988 }
989 
990 int
991 cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
992 {
993  return EVP_CipherFinal(ctx, dst, dst_len);
994 }
995 
996 int
997 cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
998  uint8_t *tag, size_t tag_len)
999 {
1000  ASSERT(tag_len < SIZE_MAX);
1001  if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
1002  {
1003  return 0;
1004  }
1005 
1006  return cipher_ctx_final(ctx, dst, dst_len);
1007 }
1008 
1009 
1010 /*
1011  *
1012  * Generic message digest information functions
1013  *
1014  */
1015 
1016 
1017 static evp_md_type *
1018 md_get(const char *digest)
1019 {
1020  evp_md_type *md = NULL;
1021  ASSERT(digest);
1022  md = EVP_MD_fetch(NULL, digest, NULL);
1023  if (!md)
1024  {
1025  crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
1026  }
1027  if (EVP_MD_size(md) > MAX_HMAC_KEY_LENGTH)
1028  {
1029  crypto_msg(M_FATAL, "Message hash algorithm '%s' uses a default hash "
1030  "size (%d bytes) which is larger than " PACKAGE_NAME "'s current "
1031  "maximum hash size (%d bytes)",
1032  digest, EVP_MD_size(md), MAX_HMAC_KEY_LENGTH);
1033  }
1034  return md;
1035 }
1036 
1037 
1038 bool
1039 md_valid(const char *digest)
1040 {
1041  evp_md_type *md = EVP_MD_fetch(NULL, digest, NULL);
1042  bool valid = (md != NULL);
1043  EVP_MD_free(md);
1044  return valid;
1045 }
1046 
1047 
1048 /* Since we used the OpenSSL <=1.1 names as part of our OCC message, they
1049  * are now unfortunately part of our wire protocol.
1050  *
1051  * OpenSSL 3.0 will still accept the "old" names so we do not need to use
1052  * this translation table for forward lookup, only for returning the name
1053  * with md_kt_name() */
1055  { "BLAKE2s256", "BLAKE2S-256"},
1056  { "BLAKE2b512", "BLAKE2B-512"},
1057  { "RIPEMD160", "RIPEMD-160" },
1058  { "SHA224", "SHA2-224"},
1059  { "SHA256", "SHA2-256"},
1060  { "SHA384", "SHA2-384"},
1061  { "SHA512", "SHA2-512"},
1062  { "SHA512-224", "SHA2-512/224"},
1063  { "SHA512-256", "SHA2-512/256"},
1064  { "SHAKE128", "SHAKE-128"},
1065  { "SHAKE256", "SHAKE-256"},
1066 };
1069 
1070 const char *
1071 md_kt_name(const char *mdname)
1072 {
1073  if (!strcmp("none", mdname))
1074  {
1075  return "[null-digest]";
1076  }
1077  evp_md_type *kt = md_get(mdname);
1078  const char *name = EVP_MD_get0_name(kt);
1079 
1080  /* Search for a digest name translation */
1081  for (size_t i = 0; i < digest_name_translation_table_count; i++)
1082  {
1084  if (!strcmp(name, pair->lib_name))
1085  {
1086  name = pair->openvpn_name;
1087  }
1088  }
1089 
1090  EVP_MD_free(kt);
1091  return name;
1092 }
1093 
1094 unsigned char
1095 md_kt_size(const char *mdname)
1096 {
1097  if (!strcmp("none", mdname))
1098  {
1099  return 0;
1100  }
1101  evp_md_type *kt = md_get(mdname);
1102  unsigned char size = (unsigned char)EVP_MD_size(kt);
1103  EVP_MD_free(kt);
1104  return size;
1105 }
1106 
1107 
1108 /*
1109  *
1110  * Generic message digest functions
1111  *
1112  */
1113 
1114 int
1115 md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst)
1116 {
1117  unsigned int in_md_len = 0;
1118  evp_md_type *kt = md_get(mdname);
1119 
1120  int ret = EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL);
1121  EVP_MD_free(kt);
1122  return ret;
1123 }
1124 
1125 EVP_MD_CTX *
1127 {
1128  EVP_MD_CTX *ctx = EVP_MD_CTX_new();
1129  check_malloc_return(ctx);
1130  return ctx;
1131 }
1132 
1133 void
1134 md_ctx_free(EVP_MD_CTX *ctx)
1135 {
1136  EVP_MD_CTX_free(ctx);
1137 }
1138 
1139 void
1140 md_ctx_init(EVP_MD_CTX *ctx, const char *mdname)
1141 {
1142  evp_md_type *kt = md_get(mdname);
1143  ASSERT(NULL != ctx && NULL != kt);
1144 
1145  EVP_MD_CTX_init(ctx);
1146  if (!EVP_DigestInit(ctx, kt))
1147  {
1148  crypto_msg(M_FATAL, "EVP_DigestInit failed");
1149  }
1150  EVP_MD_free(kt);
1151 }
1152 
1153 void
1154 md_ctx_cleanup(EVP_MD_CTX *ctx)
1155 {
1156  EVP_MD_CTX_reset(ctx);
1157 }
1158 
1159 int
1160 md_ctx_size(const EVP_MD_CTX *ctx)
1161 {
1162  return EVP_MD_CTX_size(ctx);
1163 }
1164 
1165 void
1166 md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
1167 {
1168  EVP_DigestUpdate(ctx, src, src_len);
1169 }
1170 
1171 void
1172 md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
1173 {
1174  unsigned int in_md_len = 0;
1175 
1176  EVP_DigestFinal(ctx, dst, &in_md_len);
1177 }
1178 
1179 
1180 /*
1181  *
1182  * Generic HMAC functions
1183  *
1184  */
1185 #if OPENSSL_VERSION_NUMBER < 0x30000000L
1186 HMAC_CTX *
1188 {
1189  HMAC_CTX *ctx = HMAC_CTX_new();
1190  check_malloc_return(ctx);
1191  return ctx;
1192 }
1193 
1194 void
1195 hmac_ctx_free(HMAC_CTX *ctx)
1196 {
1197  HMAC_CTX_free(ctx);
1198 }
1199 
1200 void
1201 hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, const char *mdname)
1202 {
1203  evp_md_type *kt = md_get(mdname);
1204  ASSERT(NULL != kt && NULL != ctx);
1205 
1206  int key_len = EVP_MD_size(kt);
1207  HMAC_CTX_reset(ctx);
1208  if (!HMAC_Init_ex(ctx, key, key_len, kt, NULL))
1209  {
1210  crypto_msg(M_FATAL, "HMAC_Init_ex failed");
1211  }
1212 
1213  /* make sure we used a big enough key */
1214  ASSERT(HMAC_size(ctx) <= key_len);
1215 }
1216 
1217 void
1218 hmac_ctx_cleanup(HMAC_CTX *ctx)
1219 {
1220  HMAC_CTX_reset(ctx);
1221 }
1222 
1223 int
1224 hmac_ctx_size(HMAC_CTX *ctx)
1225 {
1226  return HMAC_size(ctx);
1227 }
1228 
1229 void
1230 hmac_ctx_reset(HMAC_CTX *ctx)
1231 {
1232  if (!HMAC_Init_ex(ctx, NULL, 0, NULL, NULL))
1233  {
1234  crypto_msg(M_FATAL, "HMAC_Init_ex failed");
1235  }
1236 }
1237 
1238 void
1239 hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
1240 {
1241  HMAC_Update(ctx, src, src_len);
1242 }
1243 
1244 void
1245 hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
1246 {
1247  unsigned int in_hmac_len = 0;
1248 
1249  HMAC_Final(ctx, dst, &in_hmac_len);
1250 }
1251 #else /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
1252 hmac_ctx_t *
1253 hmac_ctx_new(void)
1254 {
1255  hmac_ctx_t *ctx;
1257  EVP_MAC *hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);
1258  ctx->ctx = EVP_MAC_CTX_new(hmac);
1259  check_malloc_return(ctx->ctx);
1260 
1261  EVP_MAC_free(hmac);
1262 
1263  return ctx;
1264 }
1265 
1266 void
1268 {
1269  EVP_MAC_CTX_free(ctx->ctx);
1270  secure_memzero(ctx, sizeof(hmac_ctx_t));
1271  free(ctx);
1272 }
1273 
1274 void
1275 hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname)
1276 {
1277  evp_md_type *kt = md_get(mdname);
1278  ASSERT(NULL != kt && NULL != ctx && ctx->ctx != NULL);
1279 
1280  /* We need to make a copy of the key since the OSSL parameters
1281  * only reference it */
1282  memcpy(ctx->key, key, EVP_MD_size(kt));
1283 
1284  /* Lookup/setting of parameters in OpenSSL 3.0 are string based
1285  *
1286  * The OSSL_PARAM_construct_utf8_string needs a non const str but this
1287  * only used for lookup so we cast (as OpenSSL also does internally)
1288  * the constness away here.
1289  */
1290  ctx->params[0] = OSSL_PARAM_construct_utf8_string("digest",
1291  (char *) EVP_MD_get0_name(kt), 0);
1292  ctx->params[1] = OSSL_PARAM_construct_octet_string("key",
1293  ctx->key, EVP_MD_size(kt));
1294  ctx->params[2] = OSSL_PARAM_construct_end();
1295 
1296  if (!EVP_MAC_init(ctx->ctx, NULL, 0, ctx->params))
1297  {
1298  crypto_msg(M_FATAL, "EVP_MAC_init failed");
1299  }
1300 
1301  EVP_MD_free(kt);
1302 }
1303 
1304 void
1306 {
1307  EVP_MAC_init(ctx->ctx, NULL, 0, NULL);
1308 }
1309 
1310 int
1312 {
1313  return (int)EVP_MAC_CTX_get_mac_size(ctx->ctx);
1314 }
1315 
1316 void
1318 {
1319  /* The OpenSSL MAC API lacks a reset method and passing NULL as params
1320  * does not reset it either, so use the params array to reinitialise it the
1321  * same way as before */
1322  if (!EVP_MAC_init(ctx->ctx, NULL, 0, ctx->params))
1323  {
1324  crypto_msg(M_FATAL, "EVP_MAC_init failed");
1325  }
1326 }
1327 
1328 void
1329 hmac_ctx_update(hmac_ctx_t *ctx, const uint8_t *src, int src_len)
1330 {
1331  EVP_MAC_update(ctx->ctx, src, src_len);
1332 }
1333 
1334 void
1335 hmac_ctx_final(hmac_ctx_t *ctx, uint8_t *dst)
1336 {
1337  /* The calling code always gives us a buffer that has the size of our
1338  * algorithm */
1339  size_t in_hmac_len = EVP_MAC_CTX_get_mac_size(ctx->ctx);
1340 
1341  EVP_MAC_final(ctx->ctx, dst, &in_hmac_len, in_hmac_len);
1342 }
1343 #endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
1344 
1345 int
1346 memcmp_constant_time(const void *a, const void *b, size_t size)
1347 {
1348  return CRYPTO_memcmp(a, b, size);
1349 }
1350 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) && !defined(LIBRESSL_VERSION_NUMBER)
1351 bool
1352 ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
1353  int secret_len, uint8_t *output, int output_len)
1354 {
1355  bool ret = true;
1356  EVP_KDF_CTX *kctx = NULL;
1357 
1358 
1359  EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
1360  if (!kdf)
1361  {
1362  goto err;
1363  }
1364 
1365  kctx = EVP_KDF_CTX_new(kdf);
1366 
1367  if (!kctx)
1368  {
1369  goto err;
1370  }
1371 
1372  OSSL_PARAM params[4];
1373 
1374  /* The OpenSSL APIs require us to cast the const aways even though the
1375  * strings are never changed and only read */
1376  params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1377  SN_md5_sha1, strlen(SN_md5_sha1));
1378  params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
1379  (uint8_t *) secret, (size_t) secret_len);
1380  params[2] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
1381  (uint8_t *) seed, (size_t) seed_len);
1382  params[3] = OSSL_PARAM_construct_end();
1383 
1384  if (EVP_KDF_derive(kctx, output, output_len, params) <= 0)
1385  {
1386  crypto_msg(D_TLS_DEBUG_LOW, "Generating TLS 1.0 PRF using "
1387  "EVP_KDF_derive failed");
1388  goto err;
1389  }
1390 
1391  goto out;
1392 
1393 err:
1394  ret = false;
1395 out:
1396  EVP_KDF_CTX_free(kctx);
1397  EVP_KDF_free(kdf);
1398 
1399  return ret;
1400 }
1401 #elif defined(OPENSSL_IS_AWSLC)
1402 bool
1403 ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec,
1404  int slen, uint8_t *out1, int olen)
1405 {
1406  CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len, NULL, 0, NULL, 0);
1407 }
1408 #elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL)
1409 bool
1410 ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
1411  int secret_len, uint8_t *output, int output_len)
1412 {
1413  EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
1414  if (!pctx)
1415  {
1416  return false;
1417  }
1418 
1419  bool ret = false;
1420  if (!EVP_PKEY_derive_init(pctx))
1421  {
1422  goto out;
1423  }
1424 
1425  if (!EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_md5_sha1()))
1426  {
1427  goto out;
1428  }
1429 
1430  if (!EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, secret, secret_len))
1431  {
1432  goto out;
1433  }
1434 
1435  if (!EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seed_len))
1436  {
1437  goto out;
1438  }
1439 
1440  size_t out_len = output_len;
1441  if (!EVP_PKEY_derive(pctx, output, &out_len))
1442  {
1443  goto out;
1444  }
1445  if (out_len != output_len)
1446  {
1447  goto out;
1448  }
1449  ret = true;
1450 out:
1451  EVP_PKEY_CTX_free(pctx);
1452  return ret;
1453 }
1454 #else /* if defined(LIBRESSL_VERSION_NUMBER) */
1455 /* LibreSSL and wolfSSL do not expose a TLS 1.0/1.1 PRF via the same APIs as
1456  * OpenSSL does. As result they will only be able to support
1457  * peers that support TLS EKM like when running with OpenSSL 3.x FIPS */
1458 bool
1459 ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec,
1460  int slen, uint8_t *out1, int olen)
1461 {
1462  return false;
1463 }
1464 #endif /* if LIBRESSL_VERSION_NUMBER */
1465 #endif /* ENABLE_CRYPTO_OPENSSL */
collect_ciphers
static void collect_ciphers(EVP_CIPHER *cipher, void *list)
Definition: crypto_openssl.c:343
EVP_CIPHER_free
static void EVP_CIPHER_free(const EVP_CIPHER *cipher)
Definition: openssl_compat.h:152
cipher_name_translation_table
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.
Definition: crypto_openssl.c:317
OPENVPN_MODE_CBC
#define OPENVPN_MODE_CBC
Cipher is in CBC mode.
Definition: crypto_mbedtls.h:57
M_INFO
#define M_INFO
Definition: errlevel.h:55
hmac_ctx_t
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
Definition: crypto_mbedtls.h:48
collect_ciphers::num
size_t num
Definition: crypto_openssl.c:339
EVP_CIPHER_get0_name
#define EVP_CIPHER_get0_name
Definition: openssl_compat.h:122
cipher_ctx_mode_aead
bool cipher_ctx_mode_aead(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported AEAD mode cipher.
Definition: crypto_openssl.c:940
EVP_MD_fetch
static const EVP_MD * EVP_MD_fetch(void *ctx, const char *algorithm, const char *properties)
Definition: openssl_compat.h:144
PACKAGE_NAME
#define PACKAGE_NAME
Definition: config.h:492
hmac_ctx_final
void hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
Definition: crypto_openssl.c:1245
M_FATAL
#define M_FATAL
Definition: error.h:89
OPENVPN_MODE_OFB
#define OPENVPN_MODE_OFB
Cipher is in OFB mode.
Definition: crypto_mbedtls.h:60
unlikely
#define unlikely(x)
Definition: syshead.h:36
translate_cipher_name_to_openvpn
const char * translate_cipher_name_to_openvpn(const char *cipher_name)
Translate a crypto library cipher name to an OpenVPN cipher name.
Definition: crypto.c:1833
cipher_kt_key_size
int cipher_kt_key_size(const char *ciphername)
Returns the size of keys used by the cipher, in bytes.
Definition: crypto_openssl.c:680
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition: errlevel.h:77
OPENVPN_MODE_CFB
#define OPENVPN_MODE_CFB
Cipher is in CFB mode.
Definition: crypto_mbedtls.h:63
print_digest
void print_digest(EVP_MD *digest, void *unused)
Definition: crypto_openssl.c:430
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
print_cipher
void print_cipher(const char *ciphername)
Print a cipher list entry.
Definition: crypto.c:1769
cipher_ctx_free
void cipher_ctx_free(EVP_CIPHER_CTX *ctx)
Definition: crypto_openssl.c:857
dmsg
#define dmsg(flags,...)
Definition: error.h:148
cipher_ctx_final_check_tag
int cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
Definition: crypto_openssl.c:997
D_LOW
#define D_LOW
Definition: errlevel.h:97
cipher_kt_name
const char * cipher_kt_name(const char *ciphername)
Retrieve a normalised string describing the cipher (e.g.
Definition: crypto_openssl.c:660
translate_cipher_name_from_openvpn
const char * translate_cipher_name_from_openvpn(const char *cipher_name)
Translate an OpenVPN cipher name to a crypto library cipher name.
Definition: crypto.c:1820
crypto_pem_encode
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
Definition: crypto_openssl.c:503
EVP_MD_free
static void EVP_MD_free(const EVP_MD *md)
Definition: openssl_compat.h:158
MAX_CIPHER_KEY_LENGTH
#define MAX_CIPHER_KEY_LENGTH
Definition: crypto_backend.h:178
md_full
int md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst)
Calculates the message digest for the given buffer.
Definition: crypto_openssl.c:1115
EVP_CIPHER_fetch
static const EVP_CIPHER * EVP_CIPHER_fetch(void *ctx, const char *algorithm, const char *properties)
Definition: openssl_compat.h:136
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
cipher_kt_mode_cbc
bool cipher_kt_mode_cbc(const char *ciphername)
Check if the supplied cipher is a supported CBC mode cipher.
Definition: crypto_openssl.c:790
crypto_clear_error
void crypto_clear_error(void)
Definition: crypto_openssl.c:230
md_ctx_init
void md_ctx_init(EVP_MD_CTX *ctx, const char *mdname)
Definition: crypto_openssl.c:1140
cipher_name_cmp
static int cipher_name_cmp(const void *a, const void *b)
Definition: crypto_openssl.c:328
crypto_init_lib
void crypto_init_lib(void)
Definition: crypto_openssl.c:195
cipher_kt_mode_ofb_cfb
bool cipher_kt_mode_ofb_cfb(const char *ciphername)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
Definition: crypto_openssl.c:805
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:649
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:414
crypto_init_lib_engine
void crypto_init_lib_engine(const char *engine_name)
Definition: crypto_openssl.c:145
ASSERT
#define ASSERT(x)
Definition: error.h:195
MAX_HMAC_KEY_LENGTH
#define MAX_HMAC_KEY_LENGTH
Definition: crypto_backend.h:496
ENABLE_OFB_CFB_MODE
#define ENABLE_OFB_CFB_MODE
Definition: config.h:56
OPENVPN_AEAD_TAG_LENGTH
#define OPENVPN_AEAD_TAG_LENGTH
Definition: crypto_backend.h:43
cipher_valid_reason
bool cipher_valid_reason(const char *ciphername, const char **reason)
Returns if the cipher is valid, based on the given cipher name and provides a reason if invalid.
Definition: crypto_openssl.c:619
BLEN
#define BLEN(buf)
Definition: buffer.h:127
cipher_ctx_reset
int cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
Definition: crypto_openssl.c:963
cipher_name_pair::openvpn_name
const char * openvpn_name
Cipher name used by OpenVPN.
Definition: crypto_backend.h:59
crypto_load_provider
provider_t * crypto_load_provider(const char *provider)
Load the given (OpenSSL) providers.
Definition: crypto_openssl.c:161
memcmp_constant_time
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
Definition: crypto_openssl.c:1346
cipher_name_translation_table_count
const size_t cipher_name_translation_table_count
Definition: crypto_openssl.c:323
ERR_get_error_all
static unsigned long ERR_get_error_all(const char **file, int *line, const char **func, const char **data, int *flags)
Definition: openssl_compat.h:164
md_ctx_new
EVP_MD_CTX * md_ctx_new(void)
Definition: crypto_openssl.c:1126
cipher_ctx_t
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
Definition: crypto_mbedtls.h:42
digest_name_translation_table_count
const size_t digest_name_translation_table_count
Definition: crypto_openssl.c:1067
cipher_ctx_iv_length
int cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
Definition: crypto_openssl.c:881
cipher_kt_mode
int cipher_kt_mode(const EVP_CIPHER *cipher_kt)
Definition: crypto_openssl.c:783
M_WARN
#define M_WARN
Definition: error.h:91
show_available_digests
void show_available_digests(void)
Definition: crypto_openssl.c:437
cipher_kt_iv_size
int cipher_kt_iv_size(const char *ciphername)
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
Definition: crypto_openssl.c:689
cipher_ctx_mode_cbc
bool cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported CBC mode cipher.
Definition: crypto_openssl.c:906
hmac_ctx_init
void hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, const char *mdname)
Definition: crypto_openssl.c:1201
md_get
static evp_md_type * md_get(const char *digest)
Definition: crypto_openssl.c:1018
cipher_ctx_update
int cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)
Definition: crypto_openssl.c:980
show_available_ciphers
void show_available_ciphers(void)
Definition: crypto_openssl.c:370
crypto.h
rand_bytes
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
Definition: crypto_openssl.c:593
hmac_ctx_reset
void hmac_ctx_reset(HMAC_CTX *ctx)
Definition: crypto_openssl.c:1230
cipher_ctx_mode
int cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
Definition: crypto_openssl.c:899
crypto_unload_provider
void crypto_unload_provider(const char *provname, provider_t *provider)
Unloads the given (OpenSSL) provider.
Definition: crypto_openssl.c:178
hmac_ctx_free
void hmac_ctx_free(HMAC_CTX *ctx)
Definition: crypto_openssl.c:1195
cipher_ctx_get_tag
int cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
Definition: crypto_openssl.c:887
EVP_MD_get0_name
#define EVP_MD_get0_name
Definition: openssl_compat.h:121
md_valid
bool md_valid(const char *digest)
Return if a message digest parameters is valid given the name of the digest.
Definition: crypto_openssl.c:1039
md_ctx_size
int md_ctx_size(const EVP_MD_CTX *ctx)
Definition: crypto_openssl.c:1160
cipher_kt_mode_aead
bool cipher_kt_mode_aead(const char *ciphername)
Check if the supplied cipher is a supported AEAD mode cipher.
Definition: crypto_openssl.c:817
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
SIZE
#define SIZE(x)
Definition: basic.h:30
md_ctx_final
void md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
Definition: crypto_openssl.c:1172
provider_t
void provider_t
Definition: crypto_mbedtls.h:51
cipher_ctx_mode_ofb_cfb
bool cipher_ctx_mode_ofb_cfb(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
Definition: crypto_openssl.c:925
cipher_name_pair
Struct used in cipher name translation table.
Definition: crypto_backend.h:58
md_ctx_update
void md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
Definition: crypto_openssl.c:1166
D_CRYPT_ERRORS
#define D_CRYPT_ERRORS
Definition: errlevel.h:58
hmac_ctx_update
void hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
Definition: crypto_openssl.c:1239
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition: buffer.h:668
hmac_ctx_size
int hmac_ctx_size(HMAC_CTX *ctx)
Definition: crypto_openssl.c:1224
BCAP
#define BCAP(buf)
Definition: buffer.h:130
openssl_compat.h
cipher_ctx_block_size
int cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
Definition: crypto_openssl.c:893
buffer.h
cipher_kt_insecure
bool cipher_kt_insecure(const char *ciphername)
Returns true if we consider this cipher to be insecure.
Definition: crypto_openssl.c:760
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
md_ctx_free
void md_ctx_free(EVP_MD_CTX *ctx)
Definition: crypto_openssl.c:1134
collect_ciphers
Definition: crypto_openssl.c:336
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
collect_ciphers::list
const EVP_CIPHER * list[1000]
Definition: crypto_openssl.c:338
OPENVPN_MODE_GCM
#define OPENVPN_MODE_GCM
Cipher is in GCM mode.
Definition: crypto_mbedtls.h:66
ssl_tls1_PRF
bool ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int secret_len, uint8_t *output, int output_len)
Calculates the TLS 1.0-1.1 PRF function.
Definition: crypto_openssl.c:1410
crypto_print_openssl_errors
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
Definition: crypto_openssl.c:236
md_kt_name
const char * md_kt_name(const char *mdname)
Retrieve a string describing the digest digest (e.g.
Definition: crypto_openssl.c:1071
md_ctx_cleanup
void md_ctx_cleanup(EVP_MD_CTX *ctx)
Definition: crypto_openssl.c:1154
digest_name_translation_table
const cipher_name_pair digest_name_translation_table[]
Definition: crypto_openssl.c:1054
evp_cipher_type
const typedef EVP_CIPHER evp_cipher_type
Definition: crypto_openssl.h:67
md_kt_size
unsigned char md_kt_size(const char *mdname)
Returns the size of the message digest, in bytes.
Definition: crypto_openssl.c:1095
cipher_get
static evp_cipher_type * cipher_get(const char *ciphername)
Definition: crypto_openssl.c:610
check_debug_level
static bool check_debug_level(unsigned int level)
Definition: error.h:220
show_available_engines
void show_available_engines(void)
Definition: crypto_openssl.c:478
crypto_msg
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
Definition: crypto_openssl.h:116
basic.h
cipher_ctx_final
int cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
Definition: crypto_openssl.c:991
cipher_ctx_new
cipher_ctx_t * cipher_ctx_new(void)
Generic cipher functions.
Definition: crypto_openssl.c:849
cipher_kt_block_size
int cipher_kt_block_size(const char *ciphername)
Returns the block size of the cipher, in bytes.
Definition: crypto_openssl.c:698
hmac_ctx_cleanup
void hmac_ctx_cleanup(HMAC_CTX *ctx)
Definition: crypto_openssl.c:1218
D_TLS_DEBUG_MED
#define D_TLS_DEBUG_MED
Definition: errlevel.h:157
crypto_uninit_lib
void crypto_uninit_lib(void)
Definition: crypto_openssl.c:210
cipher_ctx_init
void cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, const char *ciphername, crypto_operation_t enc)
Definition: crypto_openssl.c:863
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1060
evp_md_type
const typedef EVP_MD evp_md_type
Definition: crypto_openssl.h:68
OSSL_PROVIDER
void OSSL_PROVIDER
Definition: openssl_compat.h:131
buf_write_alloc
static uint8_t * buf_write_alloc(struct buffer *buf, size_t size)
Definition: buffer.h:635
config.h
hmac_ctx_new
HMAC_CTX * hmac_ctx_new(void)
Definition: crypto_openssl.c:1187
cipher_kt_tag_size
int cipher_kt_tag_size(const char *ciphername)
Returns the MAC tag size of the cipher, in bytes.
Definition: crypto_openssl.c:747
check_malloc_return
static void check_malloc_return(void *p)
Definition: buffer.h:1103
cipher_name_pair::lib_name
const char * lib_name
Cipher name used by crypto library.
Definition: crypto_backend.h:60
msg
#define msg(flags,...)
Definition: error.h:144
crypto_pem_decode
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
Definition: crypto_openssl.c:531
cipher_ctx_update_ad
int cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
Definition: crypto_openssl.c:969
integer.h
crypto_backend.h
crypto_operation_t
mbedtls_operation_t crypto_operation_t
Definition: crypto_mbedtls.h:68
EVP_CIPHER_CTX_get_mode
#define EVP_CIPHER_CTX_get_mode
Definition: openssl_compat.h:123
gc
struct gc_arena gc
Definition: test_ssl.c:155
buffer::data
uint8_t * data
Pointer to the allocated memory.
Definition: buffer.h:68
cleanup
static int cleanup(void **state)
Definition: test_pkcs11.c:290