OpenVPN
crypto_openssl.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #elif defined(_MSC_VER)
32 #include "config-msvc.h"
33 #endif
34 
35 #include "syshead.h"
36 
37 #if defined(ENABLE_CRYPTO_OPENSSL)
38 
39 #include "basic.h"
40 #include "buffer.h"
41 #include "integer.h"
42 #include "crypto.h"
43 #include "crypto_backend.h"
44 #include "openssl_compat.h"
45 
46 #include <openssl/conf.h>
47 #include <openssl/des.h>
48 #include <openssl/err.h>
49 #include <openssl/evp.h>
50 #include <openssl/objects.h>
51 #include <openssl/rand.h>
52 #include <openssl/ssl.h>
53 
54 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
55 #include <openssl/kdf.h>
56 #endif
57 
58 /*
59  * Check for key size creepage.
60  */
61 
62 #if MAX_CIPHER_KEY_LENGTH < EVP_MAX_KEY_LENGTH
63 #warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH
64 #endif
65 
66 #if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE
67 #warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH
68 #endif
69 
70 #if HAVE_OPENSSL_ENGINE
71 #include <openssl/ui.h>
72 #include <openssl/engine.h>
73 
74 static bool engine_initialized = false; /* GLOBAL */
75 
76 static ENGINE *engine_persist = NULL; /* GLOBAL */
77 
78 /* Try to load an engine in a shareable library */
79 static ENGINE *
80 try_load_engine(const char *engine)
81 {
82  ENGINE *e = ENGINE_by_id("dynamic");
83  if (e)
84  {
85  if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
86  || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
87  {
88  ENGINE_free(e);
89  e = NULL;
90  }
91  }
92  return e;
93 }
94 
95 static ENGINE *
96 setup_engine(const char *engine)
97 {
98  ENGINE *e = NULL;
99 
100  ENGINE_load_builtin_engines();
101 
102  if (engine)
103  {
104  if (strcmp(engine, "auto") == 0)
105  {
106  msg(M_INFO, "Initializing OpenSSL auto engine support");
107  ENGINE_register_all_complete();
108  return NULL;
109  }
110  if ((e = ENGINE_by_id(engine)) == NULL
111  && (e = try_load_engine(engine)) == NULL)
112  {
113  crypto_msg(M_FATAL, "OpenSSL error: cannot load engine '%s'",
114  engine);
115  }
116 
117  if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
118  {
120  "OpenSSL error: ENGINE_set_default failed on engine '%s'",
121  engine);
122  }
123 
124  msg(M_INFO, "Initializing OpenSSL support for engine '%s'",
125  ENGINE_get_id(e));
126  }
127  return e;
128 }
129 
130 #endif /* HAVE_OPENSSL_ENGINE */
131 
132 void
134 {
135 #if HAVE_OPENSSL_ENGINE
136  if (!engine_initialized)
137  {
138  ASSERT(engine_name);
139  ASSERT(!engine_persist);
140  engine_persist = setup_engine(engine_name);
141  engine_initialized = true;
142  }
143 #else /* if HAVE_OPENSSL_ENGINE */
144  msg(M_WARN, "Note: OpenSSL hardware crypto engine functionality is not available");
145 #endif
146 }
147 
148 /*
149  *
150  * Functions related to the core crypto library
151  *
152  */
153 
154 void
156 {
157 #ifndef _WIN32
158 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
159  OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
160 #else
161  OPENSSL_config(NULL);
162 #endif
163 #endif /* _WIN32 */
164  /*
165  * If you build the OpenSSL library and OpenVPN with
166  * CRYPTO_MDEBUG, you will get a listing of OpenSSL
167  * memory leaks on program termination.
168  */
169 
170 #ifdef CRYPTO_MDEBUG
171  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
172 #endif
173 }
174 
175 void
177 {
178 #ifdef CRYPTO_MDEBUG
179  FILE *fp = fopen("sdlog", "w");
180  ASSERT(fp);
181  CRYPTO_mem_leaks_fp(fp);
182  fclose(fp);
183 #endif
184 
185 #if HAVE_OPENSSL_ENGINE
186  if (engine_initialized)
187  {
188  ENGINE_cleanup();
189  engine_persist = NULL;
190  engine_initialized = false;
191  }
192 #endif
193 }
194 
195 void
197 {
198  ERR_clear_error();
199 }
200 
201 void
203 {
204  unsigned long err = 0;
205 
206  while ((err = ERR_get_error()))
207  {
208  /* Be more clear about frequently occurring "no shared cipher" error */
209  if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER)
210  {
211  msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites "
212  "in common with the client. Your --tls-cipher setting might be "
213  "too restrictive.");
214  }
215  else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL)
216  {
217  msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically "
218  "indicates that client and server have no common TLS version enabled. "
219  "This can be caused by mismatched tls-version-min and tls-version-max "
220  "options on client and server. "
221  "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
222  "tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
223  "instead of TLS 1.0 only");
224  }
225  msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL));
226  }
227 }
228 
229 
230 /*
231  *
232  * OpenSSL memory debugging. If dmalloc debugging is enabled, tell
233  * OpenSSL to use our private malloc/realloc/free functions so that
234  * we can dispatch them to dmalloc.
235  *
236  */
237 
238 #ifdef DMALLOC
239 static void *
240 crypto_malloc(size_t size, const char *file, int line)
241 {
242  return dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0);
243 }
244 
245 static void *
246 crypto_realloc(void *ptr, size_t size, const char *file, int line)
247 {
248  return dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
249 }
250 
251 static void
252 crypto_free(void *ptr)
253 {
254  dmalloc_free(__FILE__, __LINE__, ptr, DMALLOC_FUNC_FREE);
255 }
256 
257 void
258 crypto_init_dmalloc(void)
259 {
260  CRYPTO_set_mem_ex_functions(crypto_malloc,
261  crypto_realloc,
262  crypto_free);
263 }
264 #endif /* DMALLOC */
265 
267  { "AES-128-GCM", "id-aes128-GCM" },
268  { "AES-192-GCM", "id-aes192-GCM" },
269  { "AES-256-GCM", "id-aes256-GCM" },
270  { "CHACHA20-POLY1305", "ChaCha20-Poly1305" },
271 };
273  sizeof(cipher_name_translation_table) / sizeof(*cipher_name_translation_table);
274 
275 
276 static int
277 cipher_name_cmp(const void *a, const void *b)
278 {
279  const EVP_CIPHER *const *cipher_a = a;
280  const EVP_CIPHER *const *cipher_b = b;
281 
282  return strcmp(cipher_kt_name(*cipher_a), cipher_kt_name(*cipher_b));
283 }
284 
285 void
287 {
288  int nid;
289  size_t i;
290 
291  /* If we ever exceed this, we must be more selective */
292  const EVP_CIPHER *cipher_list[1000];
293  size_t num_ciphers = 0;
294 #ifndef ENABLE_SMALL
295  printf("The following ciphers and cipher modes are available for use\n"
296  "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n"
297  "parameter to the --data-ciphers (or --cipher) option. In static \n"
298  "key mode only CBC mode is allowed.\n\n");
299 #endif
300 
301  for (nid = 0; nid < 10000; ++nid)
302  {
303  const EVP_CIPHER *cipher = EVP_get_cipherbynid(nid);
304  if (cipher && (cipher_kt_mode_cbc(cipher)
305 #ifdef ENABLE_OFB_CFB_MODE
306  || cipher_kt_mode_ofb_cfb(cipher)
307 #endif
308  || cipher_kt_mode_aead(cipher)
309  ))
310  {
311  cipher_list[num_ciphers++] = cipher;
312  }
313  if (num_ciphers == (sizeof(cipher_list)/sizeof(*cipher_list)))
314  {
315  msg(M_WARN, "WARNING: Too many ciphers, not showing all");
316  break;
317  }
318  }
319 
320  /* cast to non-const to prevent warning */
321  qsort((EVP_CIPHER *)cipher_list, num_ciphers, sizeof(*cipher_list), cipher_name_cmp);
322 
323  for (i = 0; i < num_ciphers; i++)
324  {
325  if (!cipher_kt_insecure(cipher_list[i]))
326  {
327  print_cipher(cipher_list[i]);
328  }
329  }
330 
331  printf("\nThe following ciphers have a block size of less than 128 bits, \n"
332  "and are therefore deprecated. Do not use unless you have to.\n\n");
333  for (i = 0; i < num_ciphers; i++)
334  {
335  if (cipher_kt_insecure(cipher_list[i]))
336  {
337  print_cipher(cipher_list[i]);
338  }
339  }
340  printf("\n");
341 }
342 
343 void
345 {
346  int nid;
347 
348 #ifndef ENABLE_SMALL
349  printf("The following message digests are available for use with\n"
350  PACKAGE_NAME ". A message digest is used in conjunction with\n"
351  "the HMAC function, to authenticate received packets.\n"
352  "You can specify a message digest as parameter to\n"
353  "the --auth option.\n\n");
354 #endif
355 
356  for (nid = 0; nid < 10000; ++nid)
357  {
358  const EVP_MD *digest = EVP_get_digestbynid(nid);
359  if (digest)
360  {
361  printf("%s %d bit digest size\n",
362  OBJ_nid2sn(nid), EVP_MD_size(digest) * 8);
363  }
364  }
365  printf("\n");
366 }
367 
368 void
370 {
371 #if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */
372  ENGINE *e;
373 
374  printf("OpenSSL Crypto Engines\n\n");
375 
376  ENGINE_load_builtin_engines();
377 
378  e = ENGINE_get_first();
379  while (e)
380  {
381  printf("%s [%s]\n",
382  ENGINE_get_name(e),
383  ENGINE_get_id(e));
384  e = ENGINE_get_next(e);
385  }
386  ENGINE_cleanup();
387 #else /* if HAVE_OPENSSL_ENGINE */
388  printf("Sorry, OpenSSL hardware crypto engine functionality is not available.\n");
389 #endif
390 }
391 
392 
393 bool
394 crypto_pem_encode(const char *name, struct buffer *dst,
395  const struct buffer *src, struct gc_arena *gc)
396 {
397  bool ret = false;
398  BIO *bio = BIO_new(BIO_s_mem());
399  if (!bio || !PEM_write_bio(bio, name, "", BPTR(src), BLEN(src)))
400  {
401  ret = false;
402  goto cleanup;
403  }
404 
405  BUF_MEM *bptr;
406  BIO_get_mem_ptr(bio, &bptr);
407 
408  *dst = alloc_buf_gc(bptr->length, gc);
409  ASSERT(buf_write(dst, bptr->data, bptr->length));
410 
411  ret = true;
412 cleanup:
413  if (!BIO_free(bio))
414  {
415  ret = false;
416  }
417 
418  return ret;
419 }
420 
421 bool
422 crypto_pem_decode(const char *name, struct buffer *dst,
423  const struct buffer *src)
424 {
425  bool ret = false;
426 
427  BIO *bio = BIO_new_mem_buf((char *)BPTR(src), BLEN(src));
428  if (!bio)
429  {
430  crypto_msg(M_FATAL, "Cannot open memory BIO for PEM decode");
431  }
432 
433  char *name_read = NULL;
434  char *header_read = NULL;
435  uint8_t *data_read = NULL;
436  long data_read_len = 0;
437  if (!PEM_read_bio(bio, &name_read, &header_read, &data_read,
438  &data_read_len))
439  {
440  dmsg(D_CRYPT_ERRORS, "%s: PEM decode failed", __func__);
441  goto cleanup;
442  }
443 
444  if (strcmp(name, name_read))
445  {
447  "%s: unexpected PEM name (got '%s', expected '%s')",
448  __func__, name_read, name);
449  goto cleanup;
450  }
451 
452  uint8_t *dst_data = buf_write_alloc(dst, data_read_len);
453  if (!dst_data)
454  {
455  dmsg(D_CRYPT_ERRORS, "%s: dst too small (%i, needs %li)", __func__,
456  BCAP(dst), data_read_len);
457  goto cleanup;
458  }
459  memcpy(dst_data, data_read, data_read_len);
460 
461  ret = true;
462 cleanup:
463  OPENSSL_free(name_read);
464  OPENSSL_free(header_read);
465  OPENSSL_free(data_read);
466  if (!BIO_free(bio))
467  {
468  ret = false;
469  }
470 
471  return ret;
472 }
473 
474 /*
475  *
476  * Random number functions, used in cases where we want
477  * reasonably strong cryptographic random number generation
478  * without depleting our entropy pool. Used for random
479  * IV values and a number of other miscellaneous tasks.
480  *
481  */
482 
483 int
484 rand_bytes(uint8_t *output, int len)
485 {
486  if (unlikely(1 != RAND_bytes(output, len)))
487  {
488  crypto_msg(D_CRYPT_ERRORS, "RAND_bytes() failed");
489  return 0;
490  }
491  return 1;
492 }
493 
494 /*
495  *
496  * Key functions, allow manipulation of keys.
497  *
498  */
499 
500 
501 int
502 key_des_num_cblocks(const EVP_CIPHER *kt)
503 {
504  int ret = 0;
505  const char *name = OBJ_nid2sn(EVP_CIPHER_nid(kt));
506  if (name)
507  {
508  if (!strncmp(name, "DES-", 4))
509  {
510  ret = EVP_CIPHER_key_length(kt) / sizeof(DES_cblock);
511  }
512  else if (!strncmp(name, "DESX-", 5))
513  {
514  ret = 1;
515  }
516  }
517  dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
518  return ret;
519 }
520 
521 bool
522 key_des_check(uint8_t *key, int key_len, int ndc)
523 {
524  int i;
525  struct buffer b;
526 
527  buf_set_read(&b, key, key_len);
528 
529  for (i = 0; i < ndc; ++i)
530  {
531  DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock));
532  if (!dc)
533  {
535  "CRYPTO INFO: check_key_DES: insufficient key material");
536  goto err;
537  }
538  if (DES_is_weak_key(dc))
539  {
541  "CRYPTO INFO: check_key_DES: weak key detected");
542  goto err;
543  }
544  if (!DES_check_key_parity(dc))
545  {
547  "CRYPTO INFO: check_key_DES: bad parity detected");
548  goto err;
549  }
550  }
551  return true;
552 
553 err:
554  ERR_clear_error();
555  return false;
556 }
557 
558 void
559 key_des_fixup(uint8_t *key, int key_len, int ndc)
560 {
561  int i;
562  struct buffer b;
563 
564  buf_set_read(&b, key, key_len);
565  for (i = 0; i < ndc; ++i)
566  {
567  DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock));
568  if (!dc)
569  {
570  msg(D_CRYPT_ERRORS, "CRYPTO INFO: fixup_key_DES: insufficient key material");
571  ERR_clear_error();
572  return;
573  }
574  DES_set_odd_parity(dc);
575  }
576 }
577 
578 
579 /*
580  *
581  * Generic cipher key type functions
582  *
583  */
584 
585 
586 const EVP_CIPHER *
587 cipher_kt_get(const char *ciphername)
588 {
589  const EVP_CIPHER *cipher = NULL;
590 
591  ASSERT(ciphername);
592 
593  ciphername = translate_cipher_name_from_openvpn(ciphername);
594  cipher = EVP_get_cipherbyname(ciphername);
595 
596  if (NULL == cipher)
597  {
598  crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername);
599  return NULL;
600  }
601 
602 #ifdef OPENSSL_FIPS
603  /* Rhel 8/CentOS 8 have a patched OpenSSL version that return a cipher
604  * here that is actually not usable if in FIPS mode */
605 
606  if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))
607  {
608  msg(D_LOW, "Cipher algorithm '%s' is known by OpenSSL library but "
609  "currently disabled by running in FIPS mode.", ciphername);
610  return NULL;
611  }
612 #endif
613  if (EVP_CIPHER_key_length(cipher) > MAX_CIPHER_KEY_LENGTH)
614  {
615  msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%d bytes) "
616  "which is larger than " PACKAGE_NAME "'s current maximum key size "
617  "(%d bytes)", ciphername, EVP_CIPHER_key_length(cipher),
619  return NULL;
620  }
621 
622  return cipher;
623 }
624 
625 const char *
626 cipher_kt_name(const EVP_CIPHER *cipher_kt)
627 {
628  if (NULL == cipher_kt)
629  {
630  return "[null-cipher]";
631  }
632 
633  const char *name = EVP_CIPHER_name(cipher_kt);
635 }
636 
637 int
638 cipher_kt_key_size(const EVP_CIPHER *cipher_kt)
639 {
640  return EVP_CIPHER_key_length(cipher_kt);
641 }
642 
643 int
644 cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
645 {
646  return EVP_CIPHER_iv_length(cipher_kt);
647 }
648 
649 int
650 cipher_kt_block_size(const EVP_CIPHER *cipher)
651 {
652  /*
653  * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work
654  * around that, try to replace the mode with 'CBC' and return the block size
655  * reported for that cipher, if possible. If that doesn't work, just return
656  * the value reported by OpenSSL.
657  */
658  char *name = NULL;
659  char *mode_str = NULL;
660  const char *orig_name = NULL;
661  const EVP_CIPHER *cbc_cipher = NULL;
662 
663  int block_size = EVP_CIPHER_block_size(cipher);
664 
665  orig_name = EVP_CIPHER_name(cipher);
666  if (!orig_name)
667  {
668  goto cleanup;
669  }
670 
671  name = string_alloc(translate_cipher_name_to_openvpn(orig_name), NULL);
672  mode_str = strrchr(name, '-');
673  if (!mode_str || strlen(mode_str) < 4)
674  {
675  goto cleanup;
676  }
677 
678  strcpy(mode_str, "-CBC");
679 
680  cbc_cipher = EVP_get_cipherbyname(translate_cipher_name_from_openvpn(name));
681  if (cbc_cipher)
682  {
683  block_size = EVP_CIPHER_block_size(cbc_cipher);
684  }
685 
686 cleanup:
687  free(name);
688  return block_size;
689 }
690 
691 int
692 cipher_kt_tag_size(const EVP_CIPHER *cipher_kt)
693 {
694  if (cipher_kt_mode_aead(cipher_kt))
695  {
697  }
698  else
699  {
700  return 0;
701  }
702 }
703 
704 bool
705 cipher_kt_insecure(const EVP_CIPHER *cipher)
706 {
707  return !(cipher_kt_block_size(cipher) >= 128 / 8
708 #ifdef NID_chacha20_poly1305
709  || EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305
710 #endif
711  );
712 }
713 
714 int
715 cipher_kt_mode(const EVP_CIPHER *cipher_kt)
716 {
717  ASSERT(NULL != cipher_kt);
718  return EVP_CIPHER_mode(cipher_kt);
719 }
720 
721 bool
723 {
724  return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
725  /* Exclude AEAD cipher modes, they require a different API */
726  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
727 }
728 
729 bool
731 {
732  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB
733  || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB)
734  /* Exclude AEAD cipher modes, they require a different API */
735  && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
736 }
737 
738 bool
740 {
741  if (cipher)
742  {
743  if (EVP_CIPHER_mode(cipher) == OPENVPN_MODE_GCM)
744  {
745  return true;
746  }
747 
748 #ifdef NID_chacha20_poly1305
749  if (EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305)
750  {
751  return true;
752  }
753 #endif
754  }
755 
756  return false;
757 }
758 
759 /*
760  *
761  * Generic cipher context functions
762  *
763  */
764 
765 cipher_ctx_t *
767 {
768  EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
769  check_malloc_return(ctx);
770  return ctx;
771 }
772 
773 void
774 cipher_ctx_free(EVP_CIPHER_CTX *ctx)
775 {
776  EVP_CIPHER_CTX_free(ctx);
777 }
778 
779 void
780 cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len,
781  const EVP_CIPHER *kt, int enc)
782 {
783  ASSERT(NULL != kt && NULL != ctx);
784 
786  if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc))
787  {
788  crypto_msg(M_FATAL, "EVP cipher init #1");
789  }
790  if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc))
791  {
792  crypto_msg(M_FATAL, "EVP cipher init #2");
793  }
794 
795  /* make sure we used a big enough key */
796  ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= key_len);
797 }
798 
799 int
800 cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
801 {
802  return EVP_CIPHER_CTX_iv_length(ctx);
803 }
804 
805 int
806 cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
807 {
808  return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_size, tag_buf);
809 }
810 
811 int
812 cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
813 {
814  return EVP_CIPHER_CTX_block_size(ctx);
815 }
816 
817 int
818 cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
819 {
820  return EVP_CIPHER_CTX_mode(ctx);
821 }
822 
823 const cipher_kt_t *
825 {
826  return ctx ? EVP_CIPHER_CTX_cipher(ctx) : NULL;
827 }
828 
829 
830 int
831 cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
832 {
833  return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
834 }
835 
836 int
837 cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
838 {
839  int len;
840  if (!EVP_CipherUpdate(ctx, NULL, &len, src, src_len))
841  {
842  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
843  }
844  return 1;
845 }
846 
847 int
848 cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
849  uint8_t *src, int src_len)
850 {
851  if (!EVP_CipherUpdate(ctx, dst, dst_len, src, src_len))
852  {
853  crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
854  }
855  return 1;
856 }
857 
858 int
859 cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
860 {
861  return EVP_CipherFinal(ctx, dst, dst_len);
862 }
863 
864 int
865 cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
866  uint8_t *tag, size_t tag_len)
867 {
868  ASSERT(tag_len < SIZE_MAX);
869  if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
870  {
871  return 0;
872  }
873 
874  return cipher_ctx_final(ctx, dst, dst_len);
875 }
876 
877 void
879  unsigned char src[DES_KEY_LENGTH],
880  unsigned char dst[DES_KEY_LENGTH])
881 {
882  DES_key_schedule sched;
883 
884  DES_set_key_unchecked((DES_cblock *)key, &sched);
885  DES_ecb_encrypt((DES_cblock *)src, (DES_cblock *)dst, &sched, DES_ENCRYPT);
886 }
887 
888 /*
889  *
890  * Generic message digest information functions
891  *
892  */
893 
894 
895 const EVP_MD *
896 md_kt_get(const char *digest)
897 {
898  const EVP_MD *md = NULL;
899  ASSERT(digest);
900  md = EVP_get_digestbyname(digest);
901  if (!md)
902  {
903  crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
904  }
905  if (EVP_MD_size(md) > MAX_HMAC_KEY_LENGTH)
906  {
907  crypto_msg(M_FATAL, "Message hash algorithm '%s' uses a default hash "
908  "size (%d bytes) which is larger than " PACKAGE_NAME "'s current "
909  "maximum hash size (%d bytes)",
910  digest, EVP_MD_size(md), MAX_HMAC_KEY_LENGTH);
911  }
912  return md;
913 }
914 
915 const char *
916 md_kt_name(const EVP_MD *kt)
917 {
918  if (NULL == kt)
919  {
920  return "[null-digest]";
921  }
922  return EVP_MD_name(kt);
923 }
924 
925 unsigned char
926 md_kt_size(const EVP_MD *kt)
927 {
928  return (unsigned char)EVP_MD_size(kt);
929 }
930 
931 
932 /*
933  *
934  * Generic message digest functions
935  *
936  */
937 
938 int
939 md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
940 {
941  unsigned int in_md_len = 0;
942 
943  return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL);
944 }
945 
946 EVP_MD_CTX *
948 {
949  EVP_MD_CTX *ctx = EVP_MD_CTX_new();
950  check_malloc_return(ctx);
951  return ctx;
952 }
953 
954 void
955 md_ctx_free(EVP_MD_CTX *ctx)
956 {
957  EVP_MD_CTX_free(ctx);
958 }
959 
960 void
961 md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
962 {
963  ASSERT(NULL != ctx && NULL != kt);
964 
965  EVP_MD_CTX_init(ctx);
966  if (!EVP_DigestInit(ctx, kt))
967  {
968  crypto_msg(M_FATAL, "EVP_DigestInit failed");
969  }
970 }
971 
972 void
973 md_ctx_cleanup(EVP_MD_CTX *ctx)
974 {
975  EVP_MD_CTX_reset(ctx);
976 }
977 
978 int
979 md_ctx_size(const EVP_MD_CTX *ctx)
980 {
981  return EVP_MD_CTX_size(ctx);
982 }
983 
984 void
985 md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
986 {
987  EVP_DigestUpdate(ctx, src, src_len);
988 }
989 
990 void
991 md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
992 {
993  unsigned int in_md_len = 0;
994 
995  EVP_DigestFinal(ctx, dst, &in_md_len);
996 }
997 
998 
999 /*
1000  *
1001  * Generic HMAC functions
1002  *
1003  */
1004 
1005 HMAC_CTX *
1007 {
1008  HMAC_CTX *ctx = HMAC_CTX_new();
1009  check_malloc_return(ctx);
1010  return ctx;
1011 }
1012 
1013 void
1014 hmac_ctx_free(HMAC_CTX *ctx)
1015 {
1016  HMAC_CTX_free(ctx);
1017 }
1018 
1019 void
1020 hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
1021  const EVP_MD *kt)
1022 {
1023  ASSERT(NULL != kt && NULL != ctx);
1024 
1025  HMAC_CTX_reset(ctx);
1026  if (!HMAC_Init_ex(ctx, key, key_len, kt, NULL))
1027  {
1028  crypto_msg(M_FATAL, "HMAC_Init_ex failed");
1029  }
1030 
1031  /* make sure we used a big enough key */
1032  ASSERT(HMAC_size(ctx) <= key_len);
1033 }
1034 
1035 void
1036 hmac_ctx_cleanup(HMAC_CTX *ctx)
1037 {
1038  HMAC_CTX_reset(ctx);
1039 }
1040 
1041 int
1042 hmac_ctx_size(const HMAC_CTX *ctx)
1043 {
1044  return HMAC_size(ctx);
1045 }
1046 
1047 void
1048 hmac_ctx_reset(HMAC_CTX *ctx)
1049 {
1050  if (!HMAC_Init_ex(ctx, NULL, 0, NULL, NULL))
1051  {
1052  crypto_msg(M_FATAL, "HMAC_Init_ex failed");
1053  }
1054 }
1055 
1056 void
1057 hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
1058 {
1059  HMAC_Update(ctx, src, src_len);
1060 }
1061 
1062 void
1063 hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
1064 {
1065  unsigned int in_hmac_len = 0;
1066 
1067  HMAC_Final(ctx, dst, &in_hmac_len);
1068 }
1069 
1070 int
1071 memcmp_constant_time(const void *a, const void *b, size_t size)
1072 {
1073  return CRYPTO_memcmp(a, b, size);
1074 }
1075 
1076 #if HAVE_OPENSSL_ENGINE
1077 static int
1078 ui_reader(UI *ui, UI_STRING *uis)
1079 {
1080  SSL_CTX *ctx = UI_get0_user_data(ui);
1081 
1082  if (UI_get_string_type(uis) == UIT_PROMPT)
1083  {
1084  pem_password_cb *cb = SSL_CTX_get_default_passwd_cb(ctx);
1086  char password[64];
1087 
1088  cb(password, sizeof(password), 0, d);
1089  UI_set_result(ui, uis, password);
1090 
1091  return 1;
1092  }
1093  return 0;
1094 }
1095 #endif
1096 
1097 EVP_PKEY *
1098 engine_load_key(const char *file, SSL_CTX *ctx)
1099 {
1100 #if HAVE_OPENSSL_ENGINE
1101  UI_METHOD *ui;
1102  EVP_PKEY *pkey;
1103 
1104  if (!engine_persist)
1105  {
1106  return NULL;
1107  }
1108 
1109  /* this will print out the error from BIO_read */
1110  crypto_msg(M_INFO, "PEM_read_bio failed, now trying engine method to load private key");
1111 
1112  ui = UI_create_method("openvpn");
1113  if (!ui)
1114  {
1115  crypto_msg(M_FATAL, "Engine UI creation failed");
1116  return NULL;
1117  }
1118 
1119  UI_method_set_reader(ui, ui_reader);
1120 
1121  ENGINE_init(engine_persist);
1122  pkey = ENGINE_load_private_key(engine_persist, file, ui, ctx);
1123  ENGINE_finish(engine_persist);
1124  if (!pkey)
1125  {
1126  crypto_msg(M_FATAL, "Engine could not load key file");
1127  }
1128 
1129  UI_destroy_method(ui);
1130  return pkey;
1131 #else /* if HAVE_OPENSSL_ENGINE */
1132  return NULL;
1133 #endif /* if HAVE_OPENSSL_ENGINE */
1134 }
1135 
1136 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
1137 bool
1138 ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
1139  int secret_len, uint8_t *output, int output_len)
1140 {
1141  EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
1142  if (!pctx)
1143  {
1144  return false;
1145  }
1146 
1147  bool ret = false;
1148  if (!EVP_PKEY_derive_init(pctx))
1149  {
1150  goto out;
1151  }
1152 
1153  if (!EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_md5_sha1()))
1154  {
1155  goto out;
1156  }
1157 
1158  if (!EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, secret, secret_len))
1159  {
1160  goto out;
1161  }
1162 
1163  if (!EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seed_len))
1164  {
1165  goto out;
1166  }
1167 
1168  size_t out_len = output_len;
1169  if (!EVP_PKEY_derive(pctx, output, &out_len))
1170  {
1171  goto out;
1172  }
1173  if (out_len != output_len)
1174  {
1175  goto out;
1176  }
1177  ret = true;
1178 out:
1179  EVP_PKEY_CTX_free(pctx);
1180  return ret;
1181 }
1182 #else /* if OPENSSL_VERSION_NUMBER >= 0x10100000L */
1183 /*
1184  * Generate the hash required by for the \c tls1_PRF function.
1185  *
1186  * We cannot use our normal hmac_* function as they do not work
1187  * in a FIPS environment (no MD5 allowed, which we need). Instead
1188  * we need to directly use the EVP_MD_* API with the special
1189  * EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag.
1190  *
1191  * The function below is adapted from OpenSSL 1.0.2t
1192  *
1193  * @param md_kt Message digest to use
1194  * @param sec Secret to base the hash on
1195  * @param sec_len Length of the secret
1196  * @param seed Seed to hash
1197  * @param seed_len Length of the seed
1198  * @param out Output buffer
1199  * @param olen Length of the output buffer
1200  */
1201 static
1202 bool
1203 tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
1204  int sec_len, const void *seed, int seed_len,
1205  unsigned char *out, int olen)
1206 {
1207  int chunk;
1208  size_t j;
1209  EVP_MD_CTX ctx, ctx_tmp, ctx_init;
1210  EVP_PKEY *mac_key;
1211  unsigned char A1[EVP_MAX_MD_SIZE];
1212  size_t A1_len = EVP_MAX_MD_SIZE;
1213  int ret = false;
1214 
1215  chunk = EVP_MD_size(md);
1216  OPENSSL_assert(chunk >= 0);
1217 
1218  EVP_MD_CTX_init(&ctx);
1219  EVP_MD_CTX_init(&ctx_tmp);
1220  EVP_MD_CTX_init(&ctx_init);
1221  EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1222  mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
1223  if (!mac_key)
1224  {
1225  goto err;
1226  }
1227  if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key))
1228  {
1229  goto err;
1230  }
1231  if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
1232  {
1233  goto err;
1234  }
1235  if (!EVP_DigestSignUpdate(&ctx, seed, seed_len))
1236  {
1237  goto err;
1238  }
1239  if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
1240  {
1241  goto err;
1242  }
1243 
1244  for (;; )
1245  {
1246  /* Reinit mac contexts */
1247  if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
1248  {
1249  goto err;
1250  }
1251  if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
1252  {
1253  goto err;
1254  }
1255  if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx))
1256  {
1257  goto err;
1258  }
1259  if (!EVP_DigestSignUpdate(&ctx, seed, seed_len))
1260  {
1261  goto err;
1262  }
1263 
1264  if (olen > chunk)
1265  {
1266  j = olen;
1267  if (!EVP_DigestSignFinal(&ctx, out, &j))
1268  {
1269  goto err;
1270  }
1271  out += j;
1272  olen -= j;
1273  /* calc the next A1 value */
1274  if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
1275  {
1276  goto err;
1277  }
1278  }
1279  else
1280  {
1281  A1_len = EVP_MAX_MD_SIZE;
1282  /* last one */
1283  if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
1284  {
1285  goto err;
1286  }
1287  memcpy(out, A1, olen);
1288  break;
1289  }
1290  }
1291  ret = true;
1292 err:
1293  EVP_PKEY_free(mac_key);
1294  EVP_MD_CTX_cleanup(&ctx);
1295  EVP_MD_CTX_cleanup(&ctx_tmp);
1296  EVP_MD_CTX_cleanup(&ctx_init);
1297  OPENSSL_cleanse(A1, sizeof(A1));
1298  return ret;
1299 }
1300 
1301 
1302 /*
1303  * Use the TLS PRF function for generating data channel keys.
1304  * This code is based on the OpenSSL library.
1305  *
1306  * TLS generates keys as such:
1307  *
1308  * master_secret[48] = PRF(pre_master_secret[48], "master secret",
1309  * ClientHello.random[32] + ServerHello.random[32])
1310  *
1311  * key_block[] = PRF(SecurityParameters.master_secret[48],
1312  * "key expansion",
1313  * SecurityParameters.server_random[32] +
1314  * SecurityParameters.client_random[32]);
1315  *
1316  * Notes:
1317  *
1318  * (1) key_block contains a full set of 4 keys.
1319  * (2) The pre-master secret is generated by the client.
1320  */
1321 bool
1322 ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec,
1323  int slen, uint8_t *out1, int olen)
1324 {
1325  bool ret = true;
1326  struct gc_arena gc = gc_new();
1327  /* For some reason our md_kt_get("MD5") fails otherwise in the unit test */
1328  const md_kt_t *md5 = EVP_md5();
1329  const md_kt_t *sha1 = EVP_sha1();
1330 
1331  uint8_t *out2 = (uint8_t *)gc_malloc(olen, false, &gc);
1332 
1333  int len = slen/2;
1334  const uint8_t *S1 = sec;
1335  const uint8_t *S2 = &(sec[len]);
1336  len += (slen&1); /* add for odd, make longer */
1337 
1338  if (!tls1_P_hash(md5, S1, len, label, label_len, out1, olen))
1339  {
1340  ret = false;
1341  goto done;
1342  }
1343 
1344  if (!tls1_P_hash(sha1, S2, len, label, label_len, out2, olen))
1345  {
1346  ret = false;
1347  goto done;
1348  }
1349 
1350  for (int i = 0; i < olen; i++)
1351  {
1352  out1[i] ^= out2[i];
1353  }
1354 
1355  secure_memzero(out2, olen);
1356 
1357  dmsg(D_SHOW_KEY_SOURCE, "tls1_PRF out[%d]: %s", olen, format_hex(out1, olen, 0, &gc));
1358 done:
1359  gc_free(&gc);
1360  return ret;
1361 }
1362 #endif /* if OPENSSL_VERSION_NUMBER >= 0x10100000L */
1363 #endif /* ENABLE_CRYPTO_OPENSSL */
int cipher_kt_tag_size(const EVP_CIPHER *cipher_kt)
void md_ctx_cleanup(EVP_MD_CTX *ctx)
#define D_CRYPT_ERRORS
Definition: errlevel.h:58
int md_ctx_size(const EVP_MD_CTX *ctx)
EVP_PKEY * engine_load_key(const char *file, SSL_CTX *ctx)
Load a key file from an engine.
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
bool cipher_kt_insecure(const EVP_CIPHER *cipher)
static void * SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
Fetch the default password callback user data from the SSL context.
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:685
static uint8_t * buf_write_alloc(struct buffer *buf, size_t size)
Definition: buffer.h:656
#define D_CRYPTO_DEBUG
Definition: errlevel.h:144
int hmac_ctx_size(const HMAC_CTX *ctx)
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:401
#define M_INFO
Definition: errlevel.h:55
const size_t cipher_name_translation_table_count
int cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
static pem_password_cb * SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
Fetch the default password callback from the SSL context.
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1023
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
static uint8_t * buf_read_alloc(struct buffer *buf, int size)
Definition: buffer.h:675
#define unlikely(x)
Definition: syshead.h:36
#define OPENVPN_MODE_OFB
Cipher is in OFB mode.
void hmac_ctx_reset(HMAC_CTX *ctx)
static int cipher_name_cmp(const void *a, const void *b)
#define OPENVPN_MODE_CFB
Cipher is in CFB mode.
void show_available_ciphers(void)
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
int md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
const EVP_CIPHER * cipher_kt_get(const char *ciphername)
Return cipher parameters, based on the given cipher name.
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
Definition: buffer.h:526
void hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
#define EVP_CTRL_AEAD_GET_TAG
void crypto_init_lib_engine(const char *engine_name)
#define dmsg(flags,...)
Definition: error.h:157
cipher_ctx_t * cipher_ctx_new(void)
Generic cipher functions.
const cipher_kt_t * cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
Returns the static cipher parameters for this context.
static int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
Reset a message digest context.
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition: buffer.h:335
void md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
int cipher_kt_block_size(const EVP_CIPHER *cipher)
#define MAX_CIPHER_KEY_LENGTH
int cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
void hmac_ctx_cleanup(HMAC_CTX *ctx)
int cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
void md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
#define ASSERT(x)
Definition: error.h:204
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
#define D_LOW
Definition: errlevel.h:97
void cipher_ctx_free(EVP_CIPHER_CTX *ctx)
static char * engine_name
Definition: libtestengine.c:7
#define BCAP(buf)
Definition: buffer.h:130
list flags
#define OPENVPN_MODE_GCM
Cipher is in GCM mode.
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
static HMAC_CTX * HMAC_CTX_new(void)
Allocate a new HMAC context object.
HMAC_CTX * hmac_ctx_new(void)
void print_cipher(const cipher_kt_t *cipher)
Print a cipher list entry.
Definition: crypto.c:1787
void md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
#define BPTR(buf)
Definition: buffer.h:124
void show_available_engines(void)
void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], unsigned char src[DES_KEY_LENGTH], unsigned char dst[DES_KEY_LENGTH])
Encrypt the given block, using DES ECB mode.
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
#define OPENVPN_MODE_CBC
Cipher is in CBC mode.
static struct gc_arena gc_new(void)
Definition: buffer.h:1015
const EVP_MD * md_kt_get(const char *digest)
Return message digest parameters, based on the given digest name.
#define PACKAGE_NAME
Definition: config.h:730
const char * md_kt_name(const EVP_MD *kt)
void hmac_ctx_free(HMAC_CTX *ctx)
bool key_des_check(uint8_t *key, int key_len, int ndc)
void hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, const EVP_MD *kt)
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition: buffer.c:405
mbedtls_md_info_t md_kt_t
Generic message digest key type context.
mbedtls_cipher_info_t cipher_kt_t
Generic cipher key type context.
void hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
Free an existing message digest context.
int cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
bool cipher_kt_mode_aead(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported AEAD mode cipher.
const char * cipher_kt_name(const EVP_CIPHER *cipher_kt)
int cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
uint8_t * data
Pointer to the allocated memory.
Definition: buffer.h:68
#define ENABLE_OFB_CFB_MODE
Definition: config.h:65
void key_des_fixup(uint8_t *key, int key_len, int ndc)
void cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len, const EVP_CIPHER *kt, int enc)
#define MAX_HMAC_KEY_LENGTH
int cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
static int HMAC_CTX_reset(HMAC_CTX *ctx)
Reset a HMAC context.
#define BLEN(buf)
Definition: buffer.h:127
#define msg(flags,...)
Definition: error.h:153
#define D_SHOW_KEY_SOURCE
Definition: errlevel.h:118
unsigned char md_kt_size(const EVP_MD *kt)
void md_ctx_free(EVP_MD_CTX *ctx)
static EVP_MD_CTX * EVP_MD_CTX_new(void)
Allocate a new message digest object.
static void HMAC_CTX_free(HMAC_CTX *ctx)
Cleanup and free an existing HMAC context.
static void check_malloc_return(const void *p)
Definition: buffer.h:1093
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.
int cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
EVP_MD_CTX * md_ctx_new(void)
Struct used in cipher name translation table.
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define M_FATAL
Definition: error.h:98
const char * translate_cipher_name_to_openvpn(const char *cipher_name)
Translate a crypto library cipher name to an OpenVPN cipher name.
Definition: crypto.c:1854
int cipher_kt_key_size(const EVP_CIPHER *cipher_kt)
static bool tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, const void *seed, int seed_len, unsigned char *out, int olen)
void crypto_clear_error(void)
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
int cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
#define M_WARN
Definition: error.h:100
#define free
Definition: cmocka.c:1850
void crypto_init_lib(void)
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition: buffer.h:689
#define OPENVPN_AEAD_TAG_LENGTH
int cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported CBC mode cipher.
void crypto_uninit_lib(void)
const char * translate_cipher_name_from_openvpn(const char *cipher_name)
Translate an OpenVPN cipher name to a crypto library cipher name.
Definition: crypto.c:1841
int key_des_num_cblocks(const EVP_CIPHER *kt)
#define EVP_CIPHER_CTX_reset
#define DES_KEY_LENGTH
void show_available_digests(void)
#define EVP_CTRL_AEAD_SET_TAG
int cipher_kt_mode(const EVP_CIPHER *cipher_kt)
bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
bool ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec, int slen, uint8_t *out1, int olen)
Calculates the TLS 1.0-1.1 PRF function.
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
int cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)