OpenVPN
crypto_openssl.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifndef CRYPTO_OPENSSL_H_
30 #define CRYPTO_OPENSSL_H_
31 
32 #include <openssl/evp.h>
33 #include <openssl/hmac.h>
34 #include <openssl/md5.h>
35 #include <openssl/sha.h>
36 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
37 #include <openssl/provider.h>
38 #endif
39 
41 typedef EVP_CIPHER_CTX cipher_ctx_t;
42 
44 typedef EVP_MD_CTX md_ctx_t;
45 
47 #if OPENSSL_VERSION_NUMBER < 0x30000000L
48 typedef HMAC_CTX hmac_ctx_t;
49 
50 /* Use a dummy type for the provider */
51 typedef void provider_t;
52 #else
53 typedef struct {
54  OSSL_PARAM params[3];
55  uint8_t key[EVP_MAX_KEY_LENGTH];
56  EVP_MAC_CTX *ctx;
57 } hmac_ctx_t;
58 
60 #endif
61 
62 /* In OpenSSL 3.0 the method that returns EVP_CIPHER, the cipher needs to be
63  * freed afterwards, thus needing a non-const type. In constrast OpenSSL 1.1.1
64  * and lower returns a const type, needing a const type */
65 #if OPENSSL_VERSION_NUMBER < 0x30000000L
66 typedef const EVP_CIPHER evp_cipher_type;
67 typedef const EVP_MD evp_md_type;
68 #else
69 typedef EVP_CIPHER evp_cipher_type;
70 typedef EVP_MD evp_md_type;
71 #endif
72 
74 #define OPENVPN_MAX_IV_LENGTH EVP_MAX_IV_LENGTH
75 
77 #define OPENVPN_MODE_CBC EVP_CIPH_CBC_MODE
78 
80 #define OPENVPN_MODE_OFB EVP_CIPH_OFB_MODE
81 
83 #define OPENVPN_MODE_CFB EVP_CIPH_CFB_MODE
84 
86 #define OPENVPN_MODE_GCM EVP_CIPH_GCM_MODE
87 
89 #define OPENVPN_OP_ENCRYPT 1
90 
92 #define OPENVPN_OP_DECRYPT 0
93 
94 #define DES_KEY_LENGTH 8
95 #define MD4_DIGEST_LENGTH 16
96 
104 void crypto_print_openssl_errors(const unsigned int flags);
105 
115 #define crypto_msg(flags, ...) \
116  do { \
117  crypto_print_openssl_errors(nonfatal(flags)); \
118  msg((flags), __VA_ARGS__); \
119  } while (false)
120 
130 EVP_PKEY *
131 engine_load_key(const char *file, SSL_CTX *ctx);
132 
133 #endif /* CRYPTO_OPENSSL_H_ */
hmac_ctx_t
HMAC_CTX hmac_ctx_t
Generic HMAC context.
Definition: crypto_openssl.h:48
md_ctx_t
EVP_MD_CTX md_ctx_t
Generic message digest context.
Definition: crypto_openssl.h:44
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:149
provider_t
void provider_t
Definition: crypto_openssl.h:51
cipher_ctx_t
EVP_CIPHER_CTX cipher_ctx_t
Generic cipher context.
Definition: crypto_openssl.h:41
engine_load_key
EVP_PKEY * engine_load_key(const char *file, SSL_CTX *ctx)
Load a key file from an engine.
Definition: crypto_openssl.c:1384
evp_cipher_type
const typedef EVP_CIPHER evp_cipher_type
Definition: crypto_openssl.h:66
crypto_print_openssl_errors
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
Definition: crypto_openssl.c:240
evp_md_type
const typedef EVP_MD evp_md_type
Definition: crypto_openssl.h:67
OSSL_PROVIDER
void OSSL_PROVIDER
Definition: openssl_compat.h:770