OpenVPN
crypto_openssl.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
30 #ifndef CRYPTO_OPENSSL_H_
31 #define CRYPTO_OPENSSL_H_
32 
33 #include <openssl/evp.h>
34 #include <openssl/hmac.h>
35 #include <openssl/md5.h>
36 #include <openssl/sha.h>
37 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
38 #include <openssl/provider.h>
39 #endif
40 
42 typedef EVP_CIPHER_CTX cipher_ctx_t;
43 
45 typedef EVP_MD_CTX md_ctx_t;
46 
48 #if OPENSSL_VERSION_NUMBER < 0x30000000L
49 typedef HMAC_CTX hmac_ctx_t;
50 
51 /* Use a dummy type for the provider */
52 typedef void provider_t;
53 #else
54 typedef struct {
55  OSSL_PARAM params[3];
56  uint8_t key[EVP_MAX_KEY_LENGTH];
57  EVP_MAC_CTX *ctx;
58 } hmac_ctx_t;
59 
60 typedef OSSL_PROVIDER provider_t;
61 #endif
62 
63 /* In OpenSSL 3.0 the method that returns EVP_CIPHER, the cipher needs to be
64  * freed afterwards, thus needing a non-const type. In constrast OpenSSL 1.1.1
65  * and lower returns a const type, needing a const type */
66 #if OPENSSL_VERSION_NUMBER < 0x30000000L
67 typedef const EVP_CIPHER evp_cipher_type;
68 typedef const EVP_MD evp_md_type;
69 #else
70 typedef EVP_CIPHER evp_cipher_type;
71 typedef EVP_MD evp_md_type;
72 #endif
73 
75 #define OPENVPN_MAX_IV_LENGTH EVP_MAX_IV_LENGTH
76 
78 #define OPENVPN_MODE_CBC EVP_CIPH_CBC_MODE
79 
81 #define OPENVPN_MODE_OFB EVP_CIPH_OFB_MODE
82 
84 #define OPENVPN_MODE_CFB EVP_CIPH_CFB_MODE
85 
87 #define OPENVPN_MODE_GCM EVP_CIPH_GCM_MODE
88 
89 typedef int crypto_operation_t;
90 
92 #define OPENVPN_OP_ENCRYPT 1
93 
95 #define OPENVPN_OP_DECRYPT 0
96 
97 #define MD4_DIGEST_LENGTH 16
98 
106 void crypto_print_openssl_errors(const unsigned int flags);
107 
116 #define crypto_msg(flags, ...) \
117  do { \
118  crypto_print_openssl_errors(nonfatal(flags)); \
119  msg((flags), __VA_ARGS__); \
120  } while (false)
121 
122 #endif /* CRYPTO_OPENSSL_H_ */
hmac_ctx_t
HMAC_CTX hmac_ctx_t
Generic HMAC context.
Definition: crypto_openssl.h:49
md_ctx_t
EVP_MD_CTX md_ctx_t
Generic message digest context.
Definition: crypto_openssl.h:45
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
provider_t
void provider_t
Definition: crypto_openssl.h:52
cipher_ctx_t
EVP_CIPHER_CTX cipher_ctx_t
Generic cipher context.
Definition: crypto_openssl.h:42
evp_cipher_type
const typedef EVP_CIPHER evp_cipher_type
Definition: crypto_openssl.h:67
crypto_print_openssl_errors
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
Definition: crypto_openssl.c:236
evp_md_type
const typedef EVP_MD evp_md_type
Definition: crypto_openssl.h:68
OSSL_PROVIDER
void OSSL_PROVIDER
Definition: openssl_compat.h:131
crypto_operation_t
int crypto_operation_t
Definition: crypto_openssl.h:89
Generated by   doxygen 1.8.17