OpenVPN
crypto_openssl.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <https://www.gnu.org/licenses/>.
22 */
23
29#ifdef HAVE_CONFIG_H
30#include "config.h"
31#endif
32
33#include "syshead.h"
34
35#if defined(ENABLE_CRYPTO_OPENSSL)
36
37#include "basic.h"
38#include "buffer.h"
39#include "integer.h"
40#include "crypto.h"
41#include "crypto_backend.h"
42#include "openssl_compat.h"
43
44#include <openssl/conf.h>
45#include <openssl/des.h>
46#include <openssl/err.h>
47#include <openssl/evp.h>
48#include <openssl/objects.h>
49#include <openssl/rand.h>
50#include <openssl/ssl.h>
51
52#if !defined(LIBRESSL_VERSION_NUMBER)
53#include <openssl/kdf.h>
54#endif
55#if OPENSSL_VERSION_NUMBER >= 0x30000000L
56#include <openssl/provider.h>
57#include <openssl/core_names.h>
58#endif
59
60#if defined(_WIN32) && defined(OPENSSL_NO_EC)
61#error Windows build with OPENSSL_NO_EC: disabling EC key is not supported.
62#endif
63
64#ifdef _MSC_VER
65/* mute ossl3 deprecation warnings treated as errors in msvc */
66#pragma warning(disable : 4996)
67#endif
68
69/*
70 * Check for key size creepage.
71 */
72
73#if MAX_CIPHER_KEY_LENGTH < EVP_MAX_KEY_LENGTH
74#warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH
75#endif
76
77#if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE
78#warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH
79#endif
80
81#if HAVE_OPENSSL_ENGINE
82#include <openssl/ui.h>
83#include <openssl/engine.h>
84
85static bool engine_initialized = false; /* GLOBAL */
86
87static ENGINE *engine_persist = NULL; /* GLOBAL */
88
89/* Try to load an engine in a shareable library */
90static ENGINE *
91try_load_engine(const char *engine)
92{
93 ENGINE *e = ENGINE_by_id("dynamic");
94 if (e)
95 {
96 if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
97 || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
98 {
99 ENGINE_free(e);
100 e = NULL;
101 }
102 }
103 return e;
104}
105
106static ENGINE *
107setup_engine(const char *engine)
108{
109 ENGINE *e = NULL;
110
111 ENGINE_load_builtin_engines();
112
113 if (engine)
114 {
115 if (strcmp(engine, "auto") == 0)
116 {
117 msg(M_INFO, "Initializing OpenSSL auto engine support");
118 ENGINE_register_all_complete();
119 return NULL;
120 }
121 if ((e = ENGINE_by_id(engine)) == NULL && (e = try_load_engine(engine)) == NULL)
122 {
123 crypto_msg(M_FATAL, "OpenSSL error: cannot load engine '%s'", engine);
124 }
125
126 if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
127 {
128 crypto_msg(M_FATAL, "OpenSSL error: ENGINE_set_default failed on engine '%s'", engine);
129 }
130
131 msg(M_INFO, "Initializing OpenSSL support for engine '%s'", ENGINE_get_id(e));
132 }
133 return e;
134}
135
136#endif /* HAVE_OPENSSL_ENGINE */
137
138void
139crypto_init_lib_engine(const char *engine_name)
140{
141#if HAVE_OPENSSL_ENGINE
142 if (!engine_initialized)
143 {
144 ASSERT(engine_name);
145 ASSERT(!engine_persist);
146 engine_persist = setup_engine(engine_name);
147 engine_initialized = true;
148 }
149#else /* if HAVE_OPENSSL_ENGINE */
150 msg(M_WARN, "Note: OpenSSL hardware crypto engine functionality is not available");
151#endif
152}
153
155crypto_load_provider(const char *provider)
156{
157#if OPENSSL_VERSION_NUMBER >= 0x30000000L
158 /* Load providers into the default (NULL) library context */
159 OSSL_PROVIDER *prov = OSSL_PROVIDER_load(NULL, provider);
160 if (!prov)
161 {
162 crypto_msg(M_FATAL, "failed to load provider '%s'", provider);
163 }
164 return prov;
165#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
166 msg(M_WARN, "Note: OpenSSL provider functionality is not available");
167 return NULL;
168#endif
169}
170
171void
172crypto_unload_provider(const char *provname, provider_t *provider)
173{
174#if OPENSSL_VERSION_NUMBER >= 0x30000000L
175 if (!OSSL_PROVIDER_unload(provider))
176 {
177 crypto_msg(M_FATAL, "failed to unload provider '%s'", provname);
178 }
179#endif
180}
181
182/*
183 *
184 * Functions related to the core crypto library
185 *
186 */
187
188void
190{
191 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
192 /*
193 * If you build the OpenSSL library and OpenVPN with
194 * CRYPTO_MDEBUG, you will get a listing of OpenSSL
195 * memory leaks on program termination.
196 */
197
198#ifdef CRYPTO_MDEBUG
199 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
200#endif
201}
202
203void
205{
206#ifdef CRYPTO_MDEBUG
207 FILE *fp = fopen("sdlog", "w");
208 ASSERT(fp);
209 CRYPTO_mem_leaks_fp(fp);
210 fclose(fp);
211#endif
212
213#if HAVE_OPENSSL_ENGINE
214 if (engine_initialized)
215 {
216 ENGINE_cleanup();
217 engine_persist = NULL;
218 engine_initialized = false;
219 }
220#endif
221}
222
223void
225{
226 ERR_clear_error();
227}
228
229void
230crypto_print_openssl_errors(const unsigned int flags)
231{
232 unsigned long err = 0;
233 int line, errflags;
234 const char *file, *data, *func;
235
236 while ((err = ERR_get_error_all(&file, &line, &func, &data, &errflags)) != 0)
237 {
238 if (!(errflags & ERR_TXT_STRING))
239 {
240 data = "";
241 }
242
243 /* Be more clear about frequently occurring "no shared cipher" error */
244 if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER)
245 {
246 msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites "
247 "in common with the client. Your --tls-cipher setting might be "
248 "too restrictive.");
249 }
250 else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL)
251 {
253 "TLS error: Unsupported protocol. This typically "
254 "indicates that client and server have no common TLS version enabled. "
255 "This can be caused by mismatched tls-version-min and tls-version-max "
256 "options on client and server. "
257 "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
258 "tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
259 "instead of TLS 1.0 only");
260 }
261
262 /* print file and line if verb >=8 */
264 {
265 msg(flags, "OpenSSL: %s:%s", ERR_error_string(err, NULL), data);
266 }
267 else
268 {
269 msg(flags, "OpenSSL: %s:%s:%s:%d:%s", ERR_error_string(err, NULL), data, file, line,
270 func);
271 }
272 }
273}
274
275
276/*
277 *
278 * OpenSSL memory debugging. If dmalloc debugging is enabled, tell
279 * OpenSSL to use our private malloc/realloc/free functions so that
280 * we can dispatch them to dmalloc.
281 *
282 */
283
284#ifdef DMALLOC
285static void *
286crypto_malloc(size_t size, const char *file, int line)
287{
288 return dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0);
289}
290
291static void *
292crypto_realloc(void *ptr, size_t size, const char *file, int line)
293{
294 return dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
295}
296
297static void
298crypto_free(void *ptr)
299{
300 dmalloc_free(__FILE__, __LINE__, ptr, DMALLOC_FUNC_FREE);
301}
302
303void
304crypto_init_dmalloc(void)
305{
306 CRYPTO_set_mem_ex_functions(crypto_malloc, crypto_realloc, crypto_free);
307}
308#endif /* DMALLOC */
309
311 { "AES-128-GCM", "id-aes128-GCM" },
312 { "AES-192-GCM", "id-aes192-GCM" },
313 { "AES-256-GCM", "id-aes256-GCM" },
314 { "CHACHA20-POLY1305", "ChaCha20-Poly1305" },
315};
318
319
320static int
321cipher_name_cmp(const void *a, const void *b)
322{
323 const EVP_CIPHER *const *cipher_a = a;
324 const EVP_CIPHER *const *cipher_b = b;
325
326 return strcmp(EVP_CIPHER_get0_name(*cipher_a), EVP_CIPHER_get0_name(*cipher_b));
327}
328
330{
331 /* If we ever exceed this, we must be more selective */
332 const EVP_CIPHER *list[1000];
333 size_t num;
334};
335
336static void
337collect_ciphers(EVP_CIPHER *cipher, void *list)
338{
339 if (!cipher)
340 {
341 return;
342 }
343 struct collect_ciphers *cipher_list = list;
344 if (cipher_list->num == SIZE(cipher_list->list))
345 {
346 msg(M_WARN, "WARNING: Too many ciphers, not showing all");
347 return;
348 }
349
350 const char *ciphername = EVP_CIPHER_get0_name(cipher);
351
352 if (ciphername
353 && (cipher_kt_mode_cbc(ciphername)
354#ifdef ENABLE_OFB_CFB_MODE
355 || cipher_kt_mode_ofb_cfb(ciphername)
356#endif
357 || cipher_kt_mode_aead(ciphername)))
358 {
359 cipher_list->list[cipher_list->num++] = cipher;
360 }
361}
362
363void
365{
366 struct collect_ciphers cipher_list = { 0 };
367
368#ifndef ENABLE_SMALL
369 printf("The following ciphers and cipher modes are available for use\n"
370 "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n"
371 "parameter to the --data-ciphers (or --cipher) option. In static \n"
372 "key mode only CBC mode is allowed.\n");
373 printf("See also openssl list -cipher-algorithms\n\n");
374#endif
375
376#if OPENSSL_VERSION_NUMBER >= 0x30000000L
377 EVP_CIPHER_do_all_provided(NULL, collect_ciphers, &cipher_list);
378#else
379 for (int nid = 0; nid < 10000; ++nid)
380 {
381#if defined(LIBRESSL_VERSION_NUMBER)
382 /* OpenBSD/LibreSSL reimplemented EVP_get_cipherbyname and broke
383 * calling EVP_get_cipherbynid with an invalid nid in the process
384 * so that it would segfault. */
385 const EVP_CIPHER *cipher = NULL;
386 const char *name = OBJ_nid2sn(nid);
387 if (name)
388 {
389 cipher = EVP_get_cipherbyname(name);
390 }
391#else /* if defined(LIBRESSL_VERSION_NUMBER) */
392 const EVP_CIPHER *cipher = EVP_get_cipherbynid(nid);
393#endif
394 /* We cast the const away so we can keep the function prototype
395 * compatible with EVP_CIPHER_do_all_provided */
396 collect_ciphers((EVP_CIPHER *)cipher, &cipher_list);
397 }
398#endif
399
400 /* cast to non-const to prevent warning */
401 qsort((EVP_CIPHER *)cipher_list.list, cipher_list.num, sizeof(*cipher_list.list),
403
404 for (size_t i = 0; i < cipher_list.num; i++)
405 {
406 if (!cipher_kt_insecure(EVP_CIPHER_get0_name(cipher_list.list[i])))
407 {
409 }
410 }
411
412 printf("\nThe following ciphers have a block size of less than 128 bits, \n"
413 "and are therefore deprecated. Do not use unless you have to.\n\n");
414 for (int i = 0; i < cipher_list.num; i++)
415 {
417 {
419 }
420 }
421 printf("\n");
422}
423
424void
425print_digest(EVP_MD *digest, void *unused)
426{
427 printf("%s %d bit digest size\n", md_kt_name(EVP_MD_get0_name(digest)),
428 EVP_MD_size(digest) * 8);
429}
430
431void
433{
434#ifndef ENABLE_SMALL
435 printf("The following message digests are available for use with\n" PACKAGE_NAME
436 ". A message digest is used in conjunction with\n"
437 "the HMAC function, to authenticate received packets.\n"
438 "You can specify a message digest as parameter to\n"
439 "the --auth option.\n");
440 printf("See also openssl list -digest-algorithms\n\n");
441#endif
442
443#if OPENSSL_VERSION_NUMBER >= 0x30000000L
444 EVP_MD_do_all_provided(NULL, print_digest, NULL);
445#else
446 for (int nid = 0; nid < 10000; ++nid)
447 {
448 /* OpenBSD/LibreSSL reimplemented EVP_get_digestbyname and broke
449 * calling EVP_get_digestbynid with an invalid nid in the process
450 * so that it would segfault. */
451#ifdef LIBRESSL_VERSION_NUMBER
452 const EVP_MD *digest = NULL;
453 const char *name = OBJ_nid2sn(nid);
454 if (name)
455 {
456 digest = EVP_get_digestbyname(name);
457 }
458#else /* ifdef LIBRESSL_VERSION_NUMBER */
459 const EVP_MD *digest = EVP_get_digestbynid(nid);
460#endif
461 if (digest)
462 {
463 /* We cast the const away so we can keep the function prototype
464 * compatible with EVP_MD_do_all_provided */
465 print_digest((EVP_MD *)digest, NULL);
466 }
467 }
468#endif /* if OPENSSL_VERSION_NUMBER >= 0x30000000L */
469 printf("\n");
470}
471
472void
474{
475#if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */
476 ENGINE *e;
477
478 printf("OpenSSL Crypto Engines\n\n");
479
480 ENGINE_load_builtin_engines();
481
482 e = ENGINE_get_first();
483 while (e)
484 {
485 printf("%s [%s]\n", ENGINE_get_name(e), ENGINE_get_id(e));
486 e = ENGINE_get_next(e);
487 }
488 ENGINE_cleanup();
489#else /* if HAVE_OPENSSL_ENGINE */
490 printf("Sorry, OpenSSL hardware crypto engine functionality is not available.\n");
491#endif
492}
493
494
495bool
496crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
497 struct gc_arena *gc)
498{
499 bool ret = false;
500 BIO *bio = BIO_new(BIO_s_mem());
501 if (!bio || !PEM_write_bio(bio, name, "", BPTR(src), BLEN(src)))
502 {
503 ret = false;
504 goto cleanup;
505 }
506
507 BUF_MEM *bptr;
508 BIO_get_mem_ptr(bio, &bptr);
509
510 *dst = alloc_buf_gc(bptr->length, gc);
511 ASSERT(buf_write(dst, bptr->data, bptr->length));
512
513 ret = true;
514cleanup:
515 if (!BIO_free(bio))
516 {
517 ret = false;
518 }
519
520 return ret;
521}
522
523bool
524crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
525{
526 bool ret = false;
527
528 BIO *bio = BIO_new_mem_buf((char *)BPTR(src), BLEN(src));
529 if (!bio)
530 {
531 crypto_msg(M_FATAL, "Cannot open memory BIO for PEM decode");
532 }
533
534 char *name_read = NULL;
535 char *header_read = NULL;
536 uint8_t *data_read = NULL;
537 long data_read_len = 0;
538 if (!PEM_read_bio(bio, &name_read, &header_read, &data_read, &data_read_len))
539 {
540 dmsg(D_CRYPT_ERRORS, "%s: PEM decode failed", __func__);
541 goto cleanup;
542 }
543
544 if (strcmp(name, name_read))
545 {
546 dmsg(D_CRYPT_ERRORS, "%s: unexpected PEM name (got '%s', expected '%s')", __func__,
547 name_read, name);
548 goto cleanup;
549 }
550
551 uint8_t *dst_data = buf_write_alloc(dst, data_read_len);
552 if (!dst_data)
553 {
554 dmsg(D_CRYPT_ERRORS, "%s: dst too small (%i, needs %li)", __func__, BCAP(dst),
555 data_read_len);
556 goto cleanup;
557 }
558 memcpy(dst_data, data_read, data_read_len);
559
560 ret = true;
561cleanup:
562 OPENSSL_free(name_read);
563 OPENSSL_free(header_read);
564 OPENSSL_free(data_read);
565 if (!BIO_free(bio))
566 {
567 ret = false;
568 }
569
570 return ret;
571}
572
573/*
574 *
575 * Random number functions, used in cases where we want
576 * reasonably strong cryptographic random number generation
577 * without depleting our entropy pool. Used for random
578 * IV values and a number of other miscellaneous tasks.
579 *
580 */
581
582int
583rand_bytes(uint8_t *output, int len)
584{
585 if (unlikely(1 != RAND_bytes(output, len)))
586 {
587 crypto_msg(D_CRYPT_ERRORS, "RAND_bytes() failed");
588 return 0;
589 }
590 return 1;
591}
592
593/*
594 *
595 * Generic cipher key type functions
596 *
597 */
598
599static evp_cipher_type *
600cipher_get(const char *ciphername)
601{
602 ASSERT(ciphername);
603
604 ciphername = translate_cipher_name_from_openvpn(ciphername);
605 return EVP_CIPHER_fetch(NULL, ciphername, NULL);
606}
607
608bool
609cipher_valid_reason(const char *ciphername, const char **reason)
610{
611 bool ret = false;
612 evp_cipher_type *cipher = cipher_get(ciphername);
613 if (!cipher)
614 {
615 crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername);
616 *reason = "disabled because unknown";
617 goto out;
618 }
619
620#ifdef OPENSSL_FIPS
621 /* Rhel 8/CentOS 8 have a patched OpenSSL version that return a cipher
622 * here that is actually not usable if in FIPS mode */
623
624 if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))
625 {
626 msg(D_LOW,
627 "Cipher algorithm '%s' is known by OpenSSL library but "
628 "currently disabled by running in FIPS mode.",
629 ciphername);
630 *reason = "disabled by FIPS mode";
631 goto out;
632 }
633#endif
634 if (EVP_CIPHER_key_length(cipher) > MAX_CIPHER_KEY_LENGTH)
635 {
636 msg(D_LOW,
637 "Cipher algorithm '%s' uses a default key size (%d bytes) "
638 "which is larger than " PACKAGE_NAME "'s current maximum key size "
639 "(%d bytes)",
640 ciphername, EVP_CIPHER_key_length(cipher), MAX_CIPHER_KEY_LENGTH);
641 *reason = "disabled due to key size too large";
642 goto out;
643 }
644
645 ret = true;
646 *reason = NULL;
647out:
648 EVP_CIPHER_free(cipher);
649 return ret;
650}
651
652const char *
653cipher_kt_name(const char *ciphername)
654{
655 ASSERT(ciphername);
656 if (strcmp("none", ciphername) == 0)
657 {
658 return "[null-cipher]";
659 }
660
661 evp_cipher_type *cipher_kt = cipher_get(ciphername);
662 if (!cipher_kt)
663 {
664 return NULL;
665 }
666
667 const char *name = EVP_CIPHER_name(cipher_kt);
668 EVP_CIPHER_free(cipher_kt);
670}
671
672int
673cipher_kt_key_size(const char *ciphername)
674{
675 evp_cipher_type *cipher = cipher_get(ciphername);
676 int size = EVP_CIPHER_key_length(cipher);
677 EVP_CIPHER_free(cipher);
678 return size;
679}
680
681int
682cipher_kt_iv_size(const char *ciphername)
683{
684 evp_cipher_type *cipher = cipher_get(ciphername);
685 int ivsize = EVP_CIPHER_iv_length(cipher);
686 EVP_CIPHER_free(cipher);
687 return ivsize;
688}
689
690int
691cipher_kt_block_size(const char *ciphername)
692{
693 /*
694 * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work
695 * around that, try to replace the mode with 'CBC' and return the block size
696 * reported for that cipher, if possible. If that doesn't work, just return
697 * the value reported by OpenSSL.
698 */
699 char *name = NULL;
700 char *mode_str = NULL;
701 const char *orig_name = NULL;
702 evp_cipher_type *cbc_cipher = NULL;
703 evp_cipher_type *cipher = cipher_get(ciphername);
704 if (!cipher)
705 {
706 return 0;
707 }
708
709 int block_size = EVP_CIPHER_block_size(cipher);
710
711 orig_name = EVP_CIPHER_name(cipher);
712 if (!orig_name)
713 {
714 goto cleanup;
715 }
716
717 name = string_alloc(translate_cipher_name_to_openvpn(orig_name), NULL);
718 mode_str = strrchr(name, '-');
719 if (!mode_str || strlen(mode_str) < 4)
720 {
721 goto cleanup;
722 }
723
724 strcpy(mode_str, "-CBC");
725
726 cbc_cipher = EVP_CIPHER_fetch(NULL, translate_cipher_name_from_openvpn(name), NULL);
727 if (cbc_cipher)
728 {
729 block_size = EVP_CIPHER_block_size(cbc_cipher);
730 }
731
732cleanup:
733 EVP_CIPHER_free(cbc_cipher);
734 EVP_CIPHER_free(cipher);
735 free(name);
736 return block_size;
737}
738
739int
740cipher_kt_tag_size(const char *ciphername)
741{
742 if (cipher_kt_mode_aead(ciphername))
743 {
745 }
746 else
747 {
748 return 0;
749 }
750}
751
752bool
753cipher_kt_insecure(const char *ciphername)
754{
755 if (cipher_kt_block_size(ciphername) >= 128 / 8)
756 {
757 return false;
758 }
759#ifdef NID_chacha20_poly1305
760 evp_cipher_type *cipher = cipher_get(ciphername);
761 if (cipher)
762 {
763 bool ischachapoly = (EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305);
764 EVP_CIPHER_free(cipher);
765 if (ischachapoly)
766 {
767 return false;
768 }
769 }
770#endif
771 return true;
772}
773
774int
775cipher_kt_mode(const EVP_CIPHER *cipher_kt)
776{
777 ASSERT(NULL != cipher_kt);
778 return EVP_CIPHER_mode(cipher_kt);
779}
780
781bool
782cipher_kt_mode_cbc(const char *ciphername)
783{
784 evp_cipher_type *cipher = cipher_get(ciphername);
785
786 bool ret = cipher
787 && (cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
788 /* Exclude AEAD cipher modes, they require a different API */
789#ifdef EVP_CIPH_FLAG_CTS
790 && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS)
791#endif
792 && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER));
793 EVP_CIPHER_free(cipher);
794 return ret;
795}
796
797bool
798cipher_kt_mode_ofb_cfb(const char *ciphername)
799{
800 evp_cipher_type *cipher = cipher_get(ciphername);
801 bool ofb_cfb = cipher
802 && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB
803 || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB)
804 /* Exclude AEAD cipher modes, they require a different API */
805 && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
806 EVP_CIPHER_free(cipher);
807 return ofb_cfb;
808}
809
810bool
811cipher_kt_mode_aead(const char *ciphername)
812{
813 bool isaead = false;
814
815 evp_cipher_type *cipher = cipher_get(ciphername);
816 if (cipher)
817 {
818 if (EVP_CIPHER_mode(cipher) == OPENVPN_MODE_GCM)
819 {
820 isaead = true;
821 }
822
823#ifdef NID_chacha20_poly1305
824 if (EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305)
825 {
826 isaead = true;
827 }
828#endif
829 }
830
831 EVP_CIPHER_free(cipher);
832
833 return isaead;
834}
835
836/*
837 *
838 * Generic cipher context functions
839 *
840 */
841
844{
845 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
847 return ctx;
848}
849
850void
851cipher_ctx_free(EVP_CIPHER_CTX *ctx)
852{
853 EVP_CIPHER_CTX_free(ctx);
854}
855
856void
857cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, const char *ciphername,
859{
860 ASSERT(NULL != ciphername && NULL != ctx);
861 evp_cipher_type *kt = cipher_get(ciphername);
862
863 EVP_CIPHER_CTX_reset(ctx);
864 if (!EVP_CipherInit_ex(ctx, kt, NULL, key, NULL, enc))
865 {
866 crypto_msg(M_FATAL, "EVP cipher init #2");
867 }
868
869 /* make sure we used a big enough key */
870 ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= EVP_CIPHER_key_length(kt));
871 EVP_CIPHER_free(kt);
872}
873
874int
875cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
876{
877 return EVP_CIPHER_CTX_iv_length(ctx);
878}
879
880int
881cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
882{
883 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_size, tag_buf);
884}
885
886int
887cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
888{
889 return EVP_CIPHER_CTX_block_size(ctx);
890}
891
892int
893cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
894{
895 return EVP_CIPHER_CTX_mode(ctx);
896}
897
898
899bool
901{
902 if (!ctx)
903 {
904 return false;
905 }
906
907 int flags = EVP_CIPHER_CTX_flags(ctx);
908 int mode = EVP_CIPHER_CTX_mode(ctx);
909
910 return mode == EVP_CIPH_CBC_MODE
911 /* Exclude AEAD cipher modes, they require a different API */
912#ifdef EVP_CIPH_FLAG_CTS
913 && !(flags & EVP_CIPH_FLAG_CTS)
914#endif
915 && !(flags & EVP_CIPH_FLAG_AEAD_CIPHER);
916}
917
918bool
920{
921 if (!ctx)
922 {
923 return false;
924 }
925
926 int mode = EVP_CIPHER_CTX_get_mode(ctx);
927
928 return (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CFB_MODE)
929 /* Exclude AEAD cipher modes, they require a different API */
930 && !(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER);
931}
932
933bool
935{
936 if (ctx)
937 {
938 int flags = EVP_CIPHER_CTX_flags(ctx);
939 if (flags & EVP_CIPH_FLAG_AEAD_CIPHER)
940 {
941 return true;
942 }
943
944#if defined(NID_chacha20_poly1305) && OPENSSL_VERSION_NUMBER < 0x30000000L
945 if (EVP_CIPHER_CTX_nid(ctx) == NID_chacha20_poly1305)
946 {
947 return true;
948 }
949#endif
950 }
951
952 return false;
953}
954
955
956int
957cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
958{
959 return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
960}
961
962int
963cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
964{
965 int len;
966 if (!EVP_CipherUpdate(ctx, NULL, &len, src, src_len))
967 {
968 crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
969 }
970 return 1;
971}
972
973int
974cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)
975{
976 if (!EVP_CipherUpdate(ctx, dst, dst_len, src, src_len))
977 {
978 crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
979 }
980 return 1;
981}
982
983int
984cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
985{
986 return EVP_CipherFinal(ctx, dst, dst_len);
987}
988
989int
990cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag,
991 size_t tag_len)
992{
993 ASSERT(tag_len < SIZE_MAX);
994 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
995 {
996 return 0;
997 }
998
999 return cipher_ctx_final(ctx, dst, dst_len);
1000}
1001
1002
1003/*
1004 *
1005 * Generic message digest information functions
1006 *
1007 */
1008
1009
1010static evp_md_type *
1011md_get(const char *digest)
1012{
1013 evp_md_type *md = NULL;
1014 ASSERT(digest);
1015 md = EVP_MD_fetch(NULL, digest, NULL);
1016 if (!md)
1017 {
1018 crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
1019 }
1020 if (EVP_MD_size(md) > MAX_HMAC_KEY_LENGTH)
1021 {
1023 "Message hash algorithm '%s' uses a default hash "
1024 "size (%d bytes) which is larger than " PACKAGE_NAME "'s current "
1025 "maximum hash size (%d bytes)",
1026 digest, EVP_MD_size(md), MAX_HMAC_KEY_LENGTH);
1027 }
1028 return md;
1029}
1030
1031
1032bool
1033md_valid(const char *digest)
1034{
1035 evp_md_type *md = EVP_MD_fetch(NULL, digest, NULL);
1036 bool valid = (md != NULL);
1037 EVP_MD_free(md);
1038 return valid;
1039}
1040
1041
1042/* Since we used the OpenSSL <=1.1 names as part of our OCC message, they
1043 * are now unfortunately part of our wire protocol.
1044 *
1045 * OpenSSL 3.0 will still accept the "old" names so we do not need to use
1046 * this translation table for forward lookup, only for returning the name
1047 * with md_kt_name() */
1049 { "BLAKE2s256", "BLAKE2S-256" },
1050 { "BLAKE2b512", "BLAKE2B-512" },
1051 { "RIPEMD160", "RIPEMD-160" },
1052 { "SHA224", "SHA2-224" },
1053 { "SHA256", "SHA2-256" },
1054 { "SHA384", "SHA2-384" },
1055 { "SHA512", "SHA2-512" },
1056 { "SHA512-224", "SHA2-512/224" },
1057 { "SHA512-256", "SHA2-512/256" },
1058 { "SHAKE128", "SHAKE-128" },
1059 { "SHAKE256", "SHAKE-256" },
1060};
1063
1064const char *
1065md_kt_name(const char *mdname)
1066{
1067 if (!strcmp("none", mdname))
1068 {
1069 return "[null-digest]";
1070 }
1071 evp_md_type *kt = md_get(mdname);
1072 const char *name = EVP_MD_get0_name(kt);
1073
1074 /* Search for a digest name translation */
1075 for (size_t i = 0; i < digest_name_translation_table_count; i++)
1076 {
1078 if (!strcmp(name, pair->lib_name))
1079 {
1080 name = pair->openvpn_name;
1081 }
1082 }
1083
1084 EVP_MD_free(kt);
1085 return name;
1086}
1087
1088unsigned char
1089md_kt_size(const char *mdname)
1090{
1091 if (!strcmp("none", mdname))
1092 {
1093 return 0;
1094 }
1095 evp_md_type *kt = md_get(mdname);
1096 unsigned char size = (unsigned char)EVP_MD_size(kt);
1097 EVP_MD_free(kt);
1098 return size;
1099}
1100
1101
1102/*
1103 *
1104 * Generic message digest functions
1105 *
1106 */
1107
1108int
1109md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst)
1110{
1111 unsigned int in_md_len = 0;
1112 evp_md_type *kt = md_get(mdname);
1113
1114 int ret = EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL);
1115 EVP_MD_free(kt);
1116 return ret;
1117}
1118
1119EVP_MD_CTX *
1121{
1122 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
1124 return ctx;
1125}
1126
1127void
1128md_ctx_free(EVP_MD_CTX *ctx)
1129{
1130 EVP_MD_CTX_free(ctx);
1131}
1132
1133void
1134md_ctx_init(EVP_MD_CTX *ctx, const char *mdname)
1135{
1136 evp_md_type *kt = md_get(mdname);
1137 ASSERT(NULL != ctx && NULL != kt);
1138
1139 EVP_MD_CTX_init(ctx);
1140 if (!EVP_DigestInit(ctx, kt))
1141 {
1142 crypto_msg(M_FATAL, "EVP_DigestInit failed");
1143 }
1144 EVP_MD_free(kt);
1145}
1146
1147void
1148md_ctx_cleanup(EVP_MD_CTX *ctx)
1149{
1150 EVP_MD_CTX_reset(ctx);
1151}
1152
1153int
1154md_ctx_size(const EVP_MD_CTX *ctx)
1155{
1156 return EVP_MD_CTX_size(ctx);
1157}
1158
1159void
1160md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
1161{
1162 EVP_DigestUpdate(ctx, src, src_len);
1163}
1164
1165void
1166md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
1167{
1168 unsigned int in_md_len = 0;
1169
1170 EVP_DigestFinal(ctx, dst, &in_md_len);
1171}
1172
1173
1174/*
1175 *
1176 * Generic HMAC functions
1177 *
1178 */
1179#if OPENSSL_VERSION_NUMBER < 0x30000000L
1180HMAC_CTX *
1182{
1183 HMAC_CTX *ctx = HMAC_CTX_new();
1185 return ctx;
1186}
1187
1188void
1189hmac_ctx_free(HMAC_CTX *ctx)
1190{
1191 HMAC_CTX_free(ctx);
1192}
1193
1194void
1195hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, const char *mdname)
1196{
1197 evp_md_type *kt = md_get(mdname);
1198 ASSERT(NULL != kt && NULL != ctx);
1199
1200 int key_len = EVP_MD_size(kt);
1201 HMAC_CTX_reset(ctx);
1202 if (!HMAC_Init_ex(ctx, key, key_len, kt, NULL))
1203 {
1204 crypto_msg(M_FATAL, "HMAC_Init_ex failed");
1205 }
1206
1207 /* make sure we used a big enough key */
1208 ASSERT(HMAC_size(ctx) <= key_len);
1209}
1210
1211void
1212hmac_ctx_cleanup(HMAC_CTX *ctx)
1213{
1214 HMAC_CTX_reset(ctx);
1215}
1216
1217int
1218hmac_ctx_size(HMAC_CTX *ctx)
1219{
1220 return HMAC_size(ctx);
1221}
1222
1223void
1224hmac_ctx_reset(HMAC_CTX *ctx)
1225{
1226 if (!HMAC_Init_ex(ctx, NULL, 0, NULL, NULL))
1227 {
1228 crypto_msg(M_FATAL, "HMAC_Init_ex failed");
1229 }
1230}
1231
1232void
1233hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
1234{
1235 HMAC_Update(ctx, src, src_len);
1236}
1237
1238void
1239hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
1240{
1241 unsigned int in_hmac_len = 0;
1242
1243 HMAC_Final(ctx, dst, &in_hmac_len);
1244}
1245#else /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
1246hmac_ctx_t *
1247hmac_ctx_new(void)
1248{
1249 hmac_ctx_t *ctx;
1251 EVP_MAC *hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);
1252 ctx->ctx = EVP_MAC_CTX_new(hmac);
1253 check_malloc_return(ctx->ctx);
1254
1255 EVP_MAC_free(hmac);
1256
1257 return ctx;
1258}
1259
1260void
1262{
1263 EVP_MAC_CTX_free(ctx->ctx);
1264 secure_memzero(ctx, sizeof(hmac_ctx_t));
1265 free(ctx);
1266}
1267
1268void
1269hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname)
1270{
1271 evp_md_type *kt = md_get(mdname);
1272 ASSERT(NULL != kt && NULL != ctx && ctx->ctx != NULL);
1273
1274 /* We need to make a copy of the key since the OSSL parameters
1275 * only reference it */
1276 memcpy(ctx->key, key, EVP_MD_size(kt));
1277
1278 /* Lookup/setting of parameters in OpenSSL 3.0 are string based
1279 *
1280 * The OSSL_PARAM_construct_utf8_string needs a non const str but this
1281 * only used for lookup so we cast (as OpenSSL also does internally)
1282 * the constness away here.
1283 */
1284 ctx->params[0] = OSSL_PARAM_construct_utf8_string("digest", (char *)EVP_MD_get0_name(kt), 0);
1285 ctx->params[1] = OSSL_PARAM_construct_octet_string("key", ctx->key, EVP_MD_size(kt));
1286 ctx->params[2] = OSSL_PARAM_construct_end();
1287
1288 if (!EVP_MAC_init(ctx->ctx, NULL, 0, ctx->params))
1289 {
1290 crypto_msg(M_FATAL, "EVP_MAC_init failed");
1291 }
1292
1293 EVP_MD_free(kt);
1294}
1295
1296void
1298{
1299 EVP_MAC_init(ctx->ctx, NULL, 0, NULL);
1300}
1301
1302int
1304{
1305 return (int)EVP_MAC_CTX_get_mac_size(ctx->ctx);
1306}
1307
1308void
1310{
1311 /* The OpenSSL MAC API lacks a reset method and passing NULL as params
1312 * does not reset it either, so use the params array to reinitialise it the
1313 * same way as before */
1314 if (!EVP_MAC_init(ctx->ctx, NULL, 0, ctx->params))
1315 {
1316 crypto_msg(M_FATAL, "EVP_MAC_init failed");
1317 }
1318}
1319
1320void
1321hmac_ctx_update(hmac_ctx_t *ctx, const uint8_t *src, int src_len)
1322{
1323 EVP_MAC_update(ctx->ctx, src, src_len);
1324}
1325
1326void
1327hmac_ctx_final(hmac_ctx_t *ctx, uint8_t *dst)
1328{
1329 /* The calling code always gives us a buffer that has the size of our
1330 * algorithm */
1331 size_t in_hmac_len = EVP_MAC_CTX_get_mac_size(ctx->ctx);
1332
1333 EVP_MAC_final(ctx->ctx, dst, &in_hmac_len, in_hmac_len);
1334}
1335#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
1336
1337int
1338memcmp_constant_time(const void *a, const void *b, size_t size)
1339{
1340 return CRYPTO_memcmp(a, b, size);
1341}
1342#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) && !defined(LIBRESSL_VERSION_NUMBER)
1343bool
1344ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len,
1345 uint8_t *output, size_t output_len)
1346{
1347 bool ret = true;
1348 EVP_KDF_CTX *kctx = NULL;
1349
1350
1351 EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
1352 if (!kdf)
1353 {
1354 goto err;
1355 }
1356
1357 kctx = EVP_KDF_CTX_new(kdf);
1358
1359 if (!kctx)
1360 {
1361 goto err;
1362 }
1363
1364 OSSL_PARAM params[4];
1365
1366 /* The OpenSSL APIs require us to cast the const aways even though the
1367 * strings are never changed and only read */
1368 params[0] =
1369 OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, SN_md5_sha1, strlen(SN_md5_sha1));
1370 params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, (uint8_t *)secret,
1371 secret_len);
1372 params[2] =
1373 OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, (uint8_t *)seed, seed_len);
1374 params[3] = OSSL_PARAM_construct_end();
1375
1376 if (EVP_KDF_derive(kctx, output, output_len, params) <= 0)
1377 {
1378 crypto_msg(D_TLS_DEBUG_LOW, "Generating TLS 1.0 PRF using "
1379 "EVP_KDF_derive failed");
1380 goto err;
1381 }
1382
1383 goto out;
1384
1385err:
1386 ret = false;
1387out:
1388 EVP_KDF_CTX_free(kctx);
1389 EVP_KDF_free(kdf);
1390
1391 return ret;
1392}
1393#elif defined(OPENSSL_IS_AWSLC)
1394bool
1395ssl_tls1_PRF(const uint8_t *label, size_t label_len, const uint8_t *sec, size_t slen, uint8_t *out1,
1396 size_t olen)
1397{
1398 CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len, NULL, 0, NULL, 0);
1399}
1400#elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL)
1401bool
1402ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len,
1403 uint8_t *output, size_t output_len)
1404{
1405 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
1406 if (!pctx)
1407 {
1408 return false;
1409 }
1410
1411 bool ret = false;
1412 if (!EVP_PKEY_derive_init(pctx))
1413 {
1414 goto out;
1415 }
1416
1417 if (!EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_md5_sha1()))
1418 {
1419 goto out;
1420 }
1421
1422 if (!EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, secret, secret_len))
1423 {
1424 goto out;
1425 }
1426
1427 if (!EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seed_len))
1428 {
1429 goto out;
1430 }
1431
1432 size_t out_len = output_len;
1433 if (!EVP_PKEY_derive(pctx, output, &out_len))
1434 {
1435 goto out;
1436 }
1437 if (out_len != output_len)
1438 {
1439 goto out;
1440 }
1441 ret = true;
1442out:
1443 EVP_PKEY_CTX_free(pctx);
1444 return ret;
1445}
1446#else /* if defined(LIBRESSL_VERSION_NUMBER) */
1447/* LibreSSL and wolfSSL do not expose a TLS 1.0/1.1 PRF via the same APIs as
1448 * OpenSSL does. As result they will only be able to support
1449 * peers that support TLS EKM like when running with OpenSSL 3.x FIPS */
1450bool
1451ssl_tls1_PRF(const uint8_t *label, size_t label_len, const uint8_t *sec, size_t slen, uint8_t *out1,
1452 size_t olen)
1453{
1454 return false;
1455}
1456#endif /* if LIBRESSL_VERSION_NUMBER */
1457#endif /* ENABLE_CRYPTO_OPENSSL */
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:649
#define BPTR(buf)
Definition buffer.h:123
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:414
static uint8_t * buf_write_alloc(struct buffer *buf, size_t size)
Definition buffer.h:633
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:660
#define BLEN(buf)
Definition buffer.h:126
#define BCAP(buf)
Definition buffer.h:129
static void check_malloc_return(void *p)
Definition buffer.h:1085
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition buffer.h:1042
const char * translate_cipher_name_from_openvpn(const char *cipher_name)
Translate an OpenVPN cipher name to a crypto library cipher name.
Definition crypto.c:1777
const char * translate_cipher_name_to_openvpn(const char *cipher_name)
Translate a crypto library cipher name to an OpenVPN cipher name.
Definition crypto.c:1790
void print_cipher(const char *ciphername)
Print a cipher list entry.
Definition crypto.c:1728
Data Channel Cryptography Module.
Data Channel Cryptography SSL library-specific backend interface.
#define MAX_CIPHER_KEY_LENGTH
#define MAX_HMAC_KEY_LENGTH
#define OPENVPN_AEAD_TAG_LENGTH
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
#define OPENVPN_MODE_OFB
Cipher is in OFB mode.
#define OPENVPN_MODE_CFB
Cipher is in CFB mode.
#define OPENVPN_MODE_CBC
Cipher is in CBC mode.
void provider_t
mbedtls_operation_t crypto_operation_t
#define OPENVPN_MODE_GCM
Cipher is in GCM mode.
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
bool ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len, uint8_t *output, size_t output_len)
Calculates the TLS 1.0-1.1 PRF function.
int md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst)
Calculates the message digest for the given buffer.
bool cipher_kt_mode_cbc(const char *ciphername)
Check if the supplied cipher is a supported CBC mode cipher.
void show_available_engines(void)
const cipher_name_pair digest_name_translation_table[]
void crypto_unload_provider(const char *provname, provider_t *provider)
Unloads the given (OpenSSL) provider.
void crypto_uninit_lib(void)
int cipher_kt_block_size(const char *ciphername)
Returns the block size of the cipher, in bytes.
void hmac_ctx_reset(HMAC_CTX *ctx)
bool cipher_kt_mode_aead(const char *ciphername)
Check if the supplied cipher is a supported AEAD mode cipher.
void show_available_ciphers(void)
bool md_valid(const char *digest)
Return if a message digest parameters is valid given the name of the digest.
bool cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported CBC mode cipher.
void crypto_init_lib(void)
cipher_ctx_t * cipher_ctx_new(void)
Generic cipher functions.
bool cipher_kt_mode_ofb_cfb(const char *ciphername)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
int cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)
void print_digest(EVP_MD *digest, void *unused)
const char * md_kt_name(const char *mdname)
Retrieve a string describing the digest digest (e.g.
bool cipher_kt_insecure(const char *ciphername)
Returns true if we consider this cipher to be insecure.
int cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
static int cipher_name_cmp(const void *a, const void *b)
int cipher_kt_mode(const EVP_CIPHER *cipher_kt)
void crypto_clear_error(void)
const size_t digest_name_translation_table_count
int md_ctx_size(const EVP_MD_CTX *ctx)
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
provider_t * crypto_load_provider(const char *provider)
Load the given (OpenSSL) providers.
static evp_cipher_type * cipher_get(const char *ciphername)
int cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len)
bool cipher_ctx_mode_ofb_cfb(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
bool cipher_ctx_mode_aead(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported AEAD mode cipher.
int cipher_ctx_mode(const EVP_CIPHER_CTX *ctx)
EVP_MD_CTX * md_ctx_new(void)
int cipher_kt_iv_size(const char *ciphername)
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
int cipher_kt_tag_size(const char *ciphername)
Returns the MAC tag size of the cipher, in bytes.
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
void hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, const char *mdname)
void cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, const char *ciphername, crypto_operation_t enc)
void md_ctx_free(EVP_MD_CTX *ctx)
HMAC_CTX * hmac_ctx_new(void)
const size_t cipher_name_translation_table_count
const char * cipher_kt_name(const char *ciphername)
Retrieve a normalised string describing the cipher (e.g.
void hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len)
void hmac_ctx_free(HMAC_CTX *ctx)
void md_ctx_cleanup(EVP_MD_CTX *ctx)
void cipher_ctx_free(EVP_CIPHER_CTX *ctx)
void md_ctx_init(EVP_MD_CTX *ctx, const char *mdname)
void md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
int cipher_kt_key_size(const char *ciphername)
Returns the size of keys used by the cipher, in bytes.
void crypto_init_lib_engine(const char *engine_name)
int cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
void md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len)
int cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.
int cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)
int cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
int cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size)
int hmac_ctx_size(HMAC_CTX *ctx)
static evp_md_type * md_get(const char *digest)
void hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
void hmac_ctx_cleanup(HMAC_CTX *ctx)
unsigned char md_kt_size(const char *mdname)
Returns the size of the message digest, in bytes.
void show_available_digests(void)
bool cipher_valid_reason(const char *ciphername, const char **reason)
Returns if the cipher is valid, based on the given cipher name and provides a reason if invalid.
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
const EVP_CIPHER evp_cipher_type
const EVP_MD evp_md_type
#define D_TLS_DEBUG_LOW
Definition errlevel.h:76
#define D_TLS_DEBUG_MED
Definition errlevel.h:156
#define D_CRYPT_ERRORS
Definition errlevel.h:57
#define D_LOW
Definition errlevel.h:96
#define M_INFO
Definition errlevel.h:54
OpenSSL compatibility stub.
static void EVP_CIPHER_free(const EVP_CIPHER *cipher)
void OSSL_PROVIDER
#define EVP_MD_get0_name
static const EVP_CIPHER * EVP_CIPHER_fetch(void *ctx, const char *algorithm, const char *properties)
static unsigned long ERR_get_error_all(const char **file, int *line, const char **func, const char **data, int *flags)
static void EVP_MD_free(const EVP_MD *md)
static const EVP_MD * EVP_MD_fetch(void *ctx, const char *algorithm, const char *properties)
#define EVP_CIPHER_get0_name
#define EVP_CIPHER_CTX_get_mode
#define SIZE(x)
Definition basic.h:29
#define M_FATAL
Definition error.h:88
static bool check_debug_level(unsigned int level)
Definition error.h:257
#define dmsg(flags,...)
Definition error.h:170
#define msg(flags,...)
Definition error.h:150
#define ASSERT(x)
Definition error.h:217
#define M_WARN
Definition error.h:90
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
uint8_t * data
Pointer to the allocated memory.
Definition buffer.h:67
Struct used in cipher name translation table.
const char * openvpn_name
Cipher name used by OpenVPN.
const char * lib_name
Cipher name used by crypto library.
const EVP_CIPHER * list[1000]
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152
#define unlikely(x)
Definition syshead.h:35
static int cleanup(void **state)
struct gc_arena gc
Definition test_ssl.c:154