OpenVPN
crypto_openssl.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9 * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
24
30#ifndef CRYPTO_OPENSSL_H_
31#define CRYPTO_OPENSSL_H_
32
33#include <openssl/evp.h>
34#include <openssl/hmac.h>
35#include <openssl/md5.h>
36#include <openssl/sha.h>
37#if OPENSSL_VERSION_NUMBER >= 0x30000000L
38#include <openssl/provider.h>
39#endif
40
42typedef EVP_CIPHER_CTX cipher_ctx_t;
43
45typedef EVP_MD_CTX md_ctx_t;
46
48#if OPENSSL_VERSION_NUMBER < 0x30000000L
49typedef HMAC_CTX hmac_ctx_t;
50
51/* Use a dummy type for the provider */
52typedef void provider_t;
53#else
54typedef struct {
55 OSSL_PARAM params[3];
56 uint8_t key[EVP_MAX_KEY_LENGTH];
57 EVP_MAC_CTX *ctx;
58} hmac_ctx_t;
59
60typedef OSSL_PROVIDER provider_t;
61#endif
62
63/* In OpenSSL 3.0 the method that returns EVP_CIPHER, the cipher needs to be
64 * freed afterwards, thus needing a non-const type. In constrast OpenSSL 1.1.1
65 * and lower returns a const type, needing a const type */
66#if OPENSSL_VERSION_NUMBER < 0x30000000L
67typedef const EVP_CIPHER evp_cipher_type;
68typedef const EVP_MD evp_md_type;
69#else
70typedef EVP_CIPHER evp_cipher_type;
71typedef EVP_MD evp_md_type;
72#endif
73
75#define OPENVPN_MAX_IV_LENGTH EVP_MAX_IV_LENGTH
76
78#define OPENVPN_MODE_CBC EVP_CIPH_CBC_MODE
79
81#define OPENVPN_MODE_OFB EVP_CIPH_OFB_MODE
82
84#define OPENVPN_MODE_CFB EVP_CIPH_CFB_MODE
85
87#define OPENVPN_MODE_GCM EVP_CIPH_GCM_MODE
88
89typedef int crypto_operation_t;
90
92#define OPENVPN_OP_ENCRYPT 1
93
95#define OPENVPN_OP_DECRYPT 0
96
97#define MD4_DIGEST_LENGTH 16
98
106void crypto_print_openssl_errors(const unsigned int flags);
107
116#define crypto_msg(flags, ...) \
117 do { \
118 crypto_print_openssl_errors(nonfatal(flags)); \
119 msg((flags), __VA_ARGS__); \
120 } while (false)
121
122#endif /* CRYPTO_OPENSSL_H_ */
crypto_print_openssl_errors
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
Definition crypto_openssl.c:236
md_ctx_t
EVP_MD_CTX md_ctx_t
Generic message digest context.
Definition crypto_openssl.h:45
hmac_ctx_t
HMAC_CTX hmac_ctx_t
Generic HMAC context.
Definition crypto_openssl.h:49
evp_cipher_type
const EVP_CIPHER evp_cipher_type
Definition crypto_openssl.h:67
crypto_operation_t
int crypto_operation_t
Definition crypto_openssl.h:89
cipher_ctx_t
EVP_CIPHER_CTX cipher_ctx_t
Generic cipher context.
Definition crypto_openssl.h:42
evp_md_type
const EVP_MD evp_md_type
Definition crypto_openssl.h:68
provider_t
void provider_t
Definition crypto_openssl.h:52
OSSL_PROVIDER
void OSSL_PROVIDER
Definition openssl_compat.h:131
key
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152
Generated by doxygen 1.9.8