| /* |
| * OpenVPN -- An application to securely tunnel IP networks |
| * over a single TCP/UDP port, with support for SSL/TLS-based |
| * session authentication and key exchange, |
| * packet encryption, packet authentication, and |
| * packet compression. |
| * |
| * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> |
| * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com> |
| * |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of the GNU General Public License version 2 |
| * as published by the Free Software Foundation. |
| * |
| * This program is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * GNU General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License along |
| * with this program; if not, write to the Free Software Foundation, Inc., |
| * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| */ |
| |
| /** |
| * @file Data Channel Cryptography OpenSSL-specific backend interface |
| */ |
| |
| #ifdef HAVE_CONFIG_H |
| #include "config.h" |
| #elif defined(_MSC_VER) |
| #include "config-msvc.h" |
| #endif |
| |
| #include "syshead.h" |
| |
| #if defined(ENABLE_CRYPTO_OPENSSL) |
| |
| #include "basic.h" |
| #include "buffer.h" |
| #include "integer.h" |
| #include "crypto.h" |
| #include "crypto_backend.h" |
| #include "openssl_compat.h" |
| |
| #include <openssl/conf.h> |
| #include <openssl/des.h> |
| #include <openssl/err.h> |
| #include <openssl/evp.h> |
| #include <openssl/objects.h> |
| #include <openssl/rand.h> |
| #include <openssl/ssl.h> |
| |
| /* |
| * Check for key size creepage. |
| */ |
| |
| #if MAX_CIPHER_KEY_LENGTH < EVP_MAX_KEY_LENGTH |
| #warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH |
| #endif |
| |
| #if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE |
| #warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH |
| #endif |
| |
| #if HAVE_OPENSSL_ENGINE |
| #include <openssl/ui.h> |
| #include <openssl/engine.h> |
| |
| static bool engine_initialized = false; /* GLOBAL */ |
| |
| static ENGINE *engine_persist = NULL; /* GLOBAL */ |
| |
| /* Try to load an engine in a shareable library */ |
| static ENGINE * |
| try_load_engine(const char *engine) |
| { |
| ENGINE *e = ENGINE_by_id("dynamic"); |
| if (e) |
| { |
| if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0) |
| || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) |
| { |
| ENGINE_free(e); |
| e = NULL; |
| } |
| } |
| return e; |
| } |
| |
| static ENGINE * |
| setup_engine(const char *engine) |
| { |
| ENGINE *e = NULL; |
| |
| ENGINE_load_builtin_engines(); |
| |
| if (engine) |
| { |
| if (strcmp(engine, "auto") == 0) |
| { |
| msg(M_INFO, "Initializing OpenSSL auto engine support"); |
| ENGINE_register_all_complete(); |
| return NULL; |
| } |
| if ((e = ENGINE_by_id(engine)) == NULL |
| && (e = try_load_engine(engine)) == NULL) |
| { |
| crypto_msg(M_FATAL, "OpenSSL error: cannot load engine '%s'", |
| engine); |
| } |
| |
| if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) |
| { |
| crypto_msg(M_FATAL, |
| "OpenSSL error: ENGINE_set_default failed on engine '%s'", |
| engine); |
| } |
| |
| msg(M_INFO, "Initializing OpenSSL support for engine '%s'", |
| ENGINE_get_id(e)); |
| } |
| return e; |
| } |
| |
| #endif /* HAVE_OPENSSL_ENGINE */ |
| |
| void |
| crypto_init_lib_engine(const char *engine_name) |
| { |
| #if HAVE_OPENSSL_ENGINE |
| if (!engine_initialized) |
| { |
| ASSERT(engine_name); |
| ASSERT(!engine_persist); |
| engine_persist = setup_engine(engine_name); |
| engine_initialized = true; |
| } |
| #else /* if HAVE_OPENSSL_ENGINE */ |
| msg(M_WARN, "Note: OpenSSL hardware crypto engine functionality is not available"); |
| #endif |
| } |
| |
| /* |
| * |
| * Functions related to the core crypto library |
| * |
| */ |
| |
| void |
| crypto_init_lib(void) |
| { |
| #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
| OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); |
| #else |
| OPENSSL_config(NULL); |
| #endif |
| /* |
| * If you build the OpenSSL library and OpenVPN with |
| * CRYPTO_MDEBUG, you will get a listing of OpenSSL |
| * memory leaks on program termination. |
| */ |
| |
| #ifdef CRYPTO_MDEBUG |
| CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); |
| #endif |
| } |
| |
| void |
| crypto_uninit_lib(void) |
| { |
| #ifdef CRYPTO_MDEBUG |
| FILE *fp = fopen("sdlog", "w"); |
| ASSERT(fp); |
| CRYPTO_mem_leaks_fp(fp); |
| fclose(fp); |
| #endif |
| |
| #if HAVE_OPENSSL_ENGINE |
| if (engine_initialized) |
| { |
| ENGINE_cleanup(); |
| engine_persist = NULL; |
| engine_initialized = false; |
| } |
| #endif |
| } |
| |
| void |
| crypto_clear_error(void) |
| { |
| ERR_clear_error(); |
| } |
| |
| void |
| crypto_print_openssl_errors(const unsigned int flags) |
| { |
| size_t err = 0; |
| |
| while ((err = ERR_get_error())) |
| { |
| /* Be more clear about frequently occurring "no shared cipher" error */ |
| if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER) |
| { |
| msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites " |
| "in common with the client. Your --tls-cipher setting might be " |
| "too restrictive."); |
| } |
| else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL) |
| { |
| msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically " |
| "indicates that client and server have no common TLS version enabled. " |
| "This can be caused by mismatched tls-version-min and tls-version-max " |
| "options on client and server. " |
| "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding " |
| "tls-version-min 1.0 to the client configuration to use TLS 1.0+ " |
| "instead of TLS 1.0 only"); |
| } |
| msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL)); |
| } |
| } |
| |
| |
| /* |
| * |
| * OpenSSL memory debugging. If dmalloc debugging is enabled, tell |
| * OpenSSL to use our private malloc/realloc/free functions so that |
| * we can dispatch them to dmalloc. |
| * |
| */ |
| |
| #ifdef DMALLOC |
| static void * |
| crypto_malloc(size_t size, const char *file, int line) |
| { |
| return dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0); |
| } |
| |
| static void * |
| crypto_realloc(void *ptr, size_t size, const char *file, int line) |
| { |
| return dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0); |
| } |
| |
| static void |
| crypto_free(void *ptr) |
| { |
| dmalloc_free(__FILE__, __LINE__, ptr, DMALLOC_FUNC_FREE); |
| } |
| |
| void |
| crypto_init_dmalloc(void) |
| { |
| CRYPTO_set_mem_ex_functions(crypto_malloc, |
| crypto_realloc, |
| crypto_free); |
| } |
| #endif /* DMALLOC */ |
| |
| const cipher_name_pair cipher_name_translation_table[] = { |
| { "AES-128-GCM", "id-aes128-GCM" }, |
| { "AES-192-GCM", "id-aes192-GCM" }, |
| { "AES-256-GCM", "id-aes256-GCM" }, |
| { "CHACHA20-POLY1305", "ChaCha20-Poly1305" }, |
| }; |
| const size_t cipher_name_translation_table_count = |
| sizeof(cipher_name_translation_table) / sizeof(*cipher_name_translation_table); |
| |
| |
| static int |
| cipher_name_cmp(const void *a, const void *b) |
| { |
| const EVP_CIPHER *const *cipher_a = a; |
| const EVP_CIPHER *const *cipher_b = b; |
| |
| return strcmp(cipher_kt_name(*cipher_a), cipher_kt_name(*cipher_b)); |
| } |
| |
| void |
| show_available_ciphers(void) |
| { |
| int nid; |
| size_t i; |
| |
| /* If we ever exceed this, we must be more selective */ |
| const EVP_CIPHER *cipher_list[1000]; |
| size_t num_ciphers = 0; |
| #ifndef ENABLE_SMALL |
| printf("The following ciphers and cipher modes are available for use\n" |
| "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n" |
| "parameter to the --data-ciphers (or --cipher) option. The\n" |
| "default key size is shown as well as whether or not it can be\n" |
| "changed with the --keysize directive. Using a GCM or CBC mode\n" |
| "is recommended. In static key mode only CBC mode is allowed.\n\n"); |
| #endif |
| |
| for (nid = 0; nid < 10000; ++nid) |
| { |
| const EVP_CIPHER *cipher = EVP_get_cipherbynid(nid); |
| if (cipher && (cipher_kt_mode_cbc(cipher) |
| #ifdef ENABLE_OFB_CFB_MODE |
| || cipher_kt_mode_ofb_cfb(cipher) |
| #endif |
| || cipher_kt_mode_aead(cipher) |
| )) |
| { |
| cipher_list[num_ciphers++] = cipher; |
| } |
| if (num_ciphers == (sizeof(cipher_list)/sizeof(*cipher_list))) |
| { |
| msg(M_WARN, "WARNING: Too many ciphers, not showing all"); |
| break; |
| } |
| } |
| |
| /* cast to non-const to prevent warning */ |
| qsort((EVP_CIPHER *)cipher_list, num_ciphers, sizeof(*cipher_list), cipher_name_cmp); |
| |
| for (i = 0; i < num_ciphers; i++) |
| { |
| if (!cipher_kt_insecure(cipher_list[i])) |
| { |
| print_cipher(cipher_list[i]); |
| } |
| } |
| |
| printf("\nThe following ciphers have a block size of less than 128 bits, \n" |
| "and are therefore deprecated. Do not use unless you have to.\n\n"); |
| for (i = 0; i < num_ciphers; i++) |
| { |
| if (cipher_kt_insecure(cipher_list[i])) |
| { |
| print_cipher(cipher_list[i]); |
| } |
| } |
| printf("\n"); |
| } |
| |
| void |
| show_available_digests(void) |
| { |
| int nid; |
| |
| #ifndef ENABLE_SMALL |
| printf("The following message digests are available for use with\n" |
| PACKAGE_NAME ". A message digest is used in conjunction with\n" |
| "the HMAC function, to authenticate received packets.\n" |
| "You can specify a message digest as parameter to\n" |
| "the --auth option.\n\n"); |
| #endif |
| |
| for (nid = 0; nid < 10000; ++nid) |
| { |
| const EVP_MD *digest = EVP_get_digestbynid(nid); |
| if (digest) |
| { |
| printf("%s %d bit digest size\n", |
| OBJ_nid2sn(nid), EVP_MD_size(digest) * 8); |
| } |
| } |
| printf("\n"); |
| } |
| |
| void |
| show_available_engines(void) |
| { |
| #if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */ |
| ENGINE *e; |
| |
| printf("OpenSSL Crypto Engines\n\n"); |
| |
| ENGINE_load_builtin_engines(); |
| |
| e = ENGINE_get_first(); |
| while (e) |
| { |
| printf("%s [%s]\n", |
| ENGINE_get_name(e), |
| ENGINE_get_id(e)); |
| e = ENGINE_get_next(e); |
| } |
| ENGINE_cleanup(); |
| #else /* if HAVE_OPENSSL_ENGINE */ |
| printf("Sorry, OpenSSL hardware crypto engine functionality is not available.\n"); |
| #endif |
| } |
| |
| |
| bool |
| crypto_pem_encode(const char *name, struct buffer *dst, |
| const struct buffer *src, struct gc_arena *gc) |
| { |
| bool ret = false; |
| BIO *bio = BIO_new(BIO_s_mem()); |
| if (!bio || !PEM_write_bio(bio, name, "", BPTR(src), BLEN(src))) |
| { |
| ret = false; |
| goto cleanup; |
| } |
| |
| BUF_MEM *bptr; |
| BIO_get_mem_ptr(bio, &bptr); |
| |
| *dst = alloc_buf_gc(bptr->length, gc); |
| ASSERT(buf_write(dst, bptr->data, bptr->length)); |
| |
| ret = true; |
| cleanup: |
| if (!BIO_free(bio)) |
| { |
| ret = false; |
| } |
| |
| return ret; |
| } |
| |
| bool |
| crypto_pem_decode(const char *name, struct buffer *dst, |
| const struct buffer *src) |
| { |
| bool ret = false; |
| |
| BIO *bio = BIO_new_mem_buf((char *)BPTR(src), BLEN(src)); |
| if (!bio) |
| { |
| crypto_msg(M_FATAL, "Cannot open memory BIO for PEM decode"); |
| } |
| |
| char *name_read = NULL; |
| char *header_read = NULL; |
| uint8_t *data_read = NULL; |
| long data_read_len = 0; |
| if (!PEM_read_bio(bio, &name_read, &header_read, &data_read, |
| &data_read_len)) |
| { |
| dmsg(D_CRYPT_ERRORS, "%s: PEM decode failed", __func__); |
| goto cleanup; |
| } |
| |
| if (strcmp(name, name_read)) |
| { |
| dmsg(D_CRYPT_ERRORS, |
| "%s: unexpected PEM name (got '%s', expected '%s')", |
| __func__, name_read, name); |
| goto cleanup; |
| } |
| |
| uint8_t *dst_data = buf_write_alloc(dst, data_read_len); |
| if (!dst_data) |
| { |
| dmsg(D_CRYPT_ERRORS, "%s: dst too small (%i, needs %li)", __func__, |
| BCAP(dst), data_read_len); |
| goto cleanup; |
| } |
| memcpy(dst_data, data_read, data_read_len); |
| |
| ret = true; |
| cleanup: |
| OPENSSL_free(name_read); |
| OPENSSL_free(header_read); |
| OPENSSL_free(data_read); |
| if (!BIO_free(bio)) |
| { |
| ret = false; |
| } |
| |
| return ret; |
| } |
| |
| /* |
| * |
| * Random number functions, used in cases where we want |
| * reasonably strong cryptographic random number generation |
| * without depleting our entropy pool. Used for random |
| * IV values and a number of other miscellaneous tasks. |
| * |
| */ |
| |
| int |
| rand_bytes(uint8_t *output, int len) |
| { |
| if (unlikely(1 != RAND_bytes(output, len))) |
| { |
| crypto_msg(D_CRYPT_ERRORS, "RAND_bytes() failed"); |
| return 0; |
| } |
| return 1; |
| } |
| |
| /* |
| * |
| * Key functions, allow manipulation of keys. |
| * |
| */ |
| |
| |
| int |
| key_des_num_cblocks(const EVP_CIPHER *kt) |
| { |
| int ret = 0; |
| const char *name = OBJ_nid2sn(EVP_CIPHER_nid(kt)); |
| if (name) |
| { |
| if (!strncmp(name, "DES-", 4)) |
| { |
| ret = EVP_CIPHER_key_length(kt) / sizeof(DES_cblock); |
| } |
| else if (!strncmp(name, "DESX-", 5)) |
| { |
| ret = 1; |
| } |
| } |
| dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret); |
| return ret; |
| } |
| |
| bool |
| key_des_check(uint8_t *key, int key_len, int ndc) |
| { |
| int i; |
| struct buffer b; |
| |
| buf_set_read(&b, key, key_len); |
| |
| for (i = 0; i < ndc; ++i) |
| { |
| DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock)); |
| if (!dc) |
| { |
| crypto_msg(D_CRYPT_ERRORS, |
| "CRYPTO INFO: check_key_DES: insufficient key material"); |
| goto err; |
| } |
| if (DES_is_weak_key(dc)) |
| { |
| crypto_msg(D_CRYPT_ERRORS, |
| "CRYPTO INFO: check_key_DES: weak key detected"); |
| goto err; |
| } |
| if (!DES_check_key_parity(dc)) |
| { |
| crypto_msg(D_CRYPT_ERRORS, |
| "CRYPTO INFO: check_key_DES: bad parity detected"); |
| goto err; |
| } |
| } |
| return true; |
| |
| err: |
| ERR_clear_error(); |
| return false; |
| } |
| |
| void |
| key_des_fixup(uint8_t *key, int key_len, int ndc) |
| { |
| int i; |
| struct buffer b; |
| |
| buf_set_read(&b, key, key_len); |
| for (i = 0; i < ndc; ++i) |
| { |
| DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock)); |
| if (!dc) |
| { |
| msg(D_CRYPT_ERRORS, "CRYPTO INFO: fixup_key_DES: insufficient key material"); |
| ERR_clear_error(); |
| return; |
| } |
| DES_set_odd_parity(dc); |
| } |
| } |
| |
| |
| /* |
| * |
| * Generic cipher key type functions |
| * |
| */ |
| |
| |
| const EVP_CIPHER * |
| cipher_kt_get(const char *ciphername) |
| { |
| const EVP_CIPHER *cipher = NULL; |
| |
| ASSERT(ciphername); |
| |
| ciphername = translate_cipher_name_from_openvpn(ciphername); |
| cipher = EVP_get_cipherbyname(ciphername); |
| |
| if (NULL == cipher) |
| { |
| crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername); |
| return NULL; |
| } |
| |
| |
| if (EVP_CIPHER_key_length(cipher) > MAX_CIPHER_KEY_LENGTH) |
| { |
| msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%d bytes) " |
| "which is larger than " PACKAGE_NAME "'s current maximum key size " |
| "(%d bytes)", ciphername, EVP_CIPHER_key_length(cipher), |
| MAX_CIPHER_KEY_LENGTH); |
| return NULL; |
| } |
| |
| return cipher; |
| } |
| |
| const char * |
| cipher_kt_name(const EVP_CIPHER *cipher_kt) |
| { |
| if (NULL == cipher_kt) |
| { |
| return "[null-cipher]"; |
| } |
| |
| const char *name = EVP_CIPHER_name(cipher_kt); |
| return translate_cipher_name_to_openvpn(name); |
| } |
| |
| int |
| cipher_kt_key_size(const EVP_CIPHER *cipher_kt) |
| { |
| return EVP_CIPHER_key_length(cipher_kt); |
| } |
| |
| int |
| cipher_kt_iv_size(const EVP_CIPHER *cipher_kt) |
| { |
| return EVP_CIPHER_iv_length(cipher_kt); |
| } |
| |
| int |
| cipher_kt_block_size(const EVP_CIPHER *cipher) |
| { |
| /* |
| * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work |
| * around that, try to replace the mode with 'CBC' and return the block size |
| * reported for that cipher, if possible. If that doesn't work, just return |
| * the value reported by OpenSSL. |
| */ |
| char *name = NULL; |
| char *mode_str = NULL; |
| const char *orig_name = NULL; |
| const EVP_CIPHER *cbc_cipher = NULL; |
| |
| int block_size = EVP_CIPHER_block_size(cipher); |
| |
| orig_name = EVP_CIPHER_name(cipher); |
| if (!orig_name) |
| { |
| goto cleanup; |
| } |
| |
| name = string_alloc(translate_cipher_name_to_openvpn(orig_name), NULL); |
| mode_str = strrchr(name, '-'); |
| if (!mode_str || strlen(mode_str) < 4) |
| { |
| goto cleanup; |
| } |
| |
| strcpy(mode_str, "-CBC"); |
| |
| cbc_cipher = EVP_get_cipherbyname(translate_cipher_name_from_openvpn(name)); |
| if (cbc_cipher) |
| { |
| block_size = EVP_CIPHER_block_size(cbc_cipher); |
| } |
| |
| cleanup: |
| free(name); |
| return block_size; |
| } |
| |
| int |
| cipher_kt_tag_size(const EVP_CIPHER *cipher_kt) |
| { |
| if (cipher_kt_mode_aead(cipher_kt)) |
| { |
| return OPENVPN_AEAD_TAG_LENGTH; |
| } |
| else |
| { |
| return 0; |
| } |
| } |
| |
| bool |
| cipher_kt_insecure(const EVP_CIPHER *cipher) |
| { |
| return !(cipher_kt_block_size(cipher) >= 128 / 8 |
| #ifdef NID_chacha20_poly1305 |
| || EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305 |
| #endif |
| ); |
| } |
| |
| int |
| cipher_kt_mode(const EVP_CIPHER *cipher_kt) |
| { |
| ASSERT(NULL != cipher_kt); |
| return EVP_CIPHER_mode(cipher_kt); |
| } |
| |
| bool |
| cipher_kt_mode_cbc(const cipher_kt_t *cipher) |
| { |
| return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC |
| /* Exclude AEAD cipher modes, they require a different API */ |
| && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER); |
| } |
| |
| bool |
| cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) |
| { |
| return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB |
| || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB) |
| /* Exclude AEAD cipher modes, they require a different API */ |
| && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER); |
| } |
| |
| bool |
| cipher_kt_mode_aead(const cipher_kt_t *cipher) |
| { |
| if (cipher) |
| { |
| switch (EVP_CIPHER_nid(cipher)) |
| { |
| case NID_aes_128_gcm: |
| case NID_aes_192_gcm: |
| case NID_aes_256_gcm: |
| #ifdef NID_chacha20_poly1305 |
| case NID_chacha20_poly1305: |
| #endif |
| return true; |
| } |
| } |
| |
| return false; |
| } |
| |
| /* |
| * |
| * Generic cipher context functions |
| * |
| */ |
| |
| cipher_ctx_t * |
| cipher_ctx_new(void) |
| { |
| EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); |
| check_malloc_return(ctx); |
| return ctx; |
| } |
| |
| void |
| cipher_ctx_free(EVP_CIPHER_CTX *ctx) |
| { |
| EVP_CIPHER_CTX_free(ctx); |
| } |
| |
| void |
| cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len, |
| const EVP_CIPHER *kt, int enc) |
| { |
| ASSERT(NULL != kt && NULL != ctx); |
| |
| EVP_CIPHER_CTX_reset(ctx); |
| if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc)) |
| { |
| crypto_msg(M_FATAL, "EVP cipher init #1"); |
| } |
| #ifdef HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH |
| if (!EVP_CIPHER_CTX_set_key_length(ctx, key_len)) |
| { |
| crypto_msg(M_FATAL, "EVP set key size"); |
| } |
| #endif |
| if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc)) |
| { |
| crypto_msg(M_FATAL, "EVP cipher init #2"); |
| } |
| |
| /* make sure we used a big enough key */ |
| ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= key_len); |
| } |
| |
| int |
| cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx) |
| { |
| return EVP_CIPHER_CTX_iv_length(ctx); |
| } |
| |
| int |
| cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size) |
| { |
| return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, tag_size, tag_buf); |
| } |
| |
| int |
| cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx) |
| { |
| return EVP_CIPHER_CTX_block_size(ctx); |
| } |
| |
| int |
| cipher_ctx_mode(const EVP_CIPHER_CTX *ctx) |
| { |
| return EVP_CIPHER_CTX_mode(ctx); |
| } |
| |
| const cipher_kt_t * |
| cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx) |
| { |
| return ctx ? EVP_CIPHER_CTX_cipher(ctx) : NULL; |
| } |
| |
| |
| int |
| cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf) |
| { |
| return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1); |
| } |
| |
| int |
| cipher_ctx_update_ad(EVP_CIPHER_CTX *ctx, const uint8_t *src, int src_len) |
| { |
| int len; |
| if (!EVP_CipherUpdate(ctx, NULL, &len, src, src_len)) |
| { |
| crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__); |
| } |
| return 1; |
| } |
| |
| int |
| cipher_ctx_update(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, |
| uint8_t *src, int src_len) |
| { |
| if (!EVP_CipherUpdate(ctx, dst, dst_len, src, src_len)) |
| { |
| crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__); |
| } |
| return 1; |
| } |
| |
| int |
| cipher_ctx_final(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len) |
| { |
| return EVP_CipherFinal(ctx, dst, dst_len); |
| } |
| |
| int |
| cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, |
| uint8_t *tag, size_t tag_len) |
| { |
| ASSERT(tag_len < SIZE_MAX); |
| if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, tag_len, tag)) |
| { |
| return 0; |
| } |
| |
| return cipher_ctx_final(ctx, dst, dst_len); |
| } |
| |
| void |
| cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], |
| unsigned char *src, |
| unsigned char *dst) |
| { |
| DES_key_schedule sched; |
| |
| DES_set_key_unchecked((DES_cblock *)key, &sched); |
| DES_ecb_encrypt((DES_cblock *)src, (DES_cblock *)dst, &sched, DES_ENCRYPT); |
| } |
| |
| /* |
| * |
| * Generic message digest information functions |
| * |
| */ |
| |
| |
| const EVP_MD * |
| md_kt_get(const char *digest) |
| { |
| const EVP_MD *md = NULL; |
| ASSERT(digest); |
| md = EVP_get_digestbyname(digest); |
| if (!md) |
| { |
| crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest); |
| } |
| if (EVP_MD_size(md) > MAX_HMAC_KEY_LENGTH) |
| { |
| crypto_msg(M_FATAL, "Message hash algorithm '%s' uses a default hash " |
| "size (%d bytes) which is larger than " PACKAGE_NAME "'s current " |
| "maximum hash size (%d bytes)", |
| digest, EVP_MD_size(md), MAX_HMAC_KEY_LENGTH); |
| } |
| return md; |
| } |
| |
| const char * |
| md_kt_name(const EVP_MD *kt) |
| { |
| if (NULL == kt) |
| { |
| return "[null-digest]"; |
| } |
| return EVP_MD_name(kt); |
| } |
| |
| unsigned char |
| md_kt_size(const EVP_MD *kt) |
| { |
| return (unsigned char)EVP_MD_size(kt); |
| } |
| |
| |
| /* |
| * |
| * Generic message digest functions |
| * |
| */ |
| |
| int |
| md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst) |
| { |
| unsigned int in_md_len = 0; |
| |
| return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL); |
| } |
| |
| EVP_MD_CTX * |
| md_ctx_new(void) |
| { |
| EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
| check_malloc_return(ctx); |
| return ctx; |
| } |
| |
| void |
| md_ctx_free(EVP_MD_CTX *ctx) |
| { |
| EVP_MD_CTX_free(ctx); |
| } |
| |
| void |
| md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt) |
| { |
| ASSERT(NULL != ctx && NULL != kt); |
| |
| EVP_MD_CTX_init(ctx); |
| EVP_DigestInit(ctx, kt); |
| } |
| |
| void |
| md_ctx_cleanup(EVP_MD_CTX *ctx) |
| { |
| EVP_MD_CTX_reset(ctx); |
| } |
| |
| int |
| md_ctx_size(const EVP_MD_CTX *ctx) |
| { |
| return EVP_MD_CTX_size(ctx); |
| } |
| |
| void |
| md_ctx_update(EVP_MD_CTX *ctx, const uint8_t *src, int src_len) |
| { |
| EVP_DigestUpdate(ctx, src, src_len); |
| } |
| |
| void |
| md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst) |
| { |
| unsigned int in_md_len = 0; |
| |
| EVP_DigestFinal(ctx, dst, &in_md_len); |
| } |
| |
| |
| /* |
| * |
| * Generic HMAC functions |
| * |
| */ |
| |
| HMAC_CTX * |
| hmac_ctx_new(void) |
| { |
| HMAC_CTX *ctx = HMAC_CTX_new(); |
| check_malloc_return(ctx); |
| return ctx; |
| } |
| |
| void |
| hmac_ctx_free(HMAC_CTX *ctx) |
| { |
| HMAC_CTX_free(ctx); |
| } |
| |
| void |
| hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, |
| const EVP_MD *kt) |
| { |
| ASSERT(NULL != kt && NULL != ctx); |
| |
| HMAC_CTX_reset(ctx); |
| HMAC_Init_ex(ctx, key, key_len, kt, NULL); |
| |
| /* make sure we used a big enough key */ |
| ASSERT(HMAC_size(ctx) <= key_len); |
| } |
| |
| void |
| hmac_ctx_cleanup(HMAC_CTX *ctx) |
| { |
| HMAC_CTX_reset(ctx); |
| } |
| |
| int |
| hmac_ctx_size(const HMAC_CTX *ctx) |
| { |
| return HMAC_size(ctx); |
| } |
| |
| void |
| hmac_ctx_reset(HMAC_CTX *ctx) |
| { |
| HMAC_Init_ex(ctx, NULL, 0, NULL, NULL); |
| } |
| |
| void |
| hmac_ctx_update(HMAC_CTX *ctx, const uint8_t *src, int src_len) |
| { |
| HMAC_Update(ctx, src, src_len); |
| } |
| |
| void |
| hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst) |
| { |
| unsigned int in_hmac_len = 0; |
| |
| HMAC_Final(ctx, dst, &in_hmac_len); |
| } |
| |
| int |
| memcmp_constant_time(const void *a, const void *b, size_t size) |
| { |
| return CRYPTO_memcmp(a, b, size); |
| } |
| |
| #if HAVE_OPENSSL_ENGINE |
| static int |
| ui_reader(UI *ui, UI_STRING *uis) |
| { |
| SSL_CTX *ctx = UI_get0_user_data(ui); |
| |
| if (UI_get_string_type(uis) == UIT_PROMPT) |
| { |
| pem_password_cb *cb = SSL_CTX_get_default_passwd_cb(ctx); |
| void *d = SSL_CTX_get_default_passwd_cb_userdata(ctx); |
| char password[64]; |
| |
| cb(password, sizeof(password), 0, d); |
| UI_set_result(ui, uis, password); |
| |
| return 1; |
| } |
| return 0; |
| } |
| #endif |
| |
| EVP_PKEY * |
| engine_load_key(const char *file, SSL_CTX *ctx) |
| { |
| #if HAVE_OPENSSL_ENGINE |
| UI_METHOD *ui; |
| EVP_PKEY *pkey; |
| |
| if (!engine_persist) |
| { |
| return NULL; |
| } |
| |
| /* this will print out the error from BIO_read */ |
| crypto_msg(M_INFO, "PEM_read_bio failed, now trying engine method to load private key"); |
| |
| ui = UI_create_method("openvpn"); |
| if (!ui) |
| { |
| crypto_msg(M_FATAL, "Engine UI creation failed"); |
| return NULL; |
| } |
| |
| UI_method_set_reader(ui, ui_reader); |
| |
| ENGINE_init(engine_persist); |
| pkey = ENGINE_load_private_key(engine_persist, file, ui, ctx); |
| ENGINE_finish(engine_persist); |
| if (!pkey) |
| { |
| crypto_msg(M_FATAL, "Engine could not load key file"); |
| } |
| |
| UI_destroy_method(ui); |
| return pkey; |
| #else /* if HAVE_OPENSSL_ENGINE */ |
| return NULL; |
| #endif /* if HAVE_OPENSSL_ENGINE */ |
| } |
| |
| #endif /* ENABLE_CRYPTO_OPENSSL */ |