clinat.c clinat.h \
common.h \
config-win32.h \
- crypto.c crypto.h \
+ crypto.c crypto.h crypto_backend.h \
dhcp.c dhcp.h \
errlevel.h \
error.c error.h \
awk -f $(srcdir)/configure_h.awk config.h > $@
awk -f $(srcdir)/configure_log.awk config.log >> $@
+if USE_OPENSSL
+openvpn_SOURCES += \
+ crypto_openssl.c crypto_openssl.h
+endif
+
dist-hook:
cd $(distdir) && for i in $(EXTRA_DIST) $(SUBDIRS) ; do find $$i -name .svn -type d -prune -exec rm -rf '{}' ';' ; rm -f `find $$i -type f | grep -E '(^|\/)\.?\#|\~$$|\.s?o$$'` ; done
* packet compression.
*
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
if (kt->digest && kt->hmac_length > 0 && kt->hmac_length <= hmac_len)
hmac_len = kt->hmac_length;
}
- if (!RAND_bytes (key->cipher, cipher_len)
- || !RAND_bytes (key->hmac, hmac_len))
+ if (!rand_bytes (key->cipher, cipher_len)
+ || !rand_bytes (key->hmac, hmac_len))
msg (M_FATAL, "ERROR: Random number generator cannot obtain entropy for key generation");
dmsg (D_SHOW_KEY_SOURCE, "Cipher source entropy: %s", format_hex (key->cipher, cipher_len, 0, &gc));
ASSERT (buf_init (&src, 0));
ASSERT (i <= src.capacity);
src.len = i;
- ASSERT (RAND_pseudo_bytes (BPTR (&src), BLEN (&src)));
+ ASSERT (rand_bytes (BPTR (&src), BLEN (&src)));
/* copy source to input buf */
buf = work;
nonce_data = (uint8_t*) malloc (size);
check_malloc_return (nonce_data);
#if 1 /* Must be 1 for real usage */
- if (!RAND_bytes (nonce_data, size))
+ if (!rand_bytes (nonce_data, size))
msg (M_FATAL, "ERROR: Random number generator cannot obtain entropy for PRNG");
#else
/* Only for testing -- will cause a predictable PRNG sequence */
}
}
else
- RAND_bytes (output, len);
+ rand_bytes (output, len);
}
/* an analogue to the random() function, but use prng_bytes */
--- /dev/null
+/*
+ * OpenVPN -- An application to securely tunnel IP networks
+ * over a single TCP/UDP port, with support for SSL/TLS-based
+ * session authentication and key exchange,
+ * packet encryption, packet authentication, and
+ * packet compression.
+ *
+ * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+/**
+ * @file Data Channel Cryptography SSL library-specific backend interface
+ */
+
+#ifndef CRYPTO_BACKEND_H_
+#define CRYPTO_BACKEND_H_
+
+#include "config.h"
+
+#ifdef USE_OPENSSL
+#include "crypto_openssl.h"
+#endif
+
+#include "basic.h"
+
+/*
+ *
+ * Random number functions, used in cases where we want
+ * reasonably strong cryptographic random number generation
+ * without depleting our entropy pool. Used for random
+ * IV values and a number of other miscellaneous tasks.
+ *
+ */
+
+/**
+ * Wrapper for secure random number generator. Retrieves len bytes of random
+ * data, and places it in output.
+ *
+ * @param output Output buffer
+ * @param len Length of the output buffer, in bytes
+ *
+ * @return \c 1 on success, \c 0 on failure
+ */
+int rand_bytes (uint8_t *output, int len);
+
+#endif /* CRYPTO_BACKEND_H_ */
--- /dev/null
+/*
+ * OpenVPN -- An application to securely tunnel IP networks
+ * over a single TCP/UDP port, with support for SSL/TLS-based
+ * session authentication and key exchange,
+ * packet encryption, packet authentication, and
+ * packet compression.
+ *
+ * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+/**
+ * @file Data Channel Cryptography OpenSSL-specific backend interface
+ */
+
+#include "syshead.h"
+
+#include "basic.h"
+#include "buffer.h"
+#include "integer.h"
+#include "crypto_backend.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/des.h>
+
+/*
+ *
+ * Random number functions, used in cases where we want
+ * reasonably strong cryptographic random number generation
+ * without depleting our entropy pool. Used for random
+ * IV values and a number of other miscellaneous tasks.
+ *
+ */
+
+int rand_bytes(uint8_t *output, int len)
+{
+ return RAND_bytes (output, len);
+}
+
--- /dev/null
+/*
+ * OpenVPN -- An application to securely tunnel IP networks
+ * over a single TCP/UDP port, with support for SSL/TLS-based
+ * session authentication and key exchange,
+ * packet encryption, packet authentication, and
+ * packet compression.
+ *
+ * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+/**
+ * @file Data Channel Cryptography OpenSSL-specific backend interface
+ */
+
+#ifndef CRYPTO_OPENSSL_H_
+#define CRYPTO_OPENSSL_H_
+
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/md5.h>
+
+#endif /* CRYPTO_OPENSSL_H_ */
#if 1
prng_bytes (rndbuf, sizeof (rndbuf));
#else
- ASSERT(RAND_bytes (rndbuf, sizeof (rndbuf)));
+ ASSERT(rand_bytes (rndbuf, sizeof (rndbuf)));
#endif
printf ("[%d] %s\n", i, format_hex (rndbuf, sizeof (rndbuf), 0, &gc));
}
const char *opaque = get_pa_var("opaque", pa, &gc);
/* generate a client nonce */
- ASSERT(RAND_bytes(cnonce_raw, sizeof(cnonce_raw)));
+ ASSERT(rand_bytes(cnonce_raw, sizeof(cnonce_raw)));
cnonce = make_base64_string2(cnonce_raw, sizeof(cnonce_raw), &gc);
uint8_t *out,
int outlen)
{
- if (!RAND_bytes (out, outlen))
+ if (!rand_bytes (out, outlen))
msg (M_FATAL, "ERROR: Random number generator cannot obtain entropy for key generation [SSL]");
if (!buf_write (buf, out, outlen))
return false;
projects / thirdparty / openvpn.git / commitdiff
