mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 03:52:28 +02:00
Code

Replace EVP_get_cipherbyname with EVP_CIPHER_fetch

Browse Source 
In OpenSSL 3.0 EVP_get_cipherbyname return a non NULL algorithm
even if the algorithm is not available with the currently available
provider. Luckily EVP_get_cipherbyname can be used here as drop
in replacement and returns only non NULL if the algorithm is actually
currently supported.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Message-Id: <20211019183127.614175-11-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23005.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Arne Schwabe 2021-10-19 20:31:16 +02:00 committed by Gert Doering
parent 4b3c1e76d7
commit f40edaa5ab
2 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/openvpn/crypto_openssl.c
View File

@ -576,7 +576,7 @@ cipher_kt_get(const char *ciphername)
ASSERT(ciphername);
ciphername = translate_cipher_name_from_openvpn(ciphername);
cipher = EVP_get_cipherbyname(ciphername);
cipher = EVP_CIPHER_fetch(NULL, ciphername, NULL);
if (NULL == cipher)
{
@ -662,7 +662,7 @@ cipher_kt_block_size(const EVP_CIPHER *cipher)
strcpy(mode_str, "-CBC");
cbc_cipher = EVP_get_cipherbyname(translate_cipher_name_from_openvpn(name));
cbc_cipher = EVP_CIPHER_fetch(NULL,translate_cipher_name_from_openvpn(name), NULL);
if (cbc_cipher)
{
block_size = EVP_CIPHER_block_size(cbc_cipher);
@ -885,7 +885,7 @@ md_kt_get(const char *digest)
{
const EVP_MD *md = NULL;
ASSERT(digest);
md = EVP_get_digestbyname(digest);
md = EVP_MD_fetch(NULL, digest, NULL);
if (!md)
{
crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest);

21
src/openvpn/openssl_compat.h
View File

@ -754,4 +754,25 @@ int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz,
return 1;
}
#endif
#if OPENSSL_VERSION_NUMBER < 0x30000000L
/* Mimics the functions but only when the default context without
* options is chosen */
static inline const EVP_CIPHER *
EVP_CIPHER_fetch(void *ctx, const char *algorithm, const char *properties)
{
ASSERT(!ctx);
ASSERT(!properties);
return EVP_get_cipherbyname(algorithm);
}
static inline const EVP_MD*
EVP_MD_fetch(void *ctx, const char *algorithm, const char *properties)
{
ASSERT(!ctx);
ASSERT(!properties);
return EVP_get_digestbyname(algorithm);
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
#endif /* OPENSSL_COMPAT_H_ */