mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
Replace EVP_get_cipherbyname with EVP_CIPHER_fetch
In OpenSSL 3.0 EVP_get_cipherbyname return a non NULL algorithm even if the algorithm is not available with the currently available provider. Luckily EVP_get_cipherbyname can be used here as drop in replacement and returns only non NULL if the algorithm is actually currently supported. Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com> Message-Id: <20211019183127.614175-11-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23005.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
parent
4b3c1e76d7
commit
f40edaa5ab
@ -576,7 +576,7 @@ cipher_kt_get(const char *ciphername)
|
|||||||
ASSERT(ciphername);
|
ASSERT(ciphername);
|
||||||
|
|
||||||
ciphername = translate_cipher_name_from_openvpn(ciphername);
|
ciphername = translate_cipher_name_from_openvpn(ciphername);
|
||||||
cipher = EVP_get_cipherbyname(ciphername);
|
cipher = EVP_CIPHER_fetch(NULL, ciphername, NULL);
|
||||||
|
|
||||||
if (NULL == cipher)
|
if (NULL == cipher)
|
||||||
{
|
{
|
||||||
@ -662,7 +662,7 @@ cipher_kt_block_size(const EVP_CIPHER *cipher)
|
|||||||
|
|
||||||
strcpy(mode_str, "-CBC");
|
strcpy(mode_str, "-CBC");
|
||||||
|
|
||||||
cbc_cipher = EVP_get_cipherbyname(translate_cipher_name_from_openvpn(name));
|
cbc_cipher = EVP_CIPHER_fetch(NULL,translate_cipher_name_from_openvpn(name), NULL);
|
||||||
if (cbc_cipher)
|
if (cbc_cipher)
|
||||||
{
|
{
|
||||||
block_size = EVP_CIPHER_block_size(cbc_cipher);
|
block_size = EVP_CIPHER_block_size(cbc_cipher);
|
||||||
@ -885,7 +885,7 @@ md_kt_get(const char *digest)
|
|||||||
{
|
{
|
||||||
const EVP_MD *md = NULL;
|
const EVP_MD *md = NULL;
|
||||||
ASSERT(digest);
|
ASSERT(digest);
|
||||||
md = EVP_get_digestbyname(digest);
|
md = EVP_MD_fetch(NULL, digest, NULL);
|
||||||
if (!md)
|
if (!md)
|
||||||
{
|
{
|
||||||
crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
|
crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
|
||||||
|
@ -754,4 +754,25 @@ int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||||
|
/* Mimics the functions but only when the default context without
|
||||||
|
* options is chosen */
|
||||||
|
static inline const EVP_CIPHER *
|
||||||
|
EVP_CIPHER_fetch(void *ctx, const char *algorithm, const char *properties)
|
||||||
|
{
|
||||||
|
ASSERT(!ctx);
|
||||||
|
ASSERT(!properties);
|
||||||
|
return EVP_get_cipherbyname(algorithm);
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline const EVP_MD*
|
||||||
|
EVP_MD_fetch(void *ctx, const char *algorithm, const char *properties)
|
||||||
|
{
|
||||||
|
ASSERT(!ctx);
|
||||||
|
ASSERT(!properties);
|
||||||
|
return EVP_get_digestbyname(algorithm);
|
||||||
|
}
|
||||||
|
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||||
|
|
||||||
#endif /* OPENSSL_COMPAT_H_ */
|
#endif /* OPENSSL_COMPAT_H_ */
|
||||||
|
Loading…
Reference in New Issue
Block a user