Message ID | 20210406162518.4075-4-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel,1/5] Remove check for socket functions and Win XP compatbility code | expand |
Hi, On 06/04/2021 18:25, Arne Schwabe wrote: > Use the modern names instead of the old GCM specific ones. AEAD instead > GCM makes especially sense when using Chacha20-Poly1305. > > Signed-off-by: Arne Schwabe <arne@rfc2549.org> This looks good and does not trigger issues on my build rig. The manpage also suggests using *AEAD* constants. Glad we can keep all the ugliness in openssl_compat.h.... Acked-by: Antonio Quartulli <antonio@openvpn.net>
Lightly client-side tested with OpenSSL 1.0.2 and 1.1.1 Your patch has been applied to the master branch. commit 3fbeeda5cd3cbd0cbb4c039b469685e2a6254daf Author: Arne Schwabe Date: Tue Apr 6 18:25:17 2021 +0200 Use EVP_CTRL_AEAD_* instead EVP_CTRL_GCM_* Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Antonio Quartulli <antonio@openvpn.net> Message-Id: <20210406162518.4075-4-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22050.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index dc6b0fa71..f8b36bf85 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -792,7 +792,7 @@ cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx) int cipher_ctx_get_tag(EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size) { - return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, tag_size, tag_buf); + return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_size, tag_buf); } int @@ -853,7 +853,7 @@ cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len) { ASSERT(tag_len < SIZE_MAX); - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, tag_len, tag)) + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag)) { return 0; } diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index eb6c9c906..ff024feff 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -46,6 +46,11 @@ #include <openssl/ssl.h> #include <openssl/x509.h> +#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) && !defined(ENABLE_CRYPTO_WOLFSSL) +#define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG +#define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG +#endif + #if !defined(HAVE_EVP_MD_CTX_RESET) /** * Reset a message digest context
Use the modern names instead of the old GCM specific ones. AEAD instead GCM makes especially sense when using Chacha20-Poly1305. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/crypto_openssl.c | 4 ++-- src/openvpn/openssl_compat.h | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-)