From patchwork Tue Oct 19 07:31:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2034 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 4O4yHDcPb2HyQgAAIUCqbw (envelope-from ) for ; Tue, 19 Oct 2021 14:32:23 -0400 Received: from proxy11.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id 8DQZHDcPb2G8awAAovjBpQ (envelope-from ) for ; Tue, 19 Oct 2021 14:32:23 -0400 Received: from smtp26.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.ord1d.rsapps.net with LMTPS id sF+6DSYPb2GxAgAAgKDEHA (envelope-from ) for ; Tue, 19 Oct 2021 14:32:06 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp26.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e5971986-310a-11ec-bba4-525400c5b129-1-1 Received: from [216.105.38.7] ([216.105.38.7:43866] helo=lists.sourceforge.net) by smtp26.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 55/36-02334-53F0F616; Tue, 19 Oct 2021 14:32:21 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1mctto-0001bg-CO; Tue, 19 Oct 2021 18:31:44 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1mcttf-0001ZT-Hu for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:31:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=x/8kSbRJfVbkAShqGZ0O+zmpr+FMK4R07wfLK38EcE8=; b=lGxOLSP060G4ahYpJ4ZHacHMGB PUmvA48SufyF4E82qowEueZ5cQoaaCxHbFoEMATO/bvtGsUnhEZc/BY4ijgbXB7Lj63Ovp9Njd0cY qMveSWF0Ii3iRTMCgtiJyiRYp8oY7YGy5mLWTM1Gwj3b5FEDNgBFEULVC5TfNfIjiUKk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=x/8kSbRJfVbkAShqGZ0O+zmpr+FMK4R07wfLK38EcE8=; b=Jswas/Ifeelp4QlqJ+EXSVsY1f y9LqyJ9Jx2WCVQpPk1mQwlJVhobYC2jyudt2/m6MGLwR/P3TE+vOrMPV3hezZZ1bNEHout0zDNjvU PurnyWpx8cjt/hQmf0xt1lW8kQs+SGDRavRKTBWfk/ZIDMkLeUb3dOy+NDZDdJEURIMc=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mctte-006U0A-Oz for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:31:35 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mcttX-0008i6-Pc for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 20:31:27 +0200 Received: (nullmailer pid 614253 invoked by uid 10006); Tue, 19 Oct 2021 18:31:28 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 20:31:16 +0200 Message-Id: <20211019183127.614175-11-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211019183127.614175-1-arne@rfc2549.org> References: <20211019183127.614175-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: In OpenSSL 3.0 EVP_get_cipherbyname return a non NULL algorithm even if the algorithm is not avaialble with the currently available provider. Luckily EVP_get_cipherbyname can be used here as drop in r [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1mctte-006U0A-Oz Subject: [Openvpn-devel] [PATCH v3 10/21] [OSSL 3.0] Replace EVP_get_cipherbyname with EVP_CIPHER_fetch X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox In OpenSSL 3.0 EVP_get_cipherbyname return a non NULL algorithm even if the algorithm is not avaialble with the currently available provider. Luckily EVP_get_cipherbyname can be used here as drop in replacement and returns only non NULL if the algorithm is actually currently supported. Signed-off-by: Arne Schwabe Acked-by: Max Fillinger Signed-off-by: Arne Schwabe <arne@rfc2549.org>
--- src/openvpn/crypto_openssl.c | 6 +++--- src/openvpn/openssl_compat.h | 17 +++++++++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 93c85a836..b10bd7cd5 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -572,7 +572,7 @@ cipher_kt_get(const char *ciphername) ASSERT(ciphername); ciphername = translate_cipher_name_from_openvpn(ciphername); - cipher = EVP_get_cipherbyname(ciphername); + cipher = EVP_CIPHER_fetch(NULL, ciphername, NULL); if (NULL == cipher) { @@ -658,7 +658,7 @@ cipher_kt_block_size(const EVP_CIPHER *cipher) strcpy(mode_str, "-CBC"); - cbc_cipher = EVP_get_cipherbyname(translate_cipher_name_from_openvpn(name)); + cbc_cipher = EVP_CIPHER_fetch(NULL,translate_cipher_name_from_openvpn(name), NULL); if (cbc_cipher) { block_size = EVP_CIPHER_block_size(cbc_cipher); @@ -894,7 +894,7 @@ md_kt_get(const char *digest) { const EVP_MD *md = NULL; ASSERT(digest); - md = EVP_get_digestbyname(digest); + md = EVP_MD_fetch(NULL, digest, NULL); if (!md) { crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest); diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index dda47d76c..0893bfbb2 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -758,6 +758,23 @@ SSL_CTX_new_ex(void *libctx, const char *propq, const SSL_METHOD *method) (void) propq; return SSL_CTX_new(method); } +/* Mimics the functions but only when the default context without + * options is chosen */ +static inline const EVP_CIPHER * +EVP_CIPHER_fetch(void *ctx, const char *algorithm, const char *properties) +{ + ASSERT(!ctx); + ASSERT(!properties); + return EVP_get_cipherbyname(algorithm); +} + +static inline const EVP_MD* +EVP_MD_fetch(void *ctx, const char *algorithm, const char *properties) +{ + ASSERT(!ctx); + ASSERT(!properties); + return EVP_get_digestbyname(algorithm); +} #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */ #endif /* OPENSSL_COMPAT_H_ */