From patchwork Mon May 23 00:35:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2491 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.27.255.56]) by backend41.mail.ord1d.rsapps.net with LMTP id kKTOEMhji2IQMwAAqwncew (envelope-from ) for ; Mon, 23 May 2022 06:36:56 -0400 Received: from proxy12.mail.iad3a.rsapps.net ([172.27.255.56]) by director13.mail.ord1d.rsapps.net with LMTP id wCuDMchji2KTKAAA91zNiA (envelope-from ) for ; Mon, 23 May 2022 06:36:56 -0400 Received: from smtp53.gate.iad3a ([172.27.255.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy12.mail.iad3a.rsapps.net with LMTPS id CC7+Kshji2JFPwAAh9K5Vw (envelope-from ) for ; Mon, 23 May 2022 06:36:56 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp53.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 4423307a-da84-11ec-bc4d-5254009c3572-1-1 Received: from [216.105.38.7] ([216.105.38.7:55446] helo=lists.sourceforge.net) by smtp53.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 1E/6A-03599-8C36B826; Mon, 23 May 2022 06:36:56 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nt5Pu-0006Lk-Cv; Mon, 23 May 2022 10:36:01 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nt5Pr-0006LR-T1 for openvpn-devel@lists.sourceforge.net; Mon, 23 May 2022 10:35:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=581nru9VOUP+frb/pUdBGuxejh5h+434W5KlGWje9eg=; b=E4ixfIc4xs7OTGLt2nChE6yw4C hfaT/O4MR9jgBK0Nb0wDnJrXZjctKoMo4KUJ8Gcm4MMKR8AJsPDri+GGY726BqlKrPsVsvv7GDjts hvnAB8Ou7ipAl0ia9KauOA5hLnBP6ad6ZlaAyolTdoAgrkQXe+EZqCTib2v7fB02MSkI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=581nru9VOUP+frb/pUdBGuxejh5h+434W5KlGWje9eg=; b=aCYsAigLbbHaqTRX8Djuzo0CMA WEii35MzlWJ3d2SR3lbxk4iVpQCU98YVgatPbXlPD2tFi2cGMg3dibSTatStwDk5U43RqV054i3d7 xwXur7N+5iTUNl4xBw/NtDLOjIAAjeb8ChReXkMXKSDdgaunQYrlzTE39SbY5E9B3lUI=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nt5Pq-002FuW-7y for openvpn-devel@lists.sourceforge.net; Mon, 23 May 2022 10:35:58 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nt5Pe-000Mne-GL for openvpn-devel@lists.sourceforge.net; Mon, 23 May 2022 12:35:46 +0200 Received: (nullmailer pid 3425437 invoked by uid 10006); Mon, 23 May 2022 10:35:46 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Mon, 23 May 2022 12:35:46 +0200 Message-Id: <20220523103546.3425388-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220523103546.3425388-1-arne@rfc2549.org> References: <20220523103546.3425388-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Since we used the OpenSSL <=1.1 names as part of our OCC message, they are now unfortunately part of our wire protocol. OpenSSL 3.0 will still accept the "old" names so we do not need to use this translation table for lookup only for returning the name with md_kt_name Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1nt5Pq-002FuW-7y Subject: [Openvpn-devel] [PATCH] Translate OpenSSL 3.0 digest names to OpenSSL 1.1 digest names X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Since we used the OpenSSL <=1.1 names as part of our OCC message, they are now unfortunately part of our wire protocol. OpenSSL 3.0 will still accept the "old" names so we do not need to use this translation table for lookup only for returning the name with md_kt_name Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli --- src/openvpn/crypto_openssl.c | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 3bedc03f7..02b5f3ce5 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -404,7 +404,7 @@ show_available_ciphers(void) void print_digest(EVP_MD *digest, void *unused) { - printf("%s %d bit digest size\n", EVP_MD_get0_name(digest), + printf("%s %d bit digest size\n", md_kt_name(EVP_MD_get0_name(digest)), EVP_MD_size(digest) * 8); } @@ -1055,6 +1055,29 @@ md_valid(const char *digest) return valid; } + +/* Since we used the OpenSSL <=1.1 names as part of our OCC message, they + * are now unfortunately part of our wire protocol. + * + * OpenSSL 3.0 will still accept the "old" names so we do not need to use + * this translation table for lookup only for returning the name with + * md_kt_name */ +const cipher_name_pair digest_name_translation_table[] = { + { "BLAKE2s256", "BLAKE2S-256"}, + { "BLAKE2b512", "BLAKE2B-512"}, + { "RIPEMD160", "RIPEMD-160" }, + { "SHA224", "SHA2-224"}, + { "SHA256", "SHA2-256"}, + { "SHA384", "SHA2-384"}, + { "SHA512", "SHA2-512"}, + { "SHA512-224", "SHA2-512/224"}, + { "SHA512-256", "SHA2-512/256"}, + { "SHAKE128", "SHAKE-128"}, + { "SHAKE256", "SHAKE-256"}, +}; +const size_t digest_name_translation_table_count = + sizeof(digest_name_translation_table) / sizeof(*digest_name_translation_table); + const char * md_kt_name(const char *mdname) { @@ -1064,6 +1087,17 @@ md_kt_name(const char *mdname) } evp_md_type *kt = md_get(mdname); const char *name = EVP_MD_get0_name(kt); + + /* Search for a digest name translation */ + for (size_t i = 0; i < digest_name_translation_table_count; i++) + { + const cipher_name_pair *pair = &digest_name_translation_table[i]; + if (!strcmp(name, pair->lib_name)) + { + name = pair->openvpn_name; + } + } + EVP_MD_free(kt); return name; }