From patchwork Mon May 23 00:35:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2490 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.27.255.55]) by backend41.mail.ord1d.rsapps.net with LMTP id oEMHLsdji2IUMwAAqwncew (envelope-from ) for ; Mon, 23 May 2022 06:36:55 -0400 Received: from proxy12.mail.iad3a.rsapps.net ([172.27.255.55]) by director7.mail.ord1d.rsapps.net with LMTP id GEgoE8hji2IMKwAAovjBpQ (envelope-from ) for ; Mon, 23 May 2022 06:36:56 -0400 Received: from smtp18.gate.iad3a ([172.27.255.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy12.mail.iad3a.rsapps.net with LMTPS id eJktDMhji2JDPwAAh9K5Vw (envelope-from ) for ; Mon, 23 May 2022 06:36:56 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 43da0bac-da84-11ec-9410-5254008b8116-1-1 Received: from [216.105.38.7] ([216.105.38.7:56832] helo=lists.sourceforge.net) by smtp18.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id DC/27-20949-7C36B826; Mon, 23 May 2022 06:36:55 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nt5Po-0004uq-ED; Mon, 23 May 2022 10:35:56 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nt5Pn-0004uc-9x for openvpn-devel@lists.sourceforge.net; Mon, 23 May 2022 10:35:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=s4L/qkXpAJJ4jIP98iRpVrqhZGLSkRXIJcboXqAC9pI=; b=cC/FR1GVAZmzpcIyONIVrfyequ NnuKfOlUQWkKdUxiBvjoDBGMRIi/d1Td8cwykaNwBHEXubdPGW1Uahn8JVC/YO4MPaK4N7cnr25jl lwQ3TtWg/vazOSUBDtvDOvkYEtJJJvfUD5WlRKPaYvMl1d8/Fzhh2iiXzGueaaSftKKI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=s4L/qkXpAJJ4jIP98iRpVrqhZGLSkRXIJcboXqAC9pI=; b=C CUvXI0eUfh4RUmhj8YE9G/C7cxKxb1fDyw0Yvn909uCppdDwhRl9IUP7rXLTcGgeUSjG8OKx5csgT 8ZUFJK4t54Y4G45wKbhKk1XGcBbt5xrRw9LBViWxWIKegPOo7zNA6YkR0HO0JZXUMDIwM7P9Io/zX nqmkle2AG7Xf/xHE=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nt5Pl-0000Ku-OY for openvpn-devel@lists.sourceforge.net; Mon, 23 May 2022 10:35:55 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nt5Pe-000Mnc-ED for openvpn-devel@lists.sourceforge.net; Mon, 23 May 2022 12:35:46 +0200 Received: (nullmailer pid 3425434 invoked by uid 10006); Mon, 23 May 2022 10:35:46 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Mon, 23 May 2022 12:35:45 +0200 Message-Id: <20220523103546.3425388-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Since we used the OpenSSL <=1.1 names as part of our OCC message, they are now unfortunately part of our wire protocol. OpenSSL 3.0 will still accept the "old" names so we do not need to use this translation table for lookup only for returning the name with md_kt_name Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nt5Pl-0000Ku-OY Subject: [Openvpn-devel] [PATCH] [OpenVPN 2.5] Translate OpenSSL 3.0 digest names to OpenSSL 1.1 digest names X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Since we used the OpenSSL <=1.1 names as part of our OCC message, they are now unfortunately part of our wire protocol. OpenSSL 3.0 will still accept the "old" names so we do not need to use this translation table for lookup only for returning the name with md_kt_name Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli --- src/openvpn/crypto_openssl.c | 39 ++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 74685b386..8c28d2b5e 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -379,7 +379,7 @@ show_available_ciphers(void) void print_digest(EVP_MD *digest, void *unused) { - printf("%s %d bit digest size\n", EVP_MD_name(digest), + printf("%s %d bit digest size\n", md_kt_name(digest), EVP_MD_size(digest) * 8); } @@ -982,6 +982,28 @@ md_kt_get(const char *digest) return md; } +/* Since we used the OpenSSL <=1.1 names as part of our OCC message, they + * are now unfortunately part of our wire protocol. + * + * OpenSSL 3.0 will still accept the "old" names so we do not need to use + * this translation table for lookup only for returning the name with + * md_kt_name */ +const cipher_name_pair digest_name_translation_table[] = { + { "BLAKE2s256", "BLAKE2S-256"}, + { "BLAKE2b512", "BLAKE2B-512"}, + { "RIPEMD160", "RIPEMD-160" }, + { "SHA224", "SHA2-224"}, + { "SHA256", "SHA2-256"}, + { "SHA384", "SHA2-384"}, + { "SHA512", "SHA2-512"}, + { "SHA512-224", "SHA2-512/224"}, + { "SHA512-256", "SHA2-512/256"}, + { "SHAKE128", "SHAKE-128"}, + { "SHAKE256", "SHAKE-256"}, +}; +const size_t digest_name_translation_table_count = + sizeof(digest_name_translation_table) / sizeof(*digest_name_translation_table); + const char * md_kt_name(const EVP_MD *kt) { @@ -989,7 +1011,20 @@ md_kt_name(const EVP_MD *kt) { return "[null-digest]"; } - return EVP_MD_name(kt); + + const char *name = EVP_MD_name(kt); + + /* Search for a digest name translation */ + for (size_t i = 0; i < digest_name_translation_table_count; i++) + { + const cipher_name_pair *pair = &digest_name_translation_table[i]; + if (!strcmp(name, pair->lib_name)) + { + name = pair->openvpn_name; + } + } + + return name; } unsigned char