From patchwork Sun Mar 19 07:54:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Baentsch X-Patchwork-Id: 3140 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:2310:b0:9f:bfa4:120f with SMTP id r16csp848825dye; Sun, 19 Mar 2023 01:11:53 -0700 (PDT) X-Google-Smtp-Source: AK7set95lrwdIW+WWUABz582vnxBYqAoTAaZpNhkBln3/UReYDN6ZH+llCtHVnHHGlKBCCXkFSga X-Received: by 2002:a05:6a20:a5a8:b0:d6:eeb5:61df with SMTP id bc40-20020a056a20a5a800b000d6eeb561dfmr12315421pzb.55.1679213513679; Sun, 19 Mar 2023 01:11:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679213513; cv=none; d=google.com; s=arc-20160816; b=pdY1V1NAzo1qVOsJWqFljU8vLQsHhj8rZT2AqeVoMXm6CfHX2KbzfAVEuPgezvNQiW MxOOVMABCkO0hjwH1lVwe4dQEK7gdj9hLc/Pqs8ES28edqBO2AIpCdzi8fWhXR3jMgW6 KiQ3kVZSb1gC6YDsyMgsjQnQMxFSNJ3fCL1ol2CZ0ZSQ9IqSK+PDrWjbFcQBj9Ee/Dyy H1sAVBhMp0BwglUicUaiHIZWhzeSbVJkaYRfoRT4WcGL/7AYku+qnDmnY6QBKcOlDWxj t4zpzRTziUUNLgL7ldBN0MHkCniurvItJvYgwpzcFTmLUfZUaMKAkpmt4b+qI0WIBJTr B1wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:mime-version:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:message-id:date:to:from:dkim-signature :dkim-signature; bh=0VwMbNukq35YyYTvmcVb8b5CSXAGPoEL6jGuo8Pr7GU=; b=yZPGSCW40yQCYUc8lveC7d2jbN3Ny/evgC8XfBk13WIlhYoC6aXCA0lG0H2MOyuY6x TM3ODQ2gXNuD4et8Vz28ewfla65syWwGXxPMSiKqC49dDfcjY8GBN4/aL9FqGJROBBZC g6uSC/SWFen/oz1aVOrZIVwyy/H/c4KrHn/ZkXehDOegR5s615tt2AhiBQhAOCmAQ2zN T84BHp6W9MnvqHu49OhwiT2u91//9WJS2QMbbfJusjZNq5OKoz2Nwi/EnxTxuzuuE1nb olyfo4L2DFiFAnUdvbZyD2A28KVF/bHZZ6qwSGM/Hz+GEn3aOgtqbdfihdVNcoJfkMwN CoSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=QzrfBJAA; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=IaJxO54G; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=baentsch.ch Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id u12-20020a63d34c000000b00501f874d32dsi6971819pgi.287.2023.03.19.01.11.52 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 19 Mar 2023 01:11:53 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=QzrfBJAA; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=IaJxO54G; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=baentsch.ch Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pdo8S-0003i9-Du; Sun, 19 Mar 2023 08:11:25 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pdo8O-0003i2-B5 for openvpn-devel@lists.sourceforge.net; Sun, 19 Mar 2023 08:11:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=tRpJtfC8gybLXA1MEMZf/+9kwIc1gFxVEBU2tUc1doE=; b=QzrfBJAAkJbmpGAkBTLI2HKHhO nNLWVaPZVciujGAGthOex3sE/EnURyQom2t0bpHPRgTIQ+OhDKHa8rFY+md/D67to3oovc+sLaBCt xJQ3BeI0bCpL4Oamtp9SSmRTLq2DSp+8wnvgd91m3HBsLo49ZnuzNWD7Z1x6ppZbiedo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=tRpJtfC8gybLXA1MEMZf/+9kwIc1gFxVEBU2tUc1doE=; b=IaJxO54GJP7V/AM24qNSyA4FM1 AfYk2nTN2WoyCOjSbYeBYUkraZFcBVNauoYkxYpxnNSQmfzTDVd+v8iVP3RJEJdpUyfrp+m1QxL46 OPkVVZC/4mqlIglvYpGvUiPruTbbaLRr/voQsCZpHfFP3TTsdGE+tE8mD1jFHHBrROEk=; Received: from www14.servertown.ch ([94.231.94.132]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pdo8L-00DKK4-SS for openvpn-devel@lists.sourceforge.net; Sun, 19 Mar 2023 08:11:19 +0000 Received: from T430s.fritz.box (unknown [IPv6:2a01:2ac:51dd:d483:b1d5:6f7c:32c7:5b91]) by www14.servertown.ch (Postfix) with ESMTPSA id DC9C216282B8; Sun, 19 Mar 2023 08:55:28 +0100 (CET) Authentication-Results: www14.servertown.ch; spf=pass (sender IP is 2a01:2ac:51dd:d483:b1d5:6f7c:32c7:5b91) smtp.mailfrom=info@baentsch.ch smtp.helo=T430s.fritz.box Received-SPF: pass (www14.servertown.ch: connection is authenticated) From: Michael Baentsch To: openvpn-devel@lists.sourceforge.net Date: Sun, 19 Mar 2023 08:54:41 +0100 Message-Id: <20230319075441.13021-1-info@baentsch.ch> X-Mailer: git-send-email 2.17.1 X-PPP-Message-ID: <167921252938.122130.18247832473645609541@www14.servertown.ch> X-PPP-Vhost: baentsch.ch X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Michael Baentsch --- src/openvpn/ssl_openssl.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 2b932af9..65b36d1c 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1501,7 +1501,11 @@ tls_ctx_use_ma [...] Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pdo8L-00DKK4-SS Subject: [Openvpn-devel] [PATCH] using OpenSSL3 API for EVP PKEY type name reporting X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1760782988852063407?= X-GMAIL-MSGID: =?utf-8?q?1760782988852063407?= Signed-off-by: Michael Baentsch Acked-By: Arne Schwabe --- src/openvpn/ssl_openssl.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 2b932af9..65b36d1c 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1501,7 +1501,11 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx) } EVP_PKEY_free(privkey); #else /* ifdef HAVE_XKEY_PROVIDER */ +#if OPENSSL_VERSION_NUMBER < 0x30000000L if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) +#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */ + if (EVP_PKEY_is_a(pkey, "RSA")) +#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */ { if (!tls_ctx_use_external_rsa_key(ctx, pkey)) { @@ -1509,7 +1513,11 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx) } } #if (OPENSSL_VERSION_NUMBER > 0x10100000L) && !defined(OPENSSL_NO_EC) +#if OPENSSL_VERSION_NUMBER < 0x30000000L else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) +#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */ + else if (EVP_PKEY_is_a(pkey, "EC")) +#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */ { if (!tls_ctx_use_external_ec_key(ctx, pkey)) { @@ -2064,10 +2072,15 @@ print_cert_details(X509 *cert, char *buf, size_t buflen) } int typeid = EVP_PKEY_id(pkey); +#if OPENSSL_VERSION_NUMBER < 0x30000000L + bool is_ec = typeid == EVP_PKEY_EC; +#else + bool is_ec = EVP_PKEY_is_a(pkey, "EC"); +#endif #ifndef OPENSSL_NO_EC char groupname[256]; - if (typeid == EVP_PKEY_EC) + if (is_ec) { size_t len; if (EVP_PKEY_get_group_name(pkey, groupname, sizeof(groupname), &len)) @@ -2080,9 +2093,9 @@ print_cert_details(X509 *cert, char *buf, size_t buflen) } } #endif - if (EVP_PKEY_id(pkey) != 0) + if (typeid != 0) { - int typeid = EVP_PKEY_id(pkey); +#if OPENSSL_VERSION_NUMBER < 0x30000000L type = OBJ_nid2sn(typeid); /* OpenSSL reports rsaEncryption, dsaEncryption and @@ -2104,6 +2117,13 @@ print_cert_details(X509 *cert, char *buf, size_t buflen) { type = "unknown type"; } +#else /* OpenSSL >= 3 */ + type = EVP_PKEY_get0_type_name(pkey); + if (type == NULL) + { + type = "(error getting public key type)"; + } +#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */ } char sig[128] = { 0 };