OpenVPN
openssl_compat.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
34 #ifndef OPENSSL_COMPAT_H_
35 #define OPENSSL_COMPAT_H_
36 
37 #ifdef HAVE_CONFIG_H
38 #include "config.h"
39 #endif
40 
41 #include "buffer.h"
42 
43 #include <openssl/rsa.h>
44 #include <openssl/ssl.h>
45 #include <openssl/x509.h>
46 #include <openssl/err.h>
47 
48 /* Functionality missing in 1.1.0 */
49 #if OPENSSL_VERSION_NUMBER < 0x10101000L && !defined(ENABLE_CRYPTO_WOLFSSL)
50 #define SSL_CTX_set1_groups SSL_CTX_set1_curves
51 #endif
52 
53 /* Functionality missing in LibreSSL before 3.5 */
54 #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050000fL
55 
60 static inline void
61 X509_OBJECT_free(X509_OBJECT *obj)
62 {
63  if (obj)
64  {
65  X509_OBJECT_free_contents(obj);
66  OPENSSL_free(obj);
67  }
68 }
69 
70 #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
71 #define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG
72 #endif
73 
74 #if defined(LIBRESSL_VERSION_NUMBER)
75 #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT
76 #endif
77 
78 #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050400fL
79 #define SSL_get_peer_tmp_key SSL_get_server_tmp_key
80 #endif
81 
82 /* Functionality missing in 1.1.1 */
83 #if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_EC)
84 
85 /* Note that this is not a perfect emulation of the new function but
86  * is good enough for our case of printing certificate details during
87  * handshake */
88 static inline
89 int
90 EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz,
91  size_t *gname_len)
92 {
93  const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
94  if (ec == NULL)
95  {
96  return 0;
97  }
98  const EC_GROUP *group = EC_KEY_get0_group(ec);
99  int nid = EC_GROUP_get_curve_name(group);
100 
101  if (nid == 0)
102  {
103  return 0;
104  }
105  const char *curve = OBJ_nid2sn(nid);
106  if (!curve)
107  {
108  curve = "(error fetching curve name)";
109  }
110 
111  strncpynt(gname, curve, gname_sz);
112 
113  /* strncpynt ensures null termination so just strlen is fine here */
114  *gname_len = strlen(curve);
115  return 1;
116 }
117 #endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_EC) */
118 
119 #if OPENSSL_VERSION_NUMBER < 0x30000000L
120 #define EVP_MD_get0_name EVP_MD_name
121 #define EVP_CIPHER_get0_name EVP_CIPHER_name
122 #define EVP_CIPHER_CTX_get_mode EVP_CIPHER_CTX_mode
123 
125 #define SSL_CTX_new_ex(libctx, propq, method) \
126  SSL_CTX_new((method))
127 
128 /* Some safe typedefs to avoid too many ifdefs */
129 typedef void OSSL_LIB_CTX;
130 typedef void OSSL_PROVIDER;
131 
132 /* Mimics the functions but only when the default context without
133  * options is chosen */
134 static inline const EVP_CIPHER *
135 EVP_CIPHER_fetch(void *ctx, const char *algorithm, const char *properties)
136 {
137  ASSERT(!ctx);
138  ASSERT(!properties);
139  return EVP_get_cipherbyname(algorithm);
140 }
141 
142 static inline const EVP_MD *
143 EVP_MD_fetch(void *ctx, const char *algorithm, const char *properties)
144 {
145  ASSERT(!ctx);
146  ASSERT(!properties);
147  return EVP_get_digestbyname(algorithm);
148 }
149 
150 static inline void
151 EVP_CIPHER_free(const EVP_CIPHER *cipher)
152 {
153  /* OpenSSL 1.1.1 and lower use only const EVP_CIPHER, nothing to free */
154 }
155 
156 static inline void
157 EVP_MD_free(const EVP_MD *md)
158 {
159  /* OpenSSL 1.1.1 and lower use only const EVP_MD, nothing to free */
160 }
161 
162 static inline unsigned long
163 ERR_get_error_all(const char **file, int *line,
164  const char **func,
165  const char **data, int *flags)
166 {
167  static const char *empty = "";
168  *func = empty;
169  unsigned long err = ERR_get_error_line_data(file, line, data, flags);
170  return err;
171 }
172 
173 #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
174 
175 #endif /* OPENSSL_COMPAT_H_ */
EVP_CIPHER_free
static void EVP_CIPHER_free(const EVP_CIPHER *cipher)
Definition: openssl_compat.h:151
EVP_MD_fetch
static const EVP_MD * EVP_MD_fetch(void *ctx, const char *algorithm, const char *properties)
Definition: openssl_compat.h:143
EVP_MD_free
static void EVP_MD_free(const EVP_MD *md)
Definition: openssl_compat.h:157
EVP_CIPHER_fetch
static const EVP_CIPHER * EVP_CIPHER_fetch(void *ctx, const char *algorithm, const char *properties)
Definition: openssl_compat.h:135
ASSERT
#define ASSERT(x)
Definition: error.h:195
ERR_get_error_all
static unsigned long ERR_get_error_all(const char **file, int *line, const char **func, const char **data, int *flags)
Definition: openssl_compat.h:163
buffer.h
EVP_PKEY_get_group_name
static int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, size_t *gname_len)
Definition: openssl_compat.h:90
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:361
OSSL_PROVIDER
void OSSL_PROVIDER
Definition: openssl_compat.h:130
config.h
OSSL_LIB_CTX
void OSSL_LIB_CTX
Definition: openssl_compat.h:129
Generated by   doxygen 1.8.17