OpenVPN 3 Core Library
Loading...
Searching...
No Matches
compat.hpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11
12
13#pragma once
14
15#if OPENSSL_VERSION_NUMBER < 0x30000000L
16#include <cassert>
17#include <cstring>
18#include <openssl/evp.h>
19#include <openssl/ec.h>
20#include <openssl/objects.h>
21
22
23/* Note that this is not a perfect emulation of the new function but
24 * is good enough for our case of printing certificate details during
25 * handshake */
26static inline int EVP_PKEY_get_group_name(EVP_PKEY *pkey,
27 char *gname,
28 size_t gname_sz,
29 size_t *gname_len)
30{
31 if (EVP_PKEY_get0_EC_KEY(pkey) == nullptr)
32 {
33 return 0;
34 }
35 const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
36 const EC_GROUP *group = EC_KEY_get0_group(ec);
37
38 int nid = EC_GROUP_get_curve_name(group);
39
40 if (nid == NID_undef)
41 {
42 return 0;
43 }
44 const char *curve = OBJ_nid2sn(nid);
45
46 std::strncpy(gname, curve, gname_sz - 1);
47 *gname_len = std::strlen(curve);
48 return 1;
49}
50
51/* Mimics the function but only when the default context without
52 * options is chosen */
53static inline const EVP_CIPHER *
54EVP_CIPHER_fetch(void *ctx, const char *algorithm, const char *properties)
55{
56 assert(!ctx);
57 assert(!properties);
58 const EVP_CIPHER *cipher = EVP_get_cipherbyname(algorithm);
59#ifdef OPENSSL_FIPS
60 /* Rhel 8/CentOS 8 have a patched OpenSSL version that return a cipher
61 * here that is actually not usable if in FIPS mode */
62
63 if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))
64 {
65 return nullptr;
66 }
67#endif
68 return cipher;
69}
70
71static inline EVP_PKEY *
72PEM_read_bio_PrivateKey_ex(BIO *bp,
73 EVP_PKEY **x,
74 pem_password_cb *cb,
75 void *u,
76 void *libctx,
77 const char *propq)
78{
79 return PEM_read_bio_PrivateKey(bp, x, cb, u);
80}
81
82static inline void
83EVP_CIPHER_free(const EVP_CIPHER *cipher)
84{
85 /* OpenSSL 1.1.1 and lower have no concept of dynamic EVP_CIPHER, so this is
86 * a noop */
87}
88
89static inline SSL_CTX *
90SSL_CTX_new_ex(void *libctx, const char *propq, const SSL_METHOD *meth)
91{
92 return SSL_CTX_new(meth);
93}
94
95static inline void
96OSSL_LIB_CTX_free(void *libctx)
97{
98}
99#define EVP_PKEY_get_bits EVP_PKEY_bits
100
101static inline const EVP_MD *
102EVP_MD_fetch(void *, const char *algorithm, const char *)
103{
104 return EVP_get_digestbyname(algorithm);
105}
106
107static inline void
108EVP_MD_free(const EVP_MD *md)
109{
110 /* OpenSSL 1.1.1 and lower use only const EVP_CIPHER, nothing to free */
111}
112
113#endif
EVP_CIPHER_free
static void EVP_CIPHER_free(const EVP_CIPHER *cipher)
Definition compat.hpp:83
SSL_CTX_new_ex
static SSL_CTX * SSL_CTX_new_ex(void *libctx, const char *propq, const SSL_METHOD *meth)
Definition compat.hpp:90
EVP_CIPHER_fetch
static const EVP_CIPHER * EVP_CIPHER_fetch(void *ctx, const char *algorithm, const char *properties)
Definition compat.hpp:54
PEM_read_bio_PrivateKey_ex
static EVP_PKEY * PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u, void *libctx, const char *propq)
Definition compat.hpp:72
OSSL_LIB_CTX_free
static void OSSL_LIB_CTX_free(void *libctx)
Definition compat.hpp:96
EVP_MD_free
static void EVP_MD_free(const EVP_MD *md)
Definition compat.hpp:108
EVP_PKEY_get_group_name
static int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, size_t *gname_len)
Definition compat.hpp:26
EVP_MD_fetch
static const EVP_MD * EVP_MD_fetch(void *, const char *algorithm, const char *)
Definition compat.hpp:102