File: compat.hpp

package info (click to toggle)
openvpn3-client 25%2Bdfsg-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 19,276 kB
  • sloc: cpp: 190,085; python: 7,218; ansic: 1,866; sh: 1,361; java: 402; lisp: 81; makefile: 17
file content (113 lines) | stat: -rw-r--r-- 3,007 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
//    OpenVPN -- An application to securely tunnel IP networks
//               over a single port, with support for SSL/TLS-based
//               session authentication and key exchange,
//               packet encryption, packet authentication, and
//               packet compression.
//
//    Copyright (C) 2012- OpenVPN Inc.
//
//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
//


#pragma once

#if OPENSSL_VERSION_NUMBER < 0x30000000L
#include <cassert>
#include <cstring>
#include <openssl/evp.h>
#include <openssl/ec.h>
#include <openssl/objects.h>


/* Note that this is not a perfect emulation of the new function but
 * is good enough for our case of printing certificate details during
 * handshake */
static inline int EVP_PKEY_get_group_name(EVP_PKEY *pkey,
                                          char *gname,
                                          size_t gname_sz,
                                          size_t *gname_len)
{
    if (EVP_PKEY_get0_EC_KEY(pkey) == nullptr)
    {
        return 0;
    }
    const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
    const EC_GROUP *group = EC_KEY_get0_group(ec);

    int nid = EC_GROUP_get_curve_name(group);

    if (nid == NID_undef)
    {
        return 0;
    }
    const char *curve = OBJ_nid2sn(nid);

    std::strncpy(gname, curve, gname_sz - 1);
    *gname_len = std::strlen(curve);
    return 1;
}

/* Mimics the function but only when the default context without
 * options is chosen */
static inline const EVP_CIPHER *
EVP_CIPHER_fetch(void *ctx, const char *algorithm, const char *properties)
{
    assert(!ctx);
    assert(!properties);
    const EVP_CIPHER *cipher = EVP_get_cipherbyname(algorithm);
#ifdef OPENSSL_FIPS
    /* Rhel 8/CentOS 8 have a patched OpenSSL version that return a cipher
     * here that is actually not usable if in FIPS mode */

    if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))
    {
        return nullptr;
    }
#endif
    return cipher;
}

static inline EVP_PKEY *
PEM_read_bio_PrivateKey_ex(BIO *bp,
                           EVP_PKEY **x,
                           pem_password_cb *cb,
                           void *u,
                           void *libctx,
                           const char *propq)
{
    return PEM_read_bio_PrivateKey(bp, x, cb, u);
}

static inline void
EVP_CIPHER_free(const EVP_CIPHER *cipher)
{
    /* OpenSSL 1.1.1 and lower have no concept of dynamic EVP_CIPHER, so this is
     * a noop */
}

static inline SSL_CTX *
SSL_CTX_new_ex(void *libctx, const char *propq, const SSL_METHOD *meth)
{
    return SSL_CTX_new(meth);
}

static inline void
OSSL_LIB_CTX_free(void *libctx)
{
}
#define EVP_PKEY_get_bits EVP_PKEY_bits

static inline const EVP_MD *
EVP_MD_fetch(void *, const char *algorithm, const char *)
{
    return EVP_get_digestbyname(algorithm);
}

static inline void
EVP_MD_free(const EVP_MD *md)
{
    /* OpenSSL 1.1.1 and lower use only const EVP_CIPHER, nothing to free */
}

#endif