diff options
| author | Arne Schwabe | 2022-05-23 12:35:45 +0200 |
|---|---|---|
| committer | Gert Doering | 2022-05-23 15:47:32 +0200 |
| commit | b158125f67b49149ffd3e2617479fbd27860713c (patch) | |
| tree | 52cab4c9c275cd8f2bad6558160c47fa964ad9a1 | |
| parent | 1294064e142d43b49df66296f8cd92de0698616d (diff) | |
| download | openvpn-b158125f67b49149ffd3e2617479fbd27860713c.zip openvpn-b158125f67b49149ffd3e2617479fbd27860713c.tar.gz | |
Translate OpenSSL 3.0 digest names to OpenSSL 1.1 digest names
Since we used the OpenSSL <=1.1 names as part of our OCC message, they
are now unfortunately part of our wire protocol.
OpenSSL 3.0 will still accept the "old" names so we do not need to use
this translation table for forward lookup, only for returning the name
with md_kt_name()
Backport of master commit 88342ed8277c5797.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <a@unstable.cc>
Message-Id: <20220523103546.3425388-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24424.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
| -rw-r--r-- | src/openvpn/crypto_openssl.c | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 74685b3..7a05a35 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -379,7 +379,7 @@ show_available_ciphers(void) void print_digest(EVP_MD *digest, void *unused) { - printf("%s %d bit digest size\n", EVP_MD_name(digest), + printf("%s %d bit digest size\n", md_kt_name(digest), EVP_MD_size(digest) * 8); } @@ -982,6 +982,28 @@ md_kt_get(const char *digest) return md; } +/* Since we used the OpenSSL <=1.1 names as part of our OCC message, they + * are now unfortunately part of our wire protocol. + * + * OpenSSL 3.0 will still accept the "old" names so we do not need to use + * this translation table for forward lookup, only for returning the name + * with md_kt_name() */ +const cipher_name_pair digest_name_translation_table[] = { + { "BLAKE2s256", "BLAKE2S-256"}, + { "BLAKE2b512", "BLAKE2B-512"}, + { "RIPEMD160", "RIPEMD-160" }, + { "SHA224", "SHA2-224"}, + { "SHA256", "SHA2-256"}, + { "SHA384", "SHA2-384"}, + { "SHA512", "SHA2-512"}, + { "SHA512-224", "SHA2-512/224"}, + { "SHA512-256", "SHA2-512/256"}, + { "SHAKE128", "SHAKE-128"}, + { "SHAKE256", "SHAKE-256"}, +}; +const size_t digest_name_translation_table_count = + sizeof(digest_name_translation_table) / sizeof(*digest_name_translation_table); + const char * md_kt_name(const EVP_MD *kt) { @@ -989,7 +1011,20 @@ md_kt_name(const EVP_MD *kt) { return "[null-digest]"; } - return EVP_MD_name(kt); + + const char *name = EVP_MD_name(kt); + + /* Search for a digest name translation */ + for (size_t i = 0; i < digest_name_translation_table_count; i++) + { + const cipher_name_pair *pair = &digest_name_translation_table[i]; + if (!strcmp(name, pair->lib_name)) + { + name = pair->openvpn_name; + } + } + + return name; } unsigned char |