summaryrefslogtreecommitdiff
path: root/src/openvpn/openssl_compat.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/openssl_compat.h')
-rw-r--r--src/openvpn/openssl_compat.h99
1 files changed, 46 insertions, 53 deletions
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index c765f0b..70b19ae 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -88,38 +88,19 @@ EVP_MD_CTX_new(void)
}
#endif
-#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
-/**
- * Free an existing cipher context
- *
- * @param ctx The cipher context
- */
-static inline void
-EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c)
-{
- free(c);
-}
-#endif
-
-#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
-/**
- * Allocate a new cipher context object
- *
- * @return A zero'ed cipher context object
- */
-static inline EVP_CIPHER_CTX *
-EVP_CIPHER_CTX_new(void)
-{
- EVP_CIPHER_CTX *ctx = NULL;
- ALLOC_OBJ_CLEAR(ctx, EVP_CIPHER_CTX);
- return ctx;
-}
-#endif
-
#if !defined(HAVE_HMAC_CTX_RESET)
/**
* Reset a HMAC context
*
+ * OpenSSL 1.1+ removes APIs HMAC_CTX_init() and HMAC_CTX_cleanup()
+ * and replace them with a single call that does a cleanup followed
+ * by an init. A proper _reset() for OpenSSL < 1.1 should perform
+ * a similar set of operations.
+ *
+ * It means that before we kill a HMAC context, we'll have to cleanup
+ * again, as we probably have allocated a few resources when we forced
+ * an init.
+ *
* @param ctx The HMAC context
* @return 1 on success, 0 on error
*/
@@ -127,42 +108,22 @@ static inline int
HMAC_CTX_reset(HMAC_CTX *ctx)
{
HMAC_CTX_cleanup(ctx);
+ HMAC_CTX_init(ctx);
return 1;
}
#endif
-#if !defined(HAVE_HMAC_CTX_INIT)
-/**
- * Init a HMAC context
- *
- * @param ctx The HMAC context
- *
- * Contrary to many functions in this file, HMAC_CTX_init() is not
- * an OpenSSL 1.1 function: it comes from previous versions and was
- * removed in v1.1. As a consequence, there is no distincting in
- * v1.1 between a cleanup, and init and a reset. Yet, previous OpenSSL
- * version need this distinction.
- *
- * In order to respect previous OpenSSL versions, we implement init
- * as reset for OpenSSL 1.1+.
- */
-static inline void
-HMAC_CTX_init(HMAC_CTX *ctx)
-{
- HMAC_CTX_reset(ctx);
-}
-#endif
-
#if !defined(HAVE_HMAC_CTX_FREE)
/**
- * Free an existing HMAC context
+ * Cleanup and free an existing HMAC context
*
* @param ctx The HMAC context
*/
static inline void
-HMAC_CTX_free(HMAC_CTX *c)
+HMAC_CTX_free(HMAC_CTX *ctx)
{
- free(c);
+ HMAC_CTX_cleanup(ctx);
+ free(ctx);
}
#endif
@@ -283,6 +244,20 @@ EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
}
#endif
+#if !defined(HAVE_EVP_PKEY_GET0_EC_KEY) && !defined(OPENSSL_NO_EC)
+/**
+ * Get the EC_KEY object of a public key
+ *
+ * @param pkey Public key object
+ * @return The underlying EC_KEY object
+ */
+static inline EC_KEY *
+EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
+{
+ return pkey ? pkey->pkey.ec : NULL;
+}
+#endif
+
#if !defined(HAVE_EVP_PKEY_ID)
/**
* Get the PKEY type
@@ -649,6 +624,24 @@ RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
}
#endif
+#if !defined(HAVE_EC_GROUP_ORDER_BITS) && !defined(OPENSSL_NO_EC)
+/**
+ * Gets the number of bits of the order of an EC_GROUP
+ *
+ * @param group EC_GROUP object
+ * @return number of bits of group order.
+ */
+static inline int
+EC_GROUP_order_bits(const EC_GROUP *group)
+{
+ BIGNUM* order = BN_new();
+ EC_GROUP_get_order(group, order, NULL);
+ int bits = BN_num_bits(order);
+ BN_free(order);
+ return bits;
+}
+#endif
+
/* SSLeay symbols have been renamed in OpenSSL 1.1 */
#if !defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT)
#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT