From a6daf938f5f616a4a67caa6580b0c99e9a8c3779 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Mon, 2 Oct 2017 06:57:04 +0200 Subject: New upstream version 2.4.4 --- src/openvpn/openssl_compat.h | 99 ++++++++++++++++++++------------------------ 1 file changed, 46 insertions(+), 53 deletions(-) (limited to 'src/openvpn/openssl_compat.h') diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index c765f0b..70b19ae 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -88,38 +88,19 @@ EVP_MD_CTX_new(void) } #endif -#if !defined(HAVE_EVP_CIPHER_CTX_FREE) -/** - * Free an existing cipher context - * - * @param ctx The cipher context - */ -static inline void -EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c) -{ - free(c); -} -#endif - -#if !defined(HAVE_EVP_CIPHER_CTX_NEW) -/** - * Allocate a new cipher context object - * - * @return A zero'ed cipher context object - */ -static inline EVP_CIPHER_CTX * -EVP_CIPHER_CTX_new(void) -{ - EVP_CIPHER_CTX *ctx = NULL; - ALLOC_OBJ_CLEAR(ctx, EVP_CIPHER_CTX); - return ctx; -} -#endif - #if !defined(HAVE_HMAC_CTX_RESET) /** * Reset a HMAC context * + * OpenSSL 1.1+ removes APIs HMAC_CTX_init() and HMAC_CTX_cleanup() + * and replace them with a single call that does a cleanup followed + * by an init. A proper _reset() for OpenSSL < 1.1 should perform + * a similar set of operations. + * + * It means that before we kill a HMAC context, we'll have to cleanup + * again, as we probably have allocated a few resources when we forced + * an init. + * * @param ctx The HMAC context * @return 1 on success, 0 on error */ @@ -127,42 +108,22 @@ static inline int HMAC_CTX_reset(HMAC_CTX *ctx) { HMAC_CTX_cleanup(ctx); + HMAC_CTX_init(ctx); return 1; } #endif -#if !defined(HAVE_HMAC_CTX_INIT) -/** - * Init a HMAC context - * - * @param ctx The HMAC context - * - * Contrary to many functions in this file, HMAC_CTX_init() is not - * an OpenSSL 1.1 function: it comes from previous versions and was - * removed in v1.1. As a consequence, there is no distincting in - * v1.1 between a cleanup, and init and a reset. Yet, previous OpenSSL - * version need this distinction. - * - * In order to respect previous OpenSSL versions, we implement init - * as reset for OpenSSL 1.1+. - */ -static inline void -HMAC_CTX_init(HMAC_CTX *ctx) -{ - HMAC_CTX_reset(ctx); -} -#endif - #if !defined(HAVE_HMAC_CTX_FREE) /** - * Free an existing HMAC context + * Cleanup and free an existing HMAC context * * @param ctx The HMAC context */ static inline void -HMAC_CTX_free(HMAC_CTX *c) +HMAC_CTX_free(HMAC_CTX *ctx) { - free(c); + HMAC_CTX_cleanup(ctx); + free(ctx); } #endif @@ -283,6 +244,20 @@ EVP_PKEY_get0_RSA(EVP_PKEY *pkey) } #endif +#if !defined(HAVE_EVP_PKEY_GET0_EC_KEY) && !defined(OPENSSL_NO_EC) +/** + * Get the EC_KEY object of a public key + * + * @param pkey Public key object + * @return The underlying EC_KEY object + */ +static inline EC_KEY * +EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) +{ + return pkey ? pkey->pkey.ec : NULL; +} +#endif + #if !defined(HAVE_EVP_PKEY_ID) /** * Get the PKEY type @@ -649,6 +624,24 @@ RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data) } #endif +#if !defined(HAVE_EC_GROUP_ORDER_BITS) && !defined(OPENSSL_NO_EC) +/** + * Gets the number of bits of the order of an EC_GROUP + * + * @param group EC_GROUP object + * @return number of bits of group order. + */ +static inline int +EC_GROUP_order_bits(const EC_GROUP *group) +{ + BIGNUM* order = BN_new(); + EC_GROUP_get_order(group, order, NULL); + int bits = BN_num_bits(order); + BN_free(order); + return bits; +} +#endif + /* SSLeay symbols have been renamed in OpenSSL 1.1 */ #if !defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT) #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT -- cgit v1.2.3