From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 24 Feb 2022 13:50:25 +0000 (+0100)
Subject: openssl: PRF_KEYED_SHA1 might not be supported
X-Git-Tag: 5.9.6rc1~1^2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=13efce489e594e5a781ad9ad9b92235c92270745;p=thirdparty%2Fstrongswan.git

openssl: PRF_KEYED_SHA1 might not be supported

The old API has been deprecated with OpenSSL 3 and direct access to the
state isn't possible via EVP API.  In the future we might just remove this
implementation but we'd probably have to implement EAP-AKA' first, which
uses HMAC-SHA-256 with IKEv2's prf+ construct to derive keys instead
of this weird construct (plus what fips-prf builds around it) that's used
by EAP-AKA.
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index c21292b09f..b881c81056 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -615,7 +615,8 @@ METHOD(plugin_t, get_features, int,
 			PLUGIN_PROVIDE(XOF, XOF_SHAKE_128),
 			PLUGIN_PROVIDE(XOF, XOF_SHAKE_256),
 #endif
-#ifndef OPENSSL_NO_SHA1
+#if !defined(OPENSSL_NO_SHA1) && \
+	(OPENSSL_VERSION_NUMBER < 0x30000000L || !defined(OPENSSL_NO_DEPRECATED))
 		/* keyed sha1 hasher (aka prf) */
 		PLUGIN_REGISTER(PRF, openssl_sha1_prf_create),
 			PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1),
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
index 8371bc17fe..fe68f0c173 100644
--- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
@@ -13,9 +13,15 @@
  * for more details.
  */
 
+/* direct access to the state and the SHA1_* API have been deprecated with
+ * OpenSSL 3, so at some point this won't work anymore */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
+#include <openssl/opensslv.h>
 #include <openssl/opensslconf.h>
 
-#ifndef OPENSSL_NO_SHA1
+#if !defined(OPENSSL_NO_SHA1) && \
+	(OPENSSL_VERSION_NUMBER < 0x30000000L || !defined(OPENSSL_NO_DEPRECATED))
 
 #include "openssl_sha1_prf.h"
 
@@ -43,14 +49,10 @@ struct private_openssl_sha1_prf_t {
 METHOD(prf_t, get_bytes, bool,
 	private_openssl_sha1_prf_t *this, chunk_t seed, uint8_t *bytes)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
 	if (!SHA1_Update(&this->ctx, seed.ptr, seed.len))
 	{
 		return FALSE;
 	}
-#else /* OPENSSL_VERSION_NUMBER < 1.0 */
-	SHA1_Update(&this->ctx, seed.ptr, seed.len);
-#endif
 
 	if (bytes)
 	{
@@ -92,14 +94,10 @@ METHOD(prf_t, get_key_size, size_t,
 METHOD(prf_t, set_key, bool,
 	private_openssl_sha1_prf_t *this, chunk_t key)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
 	if (!SHA1_Init(&this->ctx))
 	{
 		return FALSE;
 	}
-#else /* OPENSSL_VERSION_NUMBER < 1.0 */
-	SHA1_Init(&this->ctx);
-#endif
 
 	if (key.len % 4)
 	{
@@ -162,4 +160,4 @@ openssl_sha1_prf_t *openssl_sha1_prf_create(pseudo_random_function_t algo)
 	return &this->public;
 }
 
-#endif /* OPENSSL_NO_SHA1 */
+#endif /* !OPENSSL_NO_SHA1 && SHA_LONG */