From f34e9b993ddd522a7181719ab1b978e3a8bccdc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20B=C3=B6ving?= <hargonix@gmail.com>
Date: Sat, 9 May 2020 01:02:34 +0200
Subject: [PATCH] ocb is only available in openssl 1.1 and later

---
 openssl-sys/src/evp.rs |  9 +++------
 openssl/src/symm.rs    | 22 ++++++++++++++++++----
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs
index a727a25c..685b9e27 100644
--- a/openssl-sys/src/evp.rs
+++ b/openssl-sys/src/evp.rs
@@ -21,12 +21,6 @@ pub const EVP_CTRL_GCM_SET_IVLEN: c_int = 0x9;
 pub const EVP_CTRL_GCM_GET_TAG: c_int = 0x10;
 pub const EVP_CTRL_GCM_SET_TAG: c_int = 0x11;
 
-// Keeping above for backwards compatability
-pub const EVP_CTRL_AEAD_SET_IVLEN: c_int = EVP_CTRL_GCM_SET_IVLEN;
-pub const EVP_CTRL_AEAD_GET_TAG: c_int = EVP_CTRL_GCM_GET_TAG;
-pub const EVP_CTRL_AEAD_SET_TAG: c_int = EVP_CTRL_GCM_SET_TAG;
-
-
 pub unsafe fn EVP_get_digestbynid(type_: c_int) -> *const EVP_MD {
     EVP_get_digestbyname(OBJ_nid2sn(type_))
 }
@@ -281,6 +275,7 @@ extern "C" {
     pub fn EVP_aes_128_gcm() -> *const EVP_CIPHER;
     pub fn EVP_aes_128_xts() -> *const EVP_CIPHER;
     pub fn EVP_aes_128_ofb() -> *const EVP_CIPHER;
+    #[cfg(ossl110)]
     pub fn EVP_aes_128_ocb() -> *const EVP_CIPHER;
     pub fn EVP_aes_192_ecb() -> *const EVP_CIPHER;
     pub fn EVP_aes_192_cbc() -> *const EVP_CIPHER;
@@ -291,6 +286,7 @@ extern "C" {
     pub fn EVP_aes_192_ccm() -> *const EVP_CIPHER;
     pub fn EVP_aes_192_gcm() -> *const EVP_CIPHER;
     pub fn EVP_aes_192_ofb() -> *const EVP_CIPHER;
+    #[cfg(ossl110)]
     pub fn EVP_aes_192_ocb() -> *const EVP_CIPHER;
     pub fn EVP_aes_256_ecb() -> *const EVP_CIPHER;
     pub fn EVP_aes_256_cbc() -> *const EVP_CIPHER;
@@ -302,6 +298,7 @@ extern "C" {
     pub fn EVP_aes_256_gcm() -> *const EVP_CIPHER;
     pub fn EVP_aes_256_xts() -> *const EVP_CIPHER;
     pub fn EVP_aes_256_ofb() -> *const EVP_CIPHER;
+    #[cfg(ossl110)]
     pub fn EVP_aes_256_ocb() -> *const EVP_CIPHER;
     #[cfg(ossl110)]
     pub fn EVP_chacha20() -> *const ::EVP_CIPHER;
diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs
index ff6efc02..56338acd 100644
--- a/openssl/src/symm.rs
+++ b/openssl/src/symm.rs
@@ -130,6 +130,8 @@ impl Cipher {
         unsafe { Cipher(ffi::EVP_aes_128_ofb()) }
     }
 
+    /// Requires OpenSSL 1.1.0 or newer.
+    #[cfg(any(ossl110))]
     pub fn aes_128_ocb() -> Cipher {
         unsafe { Cipher(ffi::EVP_aes_128_ocb()) }
     }
@@ -170,6 +172,8 @@ impl Cipher {
         unsafe { Cipher(ffi::EVP_aes_192_ofb()) }
     }
 
+    /// Requires OpenSSL 1.1.0 or newer.
+    #[cfg(any(ossl110))]
     pub fn aes_192_ocb() -> Cipher {
         unsafe { Cipher(ffi::EVP_aes_192_ocb()) }
     }
@@ -214,6 +218,8 @@ impl Cipher {
         unsafe { Cipher(ffi::EVP_aes_256_ofb()) }
     }
 
+    /// Requires OpenSSL 1.1.0 or newer.
+    #[cfg(any(ossl110))]
     pub fn aes_256_ocb() -> Cipher {
         unsafe { Cipher(ffi::EVP_aes_256_ocb()) }
     }
@@ -312,11 +318,17 @@ impl Cipher {
     }
 
     /// Determines whether the cipher is using OCB mode
+    #[cfg(any(ossl110))]
     fn is_ocb(&self) -> bool {
         *self == Cipher::aes_128_ocb() ||
         *self == Cipher::aes_192_ocb() ||
         *self == Cipher::aes_256_ocb()
     }
+
+    #[cfg(not(any(ossl110)))]
+    const fn is_ocb(&self) -> bool {
+        false
+    }
 }
 
 unsafe impl Sync for Cipher {}
@@ -440,7 +452,7 @@ impl Crypter {
                         assert!(iv.len() <= c_int::max_value() as usize);
                         cvt(ffi::EVP_CIPHER_CTX_ctrl(
                             crypter.ctx,
-                            ffi::EVP_CTRL_AEAD_SET_IVLEN,
+                            ffi::EVP_CTRL_GCM_SET_IVLEN,
                             iv.len() as c_int,
                             ptr::null_mut(),
                         ))?;
@@ -482,7 +494,7 @@ impl Crypter {
             // NB: this constant is actually more general than just GCM.
             cvt(ffi::EVP_CIPHER_CTX_ctrl(
                 self.ctx,
-                ffi::EVP_CTRL_AEAD_SET_TAG,
+                ffi::EVP_CTRL_GCM_SET_TAG,
                 tag.len() as c_int,
                 tag.as_ptr() as *mut _,
             ))
@@ -500,7 +512,7 @@ impl Crypter {
             // NB: this constant is actually more general than just GCM.
             cvt(ffi::EVP_CIPHER_CTX_ctrl(
                 self.ctx,
-                ffi::EVP_CTRL_AEAD_SET_TAG,
+                ffi::EVP_CTRL_GCM_SET_TAG,
                 tag_len as c_int,
                 ptr::null_mut(),
             ))
@@ -626,7 +638,7 @@ impl Crypter {
             assert!(tag.len() <= c_int::max_value() as usize);
             cvt(ffi::EVP_CIPHER_CTX_ctrl(
                 self.ctx,
-                ffi::EVP_CTRL_AEAD_GET_TAG,
+                ffi::EVP_CTRL_GCM_GET_TAG,
                 tag.len() as c_int,
                 tag.as_mut_ptr() as *mut _,
             ))
@@ -1413,6 +1425,7 @@ mod tests {
     }
 
     #[test]
+    #[cfg(any(ossl110))]
     fn test_aes_128_ocb() {
         let key = "000102030405060708090a0b0c0d0e0f";
         let aad = "0001020304050607";
@@ -1448,6 +1461,7 @@ mod tests {
      }
 
     #[test]
+    #[cfg(any(ossl110))]
     fn test_aes_128_ocb_fail() {
         let key = "000102030405060708090a0b0c0d0e0f";
         let aad = "0001020304050607";