diff options
author | Arne Schwabe | 2024-04-02 15:49:09 +0200 |
---|---|---|
committer | Gert Doering | 2024-04-02 16:26:25 +0200 |
commit | e81e3eb1a4322148b06f353eaa22b0a803fd74f4 (patch) | |
tree | 4999e4610edcb6c5e443adb0d84a0535725466c8 | |
parent | ff402c7c2fbc49ff6d352ebdc3cdc4c27c2bbcbb (diff) | |
download | openvpn-e81e3eb1a4322148b06f353eaa22b0a803fd74f4.zip openvpn-e81e3eb1a4322148b06f353eaa22b0a803fd74f4.tar.gz |
Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex
EVP_CipherInit basically is the same EVP_CipherInit_ex except that it
in some instances it resets/inits the ctx parameter first. We already
call EVP_CIPHER_CTX_reset to reset/init the ctx before. Also ensure that
EVP_CipherInit_Ex gets the cipher to actually be able to initialise the
context.
OpenSSL 1.0.2:
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/evp/evp_enc.c#L94
EVP_CipherInit calls first EVP_CIPHER_CTX_init and then EVP_CipherInit_ex
Our openssl_compat.h has
for these older OpenSSL versions
OpenSSL 3.0:
https://github.com/openssl/openssl/blob/openssl-3.2/crypto/evp/evp_enc.c#L450
basically the same as 1.0.2. Just that method names have been changed.
Change-Id: I911e25949a8647b567fd4178683534d4404ab469
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20240402134909.6340-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28523.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
-rw-r--r-- | src/openvpn/crypto_openssl.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index bfc5e37..b2c4eb6 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -846,11 +846,7 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, evp_cipher_type *kt = cipher_get(ciphername); EVP_CIPHER_CTX_reset(ctx); - if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc)) - { - crypto_msg(M_FATAL, "EVP cipher init #1"); - } - if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc)) + if (!EVP_CipherInit_ex(ctx, kt, NULL, key, NULL, enc)) { crypto_msg(M_FATAL, "EVP cipher init #2"); } |