Hello Steffan,
On Sun, Jun 18, 2017 at 1:38 PM, Steffan Karger <stef...@karger.me> wrote:
> Hi,
>
> On 12-06-17 15:43, log...@free.fr wrote:
> > +#if !defined(HAVE_HMAC_CTX_INIT)
> > +/**
> > + * Init a HMAC context
> > + *
> > + * @param ctx The HMAC context
> > + *
> > + * Contrary to many functions in this file, HMAC_CTX_init() is not
> > + * an OpenSSL 1.1 function: it comes from previous versions and was
> > + * removed in v1.1. As a consequence, there is no distincting in
> > + * v1.1 between a cleanup, and init and a reset. Yet, previous OpenSSL
> > + * version need this distinction.
> > + *
> > + * In order to respect previous OpenSSL versions, we implement init
> > + * as reset for OpenSSL 1.1+.
> > + */
> > +static inline void
> > +HMAC_CTX_init(HMAC_CTX *ctx)
> > +{
> > + HMAC_CTX_reset(ctx);
> > +}
> > +#endif
>
> Hm, shouldn't we do this the other way around then? Implement a
> HMAC_CTX_reset() here that calls HMAC_CTX_init(), and use _reset() in
> our hmac_ctx_init() function?
>
>
I think I did it that way to enhance code reading but it's true that it
introduces a pre-1.1 artefact into an interface which is based upon OpenSSL
1.1.
I'm sending a patch to fix that.
> > <snip
> >
>
> Otherwise this looks good, and passes my tests. I would prefer to
> change the _init()/reset() thing before applying (if you agree that this
> is better), but if this is the only thing left to get 1.1 support into
> our next release that shouldn't block applying the patch.
>
> So, basically, ACK :)
>
> -Steffan
>
BR,
-- Emmanuel Deloget
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
