Attention is currently required from: cron2, flichtenheld, plaisthos.
Hello cron2, flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/552?usp=email
to look at the new patch set (#3).
The following approvals got outdated and were removed:
Code-Review-1 by cron2
Change subject: Remove/combine redundant call of EVP_CipherInit before
EVP_CipherInit_Ex
......................................................................
Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex
EVP_CipherInit basically is the same EVP_CipherInit_ex except that it
in some instances it resets/inits the ctx parameter first. We already
call EVP_CIPHER_CTX_reset to reset/init the ctx before. Also ensure that
EVP_CipherInit_Ex gets the cipher to actually be able to initialise the
context.
OpenSSL 1.0.2:
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/evp/evp_enc.c#L94
EVP_CipherInit calls first EVP_CIPHER_CTX_init and then EVP_CipherInit_ex
Our openssl_compat.h has
for these older OpenSSL versions
OpenSSL 3.0:
https://github.com/openssl/openssl/blob/openssl-3.2/crypto/evp/evp_enc.c#L450
basically the same as 1.0.2. Just that method names have been changed.
Change-Id: I911e25949a8647b567fd4178683534d4404ab469
Signed-off-by: Arne Schwabe <[email protected]>
---
M src/openvpn/crypto_openssl.c
1 file changed, 1 insertion(+), 5 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/52/552/3
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index bfc5e37..b2c4eb6 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -846,11 +846,7 @@
evp_cipher_type *kt = cipher_get(ciphername);
EVP_CIPHER_CTX_reset(ctx);
- if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc))
- {
- crypto_msg(M_FATAL, "EVP cipher init #1");
- }
- if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc))
+ if (!EVP_CipherInit_ex(ctx, kt, NULL, key, NULL, enc))
{
crypto_msg(M_FATAL, "EVP cipher init #2");
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/552?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I911e25949a8647b567fd4178683534d4404ab469
Gerrit-Change-Number: 552
Gerrit-PatchSet: 3
Gerrit-Owner: plaisthos <[email protected]>
Gerrit-Reviewer: cron2 <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
Gerrit-Attention: cron2 <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>
Gerrit-MessageType: newpatchset
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
