Re: [Openvpn-devel] [PATCH] Replace variable length array with malloc

2015-10-20 Thread Lev Stipakov 

Why OPENSSL_malloc() in particular?


I looked for other malloc calls in that file and only example I've found 
was OPENSSL_malloc in show_available_curves().


On the other side Dr. Stephen Henson says (quote unedited):

http://permalink.gmane.org/gmane.comp.encryption.openssl.user/11291


You don't have to use OPENSSL_malloc() in an application but you do

you can make use of OpenSSLs memory leak checking routines if you do.

-Lev

On 20.10.2015 16:52, Gert Doering wrote:

Hi,

On Tue, Oct 20, 2015 at 04:22:59PM +0300, Lev Stipakov wrote:

Commit 
https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51
introduced a variable length array. Although C99 supports that, MSVS 2013 still 
requires
size of array to be compiler time constant. As a fix, use OPENSSL_malloc/free.


Why OPENSSL_malloc() in particular?

(As I have no clue about the intricacies of openssl-interfacing code, this
might be a stupid question, but it looks like "normal gc_malloc() should
be perfectly fine")

gert



--



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Replace variable length array with malloc

2015-10-20 Thread Lev Stipakov 

> Why OPENSSL_malloc() in particular?

I looked for other malloc calls in that file and only example I've found 
was OPENSSL_malloc in show_available_curves().


On the other side Dr. Stephen Henson says (quote unedited):

http://permalink.gmane.org/gmane.comp.encryption.openssl.user/11291

> You don't have to use OPENSSL_malloc() in an application but you do 
you can make use of OpenSSLs memory leak checking routines if you do.


-Lev

On 20.10.2015 16:52, Gert Doering wrote:

Hi,

On Tue, Oct 20, 2015 at 04:22:59PM +0300, Lev Stipakov wrote:

Commit 
https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51
introduced a variable length array. Although C99 supports that, MSVS 2013 still 
requires
size of array to be compiler time constant. As a fix, use OPENSSL_malloc/free.


Why OPENSSL_malloc() in particular?

(As I have no clue about the intricacies of openssl-interfacing code, this
might be a stupid question, but it looks like "normal gc_malloc() should
be perfectly fine")

gert



--



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Replace variable length array with malloc

2015-10-20 Thread Gert Doering 
Hi,

On Tue, Oct 20, 2015 at 04:22:59PM +0300, Lev Stipakov wrote:
> Commit 
> https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51
> introduced a variable length array. Although C99 supports that, MSVS 2013 
> still requires
> size of array to be compiler time constant. As a fix, use OPENSSL_malloc/free.

Why OPENSSL_malloc() in particular?

(As I have no clue about the intricacies of openssl-interfacing code, this
might be a stupid question, but it looks like "normal gc_malloc() should
be perfectly fine")

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature

[Openvpn-devel] [PATCH] Replace variable length array with malloc

2015-10-20 Thread Lev Stipakov 
Commit 
https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51
introduced a variable length array. Although C99 supports that, MSVS 2013 still 
requires
size of array to be compiler time constant. As a fix, use OPENSSL_malloc/free.

Signed-off-by: Lev Stipakov 
---
 src/openvpn/ssl_openssl.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index c08d4fe..1b4b1da 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -141,7 +141,10 @@ key_state_export_keying_material(struct key_state_ssl *ssl,
 {
 #if (OPENSSL_VERSION_NUMBER >= 0x10001000)
   unsigned int size = session->opt->ekm_size;
-  unsigned char ekm[size];
+  unsigned char* ekm = OPENSSL_malloc(size);
+
+  if (ekm == NULL)
+   crypto_msg (M_FATAL, "Failed to allocate memory for export key 
material.");

   if (SSL_export_keying_material(ssl->ssl, ekm, sizeof(ekm),
   session->opt->ekm_label, session->opt->ekm_label_size, NULL, 0, 0))
@@ -162,6 +165,8 @@ key_state_export_keying_material(struct key_state_ssl *ssl,
  msg (M_WARN, "WARNING: Export keying material failed!");
  setenv_del (session->opt->es, "exported_keying_material");
}
+
+  OPENSSL_free(ekm);
 #endif
 }
 }
-- 
1.9.1