Re: [Openvpn-devel] [PATCH] Replace variable length array with malloc
Why OPENSSL_malloc() in particular? I looked for other malloc calls in that file and only example I've found was OPENSSL_malloc in show_available_curves(). On the other side Dr. Stephen Henson says (quote unedited): http://permalink.gmane.org/gmane.comp.encryption.openssl.user/11291 You don't have to use OPENSSL_malloc() in an application but you do you can make use of OpenSSLs memory leak checking routines if you do. -Lev On 20.10.2015 16:52, Gert Doering wrote: Hi, On Tue, Oct 20, 2015 at 04:22:59PM +0300, Lev Stipakov wrote: Commit https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51 introduced a variable length array. Although C99 supports that, MSVS 2013 still requires size of array to be compiler time constant. As a fix, use OPENSSL_malloc/free. Why OPENSSL_malloc() in particular? (As I have no clue about the intricacies of openssl-interfacing code, this might be a stupid question, but it looks like "normal gc_malloc() should be perfectly fine") gert -- ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Replace variable length array with malloc
> Why OPENSSL_malloc() in particular? I looked for other malloc calls in that file and only example I've found was OPENSSL_malloc in show_available_curves(). On the other side Dr. Stephen Henson says (quote unedited): http://permalink.gmane.org/gmane.comp.encryption.openssl.user/11291 > You don't have to use OPENSSL_malloc() in an application but you do you can make use of OpenSSLs memory leak checking routines if you do. -Lev On 20.10.2015 16:52, Gert Doering wrote: Hi, On Tue, Oct 20, 2015 at 04:22:59PM +0300, Lev Stipakov wrote: Commit https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51 introduced a variable length array. Although C99 supports that, MSVS 2013 still requires size of array to be compiler time constant. As a fix, use OPENSSL_malloc/free. Why OPENSSL_malloc() in particular? (As I have no clue about the intricacies of openssl-interfacing code, this might be a stupid question, but it looks like "normal gc_malloc() should be perfectly fine") gert -- ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Replace variable length array with malloc
Hi, On Tue, Oct 20, 2015 at 04:22:59PM +0300, Lev Stipakov wrote: > Commit > https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51 > introduced a variable length array. Although C99 supports that, MSVS 2013 > still requires > size of array to be compiler time constant. As a fix, use OPENSSL_malloc/free. Why OPENSSL_malloc() in particular? (As I have no clue about the intricacies of openssl-interfacing code, this might be a stupid question, but it looks like "normal gc_malloc() should be perfectly fine") gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature
[Openvpn-devel] [PATCH] Replace variable length array with malloc
Commit https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51 introduced a variable length array. Although C99 supports that, MSVS 2013 still requires size of array to be compiler time constant. As a fix, use OPENSSL_malloc/free. Signed-off-by: Lev Stipakov--- src/openvpn/ssl_openssl.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index c08d4fe..1b4b1da 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -141,7 +141,10 @@ key_state_export_keying_material(struct key_state_ssl *ssl, { #if (OPENSSL_VERSION_NUMBER >= 0x10001000) unsigned int size = session->opt->ekm_size; - unsigned char ekm[size]; + unsigned char* ekm = OPENSSL_malloc(size); + + if (ekm == NULL) + crypto_msg (M_FATAL, "Failed to allocate memory for export key material."); if (SSL_export_keying_material(ssl->ssl, ekm, sizeof(ekm), session->opt->ekm_label, session->opt->ekm_label_size, NULL, 0, 0)) @@ -162,6 +165,8 @@ key_state_export_keying_material(struct key_state_ssl *ssl, msg (M_WARN, "WARNING: Export keying material failed!"); setenv_del (session->opt->es, "exported_keying_material"); } + + OPENSSL_free(ekm); #endif } } -- 1.9.1