From patchwork Tue Apr 2 12:22:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3680 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:292f:b0:569:ad12:4fde with SMTP id f15csp217079maw; Tue, 2 Apr 2024 05:22:57 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVKmQT1eYv1Yzw6UFC4ugKIg+wIwi+9y50rB68rgzE8+tRZJYjynmg4XW2Wpso7PgABgUPEiqjp/HHh77LG4g9/CFoq6zw= X-Google-Smtp-Source: AGHT+IEHs3Lalg75pLwKp9Tp3/iMrNL1NrvSk9vfAS5a2TlKdmMaMbH0M4ue8fpGF8isjFuosfwa X-Received: by 2002:a17:902:b196:b0:1dd:85eb:b11 with SMTP id s22-20020a170902b19600b001dd85eb0b11mr13209104plr.1.1712060577484; Tue, 02 Apr 2024 05:22:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712060577; cv=none; d=google.com; s=arc-20160816; b=aMaCWiol3lz40VR7TIVZY8t7rBu/ia8+eQEmV4v7iMTsoVVEoL7CBbuAAuKeR9Qpro QU1GnTvEoC1d5hAa40j8C4ZKooRmN6S4YoqeENmO1jct5IKiy26nlhiqIzykgZWabHRG kSOkPN3uodUx3VIdQPM0y1YkgHaI2LPXlFJv7BgRk1/rpZYisPosSU2LtFiQgEg73qIR iN10bijaGneoxiaXRzYGk3YQjb8Tt+QBRoaSQhh4Y+/gzVk89lE9fp6EowyHUaknoj2K DZIgU/5cKFKYCnpul9LjMMy3NpKiqFJDuJ0M66Sax33+bxqafyBZiAeFRHRiqbRgQjRA 7Ovw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=Er/gW07JYsZWIgEG3jRjNC9NC0rsfdrF0umV/GzcSs0=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=kPlT3EHbuMdawUKrZKCj8m7zJi5VFHphZu57dF0HsQGyhu37Ignq6iHHY+S8hk+n+D yyvhz3Kn6uk8JEnYIVaRIgFLIKkkVq5qQUaB5MAiaIQQCkLwBvf+SzdTU1gADYPG9Ppm YP7QdXpk3XkuZxuLx06l9gmxce3LECKftAIIkDmlL+OQzxmIRYSXLM5UZ2L/IDo4hIYo 3Ph4FWsTuHzsyvdEaWzgv5r8bZIZ6rtc68oKz97OuMq1FAkOs2VeALbJsamfcQc4WLIH HzopCfOaJhJ12FMUPPIJiyujmkSpP5+OfB9zcBm4y/+J8bwo1pCvT/OOiCfBaoJf/9Hq bfQQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=j56+IdVj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YiVDOTPX; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id s21-20020a170902b19500b001dc9d472c13si10284712plr.653.2024.04.02.05.22.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Apr 2024 05:22:57 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=j56+IdVj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YiVDOTPX; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rrd9z-0007ae-EF; Tue, 02 Apr 2024 12:22:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rrd9x-0007aH-FW for openvpn-devel@lists.sourceforge.net; Tue, 02 Apr 2024 12:22:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=pDcr9sVTWGGSzuXMa78c/YD6nUbwL7oo12zJRCAKeyo=; b=j56+IdVj77ucu5thVespj2XhHu xsschtIDMPXmPaTnNN6iy0xVKRHbFju8tbiTZ8CCqbGwjlfAOStRl4OPzAbnlCGVDSEPE5Zj1ZZrW TpVzMrKNFzMhTDtMcZ+3G0Y5aWFyg+5HiQWwXDmEcDgmi+r8IMNZOAAuF8ieGVuVffXU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=pDcr9sVTWGGSzuXMa78c/YD6nUbwL7oo12zJRCAKeyo=; b=YiVDOTPXMpoY4rQLmhdZFi6tnI jpCOSwBdpIcKhBsO0cOgw/cmAMF2WLZu2Zdsd8ddW4QtNX5Wu4M8w9eGP/wUZGf7yoCfoQ0UUZ2mh oevJ8gTvVQgMASrYbyV1ueiMB1CPKk8Y0Zfiv/2BRr5LSAmz4c41E+xo4p4OnFPb1HsM=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rrd9v-0006Uw-9j for openvpn-devel@lists.sourceforge.net; Tue, 02 Apr 2024 12:22:37 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 432CMOFt022201 for ; Tue, 2 Apr 2024 14:22:24 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 432CMOP6022200 for openvpn-devel@lists.sourceforge.net; Tue, 2 Apr 2024 14:22:24 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 2 Apr 2024 14:22:23 +0200 Message-ID: <20240402122223.22183-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.43.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe EVP_CipherInit basically is the same EVP_CipherInit_ex except that it in some instances it resets/inits the ctx parameter first. We already call EVP_CIPHER_CTX_reset to reset/init the ctx before so th [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1rrd9v-0006Uw-9j Subject: [Openvpn-devel] [PATCH v2] Remove redundant call of EVP_CipherInit before EVP_CipherInit_Ex X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1795225631885951673?= X-GMAIL-MSGID: =?utf-8?q?1795225631885951673?= From: Arne Schwabe EVP_CipherInit basically is the same EVP_CipherInit_ex except that it in some instances it resets/inits the ctx parameter first. We already call EVP_CIPHER_CTX_reset to reset/init the ctx before so this call does not do anything useful. OpenSSL 1.0.2: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/evp/evp_enc.c#L94 EVP_CipherInit calls first EVP_CIPHER_CTX_init and then EVP_CipherInit_ex Our openssl_compat.h has for these older OpenSSL versions OpenSSL 3.0: https://github.com/openssl/openssl/blob/openssl-3.2/crypto/evp/evp_enc.c#L450 basically the same as 1.0.2. Just that method names have been changed. Change-Id: I911e25949a8647b567fd4178683534d4404ab469 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/552 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index bfc5e37..13dfa8c 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -846,10 +846,6 @@ evp_cipher_type *kt = cipher_get(ciphername); EVP_CIPHER_CTX_reset(ctx); - if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc)) - { - crypto_msg(M_FATAL, "EVP cipher init #1"); - } if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc)) { crypto_msg(M_FATAL, "EVP cipher init #2");