Message ID | 20240402134909.6340-1-gert@greenie.muc.de |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel,v3] Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex | expand |
Looking at the OpenSSL implementation for the EVP_CipherInit*() functions makes it really clear that this is, basically, dead code. Of course the "kt" init needs to go to the second call now, because otherwise it will bomb with OpenSSL 3.x ("no default cipher"). Tested with various OpenSSL (and LibreSSL) versions across the buildbot and GHA test bed. Your patch has been applied to the master branch. (Not applied to release/2.6 since it's not actually fixing something, just cleaning up old code - typical "master" material) commit e81e3eb1a4322148b06f353eaa22b0a803fd74f4 Author: Arne Schwabe Date: Tue Apr 2 15:49:09 2024 +0200 Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20240402134909.6340-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28523.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index bfc5e37..b2c4eb6 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -846,11 +846,7 @@ evp_cipher_type *kt = cipher_get(ciphername); EVP_CIPHER_CTX_reset(ctx); - if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc)) - { - crypto_msg(M_FATAL, "EVP cipher init #1"); - } - if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc)) + if (!EVP_CipherInit_ex(ctx, kt, NULL, key, NULL, enc)) { crypto_msg(M_FATAL, "EVP cipher init #2"); }