From patchwork Sun Apr 5 10:31:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4875 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:d1c6:b0:83c:d90d:321 with SMTP id ly6csp847391mab; Sun, 5 Apr 2026 03:31:27 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXVX8NaaS92ryPnPYFh/3s+ob/g+d91YR9AdI9gpj5xfJFqGGmm27FILHjNQeXQdv5k6TBrSwbROLg=@openvpn.net X-Received: by 2002:a05:6820:188a:b0:67e:4140:769a with SMTP id 006d021491bc7-6821d24030dmr5231733eaf.7.1775385086777; Sun, 05 Apr 2026 03:31:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1775385086; cv=none; d=google.com; s=arc-20240605; b=fS+gLM+9gDoyClIUGH1Bs6+o4CBVUlDIAjkMnGeLi8Q7GIBZcQHzjcv1Rorx1ILVUF NgAsgWWuOvwquTtQBh29eeKKB1D5FehWGtpmCEduhqQhcrWzp27NWWZrLDkqcBsQxjdO b9DPbKZ8desF6Vwuf+6K9Uyky9cmZE3Ow+y8XilbCDSpdI9LNzruXsgN9U0rsXbza6x7 MkrXPMauJgfsaQxdL7ZCstTJ0BZ464EZurFak2JOk5TKHRzLnBF2nQR7AdpcS+v6tH4/ ivciCFbOFlu0J9ee1Ztjphph0JlD2tnE9KjtsfHEzS5rBx2s746Mkd1z3KgWfaMBV0/v 4zrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=Ur3BTUCruz3y392diDywMZsqUH6vrcoE2W8lTAsBqho=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=cRUmPt4rDPTvvGMM40RzW/cSEbnz1+SA+yI0+FHwZgOiI/O5CAx2MiUE/peTrBJ8AK n0h1iCAkMk1vbTHrn+qv5PNfql43XikxFuBvuO3MrNd8SZizBhfDWFgRLlg8jivszXLY 85UtZKEKlaLMuCAWR1dlV005G3W0Z4kgh0mZMHyhTD0JMdYbQpOWeJnd54iy7Yb+P4OX d7QWniwIc0GtUR4WiHrm2NOm5fVsZzsEcjLA/A76IygFIZGpphUiLzt6CwUUaHqHgq3b vBRr+vsurgDNxoZnc/AX488eefN8McQMD5bZF0IPJmUFkO1sMeUzPIwwtX8lkLULgK9E 1A7g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="lsQ1K/jv"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=WkX8ry3a; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=m41Wo6ew; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-68386eda8c5si3695794eaf.56.2026.04.05.03.31.26 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 05 Apr 2026 03:31:26 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="lsQ1K/jv"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=WkX8ry3a; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=m41Wo6ew; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Ur3BTUCruz3y392diDywMZsqUH6vrcoE2W8lTAsBqho=; b=lsQ1K/jvLt2ktyDpMVMz/1Aq4G IRnnmz5u5LsyEov6F45evb2qgDyx6LOnUFbLyQh4HSFjL9i1JfQW/zosOt3tjVsbcGjLp3nrbymUW cbn9CKk865t+Y0kSCfS1yeTQQeNKRZBNsC/VOSFWRYpQmq+ZhmxfEvhkBT0lHwn9+Lhc=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1w9KlI-00066N-Tk; Sun, 05 Apr 2026 10:31:24 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1w9KlH-00066E-9E for openvpn-devel@lists.sourceforge.net; Sun, 05 Apr 2026 10:31:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=dB8Qt/iotAXk/KEauBtj7x5TLH1L3PIUb9XiINGJ55Q=; b=WkX8ry3aZ/ZHuTq0T4EwlO3GkH YDSOD2O2yvYoAW+YxLO4uC07f9yXDuGFuMSJL7kaF1MEfN9SkQdptsqW8MkVwrh/JjfRlTo4h/I5D tKQFrw5G9PTMlwWiRy53GBjijb/f/0Enkfjzp09hbzTVoh//kgqP4/oNxspF5D3j3HPA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=dB8Qt/iotAXk/KEauBtj7x5TLH1L3PIUb9XiINGJ55Q=; b=m41Wo6ewiOFHK6SM/OAs6m7Yh+ AU+MCdvsiZLtlsJS6XkZnhEzG19PI9xGqvPsHa6FXD4bhbFn/hPkeMbgAp4P1sAmb4dbZBevDdu46 zkQQTM0+uTFRgX89YxSAyZIcYsDFU4au9CnCF+90oSVAJrWM+sz/ORDwl4qorOJ+x4Ts=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1w9KlG-0004ni-71 for openvpn-devel@lists.sourceforge.net; Sun, 05 Apr 2026 10:31:23 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 635AVAkY032414 for ; Sun, 5 Apr 2026 12:31:10 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 635AVAWw032413 for openvpn-devel@lists.sourceforge.net; Sun, 5 Apr 2026 12:31:10 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sun, 5 Apr 2026 12:31:04 +0200 Message-ID: <20260405103110.32401-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld There was only one user for mbedtls < 4.0, so remove all the unused implementations. Identified by cppcheck. Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1w9KlG-0004ni-71 Subject: [Openvpn-devel] [PATCH v1] crypto_backend: Remove md_full X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1861626192796480658?= X-GMAIL-MSGID: =?utf-8?q?1861626192796480658?= From: Frank Lichtenheld There was only one user for mbedtls < 4.0, so remove all the unused implementations. Identified by cppcheck. Change-Id: Ie2285f5bf52f5c669fb01f9ae36d6aa1674f0929 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1612 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1612 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index 4e9283d..360abbe 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -549,18 +549,6 @@ * */ -/** - * Calculates the message digest for the given buffer. - * - * @param mdname message digest name - * @param src Buffer to digest. May not be NULL. - * @param src_len The length of the incoming buffer. - * @param dst Buffer to write the message digest to. May not be NULL. - * - * @return true on success, false on failure - */ -bool md_full(const char *mdname, const uint8_t *src, size_t src_len, uint8_t *dst); - /* * Allocate a new message digest context * diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index b0d0820..665257c0 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -696,28 +696,6 @@ return ctx; } -bool -md_full(const char *mdname, const uint8_t *src, size_t src_len, uint8_t *dst) -{ - const md_info_t *md = md_get(mdname); - if (md == NULL) - { - return false; - } - - /* We depend on the caller to ensure that dst has enough room for the hash, - * so we just tell PSA that it can hold the appropriate amount of bytes. */ - size_t dst_size = PSA_HASH_LENGTH(md->psa_alg); - size_t hash_length = 0; - - psa_status_t status = psa_hash_compute(md->psa_alg, src, src_len, dst, dst_size, &hash_length); - if (status != PSA_SUCCESS || hash_length != dst_size) - { - return false; - } - return true; -} - void md_ctx_free(md_ctx_t *ctx) { diff --git a/src/openvpn/crypto_mbedtls_legacy.c b/src/openvpn/crypto_mbedtls_legacy.c index 3f04a3e..6556358 100644 --- a/src/openvpn/crypto_mbedtls_legacy.c +++ b/src/openvpn/crypto_mbedtls_legacy.c @@ -769,7 +769,7 @@ */ -static const mbedtls_md_info_t * +const mbedtls_md_info_t * md_get(const char *digest) { const mbedtls_md_info_t *md = NULL; @@ -825,13 +825,6 @@ * */ -bool -md_full(const char *mdname, const uint8_t *src, size_t src_len, uint8_t *dst) -{ - const mbedtls_md_info_t *kt = md_get(mdname); - return 0 == mbedtls_md(kt, src, src_len, dst); -} - mbedtls_md_context_t * md_ctx_new(void) { diff --git a/src/openvpn/crypto_mbedtls_legacy.h b/src/openvpn/crypto_mbedtls_legacy.h index 1005057..23113be 100644 --- a/src/openvpn/crypto_mbedtls_legacy.h +++ b/src/openvpn/crypto_mbedtls_legacy.h @@ -137,4 +137,6 @@ */ #define mbed_ok(errval) mbed_log_func_line_lite(D_CRYPT_ERRORS, errval, __func__, __LINE__) +const mbedtls_md_info_t *md_get(const char *digest); + #endif /* CRYPTO_MBEDTLS_H_ */ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index e49f654..e268d7c 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1107,17 +1107,6 @@ * */ -bool -md_full(const char *mdname, const uint8_t *src, size_t src_len, uint8_t *dst) -{ - unsigned int in_md_len = 0; - evp_md_type *kt = md_get(mdname); - - int ret = EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL); - EVP_MD_free(kt); - return ret == 1; -} - EVP_MD_CTX * md_ctx_new(void) { diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index d0c481e..a62ff76 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1029,8 +1029,9 @@ if (NULL != ctx->crt_chain) { mbedtls_x509_crt *cert = ctx->crt_chain; + const mbedtls_md_info_t *kt = md_get("SHA256"); - if (!md_full("SHA256", cert->tbs.p, cert->tbs.len, sha256_hash)) + if (0 != mbedtls_md(kt, cert->tbs.p, cert->tbs.len, sha256_hash)) { msg(M_WARN, "WARNING: failed to personalise random"); }