From patchwork Tue Apr 2 13:49:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3681 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:292f:b0:569:ad12:4fde with SMTP id f15csp263692maw; Tue, 2 Apr 2024 06:49:45 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVGPaTkmjRwLkV1OKRPttiybo3jPVp4Dn4k7IV1NuY0x8J2F0Q+0RhVorbnqQhi6lNH7+Iln0W4WYtQ3mCTIT/zDOtUMNA= X-Google-Smtp-Source: AGHT+IH6RfJBjSIwcko5hNd/DkAL1nbdqCFD1yCz+MEk2ZPOfbVb0Tt71LWKbq+tkTxNQva0bDn9 X-Received: by 2002:a05:6358:5488:b0:17e:b6bc:f73e with SMTP id v8-20020a056358548800b0017eb6bcf73emr14095037rwe.0.1712065785322; Tue, 02 Apr 2024 06:49:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712065785; cv=none; d=google.com; s=arc-20160816; b=cbxOqSzUlj/lXQ6DI67d5HHJU6OKvDQpAVjjkHBVyVp2TG4IxzGuTY/CLQyfdo4eqf /1QMfEJSU6SA94TyECOzC0TVaSV1P1ZdSE+Fni3L+eCDfAGkJ0FuLZCp6hHLrapWENJS vRjp12EQhrUVoZYI56bxX2hyLMjlvqAh9weFXqwJ2Tk7Ti+FkEfyPb3bCYxtKf7A43XK 83vZCAupA9z1FazluODllIYEFB9H7hRC9r4mqpm2uDDQqb0ZsP/SZ9nMazy4rArI6Bs7 XH8i7svjLgkAt6L4j4KtDJsD522Ju6UiKRvb9YhtLvf2uh6tm8ZGpXxaQFdXPbdV1Tk3 +PdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=z9Kz2G+OxiPFj95sEOq5OB4fOovwneJawEBTvaenkIg=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=C/VibQJWl/b1QrfbZhlHfuvoR2W9zGwbI4l8EByzz7NCRURi6hRa2wCv04mhbpV1sX Mv8Zgmzg+alFbBGiPf7q4EqLhlnft+3rFQIqT8NKAXoxyMHMkdXz99xaV4HeKg6CbBN9 Ve5+EaNwYTtXG/xsd5IKdoOaVp0jFfHRKqiP5zuaN0Nwt5xXYRTWqwIW68+UzuB760aX BDUaAB9AJ+OjASXkVEQ1xGV6LMOp+a3mVFEIjptf3xdtbjdNNJsQ4rJzR5Xd3sUs4mJ1 qbMWQ6wIBkLlFLrf0WPWrCfdIWg9F/EHlJ8FsfA76m2ZiLhhkm9582eOJT8sojzWJMH1 9DJA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=YDF53q3V; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hTMPQDt4; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id bs125-20020a632883000000b005dc89319b58si10972660pgb.682.2024.04.02.06.49.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Apr 2024 06:49:45 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=YDF53q3V; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hTMPQDt4; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rreVx-0001Nw-8B; Tue, 02 Apr 2024 13:49:25 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rreVv-0001Nm-7R for openvpn-devel@lists.sourceforge.net; Tue, 02 Apr 2024 13:49:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Sfup4RvJE3VMBl4vmWl8P2Pc0hl0swNwyHq4Zkf9J58=; b=YDF53q3VluGLqAGNiTM0ImpyLW vqKAnUutSbhylYEXSSlvA+t+URFAcIOzgfg8sLukACo2nC7RYpvH2wwwFxI92xxhTR6+pFu+tnNh4 TJWBPPt5glPdnCzxpDhDG4hIivglwTZxIMH1s6B3owa3U8Xory+XxEA+zp+XcXbq23+4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Sfup4RvJE3VMBl4vmWl8P2Pc0hl0swNwyHq4Zkf9J58=; b=hTMPQDt4rn7UjoW1NGcw2ZG3Zy YRM2WKwA72IcT2Se9MfzsIrndF/Zi5PwfZ4WYooQfBRUZNnmHtVOoo/Gjsh57CETRvmTqAz08d+3i 6mhlfeEKmWJnPtzNT52ht3hUwpLjRNM1lkh05raXzo1ILqoKLOYQqDPjHw1C1YwFY6CI=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rreVu-0003q1-24 for openvpn-devel@lists.sourceforge.net; Tue, 02 Apr 2024 13:49:23 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 432DnACY006350 for ; Tue, 2 Apr 2024 15:49:10 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 432DnAUi006349 for openvpn-devel@lists.sourceforge.net; Tue, 2 Apr 2024 15:49:10 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 2 Apr 2024 15:49:09 +0200 Message-ID: <20240402134909.6340-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.43.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe EVP_CipherInit basically is the same EVP_CipherInit_ex except that it in some instances it resets/inits the ctx parameter first. We already call EVP_CIPHER_CTX_reset to reset/init the ctx before. Also [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1rreVu-0003q1-24 Subject: [Openvpn-devel] [PATCH v3] Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1795231092804102248?= X-GMAIL-MSGID: =?utf-8?q?1795231092804102248?= From: Arne Schwabe EVP_CipherInit basically is the same EVP_CipherInit_ex except that it in some instances it resets/inits the ctx parameter first. We already call EVP_CIPHER_CTX_reset to reset/init the ctx before. Also ensure that EVP_CipherInit_Ex gets the cipher to actually be able to initialise the context. OpenSSL 1.0.2: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/evp/evp_enc.c#L94 EVP_CipherInit calls first EVP_CIPHER_CTX_init and then EVP_CipherInit_ex Our openssl_compat.h has for these older OpenSSL versions OpenSSL 3.0: https://github.com/openssl/openssl/blob/openssl-3.2/crypto/evp/evp_enc.c#L450 basically the same as 1.0.2. Just that method names have been changed. Change-Id: I911e25949a8647b567fd4178683534d4404ab469 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/552 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index bfc5e37..b2c4eb6 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -846,11 +846,7 @@ evp_cipher_type *kt = cipher_get(ciphername); EVP_CIPHER_CTX_reset(ctx); - if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc)) - { - crypto_msg(M_FATAL, "EVP cipher init #1"); - } - if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc)) + if (!EVP_CipherInit_ex(ctx, kt, NULL, key, NULL, enc)) { crypto_msg(M_FATAL, "EVP cipher init #2"); }