GitList

Browse code

init_key_ctx: key and iv arguments can (now) be const

In older OpenSSL, the key and iv arguments of EVP_CipherInit_ex() were not
const, which meant that our API could not be const either. Since we
dropped support for OpenSSL 0.9.8, we can now fix our internal API.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1497873065-2229-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14881.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Steffan Karger authored on 2017/06/19 20:51:05
Showing 5 changed files

src/openvpn/crypto.c index 9f2828a..78ca419 100644
src/openvpn/crypto.h index 8e2f2b1..fec2eea 100644
src/openvpn/crypto_backend.h index b7f519b..567fd9b 100644
src/openvpn/crypto_mbedtls.c index 24bc315..30b51a5 100644
src/openvpn/crypto_openssl.c index 9cf3355..138455a 100644

src/openvpn/crypto.c

History View file @ 5e6e4b7

@@ -820,7 +820,7 @@ init_key_type(struct key_type *kt, const char *ciphername,
                      /* given a key and key_type, build a key_ctx */
                      void
                     -init_key_ctx(struct key_ctx *ctx, struct key *key,
                     +init_key_ctx(struct key_ctx *ctx, const struct key *key,
                                   const struct key_type *kt, int enc,
                                   const char *prefix)
+                     {

src/openvpn/crypto.h

History View file @ 5e6e4b7

@@ -312,7 +312,7 @@ void init_key_type(struct key_type *kt, const char *ciphername,
                       * Key context functions
                       */
                     -void init_key_ctx(struct key_ctx *ctx, struct key *key,
                     +void init_key_ctx(struct key_ctx *ctx, const struct key *key,
                                        const struct key_type *kt, int enc,
                                        const char *prefix);

src/openvpn/crypto_backend.h

History View file @ 5e6e4b7

@@ -323,7 +323,7 @@ void cipher_ctx_free(cipher_ctx_t *ctx);
                       * @param enc           Whether to encrypt or decrypt (either
                       *                      \c MBEDTLS_OP_ENCRYPT or \c MBEDTLS_OP_DECRYPT).
                       */
                     -void cipher_ctx_init(cipher_ctx_t *ctx, uint8_t *key, int key_len,
                     +void cipher_ctx_init(cipher_ctx_t *ctx, const uint8_t *key, int key_len,
                                           const cipher_kt_t *kt, int enc);
                      /**
@@ -391,7 +391,7 @@ const cipher_kt_t *cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx);
+                      *
                       * @return              \c 0 on failure, \c 1 on success.
                       */
                     -int cipher_ctx_reset(cipher_ctx_t *ctx, uint8_t *iv_buf);
                     +int cipher_ctx_reset(cipher_ctx_t *ctx, const uint8_t *iv_buf);
                      /**
                       * Updates the given cipher context, providing additional data (AD) for

src/openvpn/crypto_mbedtls.c

History View file @ 5e6e4b7

@@ -523,7 +523,7 @@ cipher_ctx_free(mbedtls_cipher_context_t *ctx)
 }
 
 void
-cipher_ctx_init(mbedtls_cipher_context_t *ctx, uint8_t *key, int key_len,
+cipher_ctx_init(mbedtls_cipher_context_t *ctx, const uint8_t *key, int key_len,
                 const mbedtls_cipher_info_t *kt, const mbedtls_operation_t operation)
 {
     ASSERT(NULL != kt && NULL != ctx);
@@ -597,7 +597,7 @@ cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
 }
 
 int
-cipher_ctx_reset(mbedtls_cipher_context_t *ctx, uint8_t *iv_buf)
+cipher_ctx_reset(mbedtls_cipher_context_t *ctx, const uint8_t *iv_buf)
 {
     if (!mbed_ok(mbedtls_cipher_reset(ctx)))
     {

src/openvpn/crypto_openssl.c

History View file @ 5e6e4b7

@@ -665,7 +665,7 @@ cipher_ctx_free(EVP_CIPHER_CTX *ctx)
 }
 
 void
-cipher_ctx_init(EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len,
+cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len,
                 const EVP_CIPHER *kt, int enc)
 {
     ASSERT(NULL != kt && NULL != ctx);
@@ -732,7 +732,7 @@ cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
 
 
 int
-cipher_ctx_reset(EVP_CIPHER_CTX *ctx, uint8_t *iv_buf)
+cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf)
 {
     return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
 }

...	...	@@ -523,7 +523,7 @@ cipher_ctx_free(mbedtls_cipher_context_t *ctx)
523	523	}
524	524
525	525	void
526		-cipher_ctx_init(mbedtls_cipher_context_t ctx, uint8_t key, int key_len,
	526	+cipher_ctx_init(mbedtls_cipher_context_t ctx, const uint8_t key, int key_len,
527	527	const mbedtls_cipher_info_t *kt, const mbedtls_operation_t operation)
528	528	{
529	529	ASSERT(NULL != kt && NULL != ctx);
...	...	@@ -597,7 +597,7 @@ cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
597	597	}
598	598
599	599	int
600		-cipher_ctx_reset(mbedtls_cipher_context_t ctx, uint8_t iv_buf)
	600	+cipher_ctx_reset(mbedtls_cipher_context_t ctx, const uint8_t iv_buf)
601	601	{
602	602	if (!mbed_ok(mbedtls_cipher_reset(ctx)))
603	603	{

...	...	@@ -665,7 +665,7 @@ cipher_ctx_free(EVP_CIPHER_CTX *ctx)
665	665	}
666	666
667	667	void
668		-cipher_ctx_init(EVP_CIPHER_CTX ctx, uint8_t key, int key_len,
	668	+cipher_ctx_init(EVP_CIPHER_CTX ctx, const uint8_t key, int key_len,
669	669	const EVP_CIPHER *kt, int enc)
670	670	{
671	671	ASSERT(NULL != kt && NULL != ctx);
...	...	@@ -732,7 +732,7 @@ cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
732	732
733	733
734	734	int
735		-cipher_ctx_reset(EVP_CIPHER_CTX ctx, uint8_t iv_buf)
	735	+cipher_ctx_reset(EVP_CIPHER_CTX ctx, const uint8_t iv_buf)
736	736	{
737	737	return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
738	738	}