HMAC_CTX_init() has been removed from OpenSSL 1.1. Both this function
and function HMAC_CTX_cleanup() has been replaced by HMAC_CTX_reset().
Commit aba98e9050eb54d72d921e70bcd422cb892b9c6c introduced support for
HMAC_CTX_init() for OpenSSL 1.1+ while other functions were mimicking
the OpenSSL 1.1 interface for earlier version. This is clearly not a
good idea -- a better approach would be to provide the new interface for
pre-1.1 versions in order to have the dependant code use only one
interface version. To implement that, we remove HMAC_CTX_init() from our
compatibility layer and implement HMAC_CTX_reset() in terms of a cleanup
followed by an init (as the regular HMAC_CTX_reset() function does in
OpenSSL 1.1. This change has a consequence on HMAC_CTX_free() which now
need to cleanup() the HMAC context before freeing it.
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170619153513.5420-1-logout@free.fr>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14889.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -930,7 +930,7 @@ hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, |
930 | 930 |
{ |
931 | 931 |
ASSERT(NULL != kt && NULL != ctx); |
932 | 932 |
|
933 |
- HMAC_CTX_init(ctx); |
|
933 |
+ HMAC_CTX_reset(ctx); |
|
934 | 934 |
HMAC_Init_ex(ctx, key, key_len, kt, NULL); |
935 | 935 |
|
936 | 936 |
/* make sure we used a big enough key */ |
... | ... |
@@ -120,6 +120,15 @@ EVP_CIPHER_CTX_new(void) |
120 | 120 |
/** |
121 | 121 |
* Reset a HMAC context |
122 | 122 |
* |
123 |
+ * OpenSSL 1.1+ removes APIs HMAC_CTX_init() and HMAC_CTX_cleanup() |
|
124 |
+ * and replace them with a single call that does a cleanup followed |
|
125 |
+ * by an init. A proper _reset() for OpenSSL < 1.1 should perform |
|
126 |
+ * a similar set of operations. |
|
127 |
+ * |
|
128 |
+ * It means that before we kill a HMAC context, we'll have to cleanup |
|
129 |
+ * again, as we probably have allocated a few resources when we forced |
|
130 |
+ * an init. |
|
131 |
+ * |
|
123 | 132 |
* @param ctx The HMAC context |
124 | 133 |
* @return 1 on success, 0 on error |
125 | 134 |
*/ |
... | ... |
@@ -127,42 +136,22 @@ static inline int |
127 | 127 |
HMAC_CTX_reset(HMAC_CTX *ctx) |
128 | 128 |
{ |
129 | 129 |
HMAC_CTX_cleanup(ctx); |
130 |
+ HMAC_CTX_init(ctx); |
|
130 | 131 |
return 1; |
131 | 132 |
} |
132 | 133 |
#endif |
133 | 134 |
|
134 |
-#if !defined(HAVE_HMAC_CTX_INIT) |
|
135 |
-/** |
|
136 |
- * Init a HMAC context |
|
137 |
- * |
|
138 |
- * @param ctx The HMAC context |
|
139 |
- * |
|
140 |
- * Contrary to many functions in this file, HMAC_CTX_init() is not |
|
141 |
- * an OpenSSL 1.1 function: it comes from previous versions and was |
|
142 |
- * removed in v1.1. As a consequence, there is no distincting in |
|
143 |
- * v1.1 between a cleanup, and init and a reset. Yet, previous OpenSSL |
|
144 |
- * version need this distinction. |
|
145 |
- * |
|
146 |
- * In order to respect previous OpenSSL versions, we implement init |
|
147 |
- * as reset for OpenSSL 1.1+. |
|
148 |
- */ |
|
149 |
-static inline void |
|
150 |
-HMAC_CTX_init(HMAC_CTX *ctx) |
|
151 |
-{ |
|
152 |
- HMAC_CTX_reset(ctx); |
|
153 |
-} |
|
154 |
-#endif |
|
155 |
- |
|
156 | 135 |
#if !defined(HAVE_HMAC_CTX_FREE) |
157 | 136 |
/** |
158 |
- * Free an existing HMAC context |
|
137 |
+ * Cleanup and free an existing HMAC context |
|
159 | 138 |
* |
160 | 139 |
* @param ctx The HMAC context |
161 | 140 |
*/ |
162 | 141 |
static inline void |
163 |
-HMAC_CTX_free(HMAC_CTX *c) |
|
142 |
+HMAC_CTX_free(HMAC_CTX *ctx) |
|
164 | 143 |
{ |
165 |
- free(c); |
|
144 |
+ HMAC_CTX_cleanup(ctx); |
|
145 |
+ free(ctx); |
|
166 | 146 |
} |
167 | 147 |
#endif |
168 | 148 |
|