OpenSSL: remove pre-1.1 function from the OpenSSL compat interface
HMAC_CTX_init() has been removed from OpenSSL 1.1. Both this function
and function HMAC_CTX_cleanup() has been replaced by HMAC_CTX_reset().
Commit aba98e9050eb54d72d921e70bcd422cb892b9c6c introduced support for
HMAC_CTX_init() for OpenSSL 1.1+ while other functions were mimicking
the OpenSSL 1.1 interface for earlier version. This is clearly not a
good idea -- a better approach would be to provide the new interface for
pre-1.1 versions in order to have the dependant code use only one
interface version. To implement that, we remove HMAC_CTX_init() from our
compatibility layer and implement HMAC_CTX_reset() in terms of a cleanup
followed by an init (as the regular HMAC_CTX_reset() function does in
OpenSSL 1.1. This change has a consequence on HMAC_CTX_free() which now
need to cleanup() the HMAC context before freeing it.
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170619153513.5420-1-logout@free.fr>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14889.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Emmanuel Deloget authored on 2017/06/20 00:35:13Showing 3 changed files
| ... | ... |
@@ -930,7 +930,7 @@ hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, |
| 930 | 930 |
{
|
| 931 | 931 |
ASSERT(NULL != kt && NULL != ctx); |
| 932 | 932 |
|
| 933 |
- HMAC_CTX_init(ctx); |
|
| 933 |
+ HMAC_CTX_reset(ctx); |
|
| 934 | 934 |
HMAC_Init_ex(ctx, key, key_len, kt, NULL); |
| 935 | 935 |
|
| 936 | 936 |
/* make sure we used a big enough key */ |
| ... | ... |
@@ -120,6 +120,15 @@ EVP_CIPHER_CTX_new(void) |
| 120 | 120 |
/** |
| 121 | 121 |
* Reset a HMAC context |
| 122 | 122 |
* |
| 123 |
+ * OpenSSL 1.1+ removes APIs HMAC_CTX_init() and HMAC_CTX_cleanup() |
|
| 124 |
+ * and replace them with a single call that does a cleanup followed |
|
| 125 |
+ * by an init. A proper _reset() for OpenSSL < 1.1 should perform |
|
| 126 |
+ * a similar set of operations. |
|
| 127 |
+ * |
|
| 128 |
+ * It means that before we kill a HMAC context, we'll have to cleanup |
|
| 129 |
+ * again, as we probably have allocated a few resources when we forced |
|
| 130 |
+ * an init. |
|
| 131 |
+ * |
|
| 123 | 132 |
* @param ctx The HMAC context |
| 124 | 133 |
* @return 1 on success, 0 on error |
| 125 | 134 |
*/ |
| ... | ... |
@@ -127,42 +136,22 @@ static inline int |
| 127 | 127 |
HMAC_CTX_reset(HMAC_CTX *ctx) |
| 128 | 128 |
{
|
| 129 | 129 |
HMAC_CTX_cleanup(ctx); |
| 130 |
+ HMAC_CTX_init(ctx); |
|
| 130 | 131 |
return 1; |
| 131 | 132 |
} |
| 132 | 133 |
#endif |
| 133 | 134 |
|
| 134 |
-#if !defined(HAVE_HMAC_CTX_INIT) |
|
| 135 |
-/** |
|
| 136 |
- * Init a HMAC context |
|
| 137 |
- * |
|
| 138 |
- * @param ctx The HMAC context |
|
| 139 |
- * |
|
| 140 |
- * Contrary to many functions in this file, HMAC_CTX_init() is not |
|
| 141 |
- * an OpenSSL 1.1 function: it comes from previous versions and was |
|
| 142 |
- * removed in v1.1. As a consequence, there is no distincting in |
|
| 143 |
- * v1.1 between a cleanup, and init and a reset. Yet, previous OpenSSL |
|
| 144 |
- * version need this distinction. |
|
| 145 |
- * |
|
| 146 |
- * In order to respect previous OpenSSL versions, we implement init |
|
| 147 |
- * as reset for OpenSSL 1.1+. |
|
| 148 |
- */ |
|
| 149 |
-static inline void |
|
| 150 |
-HMAC_CTX_init(HMAC_CTX *ctx) |
|
| 151 |
-{
|
|
| 152 |
- HMAC_CTX_reset(ctx); |
|
| 153 |
-} |
|
| 154 |
-#endif |
|
| 155 |
- |
|
| 156 | 135 |
#if !defined(HAVE_HMAC_CTX_FREE) |
| 157 | 136 |
/** |
| 158 |
- * Free an existing HMAC context |
|
| 137 |
+ * Cleanup and free an existing HMAC context |
|
| 159 | 138 |
* |
| 160 | 139 |
* @param ctx The HMAC context |
| 161 | 140 |
*/ |
| 162 | 141 |
static inline void |
| 163 |
-HMAC_CTX_free(HMAC_CTX *c) |
|
| 142 |
+HMAC_CTX_free(HMAC_CTX *ctx) |
|
| 164 | 143 |
{
|
| 165 |
- free(c); |
|
| 144 |
+ HMAC_CTX_cleanup(ctx); |
|
| 145 |
+ free(ctx); |
|
| 166 | 146 |
} |
| 167 | 147 |
#endif |
| 168 | 148 |
|