OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including EVP_CIPHER_CTX. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed-off-by: Emmanuel Deloget <logout@free.fr>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170612134330.20971-7-logout@free.fr>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14796.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -829,7 +829,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key, |
829 | 829 |
if (kt->cipher && kt->cipher_length > 0) |
830 | 830 |
{ |
831 | 831 |
|
832 |
- ALLOC_OBJ(ctx->cipher, cipher_ctx_t); |
|
832 |
+ ctx->cipher = cipher_ctx_new(); |
|
833 | 833 |
cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length, |
834 | 834 |
kt->cipher, enc); |
835 | 835 |
|
... | ... |
@@ -878,7 +878,7 @@ free_key_ctx(struct key_ctx *ctx) |
878 | 878 |
if (ctx->cipher) |
879 | 879 |
{ |
880 | 880 |
cipher_ctx_cleanup(ctx->cipher); |
881 |
- free(ctx->cipher); |
|
881 |
+ cipher_ctx_free(ctx->cipher); |
|
882 | 882 |
ctx->cipher = NULL; |
883 | 883 |
} |
884 | 884 |
if (ctx->hmac) |
... | ... |
@@ -300,6 +300,20 @@ bool cipher_kt_mode_aead(const cipher_kt_t *cipher); |
300 | 300 |
*/ |
301 | 301 |
|
302 | 302 |
/** |
303 |
+ * Allocate a new cipher context |
|
304 |
+ * |
|
305 |
+ * @return a new cipher context |
|
306 |
+ */ |
|
307 |
+cipher_ctx_t *cipher_ctx_new(void); |
|
308 |
+ |
|
309 |
+/** |
|
310 |
+ * Free a cipher context |
|
311 |
+ * |
|
312 |
+ * @param ctx Cipher context. |
|
313 |
+ */ |
|
314 |
+void cipher_ctx_free(cipher_ctx_t *ctx); |
|
315 |
+ |
|
316 |
+/** |
|
303 | 317 |
* Initialise a cipher context, based on the given key and key type. |
304 | 318 |
* |
305 | 319 |
* @param ctx Cipher context. May not be NULL |
... | ... |
@@ -508,6 +508,19 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher) |
508 | 508 |
* |
509 | 509 |
*/ |
510 | 510 |
|
511 |
+mbedtls_cipher_context_t * |
|
512 |
+cipher_ctx_new(void) |
|
513 |
+{ |
|
514 |
+ mbedtls_cipher_context_t *ctx; |
|
515 |
+ ALLOC_OBJ(ctx, mbedtls_cipher_context_t); |
|
516 |
+ return ctx; |
|
517 |
+} |
|
518 |
+ |
|
519 |
+void |
|
520 |
+cipher_ctx_free(mbedtls_cipher_context_t *ctx) |
|
521 |
+{ |
|
522 |
+ free(ctx); |
|
523 |
+} |
|
511 | 524 |
|
512 | 525 |
void |
513 | 526 |
cipher_ctx_init(mbedtls_cipher_context_t *ctx, uint8_t *key, int key_len, |
... | ... |
@@ -650,6 +650,19 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher) |
650 | 650 |
* |
651 | 651 |
*/ |
652 | 652 |
|
653 |
+cipher_ctx_t * |
|
654 |
+cipher_ctx_new(void) |
|
655 |
+{ |
|
656 |
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); |
|
657 |
+ check_malloc_return(ctx); |
|
658 |
+ return ctx; |
|
659 |
+} |
|
660 |
+ |
|
661 |
+void |
|
662 |
+cipher_ctx_free(EVP_CIPHER_CTX *ctx) |
|
663 |
+{ |
|
664 |
+ EVP_CIPHER_CTX_free(ctx); |
|
665 |
+} |
|
653 | 666 |
|
654 | 667 |
void |
655 | 668 |
cipher_ctx_init(EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len, |
... | ... |
@@ -657,8 +670,6 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len, |
657 | 657 |
{ |
658 | 658 |
ASSERT(NULL != kt && NULL != ctx); |
659 | 659 |
|
660 |
- CLEAR(*ctx); |
|
661 |
- |
|
662 | 660 |
EVP_CIPHER_CTX_init(ctx); |
663 | 661 |
if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc)) |
664 | 662 |
{ |
... | ... |
@@ -88,6 +88,34 @@ EVP_MD_CTX_new(void) |
88 | 88 |
} |
89 | 89 |
#endif |
90 | 90 |
|
91 |
+#if !defined(HAVE_EVP_CIPHER_CTX_FREE) |
|
92 |
+/** |
|
93 |
+ * Free an existing cipher context |
|
94 |
+ * |
|
95 |
+ * @param ctx The cipher context |
|
96 |
+ */ |
|
97 |
+static inline void |
|
98 |
+EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c) |
|
99 |
+{ |
|
100 |
+ free(c); |
|
101 |
+} |
|
102 |
+#endif |
|
103 |
+ |
|
104 |
+#if !defined(HAVE_EVP_CIPHER_CTX_NEW) |
|
105 |
+/** |
|
106 |
+ * Allocate a new cipher context object |
|
107 |
+ * |
|
108 |
+ * @return A zero'ed cipher context object |
|
109 |
+ */ |
|
110 |
+static inline EVP_CIPHER_CTX * |
|
111 |
+EVP_CIPHER_CTX_new(void) |
|
112 |
+{ |
|
113 |
+ EVP_CIPHER_CTX *ctx = NULL; |
|
114 |
+ ALLOC_OBJ_CLEAR(ctx, EVP_CIPHER_CTX); |
|
115 |
+ return ctx; |
|
116 |
+} |
|
117 |
+#endif |
|
118 |
+ |
|
91 | 119 |
#if !defined(HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA) |
92 | 120 |
/** |
93 | 121 |
* Fetch the default password callback user data from the SSL context |