Browse code
OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including EVP_CIPHER_CTX. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed-off-by: Emmanuel Deloget <logout@free.fr>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170612134330.20971-7-logout@free.fr>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14796.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Emmanuel Deloget authored on 2017/06/12 22:43:28Showing 6 changed files
- configure.ac
- src/openvpn/crypto.c
- src/openvpn/crypto_backend.h
- src/openvpn/crypto_mbedtls.c
- src/openvpn/crypto_openssl.c
- src/openvpn/openssl_compat.h
| ... | ... |
@@ -829,7 +829,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key, |
| 829 | 829 |
if (kt->cipher && kt->cipher_length > 0) |
| 830 | 830 |
{
|
| 831 | 831 |
|
| 832 |
- ALLOC_OBJ(ctx->cipher, cipher_ctx_t); |
|
| 832 |
+ ctx->cipher = cipher_ctx_new(); |
|
| 833 | 833 |
cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length, |
| 834 | 834 |
kt->cipher, enc); |
| 835 | 835 |
|
| ... | ... |
@@ -878,7 +878,7 @@ free_key_ctx(struct key_ctx *ctx) |
| 878 | 878 |
if (ctx->cipher) |
| 879 | 879 |
{
|
| 880 | 880 |
cipher_ctx_cleanup(ctx->cipher); |
| 881 |
- free(ctx->cipher); |
|
| 881 |
+ cipher_ctx_free(ctx->cipher); |
|
| 882 | 882 |
ctx->cipher = NULL; |
| 883 | 883 |
} |
| 884 | 884 |
if (ctx->hmac) |
| ... | ... |
@@ -300,6 +300,20 @@ bool cipher_kt_mode_aead(const cipher_kt_t *cipher); |
| 300 | 300 |
*/ |
| 301 | 301 |
|
| 302 | 302 |
/** |
| 303 |
+ * Allocate a new cipher context |
|
| 304 |
+ * |
|
| 305 |
+ * @return a new cipher context |
|
| 306 |
+ */ |
|
| 307 |
+cipher_ctx_t *cipher_ctx_new(void); |
|
| 308 |
+ |
|
| 309 |
+/** |
|
| 310 |
+ * Free a cipher context |
|
| 311 |
+ * |
|
| 312 |
+ * @param ctx Cipher context. |
|
| 313 |
+ */ |
|
| 314 |
+void cipher_ctx_free(cipher_ctx_t *ctx); |
|
| 315 |
+ |
|
| 316 |
+/** |
|
| 303 | 317 |
* Initialise a cipher context, based on the given key and key type. |
| 304 | 318 |
* |
| 305 | 319 |
* @param ctx Cipher context. May not be NULL |
| ... | ... |
@@ -508,6 +508,19 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher) |
| 508 | 508 |
* |
| 509 | 509 |
*/ |
| 510 | 510 |
|
| 511 |
+mbedtls_cipher_context_t * |
|
| 512 |
+cipher_ctx_new(void) |
|
| 513 |
+{
|
|
| 514 |
+ mbedtls_cipher_context_t *ctx; |
|
| 515 |
+ ALLOC_OBJ(ctx, mbedtls_cipher_context_t); |
|
| 516 |
+ return ctx; |
|
| 517 |
+} |
|
| 518 |
+ |
|
| 519 |
+void |
|
| 520 |
+cipher_ctx_free(mbedtls_cipher_context_t *ctx) |
|
| 521 |
+{
|
|
| 522 |
+ free(ctx); |
|
| 523 |
+} |
|
| 511 | 524 |
|
| 512 | 525 |
void |
| 513 | 526 |
cipher_ctx_init(mbedtls_cipher_context_t *ctx, uint8_t *key, int key_len, |
| ... | ... |
@@ -650,6 +650,19 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher) |
| 650 | 650 |
* |
| 651 | 651 |
*/ |
| 652 | 652 |
|
| 653 |
+cipher_ctx_t * |
|
| 654 |
+cipher_ctx_new(void) |
|
| 655 |
+{
|
|
| 656 |
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); |
|
| 657 |
+ check_malloc_return(ctx); |
|
| 658 |
+ return ctx; |
|
| 659 |
+} |
|
| 660 |
+ |
|
| 661 |
+void |
|
| 662 |
+cipher_ctx_free(EVP_CIPHER_CTX *ctx) |
|
| 663 |
+{
|
|
| 664 |
+ EVP_CIPHER_CTX_free(ctx); |
|
| 665 |
+} |
|
| 653 | 666 |
|
| 654 | 667 |
void |
| 655 | 668 |
cipher_ctx_init(EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len, |
| ... | ... |
@@ -657,8 +670,6 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len, |
| 657 | 657 |
{
|
| 658 | 658 |
ASSERT(NULL != kt && NULL != ctx); |
| 659 | 659 |
|
| 660 |
- CLEAR(*ctx); |
|
| 661 |
- |
|
| 662 | 660 |
EVP_CIPHER_CTX_init(ctx); |
| 663 | 661 |
if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc)) |
| 664 | 662 |
{
|
| ... | ... |
@@ -88,6 +88,34 @@ EVP_MD_CTX_new(void) |
| 88 | 88 |
} |
| 89 | 89 |
#endif |
| 90 | 90 |
|
| 91 |
+#if !defined(HAVE_EVP_CIPHER_CTX_FREE) |
|
| 92 |
+/** |
|
| 93 |
+ * Free an existing cipher context |
|
| 94 |
+ * |
|
| 95 |
+ * @param ctx The cipher context |
|
| 96 |
+ */ |
|
| 97 |
+static inline void |
|
| 98 |
+EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c) |
|
| 99 |
+{
|
|
| 100 |
+ free(c); |
|
| 101 |
+} |
|
| 102 |
+#endif |
|
| 103 |
+ |
|
| 104 |
+#if !defined(HAVE_EVP_CIPHER_CTX_NEW) |
|
| 105 |
+/** |
|
| 106 |
+ * Allocate a new cipher context object |
|
| 107 |
+ * |
|
| 108 |
+ * @return A zero'ed cipher context object |
|
| 109 |
+ */ |
|
| 110 |
+static inline EVP_CIPHER_CTX * |
|
| 111 |
+EVP_CIPHER_CTX_new(void) |
|
| 112 |
+{
|
|
| 113 |
+ EVP_CIPHER_CTX *ctx = NULL; |
|
| 114 |
+ ALLOC_OBJ_CLEAR(ctx, EVP_CIPHER_CTX); |
|
| 115 |
+ return ctx; |
|
| 116 |
+} |
|
| 117 |
+#endif |
|
| 118 |
+ |
|
| 91 | 119 |
#if !defined(HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA) |
| 92 | 120 |
/** |
| 93 | 121 |
* Fetch the default password callback user data from the SSL context |