Hi,
On 20-02-17 15:32, Emmanuel Deloget wrote:
> The behavior of EVP_CipherInit() changed in OpenSSL 1.1 -- instead
> of clearing the context when the cipher parameter was !NULL, it now
> clears the context unconditionnaly. As a result, subsequent calls
> to the function with additional information now fails.
>
> The bulk work is done by EVP_CipherInit_ex() which has been part of the
> OpenSSL interface since the dawn of time (0.9.8 already has it). Thus,
> the change allows us to get the old behavior back instead of relying
> on dirty tricks.
>
> Signed-off-by: Emmanuel Deloget <log...@free.fr>
> ---
> src/openvpn/crypto_openssl.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
> index 23de175..2bca88b 100644
> --- a/src/openvpn/crypto_openssl.c
> +++ b/src/openvpn/crypto_openssl.c
> @@ -683,7 +683,7 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, uint8_t *key, int
> key_len,
> crypto_msg(M_FATAL, "EVP set key size");
> }
> #endif
> - if (!EVP_CipherInit(ctx, NULL, key, NULL, enc))
> + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc))
> {
> crypto_msg(M_FATAL, "EVP cipher init #2");
> }
> @@ -736,7 +736,7 @@ cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
> int
> cipher_ctx_reset(EVP_CIPHER_CTX *ctx, uint8_t *iv_buf)
> {
> - return EVP_CipherInit(ctx, NULL, NULL, iv_buf, -1);
> + return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
> }
>
> int
>
ACK
-Steffan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
