From: Max Fillinger Date: Thu, 11 Aug 2022 12:07:22 +0000 (+0200) Subject: Handle EVP_MD_CTX as an opaque struct X-Git-Tag: v2.6_beta1~93 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a9d5dbf5c2d0fc979a05c84afd05689f2ad99b0;p=thirdparty%2Fopenvpn.git Handle EVP_MD_CTX as an opaque struct Building OpenVPN on the latest OpenBSD snapshot failed because EVP_MD_CTX is an opaque struct in LibreSSL now. Therefore, call md_ctx_new() instead of declaring them on the stack. When they're not on the stack anymore, we don't have to call EVP_MD_CTX_init() anymore, but we need to call EVP_MD_CTX_free() instead of cleanup. Signed-off-by: Max Fillinger Acked-by: Arne Schwabe Message-Id: <20220811120722.29168-2-maximilian.fillinger@foxcrypto.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24873.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 5cd09e335..5c86268db 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1492,7 +1492,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, { int chunk; size_t j; - EVP_MD_CTX ctx, ctx_tmp, ctx_init; + EVP_MD_CTX *ctx, *ctx_tmp, *ctx_init; EVP_PKEY *mac_key; unsigned char A1[EVP_MAX_MD_SIZE]; size_t A1_len = EVP_MAX_MD_SIZE; @@ -1501,28 +1501,28 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, chunk = EVP_MD_size(md); OPENSSL_assert(chunk >= 0); - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_init(&ctx_tmp); - EVP_MD_CTX_init(&ctx_init); - EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + ctx = md_ctx_new(); + ctx_tmp = md_ctx_new(); + ctx_init = md_ctx_new(); + EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (!mac_key) { goto err; } - if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key)) + if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key)) { goto err; } - if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init)) + if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) { goto err; } - if (!EVP_DigestSignUpdate(&ctx, seed, seed_len)) + if (!EVP_DigestSignUpdate(ctx, seed, seed_len)) { goto err; } - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) { goto err; } @@ -1530,19 +1530,19 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, for (;; ) { /* Reinit mac contexts */ - if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init)) + if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) { goto err; } - if (!EVP_DigestSignUpdate(&ctx, A1, A1_len)) + if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) { goto err; } - if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx)) + if (olen > chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx)) { goto err; } - if (!EVP_DigestSignUpdate(&ctx, seed, seed_len)) + if (!EVP_DigestSignUpdate(ctx, seed, seed_len)) { goto err; } @@ -1550,14 +1550,14 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, if (olen > chunk) { j = olen; - if (!EVP_DigestSignFinal(&ctx, out, &j)) + if (!EVP_DigestSignFinal(ctx, out, &j)) { goto err; } out += j; olen -= j; /* calc the next A1 value */ - if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len)) { goto err; } @@ -1566,7 +1566,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, { A1_len = EVP_MAX_MD_SIZE; /* last one */ - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) { goto err; } @@ -1577,9 +1577,9 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, ret = true; err: EVP_PKEY_free(mac_key); - EVP_MD_CTX_cleanup(&ctx); - EVP_MD_CTX_cleanup(&ctx_tmp); - EVP_MD_CTX_cleanup(&ctx_init); + EVP_MD_CTX_free(ctx); + EVP_MD_CTX_free(ctx_tmp); + EVP_MD_CTX_free(ctx_init); OPENSSL_cleanse(A1, sizeof(A1)); return ret; }