Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex

EVP_CipherInit basically is the same EVP_CipherInit_ex except that it in some instances it resets/inits the ctx parameter first. We already call EVP_CIPHER_CTX_reset to reset/init the ctx before. Also ensure that EVP_CipherInit_Ex gets the cipher to actually be able to initialise the context. OpenSSL 1.0.2: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/evp/evp_enc.c#L94 EVP_CipherInit calls first EVP_CIPHER_CTX_init and then EVP_CipherInit_ex Our openssl_compat.h has for these older OpenSSL versions OpenSSL 3.0: https://github.com/openssl/openssl/blob/openssl-3.2/crypto/evp/evp_enc.c#L450 basically the same as 1.0.2. Just that method names have been changed. Change-Id: I911e25949a8647b567fd4178683534d4404ab469 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20240402134909.6340-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28523.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
2025-05-09 05:31:05 +08:00 · 2024-04-02 15:49:09 +02:00 · 2024-04-02 15:49:09 +02:00 · e81e3eb1a4
commit e81e3eb1a4
parent ff402c7c2f
1 changed files with 1 additions and 5 deletions
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@ -846,11 +846,7 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key,
    evp_cipher_type *kt = cipher_get(ciphername);

    EVP_CIPHER_CTX_reset(ctx);
-    if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc))
-    {
-        crypto_msg(M_FATAL, "EVP cipher init #1");
-    }
-    if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc))
+    if (!EVP_CipherInit_ex(ctx, kt, NULL, key, NULL, enc))
    {
        crypto_msg(M_FATAL, "EVP cipher init #2");
    }