The behavior of EVP_CipherInit() changed in OpenSSL 1.1 -- instead of clearing the context when the cipher parameter was !NULL, it now clears the context unconditionnaly. As a result, subsequent calls to the function with additional information now fails.
The bulk work is done by EVP_CipherInit_ex() which has been part of the OpenSSL interface since the dawn of time (0.9.8 already has it). Thus, the change allows us to get the old behavior back instead of relying on dirty tricks. Signed-off-by: Emmanuel Deloget <log...@free.fr> --- src/openvpn/crypto_openssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 23de175..2bca88b 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -683,7 +683,7 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len, crypto_msg(M_FATAL, "EVP set key size"); } #endif - if (!EVP_CipherInit(ctx, NULL, key, NULL, enc)) + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc)) { crypto_msg(M_FATAL, "EVP cipher init #2"); } @@ -736,7 +736,7 @@ cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx) int cipher_ctx_reset(EVP_CIPHER_CTX *ctx, uint8_t *iv_buf) { - return EVP_CipherInit(ctx, NULL, NULL, iv_buf, -1); + return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1); } int -- 2.7.4 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel