On 19/01/2022 17:34, Selva Nair wrote:
Hi,Sorry for chiming in late:On Wed, Jan 19, 2022 at 10:20 AM David Sommerseth <open...@sf.lists.topphemmelig.net <mailto:open...@sf.lists.topphemmelig.net>> wrote:From: David Sommerseth <dav...@openvpn.net <mailto:dav...@openvpn.net>> On Fedora and RHEL/CentOS, the standard OpenSSL library has the FIPS module enabled by default. On these platforms, the OPENSSL_FIPS macro is always defined via /usr/include/openssl/opensslconf-*.h. Without this fix, the following compilation error appears: ./src/openvpn/crypto.c: In function ‘print_cipher’: ./src/openvpn/crypto.c:1707:43: error: ‘cipher’ undeclared (first use in this function); did you mean ‘iphdr’? if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS)) ^~~~~~ The EVP_CIPHER_fetch() and EVP_CIPHER_free() methods are also provided via the openssl_compat.h for older than OpenSSL 3.0. Signed-off-by: David Sommerseth <dav...@openvpn.net <mailto:dav...@openvpn.net>> --- src/openvpn/crypto.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 5626e2b6..e489d453 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -34,6 +34,7 @@ #include "error.h" #include "integer.h" #include "platform.h" +#include "openssl_compat.h" #include "memdbg.h" @@ -1704,10 +1705,13 @@ print_cipher(const char *ciphername) printf(", TLS client/server mode only"); } #ifdef OPENSSL_FIPS + evp_cipher_type *cipher = EVP_CIPHER_fetch(NULL, ciphername, NULL); + if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))We need to check that cipher is not NULL. Fetch can return NULL while EVP_CIPHER_flags() requires a non-null argument. Something like: if (cipher && FIPS_mode && etc...) will do.EVP_CIPHER_free() below can handle NULL, so no problem there.
Thanks! v3 is on its way. -- kind regards, David Sommerseth OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel