Hello,
The whole series is also viewable on github at
https://github.com/emmanuel-deloget/openvpn/commits/fix-evp-pkey
Best regards,
​-- Emmanuel Deloget​
--
Check out the vibrant tech community on one of the world's mo
Calling EVP_KEY_id() before EVP_PKEY_get0_*() is unnecessary as
the same check is also performed in the later.
We also make the code a bit better by not calling the various
EVP_PKEY_get0_*() functions twice (this needs a bit or reordering to
avoid introducing yet another #ifndef OPENSSL_NO_EC in t
Hello Selva,
On Fri, Jan 12, 2018 at 6:09 PM, Selva Nair wrote:
> Hi,
>
> I will defer to crypto experts for a proper review, but a quick remark
>
> On Fri, Jan 12, 2018 at 11:48 AM, Emmanuel Deloget wrote:
> > Calling EVP_KEY_id() before EVP_PKEY_get0_*() is unnecessary as
> > the same check i
Hi,
I will defer to crypto experts for a proper review, but a quick remark
On Fri, Jan 12, 2018 at 11:48 AM, Emmanuel Deloget wrote:
> Calling EVP_KEY_id() before EVP_PKEY_get0_*() is unnecessary as
> the same check is also performed in the later.
>
>
...
> +RSA *rsa = NULL;
> +
The internal EVP_PKEY::pkey member is an union thus we need to check for
the real key type before we can return the corresponding RSA, DSA or EC
public key.
Reported-by: Selva Nair
Signed-off-by: Emmanuel Deloget
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 70b
Hello,
The dubious commiter of the OpenSSL 1.1 changes got it wrong again.
Not sure if I can trust this guy. Not to mention that he pretends to
be /me/... :)
Anyway, I fixed some of his mistakes again.
For reference, this fixes a bug reported by Selva (hence the Reported-By
tag on the first
Calling EVP_KEY_id() before EVP_PKEY_get0_*() is unnecessary as
the same check is also performed in the later.
We also make the code a bit better by not calling the various
EVP_PKEY_get0_*() functions twice (this needs a bit or reordering to
avoid introducing yet another #ifndef OPENSSL_NO_EC in t
The function is no longer used so we don't need to keep it in the
OpenSSL 1.1 compatibility layer.
Signed-off-by: Emmanuel Deloget
diff --git a/configure.ac b/configure.ac
index b4fd1b3f..716b45dc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -925,7 +925,6 @@ if test "${with_crypto_library}" =
Signed-off-by: Antonio Quartulli
---
doc/openvpn.8 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 2b5cab12..43389cd3 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -1621,7 +1621,7 @@ and
.B \-\-ping\-restart.
This option can be used
