Hi,
On 14-01-18 00:00, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> - RSA_meth_new allocates memory for the name string
> and must be released using RSA_meth_free
>
> Signed-off-by: Selva Nair
> ---
> src/openvpn/ssl_openssl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Hi,
On 12-01-18 17:48, Emmanuel Deloget wrote:
> The internal EVP_PKEY::pkey member is an union thus we need to check for
> the real key type before we can return the corresponding RSA, DSA or EC
> public key.
>
> Reported-by: Selva Nair
> Signed-off-by: Emmanuel Deloget
>
> diff --git a/src/o
Hi,
On 12-01-18 22:37, Emmanuel Deloget wrote:
> Calling EVP_KEY_id() before EVP_PKEY_get0_*() is unnecessary as
> the same check is also performed in the later.
>
> We also make the code a bit better by not calling the various
> EVP_PKEY_get0_*() functions twice (this needs a bit or reordering t
Hi,
On 12-01-18 17:48, Emmanuel Deloget wrote:
> The function is no longer used so we don't need to keep it in the
> OpenSSL 1.1 compatibility layer.
>
> Signed-off-by: Emmanuel Deloget
>
> diff --git a/configure.ac b/configure.ac
> index b4fd1b3f..716b45dc 100644
> --- a/configure.ac
> +++ b/c
Hi,
On 08-01-18 03:21, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> - Replace direct access to internals of openssl structs
> by corresponding methods.
>
> Signed-off-by: Selva Nair
> ---
> Tested on Windows 10 with openssl 1.0.1r and 1.1.0g
>
> configure.ac | 1 +
>
no-multilib is only supported on openssl-1.0.X, do not use it
if OPENSSL_VERSION is 1.1.0
Signed-off-by: Ilya Shipitsin
---
.travis/build-deps.sh | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index bc538853..1761932e 100755
Hi,
On 14-01-18 15:06, Ilya Shipitsin wrote:
> no-multilib is only supported on openssl-1.0.X, do not use it
> if OPENSSL_VERSION is 1.1.0
>
> Signed-off-by: Ilya Shipitsin
> ---
> .travis/build-deps.sh | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/.travis/build
Hi,
On Sun, Jan 14, 2018 at 6:28 AM, Steffan Karger wrote:
> Hi,
>
> On 08-01-18 03:21, selva.n...@gmail.com wrote:
>> From: Selva Nair
>>
>> - Replace direct access to internals of openssl structs
>> by corresponding methods.
>>
>> Signed-off-by: Selva Nair
>> ---
>> Tested on Windows 10 wit
Hi,
On 14-01-18 17:31, Selva Nair wrote:
> On Sun, Jan 14, 2018 at 6:28 AM, Steffan Karger wrote:
>> On 08-01-18 03:21, selva.n...@gmail.com wrote:
>>> From: Selva Nair
>>>
>>> - Replace direct access to internals of openssl structs
>>> by corresponding methods.
>>>
>>> Signed-off-by: Selva Na
Your patch has been applied to the master and release/2.4 branch.
commit e603afabb845d2552198843a987b5d9b0b7ac404 (master)
commit (release/2.4)
Author: Emmanuel Deloget
Date: Fri Jan 12 17:48:24 2018 +0100
OpenSSL: check EVP_PKEY key types before returning the pkey
Signed-off-by: Em
Moin,
On Sun, Jan 14, 2018 at 12:28:40PM +0100, Steffan Karger wrote:
> This conflicts with the patch set from Emmanuel, where he removes
> EVP_PKEY_id(). Canbe easily resolved by changing the if to
>
>if (!(pub_rsa = EVP_PKEY_get0_RSA))
>
> ... but only once the NULL-check patch for openss
Your patch has been applied to the master and release/2.4 branch.
commit 508741c1cf99b8a24205601800fa5056c6d0192b (master)
commit 73bb2a7d32069343b8bfd211bd5783482c8a490d (release/2.4)
Author: Selva Nair
Date: Sat Jan 13 18:00:46 2018 -0500
Use RSA_meth_free instead of free
Signed-of
2018-01-14 21:05 GMT+05:00 Steffan Karger :
> Hi,
>
> On 14-01-18 15:06, Ilya Shipitsin wrote:
> > no-multilib is only supported on openssl-1.0.X, do not use it
> > if OPENSSL_VERSION is 1.1.0
> >
> > Signed-off-by: Ilya Shipitsin
> > ---
> > .travis/build-deps.sh | 5 +++--
> > 1 file changed,
From: Selva Nair
- Replace direct access to internals of openssl structs
by corresponding methods.
v2: Remove the call to EVP_PKEY_id() as its slated for removal
from the compat layer (see also review by Stefan)
Signed-off-by: Selva Nair
---
Freeing rsa_method in this code path requires
Hi,
On 14-01-18 20:04, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> - Replace direct access to internals of openssl structs
> by corresponding methods.
>
> v2: Remove the call to EVP_PKEY_id() as its slated for removal
> from the compat layer (see also review by Stefan)
>
> Signed-
From: Selva Nair
- This automatically supports EC certificates through
--management-external-cert
- EC signature request from management has the same format
as for rsa with >RSA_SIGN replaced by >ECDSA_SIGN
Response should be of the form 'ecdsa-sig' followed
by DER encoded signature as ba
From: Selva Nair
Signed-off-by: Selva Nair
---
doc/management-notes.txt | 30 ++
1 file changed, 30 insertions(+)
diff --git a/doc/management-notes.txt b/doc/management-notes.txt
index a9ba18a..e2e8249 100644
--- a/doc/management-notes.txt
+++ b/doc/management-notes
From: Selva Nair
Hi,
For now this is only for openssl 1.1.0+. With some ifdefs and compat functions
could be back ported to 1.0.2.
For 1.0.1 hacks like duplicating internal ECDSA_METHOD struct or linking
to internal headers appears to be required. Not interesting unless there is a
strong deman
From: Selva Nair
- Move setting of key method callbacks into a function
No change in functionality.
Signed-off-by: Selva Nair
---
src/openvpn/ssl_openssl.c | 65 ++-
1 file changed, 41 insertions(+), 24 deletions(-)
diff --git a/src/openvpn/ssl_ope
Your patch has been applied to the master and release/2.4 branch.
(Technically it might not look like a bugfix, but since we decided
"2.4 gets support for OpenSSL 1.1" and cryptoapi was overlooked, this
*makes* it a bugfix. I have not even compile-tested it, trusting Selva
and Steffan here - an
20 matches
Mail list logo
