From patchwork Tue Oct 19 05:50:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 1994 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id cHYtI9b3bmHpOgAAIUCqbw (envelope-from ) for ; Tue, 19 Oct 2021 12:52:38 -0400 Received: from proxy4.mail.iad3b.rsapps.net ([172.31.255.6]) by director9.mail.ord1d.rsapps.net with LMTP id CH0MI9b3bmHLBwAAalYnBA (envelope-from ) for ; Tue, 19 Oct 2021 12:52:38 -0400 Received: from smtp32.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.iad3b.rsapps.net with LMTPS id VURoHNb3bmEaIwAA9crAow (envelope-from ) for ; Tue, 19 Oct 2021 12:52:38 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp32.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: f6447804-30fc-11ec-8d97-5254006a2e70-1-1 Received: from [216.105.38.7] ([216.105.38.7:53062] helo=lists.sourceforge.net) by smtp32.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id AF/25-06898-4D7FE616; Tue, 19 Oct 2021 12:52:37 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mcsL4-00010q-PH; Tue, 19 Oct 2021 16:51:46 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mcsL3-00010j-6l for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 16:51:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=TLaDjWXDBY7IB3sZFd74ndv5V4wkOIoUJtN02MQAGLk=; b=Vve4FKuKEQqjwHiDrre0QZt4MQ JYU9JRzEA2wPsDSkkkZFcI1BTijmChPXgG9/NeJPtOWA07FRAHNJZOIurnLJiibV5WmYzget28bu6 3MKVI6rjqp+QKJEbi6sKwPImxxCQmsGI52az+8kLJwtylrHQH5V+idVTyQzQ/ZIX/nX0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=TLaDjWXDBY7IB3sZFd74ndv5V4wkOIoUJtN02MQAGLk=; b=JXKMe806XY8zk/VzkG2Dw2Gq5w ftzIU2yZucPwQtQX0hm7NclIHFYDeE3MIMhwnrbyvM8TDA3xbAw9ye1kBUkGHAfiGDNN0TgnVBlV2 5Ll6RAZdLFnidyZYDFEc0pjCuvBzj+WO9Xj1OVtVobMpUKe+FMkgpjkHVpY6XbcNJKrA=; Received: from mail-qv1-f49.google.com ([209.85.219.49]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1mcsL2-00014S-KO for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 16:51:45 +0000 Received: by mail-qv1-f49.google.com with SMTP id m13so372417qvk.1 for ; Tue, 19 Oct 2021 09:51:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=TLaDjWXDBY7IB3sZFd74ndv5V4wkOIoUJtN02MQAGLk=; b=c6PRefDmFx3RMAZJ96UERplk72AxC8OEks/u7If8ZxGrS6dU8aRHMAgsArIaWOQuKr TVCmlyEjge54fRlycZlNDS1f2O1mOnlsSGN0FTVrscWEolMJERACkBJagQWfvkQN8Yq5 G4iClwC+E7SljkpBR8IWb/njYXa7Y3ZBHsBugtu0mZR8nbS75Kw6OZhkwa1A8sVvo9lA NtfPyIUKB14ue6qiat+XT3HHJA5R4oM6RMajHqKY2eYibf59wk8+Ws41ox2dFIyKC2jU O4DeOMvRk0hHeMjmaD32G8r0LpKt4dTbEFBYB6SDaDUA13BHa2CBSplrD91nM37lP9WG XSQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TLaDjWXDBY7IB3sZFd74ndv5V4wkOIoUJtN02MQAGLk=; b=67x7536qoJklmXRsA7TV2KTe1jTG3wHXa9grYIXmYVFWJbmGhWNCbXlZvhum2uDFGn oDBgKjI/V/3yLoUvHeP6Y2PuM06SJy0D4sdFW9iORlGs6ZwYjQAICq5qjTXNhGSkrAdP mD4b8qf6VbjAuxrbhuGH4wTgxuU+1GGyv0alEMSsXtask7UEd14LxwGYnG9bbg0SkDBu 0h4mZ2SGcg+CIpbWEBqnGpP9z0kn2gkQZXtjs4Vau7mWvpPSE7YTjq0w2uRGdtXvzNlC h6R7BBiCyAhPBptkhYCzR6L1uK8g3KNKQNBLx/u6m/8DLXPpQ8FcuGBWwiae7I8dg+Y5 NoBQ== X-Gm-Message-State: AOAM530FjryNCAsCxHy599hFzTUVHcKRBmv+kMFE8k2rCWAbltz0Xajx 2X8MhxOhq5rEFbtQ/+kjb1y+A3YvhQw= X-Google-Smtp-Source: ABdhPJw6R7sQj75/g5v/RWSRo/6rsv6ePy/zzgG8gEM6bnrrlXfzs69mndDsBiRRvwFzFQFk2pVGtQ== X-Received: by 2002:a0c:80e4:: with SMTP id 91mr926402qvb.57.1634662298653; Tue, 19 Oct 2021 09:51:38 -0700 (PDT) Received: from uranus.home.sansel.ca (bras-vprn-tnhlon4053w-lp130-02-70-51-223-227.dsl.bell.ca. [70.51.223.227]) by smtp.gmail.com with ESMTPSA id p187sm8232732qkd.101.2021.10.19.09.51.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Oct 2021 09:51:38 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 12:50:53 -0400 Message-Id: <20211019165053.26345-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <202110191547.19JFlZlp091520@chekov.greenie.muc.de> References: <202110191547.19JFlZlp091520@chekov.greenie.muc.de> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Do not support the use of OPENSSL_NO_EC on Windows. We build Windows releases with EC key support enabled in OpenSSL and there is no reason to disable it in OpenVPN. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.219.49 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.219.49 listed in list.dnswl.org] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1mcsL2-00014S-KO Subject: [Openvpn-devel] [PATCH for 2.5] Require EC key support in Windows builds X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair Do not support the use of OPENSSL_NO_EC on Windows. We build Windows releases with EC key support enabled in OpenSSL and there is no reason to disable it in OpenVPN. ECDSA signature for cryptoapicert is handled only with OpenSSL 1.1.0 or later. That restriction is retained. Same as commit ec9f698 in 2.6, except for context changes. Signed-off-by: Selva Nair Acked-by: Gert Doering --- src/openvpn/crypto_openssl.c | 4 ++++ src/openvpn/cryptoapi.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 79fbab40..c9dc9d0a 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -51,6 +51,10 @@ #include #include +#if defined(_WIN32) && defined(OPENSSL_NO_EC) +#error Windows build with OPENSSL_NO_EC: disabling EC key is not supported. +#endif + /* * Check for key size creepage. */ diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index 6c4df9e3..4becef4d 100644 --- a/src/openvpn/cryptoapi.c +++ b/src/openvpn/cryptoapi.c @@ -537,7 +537,7 @@ finish(RSA *rsa) return 1; } -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(OPENSSL_NO_EC) +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) static EC_KEY_METHOD *ec_method = NULL; @@ -1232,7 +1232,7 @@ SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop) goto err; } } -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(OPENSSL_NO_EC) +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { if (!ssl_ctx_set_eckey(ssl_ctx, cd, pkey))