[Openvpn-devel,0/3] Fix EVP_PKEY key types handling

Message ID cover.1515775195.git.logout@free.fr
Headers show


Emmanuel Deloget Jan. 12, 2018, 5:48 a.m. UTC

The dubious commiter of the OpenSSL 1.1 changes got it wrong again. 
Not sure if I can trust this guy. Not to mention that he pretends to 
be /me/... :)

Anyway, I fixed some of his mistakes again.

For reference, this fixes a bug reported by Selva (hence the Reported-By 
tag on the first patch) where openvpn crashes when it's feeded with an 
ECC key (same bug shall arise when using a DSA key).

The first patch in the series is necessary (it's the one that fixes 
the bugs). Patch 2 remove code that is no longer necessary. Patch 3
then remove an entire function which is no longer used (although I'd 
understand if one wants to keep this function around).

Hopefully, this is the last time I have to correct a bug by the previous 
commiter (I will not name him. That would sound too weird). Next time, 
he'll have to do it by himself :)

Best regards, 

-- Emmanuel Deloget

Emmanuel Deloget (3):
  OpenSSL: check EVP_PKEY key types before returning the pkey
  OpenSSL: remove some EVP_PKEY type checks
  OpenSSL: remove EVP_PKEY_id()

 configure.ac                 |  1 -
 src/openvpn/openssl_compat.h | 20 +++-----------------
 src/openvpn/ssl_openssl.c    | 33 +++++++++++++++++----------------
 3 files changed, 20 insertions(+), 34 deletions(-)