Message ID | e8333f0b838670e558a9fe292cea8988484cd77f.1515775195.git.logout@free.fr |
---|---|
State | Accepted |
Headers | show |
Series | Fix EVP_PKEY key types handling | expand |
Hi, On 12-01-18 17:48, Emmanuel Deloget wrote: > The internal EVP_PKEY::pkey member is an union thus we need to check for > the real key type before we can return the corresponding RSA, DSA or EC > public key. > > Reported-by: Selva Nair <selva.nair@gmail.com> > Signed-off-by: Emmanuel Deloget <logout@free.fr> > > diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h > index 70b19aea..8b29cdaf 100644 > --- a/src/openvpn/openssl_compat.h > +++ b/src/openvpn/openssl_compat.h > @@ -240,7 +240,7 @@ X509_OBJECT_get_type(const X509_OBJECT *obj) > static inline RSA * > EVP_PKEY_get0_RSA(EVP_PKEY *pkey) > { > - return pkey ? pkey->pkey.rsa : NULL; > + return (pkey && pkey->type == EVP_PKEY_RSA) ? pkey->pkey.rsa : NULL; > } > #endif > > @@ -254,7 +254,7 @@ EVP_PKEY_get0_RSA(EVP_PKEY *pkey) > static inline EC_KEY * > EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) > { > - return pkey ? pkey->pkey.ec : NULL; > + return (pkey && pkey->type == EVP_PKEY_EC) ? pkey->pkey.ec : NULL; > } > #endif > > @@ -282,7 +282,7 @@ EVP_PKEY_id(const EVP_PKEY *pkey) > static inline DSA * > EVP_PKEY_get0_DSA(EVP_PKEY *pkey) > { > - return pkey ? pkey->pkey.dsa : NULL; > + return (pkey && pkey->type == EVP_PKEY_DSA) ? pkey->pkey.dsa : NULL; > } > #endif > > Looks good and passes my tests. Acked-by: Steffan Karger <steffan@karger.me> -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Your patch has been applied to the master and release/2.4 branch. commit e603afabb845d2552198843a987b5d9b0b7ac404 (master) commit (release/2.4) Author: Emmanuel Deloget Date: Fri Jan 12 17:48:24 2018 +0100 OpenSSL: check EVP_PKEY key types before returning the pkey Signed-off-by: Emmanuel Deloget <logout@free.fr> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <e8333f0b838670e558a9fe292cea8988484cd77f.1515775195.git.logout@free.fr> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16202.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index 70b19aea..8b29cdaf 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -240,7 +240,7 @@ X509_OBJECT_get_type(const X509_OBJECT *obj) static inline RSA * EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { - return pkey ? pkey->pkey.rsa : NULL; + return (pkey && pkey->type == EVP_PKEY_RSA) ? pkey->pkey.rsa : NULL; } #endif @@ -254,7 +254,7 @@ EVP_PKEY_get0_RSA(EVP_PKEY *pkey) static inline EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { - return pkey ? pkey->pkey.ec : NULL; + return (pkey && pkey->type == EVP_PKEY_EC) ? pkey->pkey.ec : NULL; } #endif @@ -282,7 +282,7 @@ EVP_PKEY_id(const EVP_PKEY *pkey) static inline DSA * EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { - return pkey ? pkey->pkey.dsa : NULL; + return (pkey && pkey->type == EVP_PKEY_DSA) ? pkey->pkey.dsa : NULL; } #endif
The internal EVP_PKEY::pkey member is an union thus we need to check for the real key type before we can return the corresponding RSA, DSA or EC public key. Reported-by: Selva Nair <selva.nair@gmail.com> Signed-off-by: Emmanuel Deloget <logout@free.fr>