Compile tested with 3.0.1 and glanced over the code. Not actually
tested (no management-external-key here) but I know that Arne is using
*this* in his Android app, so it got a good beating :-)
There might be a memory leak lurking here:
+#ifdef HAVE_XKEY_PROVIDER
+ EVP_PKEY *privkey = xkey_load_management_key(tls_libctx, pkey);
+ if (!privkey
+ || !SSL_CTX_use_PrivateKey(ctx->ctx, privkey))
+ {
+ goto cleanup;
+ }
+ EVP_PKEY_free(privkey);
+#else
if I read this right, the actual signing operation is happening
in SSL_CTX_use_PrivateKey() - so, if the key can be loaded fine
(privkey != NULL) but the actual signing fails, we "goto cleanup",
and never EVP_PKEY_free() it. But I might be misunderstanding this.
Fixed one typo in a comment ("avaialble") on the fly. Hope that
won't come back as a "context not matching" conflict later on.
Your patch has been applied to the master branch.
commit c279986bf4814aad72f9358d8509aa35f54ff662
Author: Selva Nair
Date: Tue Dec 14 11:59:16 2021 -0500
A helper function to import private key for management-external-key
Signed-off-by: Selva Nair <[email protected]>
Acked-by: Arne Schwabe <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg23443.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
