On Mon, Jan 24, 2022 at 2:22 PM Lev Stipakov <lstipa...@gmail.com> wrote:
> From: Lev Stipakov <l...@openvpn.net>
>
> - use sizeof(void *) since msvc doesn't support sizeof of function ptr
>
This is not just an msvc problem, but signals a bigger issue it seems. In
retrospect, passing function pointers pickled this was probably a bad
design decision on my part though we are forced by OpenSSL 3's design of
using OSSL_PARAMs to pass data to providers.
For now, The proposed fix (i.e., to use void*) looks okay to me especially
since its handled like a normal pointer during key import. But we may have
to find a better way for passing these function pointers if this comes back
to bite us.
>
> - use XKEY_PROV_PROPS macro instead of props since msvc
> requires constant expression in aggregate initializers
>
Makes sense.
> Signed-off-by: Lev Stipakov <l...@openvpn.net>
> ---
> src/openvpn/xkey_helper.c | 4 ++--
> src/openvpn/xkey_provider.c | 13 +++++--------
> 2 files changed, 7 insertions(+), 10 deletions(-)
>
> diff --git a/src/openvpn/xkey_helper.c b/src/openvpn/xkey_helper.c
> index c667f7be..50231335 100644
> --- a/src/openvpn/xkey_helper.c
> +++ b/src/openvpn/xkey_helper.c
> @@ -125,8 +125,8 @@ xkey_load_generic_key(OSSL_LIB_CTX *libctx, void
> *handle, EVP_PKEY *pubkey,
> {"xkey-origin", OSSL_PARAM_UTF8_STRING, (char *) origin, 0, 0},
> {"pubkey", OSSL_PARAM_OCTET_STRING, &pubkey, sizeof(pubkey), 0},
> {"handle", OSSL_PARAM_OCTET_PTR, &handle, sizeof(handle), 0},
> - {"sign_op", OSSL_PARAM_OCTET_PTR, (void **) &sign_op,
> sizeof(sign_op), 0},
> - {"free_op", OSSL_PARAM_OCTET_PTR, (void **) &free_op,
> sizeof(free_op), 0},
> + {"sign_op", OSSL_PARAM_OCTET_PTR, (void **) &sign_op, sizeof(void
> *), 0},
> + {"free_op", OSSL_PARAM_OCTET_PTR, (void **) &free_op, sizeof(void
> *), 0},
> {NULL, 0, NULL, 0, 0}};
>
> /* Do not use EVP_PKEY_new_from_pkey as that will take keymgmt from
> pubkey */
> diff --git a/src/openvpn/xkey_provider.c b/src/openvpn/xkey_provider.c
> index c2d560c5..115b9931 100644
> --- a/src/openvpn/xkey_provider.c
> +++ b/src/openvpn/xkey_provider.c
> @@ -44,9 +44,6 @@
> #include <openssl/evp.h>
> #include <openssl/err.h>
>
> -/* propq set all on all ops we implement */
> -static const char *const props = XKEY_PROV_PROPS;
> -
> /* A descriptive name */
> static const char *provname = "OpenVPN External Key Provider";
>
> @@ -592,9 +589,9 @@ static const OSSL_DISPATCH ec_keymgmt_functions[] = {
> };
>
> const OSSL_ALGORITHM keymgmts[] = {
> - {"RSA:rsaEncryption", props, rsa_keymgmt_functions, "OpenVPN xkey RSA
> Key Manager"},
> - {"RSA-PSS:RSASSA-PSS", props, rsa_keymgmt_functions, "OpenVPN xkey
> RSA-PSS Key Manager"},
> - {"EC:id-ecPublicKey", props, ec_keymgmt_functions, "OpenVPN xkey EC
> Key Manager"},
> + {"RSA:rsaEncryption", XKEY_PROV_PROPS, rsa_keymgmt_functions,
> "OpenVPN xkey RSA Key Manager"},
> + {"RSA-PSS:RSASSA-PSS", XKEY_PROV_PROPS, rsa_keymgmt_functions,
> "OpenVPN xkey RSA-PSS Key Manager"},
> + {"EC:id-ecPublicKey", XKEY_PROV_PROPS, ec_keymgmt_functions, "OpenVPN
> xkey EC Key Manager"},
> {NULL, NULL, NULL, NULL}
> };
>
> @@ -1074,8 +1071,8 @@ static const OSSL_DISPATCH signature_functions[] = {
> };
>
> const OSSL_ALGORITHM signatures[] = {
> - {"RSA:rsaEncryption", props, signature_functions, "OpenVPN xkey RSA
> Signature"},
> - {"ECDSA", props, signature_functions, "OpenVPN xkey ECDSA Signature"},
> + {"RSA:rsaEncryption", XKEY_PROV_PROPS, signature_functions, "OpenVPN
> xkey RSA Signature"},
> + {"ECDSA", XKEY_PROV_PROPS, signature_functions, "OpenVPN xkey ECDSA
> Signature"},
> {NULL, NULL, NULL, NULL}
> };
Acked-by: Selva Nair <selva.n...@gmail.com>
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
