git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Lev Stipakov <lev@openvpn.net>
	Thu, 17 Jun 2021 06:12:26 +0000 (09:12 +0300)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 17 Jun 2021 08:49:37 +0000 (10:49 +0200)
commit	447cfb4f30fd96126f7d2945cd14ef39cc13a08a
tree	dbc2f4e168a6f3a3ed707ae9001ec5e7b016ea7a	tree
parent	d8dee82f1129ac6d3e4bcdc867726f5d64798dc7	commit \| diff

crypto_openssl.c: disable explicit initialization on Windows (CVE-2121-3606)

Commit a4071b ("crypto_openssl: add initialization to pick up local
configuration") added openssl initialization to load configuration
file. However on Windows this file is loaded from user-writable
directory, such as c:\etc\ssl for mingw builds and (for example)
c:\vcpkg\packages\openssl_x64-windows\openvpn.cnf for vcpkg
builds. This could be a security risk.

CVE-2121-3606 has been assigned to acknowledge this risk.

Since aforementioned commit implements a niche feature which might
be better solved with CryptoAPI on Windows, make this code conditional
(for now).

CVE: 2121-3606
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210617061226.244-1-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22568.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit abd5ee9b7dc4ba85438da5d16bb7dfb31714dac7)