Message ID | 20210201174310.22153-2-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel,v3,1/3] Check return values in md_ctx_init and hmac_ctx_init | expand |
Hi, On 01/02/2021 18:43, Arne Schwabe wrote: > Without this OpenVPN will later segfault on a FIPS enabled system due > to the algorithm available but not allowed. > > Patch V2: Use (!func) instead (func != 1) > > Signed-off-by: Arne Schwabe <arne@rfc2549.org> > --- > src/openvpn/crypto_openssl.c | 15 ++++++++++++--- > 1 file changed, 12 insertions(+), 3 deletions(-) > > diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c > index c60d4a54..e124a7b6 100644 > --- a/src/openvpn/crypto_openssl.c > +++ b/src/openvpn/crypto_openssl.c > @@ -954,7 +954,10 @@ md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt) > ASSERT(NULL != ctx && NULL != kt); > > EVP_MD_CTX_init(ctx); > - EVP_DigestInit(ctx, kt); > + if (!EVP_DigestInit(ctx, kt)) > + { > + crypto_msg(M_FATAL, "EVP_DigestInit failed"); > + } > } > > void > @@ -1011,7 +1014,10 @@ hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, > ASSERT(NULL != kt && NULL != ctx); > > HMAC_CTX_reset(ctx); > - HMAC_Init_ex(ctx, key, key_len, kt, NULL); > + if (!HMAC_Init_ex(ctx, key, key_len, kt, NULL)) too many spaces after "if" > + { > + crypto_msg(M_FATAL, "HMAC_Init_ex failed"); > + } > > /* make sure we used a big enough key */ > ASSERT(HMAC_size(ctx) <= key_len); > @@ -1032,7 +1038,10 @@ hmac_ctx_size(const HMAC_CTX *ctx) > void > hmac_ctx_reset(HMAC_CTX *ctx) > { > - HMAC_Init_ex(ctx, NULL, 0, NULL, NULL); > + if(!HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) missing space after "if" (it probably went in the above block :D) > + { > + crypto_msg(M_FATAL, "HMAC_Init_ex failed"); > + } > } > > void > Rest looks good! Acked-by: Antonio Quartulli <antonio@openvpn.net> Maybe the spaces can be fixed on the fly while merging. Regards,
Your patch has been applied to the master branch. Whitespace has been adjusted in a totally space-neutral way. As instructed by the master of whitespace distribution. (On the patch itself: only compile-tested, but it seems to be "obviously correct", according to the man pages) commit 0714ed804e40f80b48a7571193d7e4d81d2bcd4b Author: Arne Schwabe Date: Mon Feb 1 18:43:08 2021 +0100 Check return values in md_ctx_init and hmac_ctx_init Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Antonio Quartulli <antonio@openvpn.net> Message-Id: <20210201174310.22153-2-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21546.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index c60d4a54..e124a7b6 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -954,7 +954,10 @@ md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt) ASSERT(NULL != ctx && NULL != kt); EVP_MD_CTX_init(ctx); - EVP_DigestInit(ctx, kt); + if (!EVP_DigestInit(ctx, kt)) + { + crypto_msg(M_FATAL, "EVP_DigestInit failed"); + } } void @@ -1011,7 +1014,10 @@ hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, ASSERT(NULL != kt && NULL != ctx); HMAC_CTX_reset(ctx); - HMAC_Init_ex(ctx, key, key_len, kt, NULL); + if (!HMAC_Init_ex(ctx, key, key_len, kt, NULL)) + { + crypto_msg(M_FATAL, "HMAC_Init_ex failed"); + } /* make sure we used a big enough key */ ASSERT(HMAC_size(ctx) <= key_len); @@ -1032,7 +1038,10 @@ hmac_ctx_size(const HMAC_CTX *ctx) void hmac_ctx_reset(HMAC_CTX *ctx) { - HMAC_Init_ex(ctx, NULL, 0, NULL, NULL); + if(!HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) + { + crypto_msg(M_FATAL, "HMAC_Init_ex failed"); + } } void
Without this OpenVPN will later segfault on a FIPS enabled system due to the algorithm available but not allowed. Patch V2: Use (!func) instead (func != 1) Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/crypto_openssl.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-)