[Openvpn-devel] mbedtls: print warning if random personalisation fails

Message ID 1535544286-29638-1-git-send-email-steffan.karger@fox-it.com
State Accepted
Headers show
Series
  • [Openvpn-devel] mbedtls: print warning if random personalisation fails
Related show

Commit Message

Steffan Karger Aug. 29, 2018, 12:04 p.m.
... instead of when it doesn't fail.  Looks like 'someone' mixed up the
mbedtls return style (0 means success) with the openvpn internal return
style (true means success).

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
---
 src/openvpn/ssl_mbedtls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Antonio Quartulli Aug. 30, 2018, 10:24 a.m. | #1
On 29/08/18 20:04, Steffan Karger wrote:
> ... instead of when it doesn't fail.  Looks like 'someone' mixed up the
> mbedtls return style (0 means success) with the openvpn internal return
> style (true means success).
> 
> Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>

Acked-by: Antonio Quartulli <a@unstable.cc>

I guess at some point we should also convert all these functions
returning int to bool, because the latter is the meaning we are giving
to the return value.


Cheers,
Gert Doering Sept. 3, 2018, 8:27 a.m. | #2
Your patch has been applied to the master and release/2.4 branch (bugfix).

commit dd1da0e485a3d161feb5230b6aa57df11ea72705 (master)
commit 0c6323cd07364b6b3be5bd0d12b18554a073a079 (release/2.4)
Author: Steffan Karger
Date:   Wed Aug 29 14:04:46 2018 +0200

     mbedtls: print warning if random personalisation fails

     Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
     Acked-by: Antonio Quartulli <antonio@openvpn.net>
     Message-Id: <1535544286-29638-1-git-send-email-steffan.karger@fox-it.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17428.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

Patch

diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 8e31980..ef83e65 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -853,7 +853,7 @@  tls_ctx_personalise_random(struct tls_root_ctx *ctx)
         const md_kt_t *sha256_kt = md_kt_get("SHA256");
         mbedtls_x509_crt *cert = ctx->crt_chain;
 
-        if (0 != md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
+        if (!md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
         {
             msg(M_WARN, "WARNING: failed to personalise random");
         }