From patchwork Mon Jan 14 04:48:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 660 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.27.255.57]) by backend30.mail.ord1d.rsapps.net with LMTP id WFSkLGC5PFwRZQAAIUCqbw for ; Mon, 14 Jan 2019 11:31:28 -0500 Received: from proxy7.mail.iad3a.rsapps.net ([172.27.255.57]) by director12.mail.ord1d.rsapps.net with LMTP id KBo+KmC5PFxcFQAAIasKDg ; Mon, 14 Jan 2019 11:31:28 -0500 Received: from smtp7.gate.iad3a ([172.27.255.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy7.mail.iad3a.rsapps.net with LMTP id sIZiJWC5PFxXMgAAnPvY+A ; Mon, 14 Jan 2019 11:31:28 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp7.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: d6fdb9be-1819-11e9-9ed1-525400bbebb8-1-1 Received: from [216.105.38.7] ([216.105.38.7:32795] helo=lists.sourceforge.net) by smtp7.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 5C/AC-08319-F59BC3C5; Mon, 14 Jan 2019 11:31:27 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gj58b-0006Tz-23; Mon, 14 Jan 2019 16:30:57 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gj58a-0006Tm-1P for openvpn-devel@lists.sourceforge.NET; Mon, 14 Jan 2019 16:30:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ULpd+qmftjGeVIR72xx6RpzIFlPm8l8s1ER7O1QdQnE=; b=C3Qo0bEKZn6KdX4ZtE2Wc3D+Bq SS0czKoXznxDwcMYPFzDv4Mdm0mrcQDEl6U4NwcllhRKzeE81dSNjNmBq80wuR53deVflIBzZkA0W X9OlLla6zHlhwIlHZ1LOq3XgknuphEjtMtyBoZKXFTn+TaX+UBaS+pt0vbAcDSi/ah+8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ULpd+qmftjGeVIR72xx6RpzIFlPm8l8s1ER7O1QdQnE=; b=A0AN3GWnuE+iGangPRek9flIGk MXkGOlFsrsazycwRvd+PYaLYgHphaUy+hlM7vx9y0UNQUThGW+lgSDDjgfciOgQQ9KvkbOwI5Ar76 HeoPBk45N/wdsUPYaDb9aKVdJWxfGUQPpSrakgZCevoXBZubmLaiwMBU3k5WqooVaxUg=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gj58Y-001TlY-Ma for openvpn-devel@lists.sourceforge.NET; Mon, 14 Jan 2019 16:30:55 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.91 (FreeBSD)) (envelope-from ) id 1gj4TL-000MiN-Ht; Mon, 14 Jan 2019 16:48:19 +0100 Received: (nullmailer pid 6109 invoked by uid 10006); Mon, 14 Jan 2019 15:48:19 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Mon, 14 Jan 2019 16:48:14 +0100 Message-Id: <20190114154819.6064-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1gj58Y-001TlY-Ma Subject: [Openvpn-devel] [PATCH 1/6] Fix loading inline tls-crypt-v2 keys with mbed TLS X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Arne Schwabe MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Arne Schwabe Using a tls-crypt-v2 key with mbed TLS inline results in PEM decode error: source buffer not null-terminated This is because the mbed TLS decode PEM function excepts the last byte in the buffer to be 0x00. When constructing the buffer we only made as big as strlen, which does not include the 0x00 byte of a string. Add an extra byte to ensure also the null byte is included in the buffer. Acked-by: Steffan Karger --- src/openvpn/tls_crypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 85495d7f..6bc2b7f8 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -298,7 +298,7 @@ tls_crypt_v2_read_keyfile(struct buffer *key, const char *pem_name, } else { - buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline)); + buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline) + 1); } if (!crypto_pem_decode(pem_name, key, &key_pem))