[Openvpn-devel] Correct the return value of cryptoapi RSA signature callbacks

Message ID 1564173557-11776-1-git-send-email-selva.nair@gmail.com
State Accepted
Headers show
Series
  • [Openvpn-devel] Correct the return value of cryptoapi RSA signature callbacks
Related show

Commit Message

Selva Nair July 26, 2019, 8:39 p.m.
From: Selva Nair <selva.nair@gmail.com>

Fixes the wrong check on siglen instead of *siglen for
signing failures.

Bug reported by: lilulo <lilulo@gmail.com>

Signed-off-by: Selva Nair <selva.nair@gmail.com>
---

2.4 will need a separate patch

 src/openvpn/cryptoapi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Steffan Karger July 28, 2019, 3:44 p.m. | #1
On 26-07-19 22:39, selva.nair@gmail.com wrote:
> From: Selva Nair <selva.nair@gmail.com>
> 
> Fixes the wrong check on siglen instead of *siglen for
> signing failures.
> 
> Bug reported by: lilulo <lilulo@gmail.com>
> 
> Signed-off-by: Selva Nair <selva.nair@gmail.com>
> ---
> 
> 2.4 will need a separate patch
> 
>  src/openvpn/cryptoapi.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
> index 0c11712e..2f2eee77 100644
> --- a/src/openvpn/cryptoapi.c
> +++ b/src/openvpn/cryptoapi.c
> @@ -499,7 +499,7 @@ rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len,
>      *siglen = priv_enc_CNG(cd, alg, m, (int)m_len, sig, RSA_size(rsa),
>                             cng_padding_type(padding), 0);
>  
> -    return (siglen == 0) ? 0 : 1;
> +    return (*siglen == 0) ? 0 : 1;
>  }
>  
>  /* decrypt */
> @@ -973,7 +973,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
>      *siglen = priv_enc_CNG(cd, alg, tbs, (int)tbslen, sig, *siglen,
>                             cng_padding_type(padding), (DWORD)saltlen);
>  
> -    return (siglen == 0) ? 0 : 1;
> +    return (*siglen == 0) ? 0 : 1;
>  }
>  
>  #endif /* OPENSSL_VERSION >= 1.1.0 */
> 

Acked-by: Steffan Karger <Steffan@karger.me>
Gert Doering July 28, 2019, 8:02 p.m. | #2
Thanks (and thanks for sending the patch for 2.4 right with it)

I have not tested anything, but the patch looks very much "obviously
correct".

Your patch has been applied to the master branch.

commit f4ac6b780db2e0c3b60d180bd6545efe30a52059
Author: Selva Nair
Date:   Fri Jul 26 16:39:17 2019 -0400

     Correct the return value of cryptoapi RSA signature callbacks

     Signed-off-by: Selva Nair <selva.nair@gmail.com>
     Acked-by: Steffan Karger <steffan.karger@fox-it.com>
     Message-Id: <1564173557-11776-1-git-send-email-selva.nair@gmail.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18706.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index 0c11712e..2f2eee77 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -499,7 +499,7 @@  rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len,
     *siglen = priv_enc_CNG(cd, alg, m, (int)m_len, sig, RSA_size(rsa),
                            cng_padding_type(padding), 0);
 
-    return (siglen == 0) ? 0 : 1;
+    return (*siglen == 0) ? 0 : 1;
 }
 
 /* decrypt */
@@ -973,7 +973,7 @@  pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     *siglen = priv_enc_CNG(cd, alg, tbs, (int)tbslen, sig, *siglen,
                            cng_padding_type(padding), (DWORD)saltlen);
 
-    return (siglen == 0) ? 0 : 1;
+    return (*siglen == 0) ? 0 : 1;
 }
 
 #endif /* OPENSSL_VERSION >= 1.1.0 */