Message ID | 1564173557-11776-1-git-send-email-selva.nair@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] Correct the return value of cryptoapi RSA signature callbacks | expand |
On 26-07-19 22:39, selva.nair@gmail.com wrote: > From: Selva Nair <selva.nair@gmail.com> > > Fixes the wrong check on siglen instead of *siglen for > signing failures. > > Bug reported by: lilulo <lilulo@gmail.com> > > Signed-off-by: Selva Nair <selva.nair@gmail.com> > --- > > 2.4 will need a separate patch > > src/openvpn/cryptoapi.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c > index 0c11712e..2f2eee77 100644 > --- a/src/openvpn/cryptoapi.c > +++ b/src/openvpn/cryptoapi.c > @@ -499,7 +499,7 @@ rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len, > *siglen = priv_enc_CNG(cd, alg, m, (int)m_len, sig, RSA_size(rsa), > cng_padding_type(padding), 0); > > - return (siglen == 0) ? 0 : 1; > + return (*siglen == 0) ? 0 : 1; > } > > /* decrypt */ > @@ -973,7 +973,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, > *siglen = priv_enc_CNG(cd, alg, tbs, (int)tbslen, sig, *siglen, > cng_padding_type(padding), (DWORD)saltlen); > > - return (siglen == 0) ? 0 : 1; > + return (*siglen == 0) ? 0 : 1; > } > > #endif /* OPENSSL_VERSION >= 1.1.0 */ > Acked-by: Steffan Karger <Steffan@karger.me>
Thanks (and thanks for sending the patch for 2.4 right with it) I have not tested anything, but the patch looks very much "obviously correct". Your patch has been applied to the master branch. commit f4ac6b780db2e0c3b60d180bd6545efe30a52059 Author: Selva Nair Date: Fri Jul 26 16:39:17 2019 -0400 Correct the return value of cryptoapi RSA signature callbacks Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1564173557-11776-1-git-send-email-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18706.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index 0c11712e..2f2eee77 100644 --- a/src/openvpn/cryptoapi.c +++ b/src/openvpn/cryptoapi.c @@ -499,7 +499,7 @@ rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len, *siglen = priv_enc_CNG(cd, alg, m, (int)m_len, sig, RSA_size(rsa), cng_padding_type(padding), 0); - return (siglen == 0) ? 0 : 1; + return (*siglen == 0) ? 0 : 1; } /* decrypt */ @@ -973,7 +973,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, *siglen = priv_enc_CNG(cd, alg, tbs, (int)tbslen, sig, *siglen, cng_padding_type(padding), (DWORD)saltlen); - return (siglen == 0) ? 0 : 1; + return (*siglen == 0) ? 0 : 1; } #endif /* OPENSSL_VERSION >= 1.1.0 */