Message ID | 20190114154819.6064-1-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel,1/6] Fix loading inline tls-crypt-v2 keys with mbed TLS | expand |
Hi, On 14-01-19 16:48, Arne Schwabe wrote: > From: Arne Schwabe <arne@openvpn.net> > > Using a tls-crypt-v2 key with mbed TLS inline results in > > PEM decode error: source buffer not null-terminated > > This is because the mbed TLS decode PEM function excepts the last byte > in the buffer to be 0x00. When constructing the buffer we only made as > big as strlen, which does not include the 0x00 byte of a string. Add an > extra byte to ensure also the null byte is included in the buffer. > --- > src/openvpn/tls_crypt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c > index 85495d7f..6bc2b7f8 100644 > --- a/src/openvpn/tls_crypt.c > +++ b/src/openvpn/tls_crypt.c > @@ -298,7 +298,7 @@ tls_crypt_v2_read_keyfile(struct buffer *key, const char *pem_name, > } > else > { > - buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline)); > + buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline) + 1); > } > > if (!crypto_pem_decode(pem_name, key, &key_pem)) > Change makes sense. Thanks for fixing my bugs. I think we should try to add regression tests for bugs we encounter (if reasonably doable), but let's not postpone merging the bugfix for that. I'll sent a patch with a regression test later on. Acked-by: Steffan Karger <steffan.karger@fox-it.com> -Steffan
Your patch has been applied to the master branch. commit 92a5ec31363e76e64748c4fc9aa144eefad17323 Author: Arne Schwabe Date: Mon Jan 14 16:48:14 2019 +0100 Fix loading inline tls-crypt-v2 keys with mbed TLS Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <20190114154819.6064-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18091.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 85495d7f..6bc2b7f8 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -298,7 +298,7 @@ tls_crypt_v2_read_keyfile(struct buffer *key, const char *pem_name, } else { - buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline)); + buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline) + 1); } if (!crypto_pem_decode(pem_name, key, &key_pem))
From: Arne Schwabe <arne@openvpn.net> Using a tls-crypt-v2 key with mbed TLS inline results in PEM decode error: source buffer not null-terminated This is because the mbed TLS decode PEM function excepts the last byte in the buffer to be 0x00. When constructing the buffer we only made as big as strlen, which does not include the 0x00 byte of a string. Add an extra byte to ensure also the null byte is included in the buffer. --- src/openvpn/tls_crypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)