From patchwork Fri Jan 21 07:57:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2242 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.31.255.6]) by backend41.mail.ord1d.rsapps.net with LMTP id iG0GOwQD62HcbwAAqwncew (envelope-from ) for ; Fri, 21 Jan 2022 14:01:24 -0500 Received: from proxy11.mail.iad3b.rsapps.net ([172.31.255.6]) by director14.mail.ord1d.rsapps.net with LMTP id uGwKDQUD62E7FQAAeJ7fFg (envelope-from ) for ; Fri, 21 Jan 2022 14:01:25 -0500 Received: from smtp16.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.iad3b.rsapps.net with LMTPS id 8Nm6BwUD62GgIwAARNREpw (envelope-from ) for ; Fri, 21 Jan 2022 14:01:25 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp16.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 871bbbd8-7aec-11ec-a090-5254004ed364-1-1 Received: from [216.105.38.7] ([216.105.38.7:37338] helo=lists.sourceforge.net) by smtp16.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B6/11-21183-4030BE16; Fri, 21 Jan 2022 14:01:24 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nAz8i-00024I-I9; Fri, 21 Jan 2022 18:59:59 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nAz8f-00024C-Sc for openvpn-devel@lists.sourceforge.net; Fri, 21 Jan 2022 18:59:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=a4kmkeFtni0HPxeDKf5C/x6lRIy+/LdiJHBI5yhF2/4=; b=PwCpFpvJ5tK7D/sS2Xw5bASJwF K+EL9k9BIs95XRXTguSG1IbCV6iPFtkQDl+sd9RYY95c+bp/r10U1mTWI9tJIt5gxgST6WysKeJyR HwKburwCF5V4LhkGQ77gkuuS3MP8cFT3wYEN2QT+HIhvXLb5BYNJuhK9GqgJPWULqlAc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=a4kmkeFtni0HPxeDKf5C/x6lRIy+/LdiJHBI5yhF2/4=; b=U q7JX7IuwbeV7Qy6OFrU7eG6iugPbJt4zKPMGUEH/q2VQYOdJuC1eZOvoDCH1WkPjrodKfUxnu65+g kTsYYzlNLNsIMV25DPVXbsZgragZFDsCmNNQJ96dWsL0l+ro3RURk5es3NLIVCHZ6xImUTGtxwRn2 TEZoAaVbVVVUQ+20=; Received: from mail-qv1-f43.google.com ([209.85.219.43]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1nAz8e-006Z1e-4d for openvpn-devel@lists.sourceforge.net; Fri, 21 Jan 2022 18:59:56 +0000 Received: by mail-qv1-f43.google.com with SMTP id g11so5403667qvu.3 for ; Fri, 21 Jan 2022 10:59:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=a4kmkeFtni0HPxeDKf5C/x6lRIy+/LdiJHBI5yhF2/4=; b=EQ6cbxdMYzmWBYISSwYVpsdiJvRVUYFr8v/HpvmeUi0hW0pOOYXT/6zDExu1hf1/6H QOsd6WcsPE0BMeDAhCEgMCiXe+VWM2e/bb5/zta+aoU898f7ig7s8ON9/R5gWAnM7W4a tK6RKGiF3Oklnn4Rxc1VS1A0hU9K1bbkprSMiJd9lPWi0G+vkNVzHg5N2RdSLMAaVHqh 78YZC5bw3KUVqPHlgqszdbAK3TMgvuqngcBizgskQzHiRyLsSPsNGmOcgaxpbulvxTqq UuAkNGf0vxwH2xva03Q3WTkl+H5w0gbPWCuYKEPo/EOzy7ExBJLcMHwGa3KIL5V9e8bg QlXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=a4kmkeFtni0HPxeDKf5C/x6lRIy+/LdiJHBI5yhF2/4=; b=AOErRTEF45oOZFIazk5vmVKIJoeGhPF5X95GcRJK/4OWuQxJ769kQt6NH/whiXny0q bhqMw1Ue/mhLeJoibjGEE/DD+8CGAYvIZhONHLe999pvzLQNND6HwMeM2VPuSpXfoCn2 yUwEWFHTM6Tt6CTS5KDRXHc2oQWJJAElrlmz0pUr4dH1+wr87ZwYvZCVmTaZXg/y/9wv kXYBHE7B62k0as/YYB6kmZ3BuATT9qQTiGnK99Ku7842wfieXRTiwNTQ1Xen3TeLRbuj UgZdA6ji62KrseBj/iuSgGM/ygtSAO0bNc0XeSHUFumM0vMlFkaPiFdDgSSGBmGzbfih t6Bw== X-Gm-Message-State: AOAM531C00EzC62UZIEiAjoVEb1pAs/0TwyVqJRbqpu00mvfz31nGCLp oE9Ht9d5o0kRX69+qwhv1AQiAoBbn0g= X-Google-Smtp-Source: ABdhPJyN5XDB/y64ZvaRyAKbmxOa5QFOmhsQqJOvD3jVjw6txxJdERca6Q2s0TT+xNIzzHMIwvtcIg== X-Received: by 2002:ad4:5cef:: with SMTP id iv15mr4996906qvb.86.1642791589883; Fri, 21 Jan 2022 10:59:49 -0800 (PST) Received: from uranus.home.sansel.ca (bras-vprn-tnhlon4053w-lp130-02-70-51-223-65.dsl.bell.ca. [70.51.223.65]) by smtp.gmail.com with ESMTPSA id e12sm3445712qtx.93.2022.01.21.10.59.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Jan 2022 10:59:49 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Fri, 21 Jan 2022 13:57:52 -0500 Message-Id: <20220121185752.14138-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair An easy way to trigger this error is to run an otherwise working setup (at say verb = 4) with increased verbosity of verb >= 7 and using a GCM cipher (e.g., AES-256-GCM). It will cause a fatal exit wh [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.219.43 listed in list.dnswl.org] -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.219.43 listed in wl.mailspike.net] X-Headers-End: 1nAz8e-006Z1e-4d Subject: [Openvpn-devel] [PATCH] Do not error when md_kt_size() is called with mdname="none" X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair An easy way to trigger this error is to run an otherwise working setup (at say verb = 4) with increased verbosity of verb >= 7 and using a GCM cipher (e.g., AES-256-GCM). It will cause a fatal exit while printing the cipher and hmac in key2_print(). Signed-off-by: Selva Nair Acked-By: Arne Schwabe --- Its actually md_get("none") called by md_kt_size("none") that causes the error and I'm not entirely sure whether we should instead make md_get("none") to return NULL. But that would require all its callers to check for NULL. src/openvpn/crypto_openssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 35fb0052..b93c680a 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1073,6 +1073,10 @@ md_kt_name(const char *mdname) unsigned char md_kt_size(const char *mdname) { + if (!strcmp("none", mdname)) + { + return 0; + } evp_md_type *kt = md_get(mdname); unsigned char size = (unsigned char)EVP_MD_size(kt); EVP_MD_free(kt);