| Message ID | 20221109115208.1248948-1-arne@rfc2549.org |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [Openvpn-devel] Fix md_kt_size in mbed TLS when queried for size of "none" | expand |
Acked-by: Gert Doering <gert@greenie.muc.de> Verified that this fixes the (mbedtls-only) crash I was seeing with --verb 7 - and verified again that it does not happen with OpenSSL builds: Master Encrypt (cipher): 6359ae14 b7069ef7 ... Master Encrypt (hmac): Master Decrypt (cipher): 5217f7a8 c3f80df5 ... Master Decrypt (hmac): Your patch has been applied to the master branch. commit 6ff2d63c7943b2d7e150c3934b4e789fb5d1e0c0 Author: Arne Schwabe Date: Wed Nov 9 12:52:08 2022 +0100 Fix md_kt_size in mbed TLS when queried for size of none Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20221109115208.1248948-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25494.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index da4ed9809..9087ff6ad 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -809,11 +809,11 @@ md_kt_name(const char *mdname) unsigned char md_kt_size(const char *mdname) { - const mbedtls_md_info_t *kt = md_get(mdname); - if (NULL == kt) + if (!strcmp("none", mdname)) { return 0; } + const mbedtls_md_info_t *kt = md_get(mdname); return mbedtls_md_get_size(kt); }
Previously this would error out with a M_FATAL message about cipher not known. Align the mbed TLS version to OpenSSL version and also remove unreachable code. This manifested in key_print2 running into this M_FATAL message when used with an AEAD cipher and verb 7. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/crypto_mbedtls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)