[Openvpn-devel] Fix md_kt_size in mbed TLS when queried for size of "none"

Message ID 20221109115208.1248948-1-arne@rfc2549.org
State Accepted
Headers show
Series [Openvpn-devel] Fix md_kt_size in mbed TLS when queried for size of "none" | expand

Commit Message

Arne Schwabe Nov. 9, 2022, 11:52 a.m. UTC
Previously this would error out with a M_FATAL message about cipher
not known. Align the mbed TLS version to OpenSSL version and also remove
unreachable code. This manifested in key_print2 running into this
M_FATAL message when used with an AEAD cipher and verb 7.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
 src/openvpn/crypto_mbedtls.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


Gert Doering Nov. 9, 2022, 12:48 p.m. UTC | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

Verified that this fixes the (mbedtls-only) crash I was seeing
with --verb 7 - and verified again that it does not happen with
OpenSSL builds:

    Master Encrypt (cipher): 6359ae14 b7069ef7 ...
    Master Encrypt (hmac): 
    Master Decrypt (cipher): 5217f7a8 c3f80df5 ...
    Master Decrypt (hmac): 

Your patch has been applied to the master branch.

commit 6ff2d63c7943b2d7e150c3934b4e789fb5d1e0c0
Author: Arne Schwabe
Date:   Wed Nov 9 12:52:08 2022 +0100

     Fix md_kt_size in mbed TLS when queried for size of none

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20221109115208.1248948-1-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25494.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>

kind regards,

Gert Doering


diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index da4ed9809..9087ff6ad 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -809,11 +809,11 @@  md_kt_name(const char *mdname)
 unsigned char
 md_kt_size(const char *mdname)
-    const mbedtls_md_info_t *kt = md_get(mdname);
-    if (NULL == kt)
+    if (!strcmp("none", mdname))
         return 0;
+    const mbedtls_md_info_t *kt = md_get(mdname);
     return mbedtls_md_get_size(kt);