From patchwork Fri Mar 12 04:06:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juliusz Sosinowicz X-Patchwork-Id: 1615 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id GAMBEfGDS2AdUwAAIUCqbw (envelope-from ) for ; Fri, 12 Mar 2021 10:08:33 -0500 Received: from proxy11.mail.iad3b.rsapps.net ([172.31.255.6]) by director8.mail.ord1d.rsapps.net with LMTP id 6JrpEPGDS2DJdwAAfY0hYg (envelope-from ) for ; Fri, 12 Mar 2021 10:08:33 -0500 Received: from smtp2.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.iad3b.rsapps.net with LMTPS id cPUoCPGDS2BRfAAARNREpw (envelope-from ) for ; Fri, 12 Mar 2021 10:08:33 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp2.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=wolfssl.com X-Suspicious-Flag: YES X-Classification-ID: cf0f8708-8344-11eb-ac77-5254000fbace-1-1 Received: from [216.105.38.7] ([216.105.38.7:35212] helo=lists.sourceforge.net) by smtp2.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 37/62-28034-0F38B406; Fri, 12 Mar 2021 10:08:32 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lKjOC-0003QU-HP; Fri, 12 Mar 2021 15:07:44 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lKjOB-0003QN-BN for openvpn-devel@lists.sourceforge.net; Fri, 12 Mar 2021 15:07:43 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=5LrwQqGzYXmYSA7xeebxpO+CkW1+YoPcYWafHflmANs=; b=CKMZCusEHl2iT7bhWJnkmAaJQ5 4sbViQIK/ejvDBGVyKRlBMx1H+zgtrd2cqXr1Oug8hob7NXztaKxBGE+eZzCpf/+DRJttbj8G+thm xKQNrHIDfqOID4TNpbIh7EHhYwAyH5SizqnFMgQK2yYNrt9MHXW1H0Uc3tGrjP46vRTY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=5LrwQqGzYXmYSA7xeebxpO+CkW1+YoPcYWafHflmANs=; b=D APDY+Mx58ZEOks9n4Mo5haxBcV2T44N9Rmi2cddxna94atLz6VKjOBDpPt5QLb8MstFr/q1UCF7GH 9feayLq27YM2d6f6ZRXTwpagoOa7Nsith26GC/pY6Bgo8MAhEHEm2vfLcNGw9wWi2Q0usOHZ1hZ4Q BhbwWCeGnc7K0neA=; Received: from p3plsmtpa11-06.prod.phx3.secureserver.net ([68.178.252.107]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lKjO7-005uSb-5p for openvpn-devel@lists.sourceforge.net; Fri, 12 Mar 2021 15:07:42 +0000 Received: from localhost.localdomain ([77.254.7.13]) by :SMTPAUTH: with ESMTPSA id KjN1lY8OfhFMzKjNzlp15W; Fri, 12 Mar 2021 08:07:32 -0700 X-CMAE-Analysis: v=2.4 cv=MNClJOVl c=1 sm=1 tr=0 ts=604b83b5 a=wJoMW5e4oyNtTtYMQykkDQ==:117 a=wJoMW5e4oyNtTtYMQykkDQ==:17 a=VTTltBjBAAAA:8 a=XjtF_44uGhPLIBmhxokA:9 a=on_vo79ac8RWgsiwd8Ea:22 X-SECURESERVER-ACCT: juliusz@wolfssl.com From: Juliusz Sosinowicz To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Mar 2021 16:06:29 +0100 Message-Id: <20210312150629.57302-1-juliusz@wolfssl.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CMAE-Envelope: MS4xfGVSwMKsK8v+gHoeRc5TNGNZ8jTcal/bboD27G0ONJg6hpzLOYWsFajwEcECdDNbv11D32ALRgTV4s/gA/XUIA58NocYsdBje7e9g2yPU3zkw3HBB9Nb t278G8E5oPPEBdYdvmLm0XMBEYLXrJxlHFLb1CnWx23aihfl/Ffe3Ej+miHvRADbksy3nDgFz/Z6y7hwdKDB3p0FsQzC7jzboRfR5GW5R4E34y3VrRfIwMbX E5MuW9q7rQX7QZxUSVuIKA== X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: wolfssl.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [68.178.252.107 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [68.178.252.107 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lKjO7-005uSb-5p Subject: [Openvpn-devel] [PATCH] EVP_DigestSignFinal siglen parameter correction X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox In the EVP_DigestSignFinal API, "before the call the siglen parameter should contain the length of the sig buffer". Signed-off-by: Juliusz Sosinowicz Acked-By: Arne Schwabe --- src/openvpn/crypto_openssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 49698e4b3..4486d246d 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1195,7 +1195,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, EVP_MD_CTX ctx, ctx_tmp, ctx_init; EVP_PKEY *mac_key; unsigned char A1[EVP_MAX_MD_SIZE]; - size_t A1_len; + size_t A1_len = EVP_MAX_MD_SIZE; int ret = false; chunk = EVP_MD_size(md); @@ -1249,6 +1249,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, if (olen > chunk) { + j = olen; if (!EVP_DigestSignFinal(&ctx, out, &j)) { goto err; @@ -1263,6 +1264,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, } else { + A1_len = EVP_MAX_MD_SIZE; /* last one */ if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) {