-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check error return from cms_sd_asn1_ctrl() correctly. #21988
Conversation
While this is a possible approach, I think it would make more sense to fix Otherwise the fixup of the return value after the Lines 259 to 282 in 25b7025
|
Yeah, that's a nicer approach I think. |
25b7025
to
2509ad3
Compare
Anyway, updated. |
I'm pretty sure it doesn't. I first thought so, too, but then noticed that here is a Line 246 in 025535e
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a testcase..
The following commandline returns -1 from cms_generic_sign..
It then segfaults inside the shake ctrl.
openssl cms -sign -in test/smcont.txt -signer test/smime-certs/smdsa1.pem -md SHAKE256
[pauli: edited to correct the test case]
cca368b
to
5bcec7d
Compare
It's your codebase and the diff fixes the bug. However, if I was to write the fix, I would change the -1 returns in |
I dont mind either way it is done. Currently I cant see a path where ossl_cms_rsa_sign() could return -1. But the > check doesnt hurt anything.. |
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #21988)
Thrice merged with conflicts resolved. |
the merge commit 41136a9 to 3.0 branch removed the semicolon: |
Oops. Thanks for pointhing this out. Fixed by #22045 already. |
Okay, but it still fails for |
i meant |
Fixes #21986 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from openssl/openssl#21988) (cherry picked from commit 00a413e) Signed-off-by: Huiyue Xu <xuhuiyue@foxmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from openssl/openssl#21988) (cherry picked from commit c870a46) Signed-off-by: Huiyue Xu <xuhuiyue@foxmail.com>
Fixes #21986 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from openssl/openssl#21988) (cherry picked from commit 00a413e) Signed-off-by: fly2x <fly2x@hitls.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from openssl/openssl#21988) (cherry picked from commit c870a46) Signed-off-by: fly2x <fly2x@hitls.org>
Fixes openssl#21986 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from openssl#21988) (cherry picked from commit 00a413e)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from openssl#21988) (cherry picked from commit c870a46)
Fixes #21986