GitList

Browse code

Make return code external tls key match docs

In tls_ctx_use_external_private_key, the return codes were inverted
compared to what is documented in ssl_backend.h (and what can
reasonably be expected). Internally the return code is never checked,
so this did not directly result in any change of behavior.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20180228135240.22945-1-joost@joostrijneveld.nl>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16577.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 6bee1a1fc01f3d3ddf114b48e52e5b10d57033cb)

Joost Rijneveld authored on 2018/02/28 22:52:40
Showing 2 changed files

src/openvpn/ssl_mbedtls.c index 74b4726..3f579e1 100644
src/openvpn/ssl_openssl.c index f23d246..e57b6d2 100644

src/openvpn/ssl_mbedtls.c

History View file @ 1f342aa

@@ -630,7 +630,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx,
 
     if (ctx->crt_chain == NULL)
     {
-        return 0;
+        return 1;
     }
 
     ALLOC_OBJ_CLEAR(ctx->external_key, struct external_context);
@@ -640,10 +640,10 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx,
     if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, ctx->external_key,
                                           NULL, external_pkcs1_sign, external_key_len)))
     {
-        return 0;
+        return 1;
     }
 
-    return 1;
+    return 0;
 }
 #endif /* ifdef MANAGMENT_EXTERNAL_KEY */
 

src/openvpn/ssl_openssl.c

History View file @ 1f342aa

@@ -1168,7 +1168,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx,
                          X509_free(cert);
                          RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
                     -    return 1;
                     +    return 0;
                      err:
                          if (cert)
@@ -1187,7 +1187,7 @@ err:
+                             }
+                         }
                          crypto_msg(M_FATAL, "Cannot enable SSL external private key capability");
                     -    return 0;
                     +    return 1;
+                     }
                      #endif /* ifdef MANAGMENT_EXTERNAL_KEY */

...	...	@@ -630,7 +630,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx,
630	630
631	631	if (ctx->crt_chain == NULL)
632	632	{
633		- return 0;
	633	+ return 1;
634	634	}
635	635
636	636	ALLOC_OBJ_CLEAR(ctx->external_key, struct external_context);
...	...	@@ -640,10 +640,10 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx,
640	640	if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, ctx->external_key,
641	641	NULL, external_pkcs1_sign, external_key_len)))
642	642	{
643		- return 0;
	643	+ return 1;
644	644	}
645	645
646		- return 1;
	646	+ return 0;
647	647	}
648	648	#endif /* ifdef MANAGMENT_EXTERNAL_KEY */
649	649