Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp4386154rdh; Tue, 28 Nov 2023 23:01:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IHOHg3ErapFbgrihQtg0m/fuvz9WI8dgCAHQTxFK8F5jVXsaRF/tam1wkKIboTVr1GGe59H X-Received: by 2002:a17:902:ec92:b0:1cf:bdcb:61d5 with SMTP id x18-20020a170902ec9200b001cfbdcb61d5mr13691551plg.37.1701241270642; Tue, 28 Nov 2023 23:01:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701241270; cv=none; d=google.com; s=arc-20160816; b=DwEaKAseg0bur+s87LuE+ooOq4K0onDZU/emTAp+o7Uh0NGkCiwddnAvlWPjOWVahv r2w6lel7DbVttNcGxqXTIiUNJaQFHenq35dEHcioH0ZQfcPXolWdSk0ZcUzWOCbqo9ys V60qju8lQBnalLYysVXU4H54P7mkqAdpHZHfLtMBYiev1Xs2jpSozIyP+JyYDVvcefj4 DjWKqPWej9Yyx4jPPs31mMwtpcZvd6XGR7OEtO9xAMUYATuE4cliLlONkxx9neET1/Ow BuX6Eo4bZ7M1KwkpaIrqbxYBd53v+XLH2vJWyYkOUAIwpHlZtF0oF4pKbbqb7M0Ce3Qa w0SA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:feedback-id:references:in-reply-to :message-id:subject:cc:from:to:date:dkim-signature; bh=13n/FbsdAD63nCkWt8PGe520xE44G8Ft09Wg1OcHD3Q=; fh=k1xYRXT8gyA60GkxMeol3VmImQI9LnJ98woRTg3lBTc=; b=OHwdTxQC1q0kGnbPrGeLIaevxs9/w4j7O6FKk9XQ+hdtytAbBNxeQV5KIR2itQ/cmc 5Po9QdkETZgF5ZHIxQolQYezThs4r/cdZZ0HUjHmb3OBhKuwGBIFSf76X0B9B27+lFg6 GG5ayXJJfW2StxJwTxOld3ImCcVqLFLLYaljl+GZUcx2ScMeyN5OHVB8yuA4CaqdNFIp 86pPgvnbjA3L3BaVnc0p6b0iQ6CFGWDwjHNw1Kh08RnfvUCBwwJff1czujaqxBZfTGzp Y4hyp0qNtStywCCK7tcBqWfntbZjpFQTIT9VzkwhV0VbF1vtAn6/i7K/Mc0OO7CfXRK/ c1iA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@proton.me header.s=protonmail header.b=VNPbU2vf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=proton.me Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id u2-20020a170902e5c200b001cfa37f9a6esi12519081plf.531.2023.11.28.23.01.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 23:01:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@proton.me header.s=protonmail header.b=VNPbU2vf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=proton.me Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id B3F4181DE699; Tue, 28 Nov 2023 23:01:04 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231795AbjK2HAu (ORCPT + 99 others); Wed, 29 Nov 2023 02:00:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59514 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229933AbjK2HAs (ORCPT ); Wed, 29 Nov 2023 02:00:48 -0500 Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 86F4E170B; Tue, 28 Nov 2023 23:00:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me; s=protonmail; t=1701241249; x=1701500449; bh=13n/FbsdAD63nCkWt8PGe520xE44G8Ft09Wg1OcHD3Q=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=VNPbU2vfX5cEqEWL5/9Mpla20+qB55j4wsDkMY1tUWUxDP72Ks8TLJqMjT7vC3eFq GgjgoxuwPeiLvKi+HE12lkn2O7SkFlEQG01i0NpP3MRMloJ9iS4zKpIJVjhnXehHXp Xz6qEKCIZeb3Tk2z+ZQsOGR7R/PH8tb9MWhdLUngoWnQw4dwATYkmFf4uAZfy4OhwM oBneMrWzlmVWQC2BcEyOMiKbtxGeZN+1y/DznwLOOa8PD3PSoOSs/THR+6qdai5tyK aZYRe7Z+rGkqjJrIOUBq44MZqb9JhkySb0d8maQtOL2UzjO4bmAO3E5bwMqf7E1PZL 23GPOiq3xulKQ== Date: Wed, 29 Nov 2023 07:00:42 +0000 To: Yusong Gao From: Juerg Haefliger Cc: jarkko@kernel.org, davem@davemloft.net, dhowells@redhat.com, dwmw2@infradead.org, zohar@linux.ibm.com, herbert@gondor.apana.org.au, lists@sapience.com, dimitri.ledkov@canonical.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org Subject: Re: [PATCH v5] sign-file: Fix incorrect return values check Message-ID: <20231129080033.12c4efe3@smeagol> In-Reply-To: <20231127033456.452151-1-a869920004@gmail.com> References: <20231127033456.452151-1-a869920004@gmail.com> Feedback-ID: 45149698:user:proton MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="b1_bqlWVBJFFpdDPXWzuVv4Sbw8of9oHqNZBSjRct5izU" X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Tue, 28 Nov 2023 23:01:04 -0800 (PST) This is a multi-part message in MIME format. --b1_bqlWVBJFFpdDPXWzuVv4Sbw8of9oHqNZBSjRct5izU Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Mon, 27 Nov 2023 03:34:56 +0000 "Yusong Gao" wrote: > There are some wrong return values check in sign-file when call OpenSSL > API. The ERR() check cond is wrong because of the program only check the > return value is < 0 which ignored the return val is 0. For example: > 1. CMS_final() return 1 for success or 0 for failure. > 2. i2d_CMS_bio_stream() returns 1 for success or 0 for failure. > 3. i2d_TYPEbio() return 1 for success and 0 for failure. > 4. BIO_free() return 1 for success and 0 for failure. >=20 > Link: https://www.openssl.org/docs/manmaster/man3/ > Fixes: e5a2e3c84782 ("scripts/sign-file.c: Add support for signing with a= raw signature") > Signed-off-by: Yusong Gao > --- > V1, V2: Clarify the description of git message. > V3: Removed redundant empty line. > V4: Change to more strict check mode. > --- > scripts/sign-file.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) >=20 > diff --git a/scripts/sign-file.c b/scripts/sign-file.c > index 598ef5465f82..3edb156ae52c 100644 > --- a/scripts/sign-file.c > +++ b/scripts/sign-file.c > @@ -322,7 +322,7 @@ int main(int argc, char **argv) > =09=09=09=09 CMS_NOSMIMECAP | use_keyid | > =09=09=09=09 use_signed_attrs), > =09=09 "CMS_add1_signer"); > -=09=09ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0, > +=09=09ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) !=3D 1, > =09=09 "CMS_final"); >=20 > #else > @@ -341,10 +341,10 @@ int main(int argc, char **argv) > =09=09=09b =3D BIO_new_file(sig_file_name, "wb"); > =09=09=09ERR(!b, "%s", sig_file_name); > #ifndef USE_PKCS7 > -=09=09=09ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0, > +=09=09=09ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) !=3D 1, > =09=09=09 "%s", sig_file_name); > #else > -=09=09=09ERR(i2d_PKCS7_bio(b, pkcs7) < 0, > +=09=09=09ERR(i2d_PKCS7_bio(b, pkcs7) !=3D 1, > =09=09=09 "%s", sig_file_name); > #endif > =09=09=09BIO_free(b); > @@ -374,9 +374,9 @@ int main(int argc, char **argv) >=20 > =09if (!raw_sig) { > #ifndef USE_PKCS7 > -=09=09ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name); > +=09=09ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) !=3D 1, "%s", dest_name); > #else > -=09=09ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name); > +=09=09ERR(i2d_PKCS7_bio(bd, pkcs7) !=3D 1, "%s", dest_name); > #endif > =09} else { > =09=09BIO *b; > @@ -396,7 +396,7 @@ int main(int argc, char **argv) > =09ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name); > =09ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", = dest_name); >=20 > -=09ERR(BIO_free(bd) < 0, "%s", dest_name); > +=09ERR(BIO_free(bd) !=3D 1, "%s", dest_name); >=20 > =09/* Finally, if we're signing in place, replace the original. */ > =09if (replace_orig) > -- > 2.34.1 >=20 Nit: v5 in the email subject should be v4. Reviewed-by: Juerg Haefliger --b1_bqlWVBJFFpdDPXWzuVv4Sbw8of9oHqNZBSjRct5izU Content-Type: application/pgp-signature; name=attachment.sig Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=attachment.sig LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NCg0KaVFJekJBRUJDZ0FkRmlFRWhaZlU5Nkl1 cHJ2aUxkZUxEOU9MQ1F1bVFyY0ZBbVZtNFpFQUNna1FEOU9MQ1F1bQ0KUXJjeWJSQUFpQjJsK1FQ TkRTaWxTTTJmVW14dVJFS2xXdDFCclp3Q001QU53U2JpcHZBSVV1VUJFUW9wNGhhOQ0KZ2t5dTVH YVJMc0RXRVVPdjBROVA1ZEtyUVRhWUdkc3M0aXlOZHFLbmRhNXpsNWhSNEVNR0tYb1JDeGozam54 Rg0KQ2ZCb3VDblVacUZWeTdETjQ5ZTVqU2JuNEtRREhRdHJ5dm5XSEk2ck10dm5XbnhsY0tpMnpj RFNSTzdHN1NuYg0Ka3YwQ2ZkZ0hYbUkyRlZXREU1QkNQdjB0ay9janFLUW1JcmY1c0E3Wmozby9P b1Z6SDRaOE5Ha01oMlRsL3lmUQ0KVGk3S0RSWFlaNzllZTVRV2lPUzd3bjQ0SG9Vb0xiN0tPMnF5 TmJ4bVM1VTRNZDdmejJRL0F5VDkwTmFEU293Mw0KaWJUQ2dYVS8wd0xCNzdhdnR0WVhoL1lUaWxF ZjB1VVB1RDVxOWh1YTBwdFgzRnFWWURWZndvUi8vQU1MNjFMaA0KVXFTVTRzY0FtSkc4S2h0bW9r NlhKS0RVRno2Y0FSQXg3RmFoaGJqT01CMjFxcFhSMk8vSzNGd1N5ZFZXbElUZA0KeHZYSWZsWSt5 ZEJTZXhQQi9oeFFnZ2VQYUdZVzdSUUh5OHV5ZnREaHZ2bk5zRjZibjFzNTQ4WGtmeW96dGhWMA0K WUZKeVlXVVFyVnNjbTM5VGwwT09GSjRlUlNVUlU4ZWc1TkFTdVVRQW5HbTNNYTEzeHZ0RkZ4OEp4 MW13Y01jZg0KSGhsQkx6aG12c2g4RWRDZy93V1NTK1BtRDZRVXd2NzlLY3BKMjFEY0RtaDhZbHBL VHBnT2tVNVVKelhJZk52dQ0KaG5uNTQyOTV3QU5iRE5QVXJqWXlkTVdrRnFDei9KeG1yeTBQLzhY dVlYSXROYmc1SWRvPQ0KPWxvWVQNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K --b1_bqlWVBJFFpdDPXWzuVv4Sbw8of9oHqNZBSjRct5izU--