[Rpm-maint] [rpm-software-management/rpm] Improve the OpenSSL crypto backend (#1610)

Demi Marie Obenour notifications at github.com
Mon Feb 14 17:32:39 UTC 2022


@DemiMarie commented on this pull request.



>  
-    ret = EVP_PKEY_verify_init(pkey_ctx);
-    if (ret < 0) {
-        rc = 1;
+    if (EVP_PKEY_verify_init(pkey_ctx) <= 0)

`man 3ssl EVP_PKEY_verify` states that 0 and negative numbers are error conditions.  That said, `!= 1` might be clearer.

>  
-    ret = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PADDING);
-    if (ret < 0) {
-        rc = 1;
+    if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PADDING) <= 0)

According to `man 3ssl EVP_PKEY_CTX_set_rsa_padding` 0 or a negative value indicates an error, and any positive 
value indicates success.  So this is the _only_ correct way to check for an error.

>  
     int pkey_len = EVP_PKEY_size(key->evp_pkey);
     padded_sig = xcalloc(1, pkey_len);
-    if (!BN_bn2binpad(sig->bn, padded_sig, pkey_len)) {
-        rc = 1;
+    if (BN_bn2binpad(sig->bn, padded_sig, pkey_len) <= 0)

According to `man 3ssl BN_bin2binpad` a return value of -1 indicates an error, so the original code is wrong.

>      EVP_PKEY *evp_pkey; /* Fully constructed key */
+    unsigned int poison: 1; /* if set, this key cannot be mutated */

1 is the length of a bit-field, not a default value.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1610#discussion_r806010195
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1610/review/881866209 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220214/514b7a95/attachment.html>


More information about the Rpm-maint mailing list