From d21ecd71c0227c39178375c8204f63ff7b5987ec Mon Sep 17 00:00:00 2001 From: ihsinme Date: Tue, 8 Nov 2022 14:30:45 +0300 Subject: [PATCH 1/2] dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure In 'dh_genprime.c', the following condition can be found inside an 'if' statement: ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 As the '!=' operator binds closer than the assignment operator ('='), the value assigned to 'ret' will be the boolean result of the comparison (0 or 1) instead of the status code returned by 'mbedtls_mpi_write_file'. This means that the above statement is actually equivalent to: ret = ( mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 ) What we want instead is for the the status code to be assigned to 'ret'. If the value assigned is non-zero, it will be 'truthy' and the 'if' branch will be taken. ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) ) != 0 This PR fixes the issue by explicitly specifying the precedence of operations with parentheses. Signed-off-by: ihsinme --- programs/pkey/dh_genprime.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 2e696e574..331838bb4 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -157,8 +157,8 @@ int main( int argc, char **argv ) goto exit; } - if( ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 ) || - ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) ) + if( ( ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) ) != 0 ) || + ( ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) ) != 0 ) ) { mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); fclose( fout ); From bd2bfa92bd679983c0fff75fe5b39811ab393ca4 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Thu, 10 Nov 2022 14:07:20 +0000 Subject: [PATCH 2/2] Add Changelog entry Signed-off-by: Aditya Deshpande --- ChangeLog.d/fix_dh_genprime_error_reporting.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix_dh_genprime_error_reporting.txt diff --git a/ChangeLog.d/fix_dh_genprime_error_reporting.txt b/ChangeLog.d/fix_dh_genprime_error_reporting.txt new file mode 100644 index 000000000..1c98947f3 --- /dev/null +++ b/ChangeLog.d/fix_dh_genprime_error_reporting.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix bug in error reporting in dh_genprime.c where upon failure, + the error code returned by mbedtls_mpi_write_file() is overwritten + and therefore not printed.