On 26-07-19 22:39, selva.n...@gmail.com wrote:
> From: Selva Nair <selva.n...@gmail.com>
>
> Fixes the wrong check on siglen instead of *siglen for
> signing failures.
>
> Bug reported by: lilulo <lil...@gmail.com>
>
> Signed-off-by: Selva Nair <selva.n...@gmail.com>
> ---
>
> 2.4 will need a separate patch
>
> src/openvpn/cryptoapi.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
> index 0c11712e..2f2eee77 100644
> --- a/src/openvpn/cryptoapi.c
> +++ b/src/openvpn/cryptoapi.c
> @@ -499,7 +499,7 @@ rsa_sign_CNG(int type, const unsigned char *m, unsigned
> int m_len,
> *siglen = priv_enc_CNG(cd, alg, m, (int)m_len, sig, RSA_size(rsa),
> cng_padding_type(padding), 0);
>
> - return (siglen == 0) ? 0 : 1;
> + return (*siglen == 0) ? 0 : 1;
> }
>
> /* decrypt */
> @@ -973,7 +973,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
> size_t *siglen,
> *siglen = priv_enc_CNG(cd, alg, tbs, (int)tbslen, sig, *siglen,
> cng_padding_type(padding), (DWORD)saltlen);
>
> - return (siglen == 0) ? 0 : 1;
> + return (*siglen == 0) ? 0 : 1;
> }
>
> #endif /* OPENSSL_VERSION >= 1.1.0 */
>
Acked-by: Steffan Karger <stef...@karger.me>
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
