Message ID | 1564197141-30513-1-git-send-email-selva.nair@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel,for,2.4] Correct the return value of cryptoapi RSA signature callbacks | expand |
On 27-07-19 05:12, selva.nair@gmail.com wrote: > From: Selva Nair <selva.nair@gmail.com> > > Fixes the wrong check on siglen instead of *siglen for > signing failures. > > Bug reported by: lilulo <lilulo@gmail.com> > > Signed-off-by: Selva Nair <selva.nair@gmail.com> > --- > src/openvpn/cryptoapi.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c > index 720fce09..35a9ebc4 100644 > --- a/src/openvpn/cryptoapi.c > +++ b/src/openvpn/cryptoapi.c > @@ -393,7 +393,7 @@ rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len, > } > > *siglen = priv_enc_CNG(cd, alg, m, (int)m_len, sig, RSA_size(rsa), padding); > - return (siglen == 0) ? 0 : 1; > + return (*siglen == 0) ? 0 : 1; > } > > /* decrypt */ > Acked-by: Steffan Karger <Steffan@karger.me>
And thanks again :-) - even less tested, just checking that this is indeed the only occurance of siglen/*siglen in 2.4 Your patch has been applied to the release/2.4 branch. commit eed67cf0e7f6cbe596495c2f83aeea7c15db0d6e Author: Selva Nair Date: Fri Jul 26 23:12:21 2019 -0400 Correct the return value of cryptoapi RSA signature callbacks Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1564197141-30513-1-git-send-email-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18708.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index 720fce09..35a9ebc4 100644 --- a/src/openvpn/cryptoapi.c +++ b/src/openvpn/cryptoapi.c @@ -393,7 +393,7 @@ rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len, } *siglen = priv_enc_CNG(cd, alg, m, (int)m_len, sig, RSA_size(rsa), padding); - return (siglen == 0) ? 0 : 1; + return (*siglen == 0) ? 0 : 1; } /* decrypt */