Message ID | 1535544286-29638-1-git-send-email-steffan.karger@fox-it.com |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] mbedtls: print warning if random personalisation fails | expand |
On 29/08/18 20:04, Steffan Karger wrote: > ... instead of when it doesn't fail. Looks like 'someone' mixed up the > mbedtls return style (0 means success) with the openvpn internal return > style (true means success). > > Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Antonio Quartulli <a@unstable.cc> I guess at some point we should also convert all these functions returning int to bool, because the latter is the meaning we are giving to the return value. Cheers,
Your patch has been applied to the master and release/2.4 branch (bugfix). commit dd1da0e485a3d161feb5230b6aa57df11ea72705 (master) commit 0c6323cd07364b6b3be5bd0d12b18554a073a079 (release/2.4) Author: Steffan Karger Date: Wed Aug 29 14:04:46 2018 +0200 mbedtls: print warning if random personalisation fails Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Antonio Quartulli <antonio@openvpn.net> Message-Id: <1535544286-29638-1-git-send-email-steffan.karger@fox-it.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17428.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 8e31980..ef83e65 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -853,7 +853,7 @@ tls_ctx_personalise_random(struct tls_root_ctx *ctx) const md_kt_t *sha256_kt = md_kt_get("SHA256"); mbedtls_x509_crt *cert = ctx->crt_chain; - if (0 != md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash)) + if (!md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash)) { msg(M_WARN, "WARNING: failed to personalise random"); }
... instead of when it doesn't fail. Looks like 'someone' mixed up the mbedtls return style (0 means success) with the openvpn internal return style (true means success). Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> --- src/openvpn/ssl_mbedtls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)