From: Selva Nair <selva.n...@gmail.com>
Fixes the wrong check on siglen instead of *siglen for
signing failures.
Bug reported by: lilulo <lil...@gmail.com>
Signed-off-by: Selva Nair <selva.n...@gmail.com>
---
2.4 will need a separate patch
src/openvpn/cryptoapi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index 0c11712e..2f2eee77 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -499,7 +499,7 @@ rsa_sign_CNG(int type, const unsigned char *m, unsigned int
m_len,
*siglen = priv_enc_CNG(cd, alg, m, (int)m_len, sig, RSA_size(rsa),
cng_padding_type(padding), 0);
- return (siglen == 0) ? 0 : 1;
+ return (*siglen == 0) ? 0 : 1;
}
/* decrypt */
@@ -973,7 +973,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t
*siglen,
*siglen = priv_enc_CNG(cd, alg, tbs, (int)tbslen, sig, *siglen,
cng_padding_type(padding), (DWORD)saltlen);
- return (siglen == 0) ? 0 : 1;
+ return (*siglen == 0) ? 0 : 1;
}
#endif /* OPENSSL_VERSION >= 1.1.0 */
--
2.20.1
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
