GitList

Browse code

mbedtls: print warning if random personalisation fails

... instead of when it doesn't fail. Looks like 'someone' mixed up the
mbedtls return style (0 means success) with the openvpn internal return
style (true means success).

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1535544286-29638-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17428.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Steffan Karger authored on 2018/08/29 21:04:46
Showing 1 changed files

src/openvpn/ssl_mbedtls.c index 8e31980..ef83e65 100644

src/openvpn/ssl_mbedtls.c

History View file @ dd1da0e

@@ -853,7 +853,7 @@ tls_ctx_personalise_random(struct tls_root_ctx *ctx)
         const md_kt_t *sha256_kt = md_kt_get("SHA256");
         mbedtls_x509_crt *cert = ctx->crt_chain;
 
-        if (0 != md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
+        if (!md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
         {
             msg(M_WARN, "WARNING: failed to personalise random");
         }

...	...	@@ -853,7 +853,7 @@ tls_ctx_personalise_random(struct tls_root_ctx *ctx)
853	853	const md_kt_t *sha256_kt = md_kt_get("SHA256");
854	854	mbedtls_x509_crt *cert = ctx->crt_chain;
855	855
856		- if (0 != md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
	856	+ if (!md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
857	857	{
858	858	msg(M_WARN, "WARNING: failed to personalise random");
859	859	}