Correct the return value of cryptoapi RSA signature callbacks

Fixes the wrong check on siglen instead of *siglen for
signing failures.

Bug reported by: lilulo <lilulo@gmail.com>

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1564173557-11776-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18706.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index 0c11712ef7ebdbc4f0a97032cd9a2c3bfcd5a772..2f2eee771d0d2b43049b207b832db67517d97c39 100644 (file)
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -499,7 +499,7 @@ rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len,
     *siglen = priv_enc_CNG(cd, alg, m, (int)m_len, sig, RSA_size(rsa),
                            cng_padding_type(padding), 0);
 
-    return (siglen == 0) ? 0 : 1;
+    return (*siglen == 0) ? 0 : 1;
 }
 
 /* decrypt */
@@ -973,7 +973,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     *siglen = priv_enc_CNG(cd, alg, tbs, (int)tbslen, sig, *siglen,
                            cng_padding_type(padding), (DWORD)saltlen);
 
-    return (siglen == 0) ? 0 : 1;
+    return (*siglen == 0) ? 0 : 1;
 }
 
 #endif /* OPENSSL_VERSION >= 1.1.0 */