From: Steffan Karger <steffan.karger@fox-it.com>
Date: Wed, 29 Aug 2018 12:04:46 +0000 (+0200)
Subject: mbedtls: print warning if random personalisation fails
X-Git-Tag: v2.4.7~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c6323cd07364b6b3be5bd0d12b18554a073a079;p=thirdparty%2Fopenvpn.git

mbedtls: print warning if random personalisation fails

... instead of when it doesn't fail.  Looks like 'someone' mixed up the
mbedtls return style (0 means success) with the openvpn internal return
style (true means success).

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1535544286-29638-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17428.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit dd1da0e485a3d161feb5230b6aa57df11ea72705)
---

diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 3f579e1e8..66e529fa8 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -853,7 +853,7 @@ tls_ctx_personalise_random(struct tls_root_ctx *ctx)
         const md_kt_t *sha256_kt = md_kt_get("SHA256");
         mbedtls_x509_crt *cert = ctx->crt_chain;
 
-        if (0 != md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
+        if (!md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
         {
             msg(M_WARN, "WARNING: failed to personalise random");
         }