From 460e5cdf430372df3fff366ff7085cfd4afe8818 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 15 Jul 2016 11:36:31 +0300 Subject: [PATCH] OpenSSL: Fix OpenSSL 1.1.0 DH operation Commit 49fe2ada20d5fd53c0388442d23e7f03086f4d57 ('OpenSSL: Support OpenSSL 1.1.0 DH opacity') started using the new accessor functions, but used incorrect success check for the DH_set0_key() call. This resulted in dh5_init_fixed() failures and double-free on error path if the build was linked against OpenSSL 1.1.0. Fix this by checking DH_set0_key() return value to be 1 for the success case. Signed-off-by: Jouni Malinen --- src/crypto/crypto_openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index fde154faf..7f33686f8 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -754,7 +754,7 @@ err: priv_key = BN_bin2bn(wpabuf_head(priv), wpabuf_len(priv), NULL); pub_key = BN_bin2bn(wpabuf_head(publ), wpabuf_len(publ), NULL); - if (!priv_key || !pub_key || DH_set0_key(dh, pub_key, priv_key) != 0) + if (!priv_key || !pub_key || DH_set0_key(dh, pub_key, priv_key) != 1) goto err; pub_key = NULL; priv_key = NULL; -- 2.47.2