Sorry, that's out of the iked code path for ikev2, pulled out of ftp://ftp.irisa.fr/pub/OpenBSD/src/sbin/iked/crypto.c
Justin ________________________________________ From: Justin Ferguson Sent: Friday, August 26, 2011 2:22 AM To: [email protected] Subject: IKEv2 & openssl I think you guys will want to check your usage of the OpenSSL APIs in iked/ikev2 for stuff like this: ssize_t dsa_verify_final(struct iked_dsa *dsa, void *buf, size_t len) { u_int8_t sig[EVP_MAX_MD_SIZE]; u_int siglen = sizeof(sig); if (dsa->dsa_hmac) { HMAC_Final(dsa->dsa_ctx, sig, &siglen); if (siglen != len || memcmp(buf, sig, siglen) != 0) return (-1); } else { if (!EVP_VerifyFinal(dsa->dsa_ctx, buf, len, dsa->dsa_key)) { ca_sslerror(); return (-1); } } return (0); } "RETURN VALUES EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for failure. EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some other error occurred. " Furthermore, some background can be found in CVE-2009-0021 or http://xorl.wordpress.com/2009/03/11/cve-2009-0021-ntp-ssltls-validation-bypa ss/ Cheers, Justin N. Ferguson
