CVSROOT: /cvs Module name: src Changes by: mi...@cvs.openbsd.org 2011/08/27 10:29:20
Modified files:
sbin/iked : crypto.c
Log message:
Under certain circumstances iked can be tricked to bypass a signature
verification caused by the incorrect check of the EVP_VerifyFinal
return value. Issue was discovered and reported by Justin Ferguson,
justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
