search for: restlen

...; + } +} + +/* Check that the user is allowed to access the path for the purpose reason. + * This implements the RestrictDirectory option. + * Return true if allowed. + * Log failed access attempts. + */ +static int +allowed_access(char* path, char* reason) +{ + char resolvedname[MAXPATHLEN]; + int restlen; + + if( ! RestrictDirectory) /* No restriction, allow */ + return(1); + + /* If we can't convert the name - deem it an error */ + if( ! realpath(path, resolvedname)) { + error("Can't get realpath on %.100s as: %s", path, strerror(errno)); + return(0); + } + + restlen = strlen(...

...gt; + fatal("EVP_VerifyInit() failed: %s (reason: %s)", > + errorbuf, ERR_reason_error_string(err)); You should use "EVP_sha256()" instead of "EVP_ecdsa()" here (we have a ECDSA signature on the SHA256 hash) > + if ((err = EVP_VerifyFinal(&mdctx, walk, restlen, pkey)) == -1) { > + ERR_error_string(ERR_get_error(), errorbuf); > + error("Verifying the U2F registration signature failed: %s (reason: %s)", > + errorbuf, ERR_reason_error_string(err)); > + goto out; > + } You test EVP_VerifyFinal() only against "-1". Th...