From b148517c6bf47fa2f0d049b1e9c446c1f14c501b Mon Sep 17 00:00:00 2001
From: ambiso <ambiso@invalid>
Date: Tue, 23 Oct 2018 23:20:17 +0200
Subject: [PATCH] openssl: Fix invalid keyid length check

Check was designed for base64 conversion, however a hex conversion is
being performed, which requires more memory.
---
 src/libstrongswan/plugins/openssl/openssl_plugin.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 8b0a7c5c7..c9196804e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -405,7 +405,7 @@ static private_key_t *openssl_private_key_connect(key_type_t type,
 	{
 		snprintf(keyname, sizeof(keyname), "%d:", slot);
 	}
-	if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1)
+	if (sizeof(keyname) - strlen(keyname) <= keyid.len * 2 + 1)
 	{
 		return NULL;
 	}