diff options
| author | Brent Cook <bcook@cvs.openbsd.org> | 2015-09-10 07:58:29 +0000 |
|---|---|---|
| committer | Brent Cook <bcook@cvs.openbsd.org> | 2015-09-10 07:58:29 +0000 |
| commit | 42e37eaa046da63f0314b29260ebeb6d8b6e88e1 (patch) | |
| tree | 43a1daa4b2b879a217d19ed125a0f5800bd898fd | |
| parent | 7a4d50b5172f32587c1d87d664f85625de6719b4 (diff) | |
Fix an incorrect error check in DSA verify.
From Matt Caswell's OpenSSL commit "RT3192: spurious error in DSA verify".
https://github.com/openssl/openssl/commit/eb63bce040d1cc6147d256f516b59552c018e29b
| -rw-r--r-- | lib/libssl/src/crypto/dsa/dsa_ossl.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/libssl/src/crypto/dsa/dsa_ossl.c b/lib/libssl/src/crypto/dsa/dsa_ossl.c index 03124c87a06..7c0a7802b03 100644 --- a/lib/libssl/src/crypto/dsa/dsa_ossl.c +++ b/lib/libssl/src/crypto/dsa/dsa_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ossl.c,v 1.22 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: dsa_ossl.c,v 1.23 2015/09/10 07:58:28 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -396,9 +396,7 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) ret = BN_ucmp(&u1, sig->r) == 0; err: - /* XXX: surely this is wrong - if ret is 0, it just didn't verify; - there is no error in BN. Test should be ret == -1 (Ben) */ - if (ret != 1) + if (ret < 0) DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); BN_CTX_free(ctx); BN_free(&u1); |