summaryrefslogtreecommitdiff
path: root/lib/libcrypto
diff options
context:
space:
mode:
authorBrent Cook <bcook@cvs.openbsd.org>2015-09-10 07:58:29 +0000
committerBrent Cook <bcook@cvs.openbsd.org>2015-09-10 07:58:29 +0000
commit6d1250abdf644c43086041ee603d0cafbd77e146 (patch)
treece435e05b0d6e184667b25abcc10b6f543a6f2fa /lib/libcrypto
parentec6aff838fb43ed243e3bae958827eeb28913ea4 (diff)
Fix an incorrect error check in DSA verify.
From Matt Caswell's OpenSSL commit "RT3192: spurious error in DSA verify". https://github.com/openssl/openssl/commit/eb63bce040d1cc6147d256f516b59552c018e29b
Diffstat (limited to 'lib/libcrypto')
-rw-r--r--lib/libcrypto/dsa/dsa_ossl.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c
index 03124c87a06..7c0a7802b03 100644
--- a/lib/libcrypto/dsa/dsa_ossl.c
+++ b/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.22 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.23 2015/09/10 07:58:28 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -396,9 +396,7 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
ret = BN_ucmp(&u1, sig->r) == 0;
err:
- /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
- there is no error in BN. Test should be ret == -1 (Ben) */
- if (ret != 1)
+ if (ret < 0)
DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
BN_CTX_free(ctx);
BN_free(&u1);
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-30 03:12:48 +0000