diff options
| author | bcook <> | 2015-09-10 07:58:28 +0000 |
|---|---|---|
| committer | bcook <> | 2015-09-10 07:58:28 +0000 |
| commit | a57a02cff3b4a8e50efcf63a01ff0b7176072766 (patch) | |
| tree | 3fcadaa674ef002d3ed4c2f44aba2df103221bae | |
| parent | 042de14de6bff7126905d195e21ff1dc271dd087 (diff) | |
| download | openbsd-a57a02cff3b4a8e50efcf63a01ff0b7176072766.tar.gz openbsd-a57a02cff3b4a8e50efcf63a01ff0b7176072766.tar.bz2 openbsd-a57a02cff3b4a8e50efcf63a01ff0b7176072766.zip | |
Fix an incorrect error check in DSA verify.
From Matt Caswell's OpenSSL commit "RT3192: spurious error in DSA verify".
https://github.com/openssl/openssl/commit/eb63bce040d1cc6147d256f516b59552c018e29b
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_ossl.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/dsa/dsa_ossl.c | 6 |
2 files changed, 4 insertions, 8 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 03124c87a0..7c0a7802b0 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_ossl.c,v 1.22 2014/10/18 17:20:40 jsing Exp $ */ | 1 | /* $OpenBSD: dsa_ossl.c,v 1.23 2015/09/10 07:58:28 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -396,9 +396,7 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) | |||
| 396 | ret = BN_ucmp(&u1, sig->r) == 0; | 396 | ret = BN_ucmp(&u1, sig->r) == 0; |
| 397 | 397 | ||
| 398 | err: | 398 | err: |
| 399 | /* XXX: surely this is wrong - if ret is 0, it just didn't verify; | 399 | if (ret < 0) |
| 400 | there is no error in BN. Test should be ret == -1 (Ben) */ | ||
| 401 | if (ret != 1) | ||
| 402 | DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); | 400 | DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); |
| 403 | BN_CTX_free(ctx); | 401 | BN_CTX_free(ctx); |
| 404 | BN_free(&u1); | 402 | BN_free(&u1); |
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c index 03124c87a0..7c0a7802b0 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_ossl.c,v 1.22 2014/10/18 17:20:40 jsing Exp $ */ | 1 | /* $OpenBSD: dsa_ossl.c,v 1.23 2015/09/10 07:58:28 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -396,9 +396,7 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) | |||
| 396 | ret = BN_ucmp(&u1, sig->r) == 0; | 396 | ret = BN_ucmp(&u1, sig->r) == 0; |
| 397 | 397 | ||
| 398 | err: | 398 | err: |
| 399 | /* XXX: surely this is wrong - if ret is 0, it just didn't verify; | 399 | if (ret < 0) |
| 400 | there is no error in BN. Test should be ret == -1 (Ben) */ | ||
| 401 | if (ret != 1) | ||
| 402 | DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); | 400 | DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); |
| 403 | BN_CTX_free(ctx); | 401 | BN_CTX_free(ctx); |
| 404 | BN_free(&u1); | 402 | BN_free(&u1); |