Fix an incorrect error check in DSA verify.

From Matt Caswell's OpenSSL commit "RT3192: spurious error in DSA verify". https://github.com/openssl/openssl/commit/eb63bce040d1cc6147d256f516b59552c018e29b
author: bcook <> 2015-09-10 07:58:28 +0000
committer: bcook <> 2015-09-10 07:58:28 +0000
commit: 76fc9f6593a644ff05c58c3bb67790b09ce9fa31 (patch)
tree: 3fcadaa674ef002d3ed4c2f44aba2df103221bae /src/lib/libcrypto/dsa
parent: 9a710e6b0b5925912e852285e56469139f812864 (diff)
download: openbsd-76fc9f6593a644ff05c58c3bb67790b09ce9fa31.tar.gz
openbsd-76fc9f6593a644ff05c58c3bb67790b09ce9fa31.tar.bz2
openbsd-76fc9f6593a644ff05c58c3bb67790b09ce9fa31.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 03124c87a0..7c0a7802b0 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.22 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.23 2015/09/10 07:58:28 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -396,9 +396,7 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
        ret = BN_ucmp(&u1, sig->r) == 0;
 err:
-        /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
+        if (ret < 0)
-           there is no error in BN. Test should be ret == -1 (Ben) */
-        if (ret != 1)
                DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
        BN_CTX_free(ctx);
        BN_free(&u1);
author	bcook <>	2015-09-10 07:58:28 +0000
committer	bcook <>	2015-09-10 07:58:28 +0000
commit	76fc9f6593a644ff05c58c3bb67790b09ce9fa31 (patch)
tree	3fcadaa674ef002d3ed4c2f44aba2df103221bae /src/lib/libcrypto/dsa
parent	9a710e6b0b5925912e852285e56469139f812864 (diff)
download	openbsd-76fc9f6593a644ff05c58c3bb67790b09ce9fa31.tar.gz openbsd-76fc9f6593a644ff05c58c3bb67790b09ce9fa31.tar.bz2 openbsd-76fc9f6593a644ff05c58c3bb67790b09ce9fa31.zip