Fix BN_is_prime_* calls in libcrypto, the API returns -1 on error.

From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, jsing
author: tb <> 2019-01-20 01:56:59 +0000
committer: tb <> 2019-01-20 01:56:59 +0000
commit: d5dab9ba75c9c829a61151d8cec3e00e899ad4b6 (patch)
tree: bfc6c5227373c64986b6ae8eff3cee860afaca04 /src/lib/libcrypto/dsa
parent: 671ab30bb97f4c2f8f2e37b40cd8456b45836c74 (diff)
download: openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.tar.gz
openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.tar.bz2
openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 26d81eed7b..85ef234bb9 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.26 2018/08/24 20:22:15 tb Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.27 2019/01/20 01:56:59 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -515,7 +515,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
         * Check that q is not a composite number.
         */
-        if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) == 0) {
+        if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) <= 0) {
                DSAerror(DSA_R_BAD_Q_VALUE);
                goto err;
        }
@@ -525,7 +525,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
        EVP_PKEY_assign_DSA(pkey, dsa);
        return 1;
-err:
+ err:
        BN_CTX_free(ctx);
        DSA_free(dsa);
        return 0;
author	tb <>	2019-01-20 01:56:59 +0000
committer	tb <>	2019-01-20 01:56:59 +0000
commit	d5dab9ba75c9c829a61151d8cec3e00e899ad4b6 (patch)
tree	bfc6c5227373c64986b6ae8eff3cee860afaca04 /src/lib/libcrypto/dsa
parent	671ab30bb97f4c2f8f2e37b40cd8456b45836c74 (diff)
download	openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.tar.gz openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.tar.bz2 openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.zip

diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c index 26d81eed7b..85ef234bb9 100644 --- a/src/lib/libcrypto/dsa/dsa_ameth.c +++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_ameth.c,v 1.26 2018/08/24 20:22:15 tb Exp $ */	1	/* $OpenBSD: dsa_ameth.c,v 1.27 2019/01/20 01:56:59 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -515,7 +515,7 @@ old_dsa_priv_decode(EVP_PKEY pkey, const unsigned char *pder, int derlen)
515	* Check that q is not a composite number.	515	* Check that q is not a composite number.
516	*/	516	*/
517		517
518	if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) == 0) {	518	if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) <= 0) {
519	DSAerror(DSA_R_BAD_Q_VALUE);	519	DSAerror(DSA_R_BAD_Q_VALUE);
520	goto err;	520	goto err;
521	}	521	}
@@ -525,7 +525,7 @@ old_dsa_priv_decode(EVP_PKEY pkey, const unsigned char *pder, int derlen)
525	EVP_PKEY_assign_DSA(pkey, dsa);	525	EVP_PKEY_assign_DSA(pkey, dsa);
526	return 1;	526	return 1;
527		527
528	err:	528	err:
529	BN_CTX_free(ctx);	529	BN_CTX_free(ctx);
530	DSA_free(dsa);	530	DSA_free(dsa);
531	return 0;	531	return 0;