From 4d359baaefb1597abf730cf3a09574e1e03d620b Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 20 Jan 2019 01:56:59 +0000
Subject: Fix BN_is_prime_* calls in libcrypto, the API returns -1 on error.

From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.

ok djm, jsing
---
 src/lib/libcrypto/dsa/dsa_ameth.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib/libcrypto/dsa')

diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 26d81eed7b..85ef234bb9 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.26 2018/08/24 20:22:15 tb Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.27 2019/01/20 01:56:59 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -515,7 +515,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
 	 * Check that q is not a composite number.
 	 */
 
-	if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) == 0) {
+	if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) <= 0) {
 		DSAerror(DSA_R_BAD_Q_VALUE);
 		goto err;
 	}
@@ -525,7 +525,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
 	EVP_PKEY_assign_DSA(pkey, dsa);
 	return 1;
 
-err:
+ err:
 	BN_CTX_free(ctx);
 	DSA_free(dsa);
 	return 0;
-- 
cgit v1.2.3-55-g6feb