diff options
author | Matt Caswell <matt@openssl.org> | 2014-09-09 16:50:06 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2014-09-09 17:10:15 -0400 |
commit | eb63bce040d1cc6147d256f516b59552c018e29b (patch) | |
tree | 0c8b66c59a65430ba709768b787c534a44f4a8be /crypto/dsa | |
parent | c939cca1a351711a6c8f017f216916c10c7a1559 (diff) | |
download | openssl-eb63bce040d1cc6147d256f516b59552c018e29b.tar.gz |
RT3192: spurious error in DSA verify
This is funny; Ben commented in the source, Matt opend a ticket,
and Rich is doing the submit. Need more code-review? :)
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'crypto/dsa')
-rw-r--r-- | crypto/dsa/dsa_ossl.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index edaee59877..846e16275b 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -449,9 +449,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, ret=(BN_ucmp(&u1, sig->r) == 0); err: - /* XXX: surely this is wrong - if ret is 0, it just didn't verify; - there is no error in BN. Test should be ret == -1 (Ben) */ - if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); + if (ret < 0) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); if (ctx != NULL) BN_CTX_free(ctx); BN_free(&u1); BN_free(&u2); |