Fix an incorrect error check in DSA verify.

From Matt Caswell's OpenSSL commit "RT3192: spurious error in DSA verify". https://github.com/openssl/openssl/commit/eb63bce040d1cc6147d256f516b59552c018e29b
author: bcook <bcook@openbsd.org> 2015-09-10 07:58:28 +0000
committer: bcook <bcook@openbsd.org> 2015-09-10 07:58:28 +0000
commit: ba04b2cda7bc2539a17d5a64ea53178e4def3e73 (patch)
tree: 5756304269f0145cee92012d50e39c03dab534d2 /lib/libcrypto/dsa/dsa_ossl.c
parent: Missing prototype change in previous. (diff)
download: wireguard-openbsd-ba04b2cda7bc2539a17d5a64ea53178e4def3e73.tar.xz
wireguard-openbsd-ba04b2cda7bc2539a17d5a64ea53178e4def3e73.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c
index 03124c87a06..7c0a7802b03 100644
--- a/lib/libcrypto/dsa/dsa_ossl.c
+++ b/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.22 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.23 2015/09/10 07:58:28 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -396,9 +396,7 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
 	ret = BN_ucmp(&u1, sig->r) == 0;
 
 err:
-	/* XXX: surely this is wrong - if ret is 0, it just didn't verify;
-	   there is no error in BN. Test should be ret == -1 (Ben) */
-	if (ret != 1)
+	if (ret < 0)
 		DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
 	BN_CTX_free(ctx);
 	BN_free(&u1);
author	bcook <bcook@openbsd.org>	2015-09-10 07:58:28 +0000
committer	bcook <bcook@openbsd.org>	2015-09-10 07:58:28 +0000
commit	ba04b2cda7bc2539a17d5a64ea53178e4def3e73 (patch)
tree	5756304269f0145cee92012d50e39c03dab534d2 /lib/libcrypto/dsa/dsa_ossl.c
parent	Missing prototype change in previous. (diff)
download	wireguard-openbsd-ba04b2cda7bc2539a17d5a64ea53178e4def3e73.tar.xz wireguard-openbsd-ba04b2cda7bc2539a17d5a64ea53178e4def3e73.zip