PR: 2058

Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct EVP_DigestVerifyFinal error handling.

diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 83711d8af4c9250310ec53e506d4fd498b208fb5..77fbd1359679fd9504b9256e85e8d806fed8a2f7 100644 (file)
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -800,7 +800,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
                }
        r = EVP_DigestVerifyFinal(&mctx,
                        si->signature->data, si->signature->length);
-       if (!r)
+       if (r <= 0)
                CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
        err:
        EVP_MD_CTX_cleanup(&mctx);