From f33ce36aff4c0957dad2427814bd944d5c5d93c3 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 9 Sep 2014 16:50:06 -0400 Subject: [PATCH] RT3192: spurious error in DSA verify This is funny; Ben commented in the source, Matt opend a ticket, and Rich is doing the submit. Need more code-review? :) Reviewed-by: Dr. Stephen Henson (cherry picked from commit eb63bce040d1cc6147d256f516b59552c018e29b) --- crypto/dsa/dsa_ossl.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index b3d78e524c..0c517c3b5d 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -387,9 +387,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, ret=(BN_ucmp(&u1, sig->r) == 0); err: - /* XXX: surely this is wrong - if ret is 0, it just didn't verify; - there is no error in BN. Test should be ret == -1 (Ben) */ - if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); + if (ret < 0) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); if (ctx != NULL) BN_CTX_free(ctx); BN_free(&u1); BN_free(&u2); -- 2.25.1