RT3192: spurious error in DSA verify

This is funny; Ben commented in the source, Matt opend a ticket, and Rich is doing the submit. Need more code-review? :) Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit eb63bce040d1cc6147d256f516b59552c018e29b)
author: Matt Caswell <matt@openssl.org> 2014-09-09 16:50:06 -0400
committer: Rich Salz <rsalz@openssl.org> 2014-09-09 17:10:57 -0400
commit: f33ce36aff4c0957dad2427814bd944d5c5d93c3 (patch)
tree: 33e4a4555077fcf2448f8232cb7ecb249a446f2d
parent: e61c648fd6b3b8ed4b9dc7b0a9da3c93a93c66f2 (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index b3d78e524c..0c517c3b5d 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -387,9 +387,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 	ret=(BN_ucmp(&u1, sig->r) == 0);
 
 	err:
-	/* XXX: surely this is wrong - if ret is 0, it just didn't verify;
-	   there is no error in BN. Test should be ret == -1 (Ben) */
-	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
+	if (ret < 0) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
 	if (ctx != NULL) BN_CTX_free(ctx);
 	BN_free(&u1);
 	BN_free(&u2);
author	Matt Caswell <matt@openssl.org>	2014-09-09 16:50:06 -0400
committer	Rich Salz <rsalz@openssl.org>	2014-09-09 17:10:57 -0400
commit	f33ce36aff4c0957dad2427814bd944d5c5d93c3 (patch)
tree	33e4a4555077fcf2448f8232cb7ecb249a446f2d
parent	e61c648fd6b3b8ed4b9dc7b0a9da3c93a93c66f2 (diff)