diff options
author | Matt Caswell <matt@openssl.org> | 2017-06-23 11:40:47 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-06-23 17:23:52 +0100 |
commit | 25ffeb11ea86bdc76db150c504550602a9acc9bc (patch) | |
tree | d6ce5054049cf0be01dd45dd5770f5b0f621654f /ssl | |
parent | cfba06758ea8ab49118dedd88fd3b2437aebf7b7 (diff) |
Fix another EVP_DigestVerify() instance
Following on from the previous commit this fixes another instance where
we need to treat a -ve return from EVP_DigestVerify() as a bad signature.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3756)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_lib.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 63d8953164..5cd17f2836 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -459,10 +459,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } } else { j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen); - if (j < 0) { - SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); - goto f_err; - } else if (j == 0) { + if (j <= 0) { al = SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE); goto f_err; |