[openssl-users] EVP_DigestVerifyFinal return code?
Tom Francis
thomas.francis.jr at pobox.com
Thu Jan 15 19:13:46 UTC 2015
> On Jan 15, 2015, at 3:41 AM, Jeffrey Walton <noloader at gmail.com> wrote:
>
> According to the man pages on EVP_DigestVerifyFinal
> (https://www.openssl.org/docs/crypto/EVP_DigestVerifyInit.html):
>
> EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for
> success and 0 or a negative value for failure...
>
> I have an unexplained failure in EVP_DigestVerifyInit (i.e., its not
> returning 1).
>
> Looking at apps/dgst.c, around line 580:
>
> if(sigin)
> {
> EVP_MD_CTX *ctx;
> BIO_get_md_ctx(bp, &ctx);
> i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
> if(i > 0)
> BIO_printf(out, "Verified OK\n");
> else if(i == 0)
> {
> BIO_printf(out, "Verification Failure\n");
> return 1;
> }
> else
> {
> BIO_printf(bio_err, "Error Verifying Data\n");
> ERR_print_errors(bio_err);
> return 1;
> }
> return 0;
> }
>
> So does EVP_DigestVerifyInit return 1 on success, or does it return
> something else? If its 1, then digst.c is wrong. If its something else
> (like >0), then the docs are wrong.
IIRC (from when I looked at it before replying on a different list to you), it only returns 1 on success and 0 on failure. I suspect the author of the apps code modified it to check for > 0, because a while back, it was determined that a few functions that used to only return 1 for success and 0 for failure were updated to return other > 0 values for success and some < 0 values for failure, which caused some of openssl apps to . This kind of check "future-proofs" the app code from such a future change.
TOM
> Is anyone familiar with this function who can comment?
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
More information about the openssl-users
mailing list