2522. [security] Handle -1 from DSA_do_verify() and EVP_verify().

author Mark Andrews <marka@isc.org>

Wed, 24 Dec 2008 00:20:14 +0000 (00:20 +0000)

committer Mark Andrews <marka@isc.org>

Wed, 24 Dec 2008 00:20:14 +0000 (00:20 +0000)
author Mark Andrews <marka@isc.org>
Wed, 24 Dec 2008 00:20:14 +0000 (00:20 +0000)
committer Mark Andrews <marka@isc.org>
Wed, 24 Dec 2008 00:20:14 +0000 (00:20 +0000)
diff --git a/CHANGES b/CHANGES

index 81896a7dd1a0063af0fc1f4d0c76c7914e624caf..ea8e9dd37b453d30986b5432a791cbc38a18436c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+        --- 9.6.0-P1 released ---
+
+2522.  [security]      Handle -1 from DSA_do_verify() and EVP_verify().
  
         --- 9.6.0 released ---
  
diff --git a/lib/dns/api b/lib/dns/api

index 39934b4fbd2cdbf39f478fa23cdb82d20d3415a3..fbbf923b5324c0681c4e314920c6f226b0344687 100644 (file)
--- a/lib/dns/api
+++ b/lib/dns/api
@@ -1,3 +1,3 @@
  LIBINTERFACE = 50
-LIBREVISION = 2
+LIBREVISION = 3
  LIBAGE = 0
diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c

index f4eb1125d9f92537217cd357db5bee7f7cc51149..2e121ef676be21af17ca5e264e1792cf2edcd557 100644 (file)
--- a/lib/dns/openssldsa_link.c
+++ b/lib/dns/openssldsa_link.c
@@ -29,7 +29,7 @@
   * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   */
  
-/* $Id: openssldsa_link.c,v 1.13 2008/04/01 23:47:10 tbox Exp $ */
+/* $Id: openssldsa_link.c,v 1.13.126.1 2008/12/24 00:20:14 marka Exp $ */
  
  #ifdef OPENSSL
  #ifndef USE_EVP
@@ -277,7 +277,7 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
         status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
  #endif
         DSA_SIG_free(dsasig);
-       if (status == 0)
+       if (status != 1)
                 return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
  
         return (ISC_R_SUCCESS);
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c

index aee7d21aea6cf204df050038d1263d4abfe92239..aa5fb34ed8f4c3e27495d28bfeacd766a40143b2 100644 (file)
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -17,7 +17,7 @@
  
  /*
   * Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.20 2008/09/24 02:46:22 marka Exp $
+ * $Id: opensslrsa_link.c,v 1.20.56.1 2008/12/24 00:20:14 marka Exp $
   */
  #ifdef OPENSSL
  #ifndef USE_EVP
@@ -325,7 +325,7 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
         status = RSA_verify(type, digest, digestlen, sig->base,
                             RSA_size(rsa), rsa);
  #endif
-       if (status == 0)
+       if (status != 1)
                 return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
  
         return (ISC_R_SUCCESS);
diff --git a/version b/version

index 3e3dacd0cd6d7360208b85873abf7a8a66195eb3..f08d666155cba5cbd85c1fd0be69a625adff442b 100644 (file)
--- a/version
+++ b/version
@@ -1,4 +1,4 @@
-# $Id: version,v 1.43.12.2 2008/12/21 22:21:57 marka Exp $
+# $Id: version,v 1.43.12.2.2.1 2008/12/24 00:20:14 marka Exp $
  # 
  # This file must follow /bin/sh rules.  It is imported directly via
  # configure.
@@ -6,5 +6,5 @@
  MAJORVER=9
  MINORVER=6
  PATCHVER=0
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1
author	Mark Andrews <marka@isc.org>
	Wed, 24 Dec 2008 00:20:14 +0000 (00:20 +0000)
committer	Mark Andrews <marka@isc.org>
	Wed, 24 Dec 2008 00:20:14 +0000 (00:20 +0000)
CHANGES		patch \| blob \| blame \| history
lib/dns/api		patch \| blob \| blame \| history
lib/dns/openssldsa_link.c		patch \| blob \| blame \| history
lib/dns/opensslrsa_link.c		patch \| blob \| blame \| history
version		patch \| blob \| blame \| history