> On Jan 15, 2015, at 3:41 AM, Jeffrey Walton <noloader at gmail.com> wrote: > > According to the man pages on EVP_DigestVerifyFinal > (https://www.openssl.org/docs/crypto/EVP_DigestVerifyInit.html): > > EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for > success and 0 or a negative value for failure... > > I have an unexplained failure in EVP_DigestVerifyInit (i.e., its not > returning 1). > > Looking at apps/dgst.c, around line 580: > > if(sigin) > { > EVP_MD_CTX *ctx; > BIO_get_md_ctx(bp, &ctx); > i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); > if(i > 0) > BIO_printf(out, "Verified OK\n"); > else if(i == 0) > { > BIO_printf(out, "Verification Failure\n"); > return 1; > } > else > { > BIO_printf(bio_err, "Error Verifying Data\n"); > ERR_print_errors(bio_err); > return 1; > } > return 0; > } > > So does EVP_DigestVerifyInit return 1 on success, or does it return > something else? If its 1, then digst.c is wrong. If its something else > (like >0), then the docs are wrong. IIRC (from when I looked at it before replying on a different list to you), it only returns 1 on success and 0 on failure. I suspect the author of the apps code modified it to check for > 0, because a while back, it was determined that a few functions that used to only return 1 for success and 0 for failure were updated to return other > 0 values for success and some < 0 values for failure, which caused some of openssl apps to . This kind of check "future-proofs" the app code from such a future change. TOM > Is anyone familiar with this function who can comment? > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
