Initialised 'ok' and redo the logic.

The logic with how 'ok' was calculated didn't quite convey what's "ok",
so the logic is slightly redone to make it less confusing.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 06affe3dac65592a341547f5a47e52cedb7b71f8)

diff --git a/engines/ccgost/gost_sign.c b/engines/ccgost/gost_sign.c
index 073c5af0796396e7372d597e093fa14f8c7a62e4..4b5f49efea79427c31f6854348d42002797a2ae8 100644 (file)
--- a/engines/ccgost/gost_sign.c
+++ b/engines/ccgost/gost_sign.c
@@ -166,7 +166,7 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
     BIGNUM *q2 = NULL;
     BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
     BIGNUM *tmp2 = NULL, *tmp3 = NULL;
-    int ok;
+    int ok = 0;
     BN_CTX *ctx = BN_CTX_new();
     if(!ctx) {
         GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
@@ -207,9 +207,9 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
     BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
     BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
     BN_mod(u, tmp3, dsa->q, ctx);
-    ok = BN_cmp(u, sig->r);
+    ok = (BN_cmp(u, sig->r) == 0);
 
-    if (ok != 0) {
+    if (!ok) {
         GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
     }
 err:
@@ -218,7 +218,7 @@ err:
         BN_CTX_end(ctx);
         BN_CTX_free(ctx);
     }
-    return (ok == 0);
+    return ok;
 }
 
 /*