Initialised 'ok' and redo the logic.

The logic with how 'ok' was calculated didn't quite convey what's "ok",
so the logic is slightly redone to make it less confusing.

Reviewed-by: Andy Polyakov <appro@openssl.org>

diff --git a/engines/ccgost/gost_sign.c b/engines/ccgost/gost_sign.c
index b3e1007dbbe82f34e77870d10698e532f980640d..fad2004361a1df6eed543c5c51c8b99711246ae2 100644 (file)
--- a/engines/ccgost/gost_sign.c
+++ b/engines/ccgost/gost_sign.c
@@ -167,7 +167,7 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
     BIGNUM *q2 = NULL;
     BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
     BIGNUM *tmp2 = NULL, *tmp3 = NULL;
-    int ok;
+    int ok = 0;
     BN_CTX *ctx = BN_CTX_new();
     if(!ctx) {
         GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
@@ -208,9 +208,9 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
     BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
     BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
     BN_mod(u, tmp3, dsa->q, ctx);
-    ok = BN_cmp(u, sig->r);
+    ok = (BN_cmp(u, sig->r) == 0);
 
-    if (ok != 0) {
+    if (!ok) {
         GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
     }
 err:
@@ -219,7 +219,7 @@ err:
         BN_CTX_end(ctx);
         BN_CTX_free(ctx);
     }
-    return (ok == 0);
+    return ok;
 }
 
 /*