key_verify now returns 0 on success and < 0 on error

(used to return 1 on success 0 on failed signatures and -1
on error)

ssh/auth2-pubkey.c

@@ -145,7 +145,7 @@ userauth_pubkey(struct ssh *ssh)
 		authenticated = 0;
 		if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
 		    PRIVSEP(sshkey_verify(key, sig, slen, buffer_ptr(&b),
-		    buffer_len(&b), datafellows)) == 1)
+		    buffer_len(&b), datafellows)) == 0)
 			authenticated = 1;
 		buffer_free(&b);
 		xfree(sig);

ssh/kexdhc.c

@@ -164,7 +164,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
 	DH_free(kexdhc_state->dh);
 
 	if (sshkey_verify(server_host_key, signature, slen, hash, hashlen,
-	    datafellows) != 1)
+	    datafellows) != 0)
 		fatal("key_verify failed for server_host_key");
 	sshkey_free(server_host_key);
 	xfree(signature);

ssh/kexgexc.c

@@ -236,7 +236,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
 	BN_clear_free(dh_server_pub);
 
 	if (sshkey_verify(server_host_key, signature, slen, hash,
-	    hashlen, datafellows) != 1)
+	    hashlen, datafellows) != 0)
 		fatal("key_verify failed for server_host_key");
 	sshkey_free(server_host_key);
 	xfree(signature);

ssh/key.c

@@ -1748,8 +1748,7 @@ sshkey_sign(const struct sshkey *key,
 }
 
 /*
- * key_verify returns 1 for a correct signature, 0 for an incorrect signature
- * and -1 on error.
+ * ssh_key_verify returns 0 for a correct signature  and < 0 on error.
  */
 int
 sshkey_verify(const struct sshkey *key,

ssh/monitor.c

@@ -1035,7 +1035,7 @@ mm_answer_keyverify(int sock, Buffer *m)
 	struct sshkey *key;
 	u_char *signature, *data, *blob;
 	u_int signaturelen, datalen, bloblen;
-	int r, verified = 0, valid_data = 0;
+	int r, valid_data = 0;
 
 	blob = buffer_get_string(m, &bloblen);
 	signature = buffer_get_string(m, &signaturelen);
@@ -1063,10 +1063,10 @@ mm_answer_keyverify(int sock, Buffer *m)
 	if (!valid_data)
 		fatal("%s: bad signature data blob", __func__);
 
-	verified = sshkey_verify(key, signature, signaturelen, data, datalen,
+	r = sshkey_verify(key, signature, signaturelen, data, datalen,
 	    datafellows);
 	debug3("%s: key %p signature %s",
-	    __func__, key, (verified == 1) ? "verified" : "unverified");
+	    __func__, key, (r == 0) ? "verified" : "unverified");
 
 	sshkey_free(key);
 	xfree(blob);
@@ -1078,10 +1078,10 @@ mm_answer_keyverify(int sock, Buffer *m)
 	monitor_reset_key_state();
 
 	buffer_clear(m);
-	buffer_put_int(m, verified);
+	buffer_put_int(m, r);
 	mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
 
-	return (verified == 1);
+	return (r==0);
 }
 
 static void