Google Git
Sign in
pigweed / third_party / boringssl / boringssl / 7ed2e82e5ac2df9c9468a05dc738da8523e09fda^! / .
commit7ed2e82e5ac2df9c9468a05dc738da8523e09fda[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri Apr 28 17:31:43 2017 -0400
committerAdam Langley <agl@google.com>Fri Apr 28 21:52:27 2017 +0000
tree9fe06ef33b372dd995a2a52ae9890be0506a57ab
parent90801c125aef2e68906843f27b3a1c0becebdd2d [diff]
Consistently report an error on ECDSA verification failure.

This is a remnant of the ECDSA code returning a tri-state -1, 0, 1.

Change-Id: I8bd1fcd94e07dbffc650f414ebc19f30236378bd
Reviewed-on: https://boringssl-review.googlesource.com/15667
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/ecdsa/ecdsa.c b/crypto/ecdsa/ecdsa.c
index 5df494e..99b1177 100644
--- a/crypto/ecdsa/ecdsa.c
+++ b/crypto/ecdsa/ecdsa.c

@@ -175,7 +175,6 @@
       BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
       BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
     OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
-    ret = 0; /* signature is invalid */
     goto err;
   }
   /* calculate tmp1 = inv(S) mod order */
@@ -216,7 +215,12 @@
     goto err;
   }
   /* if the signature is correct u1 is equal to sig->r */
-  ret = (BN_ucmp(u1, sig->r) == 0);
+  if (BN_ucmp(u1, sig->r) != 0) {
+    OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
+    goto err;
+  }
+
+  ret = 1;
 
 err:
   BN_CTX_end(ctx);

diff --git a/crypto/evp/evp_tests.txt b/crypto/evp/evp_tests.txt
index 9f69664..d6b3beb 100644
--- a/crypto/evp/evp_tests.txt
+++ b/crypto/evp/evp_tests.txt

@@ -463,39 +463,34 @@
 Digest = SHA1
 Input = "0123456789ABCDEF12345"
 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
-# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced.
-Error = public key routines
+Error = BAD_SIGNATURE
 
 # Digest too short
 Verify = P-256
 Digest = SHA1
 Input = "0123456789ABCDEF123"
 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
-# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced.
-Error = public key routines
+Error = BAD_SIGNATURE
 
 # Digest invalid
 Verify = P-256
 Digest = SHA1
 Input = "0123456789ABCDEF1235"
 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
-# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced.
-Error = public key routines
+Error = BAD_SIGNATURE
 
 # Invalid signature
 Verify = P-256
 Digest = SHA1
 Input = "0123456789ABCDEF1234"
 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7
-# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced.
-Error = public key routines
+Error = BAD_SIGNATURE
 
 # Garbage after signature
 Verify = P-256
 Digest = SHA1
 Input = "0123456789ABCDEF1234"
 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800
-# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced.
 Error = BAD_SIGNATURE
 
 # BER signature