The branch master has been updated
via 26583f6aa8dc28e3598e61db66e54e2fdf8b195f (commit)
from 6e49b514067a2b6a30d064d2ae1fdfd8050c184b (commit)
- Log -----------------------------------------------------------------
commit 26583f6aa8dc28e3598e61db66e54e2fdf8b195f
Author: Andrew Hoang <[email protected]>
Date: Mon Dec 23 20:19:24 2019 -0800
Fix incorrect return code on ECDSA key verification
ECDSA_do_verify() is a function that verifies a ECDSA signature given a
hash and a public EC key. The function is supposed to return 1 on valid
signature, 0 on invalid signature and -1 on error. Previously, we returned 0 if
the key did not have a verify_sig method. This is actually an error case and
not an invalid signature. Consequently, this patch updates the return code to
-1.
Fixes #8766
Reviewed-by: Nicola Tuveri <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Matthias St. Pierre <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/10693)
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ecdsa_vrf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ec/ecdsa_vrf.c b/crypto/ec/ecdsa_vrf.c
index 75dfe5b92b..60f4af0426 100644
--- a/crypto/ec/ecdsa_vrf.c
+++ b/crypto/ec/ecdsa_vrf.c
@@ -23,7 +23,7 @@ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
if (eckey->meth->verify_sig != NULL)
return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
- return 0;
+ return -1;
}
/*-
@@ -39,5 +39,5 @@ int ECDSA_verify(int type, const unsigned char *dgst, int
dgst_len,
return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len,
eckey);
ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
- return 0;
+ return -1;
}
