kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Consistently report an error on ECDSA verification failure.

Browse Source 
This is a remnant of the ECDSA code returning a tri-state -1, 0, 1.

Change-Id: I8bd1fcd94e07dbffc650f414ebc19f30236378bd
Reviewed-on: https://boringssl-review.googlesource.com/15667
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2017-04-28 17:31:43 -04:00 committed by Adam Langley
parent 90801c125a
commit 7ed2e82e5a
2 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/ecdsa/ecdsa.c
View File

@ -175,7 +175,6 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
ret = 0; /* signature is invalid */
goto err; goto err;
} }
/* calculate tmp1 = inv(S) mod order */ /* calculate tmp1 = inv(S) mod order */
@ -216,7 +215,12 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
goto err; goto err;
} }
/* if the signature is correct u1 is equal to sig->r */ /* if the signature is correct u1 is equal to sig->r */
ret = (BN_ucmp(u1, sig->r) == 0); if (BN_ucmp(u1, sig->r) != 0) {
OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
goto err;
}
ret = 1;
err: err:
BN_CTX_end(ctx); BN_CTX_end(ctx);

13
crypto/evp/evp_tests.txt
View File

@ -463,39 +463,34 @@ Verify = P-256
Digest = SHA1 Digest = SHA1
Input = "0123456789ABCDEF12345" Input = "0123456789ABCDEF12345"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. Error = BAD_SIGNATURE
Error = public key routines
# Digest too short # Digest too short
Verify = P-256 Verify = P-256
Digest = SHA1 Digest = SHA1
Input = "0123456789ABCDEF123" Input = "0123456789ABCDEF123"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. Error = BAD_SIGNATURE
Error = public key routines
# Digest invalid # Digest invalid
Verify = P-256 Verify = P-256
Digest = SHA1 Digest = SHA1
Input = "0123456789ABCDEF1235" Input = "0123456789ABCDEF1235"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. Error = BAD_SIGNATURE
Error = public key routines
# Invalid signature # Invalid signature
Verify = P-256 Verify = P-256
Digest = SHA1 Digest = SHA1
Input = "0123456789ABCDEF1234" Input = "0123456789ABCDEF1234"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7
# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. Error = BAD_SIGNATURE
Error = public key routines
# Garbage after signature # Garbage after signature
Verify = P-256 Verify = P-256
Digest = SHA1 Digest = SHA1
Input = "0123456789ABCDEF1234" Input = "0123456789ABCDEF1234"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800
# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced.
Error = BAD_SIGNATURE Error = BAD_SIGNATURE
# BER signature # BER signature