Consistently report an error on ECDSA verification failure.

This is a remnant of the ECDSA code returning a tri-state -1, 0, 1. Change-Id: I8bd1fcd94e07dbffc650f414ebc19f30236378bd Reviewed-on: https://boringssl-review.googlesource.com/15667 Reviewed-by: Adam Langley <agl@google.com>
2017-04-28 17:31:43 -04:00 · 2017-04-28 17:31:43 -04:00 · 7ed2e82e5a
commit 7ed2e82e5a
parent 90801c125a
2 changed files with 10 additions and 11 deletions
--- a/crypto/ecdsa/ecdsa.c
+++ b/crypto/ecdsa/ecdsa.c
@ -175,7 +175,6 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
      BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
      BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
    OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
-    ret = 0; /* signature is invalid */
    goto err;
  }
  /* calculate tmp1 = inv(S) mod order */
@ -216,7 +215,12 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
    goto err;
  }
  /* if the signature is correct u1 is equal to sig->r */
-  ret = (BN_ucmp(u1, sig->r) == 0);
+  if (BN_ucmp(u1, sig->r) != 0) {
+    OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
+    goto err;
+  }
+
+  ret = 1;

 err:
  BN_CTX_end(ctx);
--- a/crypto/evp/evp_tests.txt
+++ b/crypto/evp/evp_tests.txt
@ -463,39 +463,34 @@ Verify = P-256
 Digest = SHA1
 Input = "0123456789ABCDEF12345"
 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
-# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced.
-Error = public key routines
+Error = BAD_SIGNATURE

 # Digest too short
 Verify = P-256
 Digest = SHA1
 Input = "0123456789ABCDEF123"
 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
-# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced.
-Error = public key routines
+Error = BAD_SIGNATURE

 # Digest invalid
 Verify = P-256
 Digest = SHA1
 Input = "0123456789ABCDEF1235"
 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
-# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced.
-Error = public key routines
+Error = BAD_SIGNATURE

 # Invalid signature
 Verify = P-256
 Digest = SHA1
 Input = "0123456789ABCDEF1234"
 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7
-# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced.
-Error = public key routines
+Error = BAD_SIGNATURE

 # Garbage after signature
 Verify = P-256
 Digest = SHA1
 Input = "0123456789ABCDEF1234"
 Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800
-# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced.
 Error = BAD_SIGNATURE

 # BER signature