0fcc6e70bc
ECDSA_do_verify() is a function that verifies a ECDSA signature given a hash and a public EC key. The function is supposed to return 1 on valid signature, 0 on invalid signature and -1 on error. Previously, we returned 0 if the key did not have a verify_sig method. This is actually an error case and not an invalid signature. Consequently, this patch updates the return code to -1. Fixes #8766 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10693) (cherry picked from commit 26583f6aa8dc28e3598e61db66e54e2fdf8b195f)
43 lines
1.3 KiB
C
43 lines
1.3 KiB
C
/*
|
|
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/ec.h>
|
|
#include "ec_local.h"
|
|
#include <openssl/err.h>
|
|
|
|
/*-
|
|
* returns
|
|
* 1: correct signature
|
|
* 0: incorrect signature
|
|
* -1: error
|
|
*/
|
|
int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
|
|
const ECDSA_SIG *sig, EC_KEY *eckey)
|
|
{
|
|
if (eckey->meth->verify_sig != NULL)
|
|
return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
|
|
ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
|
|
return -1;
|
|
}
|
|
|
|
/*-
|
|
* returns
|
|
* 1: correct signature
|
|
* 0: incorrect signature
|
|
* -1: error
|
|
*/
|
|
int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
|
|
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
|
|
{
|
|
if (eckey->meth->verify != NULL)
|
|
return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len,
|
|
eckey);
|
|
ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
|
|
return -1;
|
|
}
|