[openssl] OpenSSL_1_1_1-stable update

nic.tuv at gmail.com nic.tuv at gmail.com
Sun Jan 5 14:43:52 UTC 2020 

The branch OpenSSL_1_1_1-stable has been updated
       via  0fcc6e70bc8970c4aee5e55d517aa1cc522a3ee8 (commit)
      from  49847f3c40590181270b2a57b8b2bc95a7579e82 (commit)


- Log -----------------------------------------------------------------
commit 0fcc6e70bc8970c4aee5e55d517aa1cc522a3ee8
Author: Andrew Hoang <mail at andrewhoang.me>
Date:   Mon Dec 23 20:19:24 2019 -0800

    Fix incorrect return code on ECDSA key verification
    
    ECDSA_do_verify() is a function that verifies a ECDSA signature given a hash and a public EC key. The function is supposed to return 1 on valid signature, 0 on invalid signature and -1 on error. Previously, we returned 0 if the key did not have a verify_sig method. This is actually an error case and not an invalid signature. Consequently, this patch updates the return code to -1.
    
    Fixes #8766
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/10693)
    
    (cherry picked from commit 26583f6aa8dc28e3598e61db66e54e2fdf8b195f)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ecdsa_vrf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/ec/ecdsa_vrf.c b/crypto/ec/ecdsa_vrf.c
index 3b7b4b3e07..073a94a700 100644
--- a/crypto/ec/ecdsa_vrf.c
+++ b/crypto/ec/ecdsa_vrf.c
@@ -23,7 +23,7 @@ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
     if (eckey->meth->verify_sig != NULL)
         return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
     ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
-    return 0;
+    return -1;
 }
 
 /*-
@@ -39,5 +39,5 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
         return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len,
                                    eckey);
     ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
-    return 0;
+    return -1;
 }

More information about the openssl-commits mailing list