Skip to content

ECDSA_do_verify and ECDSA_verify incorrect return values. #8766

@daveHitchman

Description

@daveHitchman

In https://github.com/openssl/openssl/blob/master/crypto/ec/ecdsa_vrf.c there are two functions, both feature the same...

/*-
 * returns
 *      1: correct signature
 *      0: incorrect signature
 *     -1: error
 */
int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
                    const ECDSA_SIG *sig, EC_KEY *eckey)
{
    if (eckey->meth->verify_sig != NULL)
        return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
    ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
    return 0;
}

In both cases if the verify_sig is not available then a no supported error is created but a return of incorrect signature provided. The signature has not been checked here, the facility to check is missing, surely the correct return in this case is 'error' and the user will be able to retrieve not supported and wonder to their hearts content.

Metadata

Metadata

Assignees

No one assigned

    Labels

    branch: 1.1.1Applies to OpenSSL_1_1_1-stable branch (EOL)branch: masterApplies to master branchgood first issueBite size change that could be a good starthelp wantedtriaged: bugThe issue/pr is/fixes a bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions