From f45110c30a44e09928b912ff1c20e942c329d09d Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 2 Jul 2023 15:02:52 +0000 Subject: [PATCH] Fix return values of ecx methods It is hard to get your return values right if you choose them to be a random subset of {-2, ..., 3}. The item_verify() and the digestverify() methods don't return 0 on error, but -1. Here 0 means "failed to verify", obviously. ok jsing --- lib/libcrypto/ec/ecx_methods.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/libcrypto/ec/ecx_methods.c b/lib/libcrypto/ec/ecx_methods.c index 8510d1a4710..cc757d31b4a 100644 --- a/lib/libcrypto/ec/ecx_methods.c +++ b/lib/libcrypto/ec/ecx_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecx_methods.c,v 1.5 2023/03/15 06:34:07 tb Exp $ */ +/* $OpenBSD: ecx_methods.c,v 1.6 2023/07/02 15:02:52 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing * @@ -683,11 +683,11 @@ ecx_item_verify(EVP_MD_CTX *md_ctx, const ASN1_ITEM *it, void *asn, if (nid != NID_ED25519 || param_type != V_ASN1_UNDEF) { ECerror(EC_R_INVALID_ENCODING); - return 0; + return -1; } if (!EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, pkey)) - return 0; + return -1; return 2; } @@ -757,9 +757,9 @@ pkey_ecx_digestverify(EVP_MD_CTX *md_ctx, const unsigned char *sig, ecx_key = pkey_ctx->pkey->pkey.ecx; if (ecx_key == NULL || ecx_key->pub_key == NULL) - return 0; + return -1; if (sig_len != ecx_sig_size(pkey_ctx->pkey)) - return 0; + return -1; return ED25519_verify(message, message_len, sig, ecx_key->pub_key); } -- 2.20.1