From 35e95ddca469ca6c212b05b42df1527693eec7d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Apr 2014 12:17:41 +0200 Subject: [PATCH] Add special return code for ecdsa length mismatch --- include/polarssl/ecdsa.h | 4 +++- include/polarssl/ecp.h | 1 + include/polarssl/error.h | 2 +- library/ecdsa.c | 11 +++++++---- library/error.c | 2 ++ 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/include/polarssl/ecdsa.h b/include/polarssl/ecdsa.h index b5e363ea4..4f06328c9 100644 --- a/include/polarssl/ecdsa.h +++ b/include/polarssl/ecdsa.h @@ -175,7 +175,9 @@ int ecdsa_write_signature_det( ecdsa_context *ctx, * \param slen Size of sig * * \return 0 if successful, - * POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid + * POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid, + * POLARSSL_ERR_ECP_SIG_LEN_MISTMATCH if the signature is + * valid but its actual length is less than siglen, * or a POLARSSL_ERR_ECP or POLARSSL_ERR_MPI error code */ int ecdsa_read_signature( ecdsa_context *ctx, diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h index 888604821..93fbe3d6e 100644 --- a/include/polarssl/ecp.h +++ b/include/polarssl/ecp.h @@ -39,6 +39,7 @@ #define POLARSSL_ERR_ECP_MALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ #define POLARSSL_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ #define POLARSSL_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ +#define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ #ifdef __cplusplus extern "C" { diff --git a/include/polarssl/error.h b/include/polarssl/error.h index 23c0ed704..83102bd3a 100644 --- a/include/polarssl/error.h +++ b/include/polarssl/error.h @@ -87,7 +87,7 @@ * DHM 3 9 * PKCS5 3 4 (Started from top) * RSA 4 9 - * ECP 4 7 (Started from top) + * ECP 4 8 (Started from top) * MD 5 4 * CIPHER 6 6 * SSL 6 9 (Started from top) diff --git a/library/ecdsa.c b/library/ecdsa.c index c9ab62fa3..6e45f2f1d 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -422,11 +422,14 @@ int ecdsa_read_signature( ecdsa_context *ctx, ( ret = asn1_get_mpi( &p, end, &ctx->s ) ) != 0 ) return( POLARSSL_ERR_ECP_BAD_INPUT_DATA + ret ); - if( p != end ) - return( POLARSSL_ERR_ECP_BAD_INPUT_DATA + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); + if( ( ret = ecdsa_verify( &ctx->grp, hash, hlen, + &ctx->Q, &ctx->r, &ctx->s ) ) != 0 ) + return( ret ); - return( ecdsa_verify( &ctx->grp, hash, hlen, &ctx->Q, &ctx->r, &ctx->s ) ); + if( p != end ) + return( POLARSSL_ERR_ECP_SIG_LEN_MISMATCH ); + + return( 0 ); } /* diff --git a/library/error.c b/library/error.c index 3cc3aa3ba..2e6bba6c4 100644 --- a/library/error.c +++ b/library/error.c @@ -245,6 +245,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" ); if( use_ret == -(POLARSSL_ERR_ECP_INVALID_KEY) ) snprintf( buf, buflen, "ECP - Invalid private or public key" ); + if( use_ret == -(POLARSSL_ERR_ECP_SIG_LEN_MISMATCH) ) + snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" ); #endif /* POLARSSL_ECP_C */ #if defined(POLARSSL_MD_C)