Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH

Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that this indicates that a valid signature is present, unlike other error codes. See https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2025-07-28 00:21:48 +03:00 · 2018-03-30 07:12:15 +02:00
parent 32605dc830
commit 5114d3e4e1
5 changed files with 17 additions and 9 deletions
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@ -400,6 +400,9 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
                              &ctx->Q, &r, &s ) ) != 0 )
        goto cleanup;

+    /* At this point we know that the buffer starts with a valid signature.
+     * Return 0 if the buffer just contains the signature, and a specific
+     * error code if the valid signature is followed by more data. */
    if( p != end )
        ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;