don't leak on bad verify decoding with extended API

2015-07-01 13:28:10 -07:00
parent e164173562
commit 9452d6cfb4
1 changed files with 2 additions and 3 deletions
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@ -2260,10 +2260,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 	XMEMSET(&s, 0, sizeof(s));

 	err = DecodeECC_DSA_Sig(sig, siglen, &r, &s);
-	if (err != MP_OKAY)
-		return err;

-	err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key);
+	if (err == MP_OKAY)
+	    err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key);

 	mp_clear(&r);
 	mp_clear(&s);