From 9452d6cfb41a41e701a07ed1fdbf13f0d957651f Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 1 Jul 2015 13:28:10 -0700
Subject: [PATCH] don't leak on bad verify decoding with extended API

---
 wolfcrypt/src/ecc.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index bacd6486a..2fc8d6db9 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -2260,10 +2260,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 	XMEMSET(&s, 0, sizeof(s));
 
 	err = DecodeECC_DSA_Sig(sig, siglen, &r, &s);
-	if (err != MP_OKAY)
-		return err;
 
-	err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key);
+	if (err == MP_OKAY)
+	    err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key);
 
 	mp_clear(&r);
 	mp_clear(&s);