Merge "OpenSSLKey: unsupported algorithm is an InvalidKeyException"
diff --git a/src/main/java/org/conscrypt/OpenSSLSignature.java b/src/main/java/org/conscrypt/OpenSSLSignature.java
index ec0d816..0fcdb73 100644
--- a/src/main/java/org/conscrypt/OpenSSLSignature.java
+++ b/src/main/java/org/conscrypt/OpenSSLSignature.java
@@ -198,7 +198,7 @@
protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
if (key == null) {
// This can't actually happen, but you never know...
- throw new SignatureException("Need RSA public key");
+ throw new SignatureException("Need RSA or EC public key");
}
try {
@@ -206,7 +206,7 @@
key.getNativeRef());
return result == 1;
} catch (Exception ex) {
- return false;
+ throw new SignatureException(ex);
} finally {
/*
* Java expects the digest context to be reset completely after
diff --git a/src/main/native/org_conscrypt_NativeCrypto.cpp b/src/main/native/org_conscrypt_NativeCrypto.cpp
index 9876f8c..f281aaa 100644
--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp
@@ -4513,7 +4513,7 @@
reinterpret_cast<unsigned char*>(signatureBytes.get() + offset),
&bytesWritten,
pkey);
- if (ok == 0) {
+ if (ok != 1) {
throwExceptionIfNecessary(env, "NativeCrypto_EVP_SignFinal");
}
JNI_TRACE("NativeCrypto_EVP_SignFinal(%p, %p, %d, %p) => %u",
@@ -4590,16 +4590,10 @@
reinterpret_cast<const unsigned char*>(bufferBytes.get() + offset),
length,
pkey);
- if (ok < 0) {
+ if (ok != 1) {
throwExceptionIfNecessary(env, "NativeCrypto_EVP_VerifyFinal");
}
- /*
- * For DSA keys, OpenSSL appears to have a bug where it returns
- * errors for any result != 1. See dsa_ossl.c in dsa_do_verify
- */
- freeOpenSslErrorState();
-
JNI_TRACE("NativeCrypto_EVP_VerifyFinal(%p, %p, %d, %d, %p) => %d",
ctx, buffer, offset, length, pkey, ok);