Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 8892317..70fd202 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -396,6 +396,9 @@
&ctx->Q, &r, &s ) ) != 0 )
goto cleanup;
+ /* At this point we know that the buffer starts with a valid signature.
+ * Return 0 if the buffer just contains the signature, and a specific
+ * error code if the valid signature is followed by more data. */
if( p != end )
ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 2c164b7..23b41e7 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -90,6 +90,11 @@
(unsigned int) hash_len, hash, sig ) ) != 0 )
return( ret );
+ /* The buffer contains a valid signature followed by extra data.
+ * We have a special error code for that so that so that callers can
+ * use mbedtls_pk_verify() to check "Does the buffer start with a
+ * valid signature?" and not just "Does the buffer contain a valid
+ * signature?". */
if( sig_len > ((mbedtls_rsa_context *) ctx)->len )
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );