Merge GH #1628 In ECDSA verify, handle error seen with LibreSSL on non-x86

1 files changed, 16 insertions, 7 deletions

diff --git a/src/lib/prov/openssl/openssl_ec.cpp b/src/lib/prov/openssl/openssl_ec.cpp
index ca5be857a..b9e53b6fd 100644
--- a/src/lib/prov/openssl/openssl_ec.cpp
+++ b/src/lib/prov/openssl/openssl_ec.cpp
@@ -187,15 +187,24 @@ class OpenSSL_ECDSA_Verification_Operation final : public PK_Ops::Verification_w
          if(res < 0)
             {
             int err = ERR_get_error();
+
+            bool hard_error = true;
+
 #if defined(EC_R_BAD_SIGNATURE)
-            if(ERR_GET_REASON(err) != EC_R_BAD_SIGNATURE)
-               throw OpenSSL_Error("ECDSA_do_verify", err);
-#elif defined(ECDSA_R_BAD_SIGNATURE)
-            if(ERR_GET_REASON(err) != ECDSA_R_BAD_SIGNATURE)
-               throw OpenSSL_Error("ECDSA_do_verify", err);
-#else
-            throw OpenSSL_Error("ECDSA_do_verify");
+            if(ERR_GET_REASON(err) == EC_R_BAD_SIGNATURE)
+               hard_error = false;
 #endif
+#if defined(EC_R_POINT_AT_INFINITY)
+            if(ERR_GET_REASON(err) == EC_R_POINT_AT_INFINITY)
+               hard_error = false;
+#endif
+#if defined(ECDSA_R_BAD_SIGNATURE)
+            if(ERR_GET_REASON(err) == ECDSA_R_BAD_SIGNATURE)
+               hard_error = false;
+#endif
+
+            if(hard_error)
+               throw OpenSSL_Error("ECDSA_do_verify", err);
             }
          return (res == 1);
          }