Tandem
/
certspotter
mirror of https://github.com/SSLMate/certspotter.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Return an error for trailing CT signature garbage rather than logging an error

This commit is contained in:
Andrew Ayer 2019-12-02 14:58:48 -05:00
parent 02b6c5ee51
commit 0aa86dd1cb
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ct/signatures.go
View File

@ -10,7 +10,6 @@ import (
"encoding/pem" "encoding/pem"
"errors" "errors"
"fmt" "fmt"
"log"
"math/big" "math/big"
) )
@ -79,7 +78,7 @@ func (s SignatureVerifier) verifySignature(data []byte, sig DigitallySigned) err
return fmt.Errorf("failed to unmarshal ECDSA signature: %v", err) return fmt.Errorf("failed to unmarshal ECDSA signature: %v", err)
} }
if len(rest) != 0 { if len(rest) != 0 {
log.Printf("Garbage following signature %v", rest) return fmt.Errorf("Garbage following signature %v", rest)
} }
if !ecdsa.Verify(ecdsaKey, hash, ecdsaSig.R, ecdsaSig.S) { if !ecdsa.Verify(ecdsaKey, hash, ecdsaSig.R, ecdsaSig.S) {