Fixes #3538 -- Make our OpenSSL EC verifier's implementation match the API (#3539)

* Document our real API for EC verification, not an accident

* formatting consistency

* fix the code itself

* fixed class name

* fixed a test too

4 files changed, 28 insertions, 18 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 5223fea0..8935285c 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -9,6 +9,12 @@ Changelog
 * Add support for providing ``tag`` during
   :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` finalization via
   :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag`.
+* **BACKWARDS INCOMPATIBLE:** Elliptic Curve signature verification no long
+  returns ``True`` on success. This brings it in line with the interface's
+  documentation, and our intent. The correct way to use
+  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify`
+  has always been to check whether or not
+  :class:`~cryptography.exceptions.InvalidSignature` was raised.
 
 
 1.8.1 - 2017-03-10
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst
index 56e2e0ec..3c595fac 100644
--- a/docs/hazmat/primitives/asymmetric/ec.rst
+++ b/docs/hazmat/primitives/asymmetric/ec.rst
@@ -78,20 +78,24 @@ Elliptic Curve Signature Algorithms
     :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`.
 
 
-    Verification requires the public key, the signature itself, the signed data, and knowledge of the hashing algorithm that was used when producing the signature:
+    Verification requires the public key, the signature itself, the signed
+    data, and knowledge of the hashing algorithm that was used when producing
+    the signature:
 
     >>> public_key = private_key.public_key()
     >>> verifier = public_key.verifier(signature, ec.ECDSA(hashes.SHA256()))
     >>> verifier.update(b"this is some data I'd like")
     >>> verifier.update(b" to sign")
     >>> verifier.verify()
-    True
 
-    The last call will either return ``True`` or raise an :class:`~cryptography.exceptions.InvalidSignature` exception.
+    If the signature is not valid, an
+    :class:`~cryptography.exceptions.InvalidSignature` exception will be raised.
 
     .. note::
-        Although in this case the public key was derived from the private one, in a typical setting you will not possess the private key. The `Key loading`_ section explains how to load the public key from other sources.
-
+        Although in this case the public key was derived from the private one,
+        in a typical setting you will not possess the private key. The
+        `Key loading`_ section explains how to load the public key from other
+        sources.
 
 
 .. class:: EllipticCurvePrivateNumbers(private_value, public_numbers)
@@ -589,7 +593,7 @@ This sample demonstrates how to generate a private key and serialize it.
     ...     encoding=serialization.Encoding.PEM,
     ...     format=serialization.PrivateFormat.PKCS8,
     ...     encryption_algorithm=serialization.BestAvailableEncryption(b'testpassword')
-    ...     )
+    ... )
     >>> serialized_private.splitlines()[0]
     '-----BEGIN ENCRYPTED PRIVATE KEY-----'
 
@@ -605,7 +609,7 @@ The public key is serialized as follows:
     >>> serialized_public = public_key.public_bytes(
     ...     encoding=serialization.Encoding.PEM,
     ...     format=serialization.PublicFormat.SubjectPublicKeyInfo
-    ...     )
+    ... )
     >>> serialized_public.splitlines()[0]
     '-----BEGIN PUBLIC KEY-----'
 
@@ -622,15 +626,16 @@ in PEM format.
 .. doctest::
 
     >>> loaded_public_key = serialization.load_pem_public_key(
-    ...    serialized_public,
-    ...    backend=default_backend()
-    ...    )
+    ...     serialized_public,
+    ...     backend=default_backend()
+    ... )
 
     >>> loaded_private_key = serialization.load_pem_private_key(
-    ...    serialized_private,
-    ...    password=b'testpassword',  # or password=None, if in plain text
-    ...    backend=default_backend()
-    ...    )
+    ...     serialized_private,
+    ...     # or password=None, if in plain text
+    ...     password=b'testpassword',
+    ...     backend=default_backend()
+    ... )
 
 
 .. _`FIPS 186-3`: http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py
index cecd25e1..68a35b21 100644
--- a/src/cryptography/hazmat/backends/openssl/ec.py
+++ b/src/cryptography/hazmat/backends/openssl/ec.py
@@ -86,7 +86,6 @@ def _ecdsa_sig_verify(backend, public_key, signature, data):
     if res != 1:
         backend._consume_errors()
         raise InvalidSignature
-    return True
 
 
 @utils.register_interface(AsymmetricSignatureContext)
@@ -118,7 +117,7 @@ class _ECDSAVerificationContext(object):
 
     def verify(self):
         digest = self._digest.finalize()
-        return _ecdsa_sig_verify(
+        _ecdsa_sig_verify(
             self._backend, self._public_key, self._signature, digest
         )
 
@@ -283,4 +282,4 @@ class _EllipticCurvePublicKey(object):
         data, algorithm = _calculate_digest_and_algorithm(
             self._backend, data, signature_algorithm._algorithm
         )
-        return _ecdsa_sig_verify(self._backend, self, signature, data)
+        _ecdsa_sig_verify(self._backend, self, signature, data)
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index 7127071f..ad4bbc51 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -508,7 +508,7 @@ class TestECDSAVectors(object):
             ec.ECDSA(hash_type())
         )
         verifier.update(vector['message'])
-        assert verifier.verify()
+        verifier.verify()
 
     @pytest.mark.parametrize(
         "vector",