diff options
Diffstat (limited to 'src/crypto/ecdsa')
| -rw-r--r-- | src/crypto/ecdsa/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | src/crypto/ecdsa/ecdsa.c | 119 | ||||
| -rw-r--r-- | src/crypto/ecdsa/ecdsa_asn1.c | 183 | ||||
| -rw-r--r-- | src/crypto/ecdsa/ecdsa_test.cc | 55 |
4 files changed, 101 insertions, 258 deletions
diff --git a/src/crypto/ecdsa/CMakeLists.txt b/src/crypto/ecdsa/CMakeLists.txt index e7581be..f431e59 100644 --- a/src/crypto/ecdsa/CMakeLists.txt +++ b/src/crypto/ecdsa/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(../../include) +include_directories(. .. ../../include) add_library( ecdsa diff --git a/src/crypto/ecdsa/ecdsa.c b/src/crypto/ecdsa/ecdsa.c index 8403d60..b71799e 100644 --- a/src/crypto/ecdsa/ecdsa.c +++ b/src/crypto/ecdsa/ecdsa.c @@ -52,11 +52,9 @@ #include <openssl/ecdsa.h> -#include <assert.h> #include <string.h> #include <openssl/bn.h> -#include <openssl/bytestring.h> #include <openssl/err.h> #include <openssl/mem.h> @@ -83,18 +81,16 @@ int ECDSA_verify(int type, const uint8_t *digest, size_t digest_len, return eckey->ecdsa_meth->verify(digest, digest_len, sig, sig_len, eckey); } - /* Decode the ECDSA signature. */ - s = ECDSA_SIG_from_bytes(sig, sig_len); - if (s == NULL) { + s = ECDSA_SIG_new(); + const uint8_t *sigp = sig; + if (s == NULL || d2i_ECDSA_SIG(&s, &sigp, sig_len) == NULL || + sigp != sig + sig_len) { goto err; } - /* Defend against potential laxness in the DER parser. */ - size_t der_len; - if (!ECDSA_SIG_to_bytes(&der, &der_len, s) || - der_len != sig_len || memcmp(sig, der, sig_len) != 0) { - /* This should never happen. crypto/bytestring is strictly DER. */ - OPENSSL_PUT_ERROR(ECDSA, ERR_R_INTERNAL_ERROR); + /* Ensure that the signature uses DER and doesn't have trailing garbage. */ + const int der_len = i2d_ECDSA_SIG(s, &der); + if (der_len < 0 || (size_t) der_len != sig_len || memcmp(sig, der, sig_len)) { goto err; } @@ -120,14 +116,14 @@ static int digest_to_bn(BIGNUM *out, const uint8_t *digest, size_t digest_len, digest_len = (num_bits + 7) / 8; } if (!BN_bin2bn(digest, digest_len, out)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, digest_to_bn, ERR_R_BN_LIB); return 0; } /* If still too long truncate remaining bits with a shift */ if ((8 * digest_len > num_bits) && !BN_rshift(out, out, 8 - (num_bits & 0x7))) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, digest_to_bn, ERR_R_BN_LIB); return 0; } @@ -149,7 +145,7 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, const EC_POINT *pub_key; if (eckey->ecdsa_meth && eckey->ecdsa_meth->verify) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_NOT_IMPLEMENTED); return 0; } @@ -157,13 +153,13 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, if ((group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_MISSING_PARAMETERS); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_MISSING_PARAMETERS); return 0; } ctx = BN_CTX_new(); if (!ctx) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_MALLOC_FAILURE); return 0; } BN_CTX_start(ctx); @@ -172,26 +168,26 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, u2 = BN_CTX_get(ctx); m = BN_CTX_get(ctx); X = BN_CTX_get(ctx); - if (order == NULL || u1 == NULL || u2 == NULL || m == NULL || X == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + if (!X) { + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB); goto err; } if (!EC_GROUP_get_order(group, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_EC_LIB); goto err; } if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_BAD_SIGNATURE); ret = 0; /* signature is invalid */ goto err; } /* calculate tmp1 = inv(S) mod order */ if (!BN_mod_inverse(u2, sig->s, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB); goto err; } if (!digest_to_bn(m, digest, digest_len, order)) { @@ -199,30 +195,30 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, } /* u1 = m * tmp mod order */ if (!BN_mod_mul(u1, m, u2, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB); goto err; } /* u2 = r * w mod q */ if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB); goto err; } point = EC_POINT_new(group); if (point == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_MALLOC_FAILURE); goto err; } if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_EC_LIB); goto err; } if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_EC_LIB); goto err; } if (!BN_nnmod(u1, X, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB); goto err; } /* if the signature is correct u1 is equal to sig->r */ @@ -245,13 +241,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, int ret = 0; if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (ctx_in == NULL) { if ((ctx = BN_CTX_new()) == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_MALLOC_FAILURE); return 0; } } else { @@ -263,16 +259,16 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, order = BN_new(); X = BN_new(); if (!k || !r || !order || !X) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_MALLOC_FAILURE); goto err; } tmp_point = EC_POINT_new(group); if (tmp_point == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB); goto err; } if (!EC_GROUP_get_order(group, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB); goto err; } @@ -290,7 +286,8 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, ok = BN_rand_range(k, order); } if (!ok) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); + OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, + ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } while (BN_is_zero(k)); @@ -310,23 +307,23 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB); goto err; } if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, NULL, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB); goto err; } if (!BN_nnmod(r, X, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_BN_LIB); goto err; } } while (BN_is_zero(r)); /* compute the inverse of k */ if (!BN_mod_inverse(k, k, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_BN_LIB); goto err; } /* clear old values if necessary */ @@ -368,7 +365,7 @@ ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len, const BIGNUM *priv_key; if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ECDSA_R_NOT_IMPLEMENTED); return NULL; } @@ -376,25 +373,25 @@ ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len, priv_key = EC_KEY_get0_private_key(eckey); if (group == NULL || priv_key == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_PASSED_NULL_PARAMETER); return NULL; } ret = ECDSA_SIG_new(); if (!ret) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_MALLOC_FAILURE); return NULL; } s = ret->s; if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_MALLOC_FAILURE); goto err; } if (!EC_GROUP_get_order(group, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_EC_LIB); goto err; } if (!digest_to_bn(m, digest, digest_len, order)) { @@ -403,35 +400,35 @@ ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len, for (;;) { if (in_kinv == NULL || in_r == NULL) { if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, digest, digest_len)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_ECDSA_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_ECDSA_LIB); goto err; } ckinv = kinv; } else { ckinv = in_kinv; if (BN_copy(ret->r, in_r) == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_MALLOC_FAILURE); goto err; } } if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_BN_LIB); goto err; } if (!BN_mod_add_quick(s, tmp, m, order)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_BN_LIB); goto err; } if (!BN_mod_mul(s, s, ckinv, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_BN_LIB); goto err; } if (BN_is_zero(s)) { /* if kinv and r have been supplied by the caller * don't to generate new kinv and r values */ if (in_kinv != NULL && in_r != NULL) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NEED_NEW_SETUP_VALUES); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ECDSA_R_NEED_NEW_SETUP_VALUES); goto err; } } else { @@ -458,36 +455,20 @@ err: int ECDSA_sign_ex(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, unsigned int *sig_len, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) { - int ret = 0; ECDSA_SIG *s = NULL; if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_sign_ex, ECDSA_R_NOT_IMPLEMENTED); *sig_len = 0; - goto err; + return 0; } s = ECDSA_do_sign_ex(digest, digest_len, kinv, r, eckey); if (s == NULL) { *sig_len = 0; - goto err; - } - - CBB cbb; - CBB_zero(&cbb); - size_t len; - if (!CBB_init_fixed(&cbb, sig, ECDSA_size(eckey)) || - !ECDSA_SIG_marshal(&cbb, s) || - !CBB_finish(&cbb, NULL, &len)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); - CBB_cleanup(&cbb); - *sig_len = 0; - goto err; + return 0; } - *sig_len = (unsigned)len; - ret = 1; - -err: + *sig_len = i2d_ECDSA_SIG(s, &sig); ECDSA_SIG_free(s); - return ret; + return 1; } diff --git a/src/crypto/ecdsa/ecdsa_asn1.c b/src/crypto/ecdsa/ecdsa_asn1.c index f2d7c36..f557ca7 100644 --- a/src/crypto/ecdsa/ecdsa_asn1.c +++ b/src/crypto/ecdsa/ecdsa_asn1.c @@ -52,33 +52,45 @@ #include <openssl/ecdsa.h> -#include <limits.h> -#include <string.h> - -#include <openssl/bn.h> -#include <openssl/bytestring.h> -#include <openssl/err.h> +#include <openssl/asn1.h> +#include <openssl/asn1t.h> #include <openssl/ec_key.h> #include <openssl/mem.h> #include "../ec/internal.h" +DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG); +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG); + +ASN1_SEQUENCE(ECDSA_SIG) = { + ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), + ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM), +} ASN1_SEQUENCE_END(ECDSA_SIG); + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG); + size_t ECDSA_size(const EC_KEY *key) { - if (key == NULL) { - return 0; - } + size_t ret, i, group_order_size; + ASN1_INTEGER bs; + BIGNUM *order = NULL; + unsigned char buf[4]; + const EC_GROUP *group; - size_t group_order_size; if (key->ecdsa_meth && key->ecdsa_meth->group_order_size) { group_order_size = key->ecdsa_meth->group_order_size(key); } else { - const EC_GROUP *group = EC_KEY_get0_group(key); + size_t num_bits; + + if (key == NULL) { + return 0; + } + group = EC_KEY_get0_group(key); if (group == NULL) { return 0; } - BIGNUM *order = BN_new(); + order = BN_new(); if (order == NULL) { return 0; } @@ -87,11 +99,21 @@ size_t ECDSA_size(const EC_KEY *key) { return 0; } - group_order_size = BN_num_bytes(order); - BN_clear_free(order); + num_bits = BN_num_bits(order); + group_order_size = (num_bits + 7) / 8; } - return ECDSA_SIG_max_len(group_order_size); + bs.length = group_order_size; + bs.data = buf; + bs.type = V_ASN1_INTEGER; + /* If the top bit is set the ASN.1 encoding is 1 larger. */ + buf[0] = 0xff; + + i = i2d_ASN1_INTEGER(&bs, NULL); + i += i; /* r and s */ + ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + BN_clear_free(order); + return ret; } ECDSA_SIG *ECDSA_SIG_new(void) { @@ -117,134 +139,3 @@ void ECDSA_SIG_free(ECDSA_SIG *sig) { BN_free(sig->s); OPENSSL_free(sig); } - -ECDSA_SIG *ECDSA_SIG_parse(CBS *cbs) { - ECDSA_SIG *ret = ECDSA_SIG_new(); - if (ret == NULL) { - return NULL; - } - CBS child; - if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) || - !BN_cbs2unsigned(&child, ret->r) || - !BN_cbs2unsigned(&child, ret->s) || - CBS_len(&child) != 0) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); - ECDSA_SIG_free(ret); - return NULL; - } - return ret; -} - -ECDSA_SIG *ECDSA_SIG_from_bytes(const uint8_t *in, size_t in_len) { - CBS cbs; - CBS_init(&cbs, in, in_len); - ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs); - if (ret == NULL || CBS_len(&cbs) != 0) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); - ECDSA_SIG_free(ret); - return NULL; - } - return ret; -} - -int ECDSA_SIG_marshal(CBB *cbb, const ECDSA_SIG *sig) { - CBB child; - if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) || - !BN_bn2cbb(&child, sig->r) || - !BN_bn2cbb(&child, sig->s) || - !CBB_flush(cbb)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); - return 0; - } - return 1; -} - -int ECDSA_SIG_to_bytes(uint8_t **out_bytes, size_t *out_len, - const ECDSA_SIG *sig) { - CBB cbb; - CBB_zero(&cbb); - if (!CBB_init(&cbb, 0) || - !ECDSA_SIG_marshal(&cbb, sig) || - !CBB_finish(&cbb, out_bytes, out_len)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); - CBB_cleanup(&cbb); - return 0; - } - return 1; -} - -/* der_len_len returns the number of bytes needed to represent a length of |len| - * in DER. */ -static size_t der_len_len(size_t len) { - if (len < 0x80) { - return 1; - } - size_t ret = 1; - while (len > 0) { - ret++; - len >>= 8; - } - return ret; -} - -size_t ECDSA_SIG_max_len(size_t order_len) { - /* Compute the maximum length of an |order_len| byte integer. Defensively - * assume that the leading 0x00 is included. */ - size_t integer_len = 1 /* tag */ + der_len_len(order_len + 1) + 1 + order_len; - if (integer_len < order_len) { - return 0; - } - /* An ECDSA signature is two INTEGERs. */ - size_t value_len = 2 * integer_len; - if (value_len < integer_len) { - return 0; - } - /* Add the header. */ - size_t ret = 1 /* tag */ + der_len_len(value_len) + value_len; - if (ret < value_len) { - return 0; - } - return ret; -} - -ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp, long len) { - if (len < 0) { - return NULL; - } - CBS cbs; - CBS_init(&cbs, *inp, (size_t)len); - ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs); - if (ret == NULL) { - return NULL; - } - if (out != NULL) { - ECDSA_SIG_free(*out); - *out = ret; - } - *inp += (size_t)len - CBS_len(&cbs); - return ret; -} - -int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp) { - uint8_t *der; - size_t der_len; - if (!ECDSA_SIG_to_bytes(&der, &der_len, sig)) { - return -1; - } - if (der_len > INT_MAX) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_OVERFLOW); - OPENSSL_free(der); - return -1; - } - if (outp != NULL) { - if (*outp == NULL) { - *outp = der; - der = NULL; - } else { - memcpy(*outp, der, der_len); - *outp += der_len; - } - } - OPENSSL_free(der); - return (int)der_len; -} diff --git a/src/crypto/ecdsa/ecdsa_test.cc b/src/crypto/ecdsa/ecdsa_test.cc index b916509..a6bd7a1 100644 --- a/src/crypto/ecdsa/ecdsa_test.cc +++ b/src/crypto/ecdsa/ecdsa_test.cc @@ -78,13 +78,18 @@ static bool VerifyECDSASig(Api api, const uint8_t *digest, switch (api) { case kEncodedApi: { - uint8_t *der; - size_t der_len; - if (!ECDSA_SIG_to_bytes(&der, &der_len, ecdsa_sig)) { + int sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL); + if (sig_len <= 0) { return false; } - ScopedOpenSSLBytes delete_der(der); - actual_result = ECDSA_verify(0, digest, digest_len, der, der_len, eckey); + std::vector<uint8_t> signature(static_cast<size_t>(sig_len)); + uint8_t *sig_ptr = bssl::vector_data(&signature); + sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr); + if (sig_len <= 0) { + return false; + } + actual_result = ECDSA_verify(0, digest, digest_len, bssl::vector_data(&signature), + signature.size(), eckey); break; } @@ -262,8 +267,8 @@ static bool TestBuiltin(FILE *out) { fprintf(out, "."); fflush(out); // Verify a tampered signature. - ScopedECDSA_SIG ecdsa_sig(ECDSA_SIG_from_bytes( - bssl::vector_data(&signature), signature.size())); + const uint8_t *sig_ptr = bssl::vector_data(&signature); + ScopedECDSA_SIG ecdsa_sig(d2i_ECDSA_SIG(NULL, &sig_ptr, signature.size())); if (!ecdsa_sig || !TestTamperedSig(out, kEncodedApi, digest, 20, ecdsa_sig.get(), eckey.get(), order.get())) { @@ -320,45 +325,11 @@ static bool TestBuiltin(FILE *out) { return true; } -static bool TestECDSA_SIG_max_len(size_t order_len) { - /* Create the largest possible |ECDSA_SIG| of the given constraints. */ - ScopedECDSA_SIG sig(ECDSA_SIG_new()); - if (!sig) { - return false; - } - std::vector<uint8_t> bytes(order_len, 0xff); - if (!BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->r) || - !BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->s)) { - return false; - } - /* Serialize it. */ - uint8_t *der; - size_t der_len; - if (!ECDSA_SIG_to_bytes(&der, &der_len, sig.get())) { - return false; - } - ScopedOpenSSLBytes delete_der(der); - - size_t max_len = ECDSA_SIG_max_len(order_len); - if (max_len != der_len) { - fprintf(stderr, "ECDSA_SIG_max_len(%u) returned %u, wanted %u\n", - static_cast<unsigned>(order_len), static_cast<unsigned>(max_len), - static_cast<unsigned>(der_len)); - return false; - } - return true; -} - int main(void) { CRYPTO_library_init(); ERR_load_crypto_strings(); - if (!TestBuiltin(stdout) || - !TestECDSA_SIG_max_len(224/8) || - !TestECDSA_SIG_max_len(256/8) || - !TestECDSA_SIG_max_len(384/8) || - !TestECDSA_SIG_max_len(512/8) || - !TestECDSA_SIG_max_len(10000)) { + if (!TestBuiltin(stdout)) { printf("\nECDSA test failed\n"); ERR_print_errors_fp(stdout); return 1; |