1 files changed, 42 insertions, 13 deletions

diff --git a/src/crypto/ecdsa/ecdsa_test.cc b/src/crypto/ecdsa/ecdsa_test.cc
index a6bd7a1..b916509 100644
--- a/src/crypto/ecdsa/ecdsa_test.cc
+++ b/src/crypto/ecdsa/ecdsa_test.cc
@@ -78,18 +78,13 @@ static bool VerifyECDSASig(Api api, const uint8_t *digest,
 
   switch (api) {
     case kEncodedApi: {
-      int sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL);
-      if (sig_len <= 0) {
+      uint8_t *der;
+      size_t der_len;
+      if (!ECDSA_SIG_to_bytes(&der, &der_len, ecdsa_sig)) {
         return false;
       }
-      std::vector<uint8_t> signature(static_cast<size_t>(sig_len));
-      uint8_t *sig_ptr = bssl::vector_data(&signature);
-      sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
-      if (sig_len <= 0) {
-        return false;
-      }
-      actual_result = ECDSA_verify(0, digest, digest_len, bssl::vector_data(&signature),
-                                   signature.size(), eckey);
+      ScopedOpenSSLBytes delete_der(der);
+      actual_result = ECDSA_verify(0, digest, digest_len, der, der_len, eckey);
       break;
     }
 
@@ -267,8 +262,8 @@ static bool TestBuiltin(FILE *out) {
     fprintf(out, ".");
     fflush(out);
     // Verify a tampered signature.
-    const uint8_t *sig_ptr = bssl::vector_data(&signature);
-    ScopedECDSA_SIG ecdsa_sig(d2i_ECDSA_SIG(NULL, &sig_ptr, signature.size()));
+    ScopedECDSA_SIG ecdsa_sig(ECDSA_SIG_from_bytes(
+        bssl::vector_data(&signature), signature.size()));
     if (!ecdsa_sig ||
         !TestTamperedSig(out, kEncodedApi, digest, 20, ecdsa_sig.get(),
                          eckey.get(), order.get())) {
@@ -325,11 +320,45 @@ static bool TestBuiltin(FILE *out) {
   return true;
 }
 
+static bool TestECDSA_SIG_max_len(size_t order_len) {
+  /* Create the largest possible |ECDSA_SIG| of the given constraints. */
+  ScopedECDSA_SIG sig(ECDSA_SIG_new());
+  if (!sig) {
+    return false;
+  }
+  std::vector<uint8_t> bytes(order_len, 0xff);
+  if (!BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->r) ||
+      !BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->s)) {
+    return false;
+  }
+  /* Serialize it. */
+  uint8_t *der;
+  size_t der_len;
+  if (!ECDSA_SIG_to_bytes(&der, &der_len, sig.get())) {
+    return false;
+  }
+  ScopedOpenSSLBytes delete_der(der);
+
+  size_t max_len = ECDSA_SIG_max_len(order_len);
+  if (max_len != der_len) {
+    fprintf(stderr, "ECDSA_SIG_max_len(%u) returned %u, wanted %u\n",
+            static_cast<unsigned>(order_len), static_cast<unsigned>(max_len),
+            static_cast<unsigned>(der_len));
+    return false;
+  }
+  return true;
+}
+
 int main(void) {
   CRYPTO_library_init();
   ERR_load_crypto_strings();
 
-  if (!TestBuiltin(stdout)) {
+  if (!TestBuiltin(stdout) ||
+      !TestECDSA_SIG_max_len(224/8) ||
+      !TestECDSA_SIG_max_len(256/8) ||
+      !TestECDSA_SIG_max_len(384/8) ||
+      !TestECDSA_SIG_max_len(512/8) ||
+      !TestECDSA_SIG_max_len(10000)) {
     printf("\nECDSA test failed\n");
     ERR_print_errors_fp(stdout);
     return 1;