From b8494591d1b1a143f3b192d845c238bbf3bc629d Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Fri, 25 Sep 2015 02:29:14 +0000 Subject: Revert "Revert "external/boringssl: sync with upstream."" This reverts commit a04d78d392463df4e69a64360c952ffa5abd22f7. Underlying issue was fixed. Change-Id: I49685b653d16e728eb38e79e02b2c33ddeefed88 --- src/crypto/ecdsa/ecdsa_test.cc | 55 ++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 13 deletions(-) (limited to 'src/crypto/ecdsa/ecdsa_test.cc') diff --git a/src/crypto/ecdsa/ecdsa_test.cc b/src/crypto/ecdsa/ecdsa_test.cc index a6bd7a1..b916509 100644 --- a/src/crypto/ecdsa/ecdsa_test.cc +++ b/src/crypto/ecdsa/ecdsa_test.cc @@ -78,18 +78,13 @@ static bool VerifyECDSASig(Api api, const uint8_t *digest, switch (api) { case kEncodedApi: { - int sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL); - if (sig_len <= 0) { + uint8_t *der; + size_t der_len; + if (!ECDSA_SIG_to_bytes(&der, &der_len, ecdsa_sig)) { return false; } - std::vector signature(static_cast(sig_len)); - uint8_t *sig_ptr = bssl::vector_data(&signature); - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr); - if (sig_len <= 0) { - return false; - } - actual_result = ECDSA_verify(0, digest, digest_len, bssl::vector_data(&signature), - signature.size(), eckey); + ScopedOpenSSLBytes delete_der(der); + actual_result = ECDSA_verify(0, digest, digest_len, der, der_len, eckey); break; } @@ -267,8 +262,8 @@ static bool TestBuiltin(FILE *out) { fprintf(out, "."); fflush(out); // Verify a tampered signature. - const uint8_t *sig_ptr = bssl::vector_data(&signature); - ScopedECDSA_SIG ecdsa_sig(d2i_ECDSA_SIG(NULL, &sig_ptr, signature.size())); + ScopedECDSA_SIG ecdsa_sig(ECDSA_SIG_from_bytes( + bssl::vector_data(&signature), signature.size())); if (!ecdsa_sig || !TestTamperedSig(out, kEncodedApi, digest, 20, ecdsa_sig.get(), eckey.get(), order.get())) { @@ -325,11 +320,45 @@ static bool TestBuiltin(FILE *out) { return true; } +static bool TestECDSA_SIG_max_len(size_t order_len) { + /* Create the largest possible |ECDSA_SIG| of the given constraints. */ + ScopedECDSA_SIG sig(ECDSA_SIG_new()); + if (!sig) { + return false; + } + std::vector bytes(order_len, 0xff); + if (!BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->r) || + !BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->s)) { + return false; + } + /* Serialize it. */ + uint8_t *der; + size_t der_len; + if (!ECDSA_SIG_to_bytes(&der, &der_len, sig.get())) { + return false; + } + ScopedOpenSSLBytes delete_der(der); + + size_t max_len = ECDSA_SIG_max_len(order_len); + if (max_len != der_len) { + fprintf(stderr, "ECDSA_SIG_max_len(%u) returned %u, wanted %u\n", + static_cast(order_len), static_cast(max_len), + static_cast(der_len)); + return false; + } + return true; +} + int main(void) { CRYPTO_library_init(); ERR_load_crypto_strings(); - if (!TestBuiltin(stdout)) { + if (!TestBuiltin(stdout) || + !TestECDSA_SIG_max_len(224/8) || + !TestECDSA_SIG_max_len(256/8) || + !TestECDSA_SIG_max_len(384/8) || + !TestECDSA_SIG_max_len(512/8) || + !TestECDSA_SIG_max_len(10000)) { printf("\nECDSA test failed\n"); ERR_print_errors_fp(stdout); return 1; -- cgit v1.1