From 1e4884f615b20946411a74e41eb9c6aa65e2d5f3 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 24 Sep 2015 10:57:52 -0700 Subject: external/boringssl: sync with upstream. This change imports the current version of BoringSSL. The only local change now is that |BORINGSSL_201509| is defined in base.h. This allows this change to be made without (hopefully) breaking the build. This change will need https://android-review.googlesource.com/172744 to be landed afterwards to update a test. Change-Id: I6d1f463f7785a2423bd846305af91c973c326104 --- src/crypto/ecdsa/ecdsa_test.cc | 55 ++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 13 deletions(-) (limited to 'src/crypto/ecdsa/ecdsa_test.cc') diff --git a/src/crypto/ecdsa/ecdsa_test.cc b/src/crypto/ecdsa/ecdsa_test.cc index a6bd7a1..b916509 100644 --- a/src/crypto/ecdsa/ecdsa_test.cc +++ b/src/crypto/ecdsa/ecdsa_test.cc @@ -78,18 +78,13 @@ static bool VerifyECDSASig(Api api, const uint8_t *digest, switch (api) { case kEncodedApi: { - int sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL); - if (sig_len <= 0) { + uint8_t *der; + size_t der_len; + if (!ECDSA_SIG_to_bytes(&der, &der_len, ecdsa_sig)) { return false; } - std::vector signature(static_cast(sig_len)); - uint8_t *sig_ptr = bssl::vector_data(&signature); - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr); - if (sig_len <= 0) { - return false; - } - actual_result = ECDSA_verify(0, digest, digest_len, bssl::vector_data(&signature), - signature.size(), eckey); + ScopedOpenSSLBytes delete_der(der); + actual_result = ECDSA_verify(0, digest, digest_len, der, der_len, eckey); break; } @@ -267,8 +262,8 @@ static bool TestBuiltin(FILE *out) { fprintf(out, "."); fflush(out); // Verify a tampered signature. - const uint8_t *sig_ptr = bssl::vector_data(&signature); - ScopedECDSA_SIG ecdsa_sig(d2i_ECDSA_SIG(NULL, &sig_ptr, signature.size())); + ScopedECDSA_SIG ecdsa_sig(ECDSA_SIG_from_bytes( + bssl::vector_data(&signature), signature.size())); if (!ecdsa_sig || !TestTamperedSig(out, kEncodedApi, digest, 20, ecdsa_sig.get(), eckey.get(), order.get())) { @@ -325,11 +320,45 @@ static bool TestBuiltin(FILE *out) { return true; } +static bool TestECDSA_SIG_max_len(size_t order_len) { + /* Create the largest possible |ECDSA_SIG| of the given constraints. */ + ScopedECDSA_SIG sig(ECDSA_SIG_new()); + if (!sig) { + return false; + } + std::vector bytes(order_len, 0xff); + if (!BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->r) || + !BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->s)) { + return false; + } + /* Serialize it. */ + uint8_t *der; + size_t der_len; + if (!ECDSA_SIG_to_bytes(&der, &der_len, sig.get())) { + return false; + } + ScopedOpenSSLBytes delete_der(der); + + size_t max_len = ECDSA_SIG_max_len(order_len); + if (max_len != der_len) { + fprintf(stderr, "ECDSA_SIG_max_len(%u) returned %u, wanted %u\n", + static_cast(order_len), static_cast(max_len), + static_cast(der_len)); + return false; + } + return true; +} + int main(void) { CRYPTO_library_init(); ERR_load_crypto_strings(); - if (!TestBuiltin(stdout)) { + if (!TestBuiltin(stdout) || + !TestECDSA_SIG_max_len(224/8) || + !TestECDSA_SIG_max_len(256/8) || + !TestECDSA_SIG_max_len(384/8) || + !TestECDSA_SIG_max_len(512/8) || + !TestECDSA_SIG_max_len(10000)) { printf("\nECDSA test failed\n"); ERR_print_errors_fp(stdout); return 1; -- cgit v1.1 From a04d78d392463df4e69a64360c952ffa5abd22f7 Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Fri, 25 Sep 2015 00:26:37 +0000 Subject: Revert "external/boringssl: sync with upstream." This reverts commit 1e4884f615b20946411a74e41eb9c6aa65e2d5f3. This breaks some x86 builds. Change-Id: I4d4310663ce52bc0a130e6b9dbc22b868ff4fb25 --- src/crypto/ecdsa/ecdsa_test.cc | 55 ++++++++++-------------------------------- 1 file changed, 13 insertions(+), 42 deletions(-) (limited to 'src/crypto/ecdsa/ecdsa_test.cc') diff --git a/src/crypto/ecdsa/ecdsa_test.cc b/src/crypto/ecdsa/ecdsa_test.cc index b916509..a6bd7a1 100644 --- a/src/crypto/ecdsa/ecdsa_test.cc +++ b/src/crypto/ecdsa/ecdsa_test.cc @@ -78,13 +78,18 @@ static bool VerifyECDSASig(Api api, const uint8_t *digest, switch (api) { case kEncodedApi: { - uint8_t *der; - size_t der_len; - if (!ECDSA_SIG_to_bytes(&der, &der_len, ecdsa_sig)) { + int sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL); + if (sig_len <= 0) { return false; } - ScopedOpenSSLBytes delete_der(der); - actual_result = ECDSA_verify(0, digest, digest_len, der, der_len, eckey); + std::vector signature(static_cast(sig_len)); + uint8_t *sig_ptr = bssl::vector_data(&signature); + sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr); + if (sig_len <= 0) { + return false; + } + actual_result = ECDSA_verify(0, digest, digest_len, bssl::vector_data(&signature), + signature.size(), eckey); break; } @@ -262,8 +267,8 @@ static bool TestBuiltin(FILE *out) { fprintf(out, "."); fflush(out); // Verify a tampered signature. - ScopedECDSA_SIG ecdsa_sig(ECDSA_SIG_from_bytes( - bssl::vector_data(&signature), signature.size())); + const uint8_t *sig_ptr = bssl::vector_data(&signature); + ScopedECDSA_SIG ecdsa_sig(d2i_ECDSA_SIG(NULL, &sig_ptr, signature.size())); if (!ecdsa_sig || !TestTamperedSig(out, kEncodedApi, digest, 20, ecdsa_sig.get(), eckey.get(), order.get())) { @@ -320,45 +325,11 @@ static bool TestBuiltin(FILE *out) { return true; } -static bool TestECDSA_SIG_max_len(size_t order_len) { - /* Create the largest possible |ECDSA_SIG| of the given constraints. */ - ScopedECDSA_SIG sig(ECDSA_SIG_new()); - if (!sig) { - return false; - } - std::vector bytes(order_len, 0xff); - if (!BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->r) || - !BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->s)) { - return false; - } - /* Serialize it. */ - uint8_t *der; - size_t der_len; - if (!ECDSA_SIG_to_bytes(&der, &der_len, sig.get())) { - return false; - } - ScopedOpenSSLBytes delete_der(der); - - size_t max_len = ECDSA_SIG_max_len(order_len); - if (max_len != der_len) { - fprintf(stderr, "ECDSA_SIG_max_len(%u) returned %u, wanted %u\n", - static_cast(order_len), static_cast(max_len), - static_cast(der_len)); - return false; - } - return true; -} - int main(void) { CRYPTO_library_init(); ERR_load_crypto_strings(); - if (!TestBuiltin(stdout) || - !TestECDSA_SIG_max_len(224/8) || - !TestECDSA_SIG_max_len(256/8) || - !TestECDSA_SIG_max_len(384/8) || - !TestECDSA_SIG_max_len(512/8) || - !TestECDSA_SIG_max_len(10000)) { + if (!TestBuiltin(stdout)) { printf("\nECDSA test failed\n"); ERR_print_errors_fp(stdout); return 1; -- cgit v1.1 From b8494591d1b1a143f3b192d845c238bbf3bc629d Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Fri, 25 Sep 2015 02:29:14 +0000 Subject: Revert "Revert "external/boringssl: sync with upstream."" This reverts commit a04d78d392463df4e69a64360c952ffa5abd22f7. Underlying issue was fixed. Change-Id: I49685b653d16e728eb38e79e02b2c33ddeefed88 --- src/crypto/ecdsa/ecdsa_test.cc | 55 ++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 13 deletions(-) (limited to 'src/crypto/ecdsa/ecdsa_test.cc') diff --git a/src/crypto/ecdsa/ecdsa_test.cc b/src/crypto/ecdsa/ecdsa_test.cc index a6bd7a1..b916509 100644 --- a/src/crypto/ecdsa/ecdsa_test.cc +++ b/src/crypto/ecdsa/ecdsa_test.cc @@ -78,18 +78,13 @@ static bool VerifyECDSASig(Api api, const uint8_t *digest, switch (api) { case kEncodedApi: { - int sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL); - if (sig_len <= 0) { + uint8_t *der; + size_t der_len; + if (!ECDSA_SIG_to_bytes(&der, &der_len, ecdsa_sig)) { return false; } - std::vector signature(static_cast(sig_len)); - uint8_t *sig_ptr = bssl::vector_data(&signature); - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr); - if (sig_len <= 0) { - return false; - } - actual_result = ECDSA_verify(0, digest, digest_len, bssl::vector_data(&signature), - signature.size(), eckey); + ScopedOpenSSLBytes delete_der(der); + actual_result = ECDSA_verify(0, digest, digest_len, der, der_len, eckey); break; } @@ -267,8 +262,8 @@ static bool TestBuiltin(FILE *out) { fprintf(out, "."); fflush(out); // Verify a tampered signature. - const uint8_t *sig_ptr = bssl::vector_data(&signature); - ScopedECDSA_SIG ecdsa_sig(d2i_ECDSA_SIG(NULL, &sig_ptr, signature.size())); + ScopedECDSA_SIG ecdsa_sig(ECDSA_SIG_from_bytes( + bssl::vector_data(&signature), signature.size())); if (!ecdsa_sig || !TestTamperedSig(out, kEncodedApi, digest, 20, ecdsa_sig.get(), eckey.get(), order.get())) { @@ -325,11 +320,45 @@ static bool TestBuiltin(FILE *out) { return true; } +static bool TestECDSA_SIG_max_len(size_t order_len) { + /* Create the largest possible |ECDSA_SIG| of the given constraints. */ + ScopedECDSA_SIG sig(ECDSA_SIG_new()); + if (!sig) { + return false; + } + std::vector bytes(order_len, 0xff); + if (!BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->r) || + !BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->s)) { + return false; + } + /* Serialize it. */ + uint8_t *der; + size_t der_len; + if (!ECDSA_SIG_to_bytes(&der, &der_len, sig.get())) { + return false; + } + ScopedOpenSSLBytes delete_der(der); + + size_t max_len = ECDSA_SIG_max_len(order_len); + if (max_len != der_len) { + fprintf(stderr, "ECDSA_SIG_max_len(%u) returned %u, wanted %u\n", + static_cast(order_len), static_cast(max_len), + static_cast(der_len)); + return false; + } + return true; +} + int main(void) { CRYPTO_library_init(); ERR_load_crypto_strings(); - if (!TestBuiltin(stdout)) { + if (!TestBuiltin(stdout) || + !TestECDSA_SIG_max_len(224/8) || + !TestECDSA_SIG_max_len(256/8) || + !TestECDSA_SIG_max_len(384/8) || + !TestECDSA_SIG_max_len(512/8) || + !TestECDSA_SIG_max_len(10000)) { printf("\nECDSA test failed\n"); ERR_print_errors_fp(stdout); return 1; -- cgit v1.1