Compare r and s sizes to the order, not the degree.

r and s are scalars, not EC coordinates. Change-Id: I46a20215d3c602559c18c74a1da9a91543ea73ca Reviewed-on: https://boringssl-review.googlesource.com/2240 Reviewed-by: Adam Langley <agl@google.com>
2014-11-10 17:06:33 -05:00 · 2014-11-10 17:06:33 -05:00 · b145c8140b
commit b145c8140b
parent 1f10d9c8e1
2 changed files with 27 additions and 11 deletions
--- a/crypto/ecdsa/ecdsa_test.c
+++ b/crypto/ecdsa/ecdsa_test.c
@ -66,13 +66,14 @@ int test_builtin(BIO *out) {
  size_t n = 0;
  EC_KEY *eckey = NULL, *wrong_eckey = NULL;
  EC_GROUP *group;
+  BIGNUM *order = NULL;
  ECDSA_SIG *ecdsa_sig = NULL;
  unsigned char digest[20], wrong_digest[20];
  unsigned char *signature = NULL;
  const unsigned char *sig_ptr;
  unsigned char *sig_ptr2;
  unsigned char *raw_buf = NULL;
-  unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
+  unsigned int sig_len, r_len, s_len, bn_len, buf_len;
  int nid, ret = 0;

  /* fill digest values with some random data */
@ -81,6 +82,11 @@ int test_builtin(BIO *out) {
    goto builtin_err;
  }

+  order = BN_new();
+  if (order == NULL) {
+    goto builtin_err;
+  }
+
  /* create and verify a ecdsa signature with every availble curve
   * (with ) */
  BIO_printf(out,
@ -108,8 +114,10 @@ int test_builtin(BIO *out) {
      goto builtin_err;
    }
    EC_GROUP_free(group);
-    degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
-    if (degree < 160) {
+    if (!EC_GROUP_get_order(EC_KEY_get0_group(eckey), order, NULL)) {
+      goto builtin_err;
+    }
+    if (BN_num_bits(order) < 160) {
      /* Too small to test. */
      EC_KEY_free(eckey);
      eckey = NULL;
@ -203,7 +211,7 @@ int test_builtin(BIO *out) {
    /* Store the two BIGNUMs in raw_buf. */
    r_len = BN_num_bytes(ecdsa_sig->r);
    s_len = BN_num_bytes(ecdsa_sig->s);
-    bn_len = (degree + 7) / 8;
+    bn_len = BN_num_bytes(order);
    if (r_len > bn_len || s_len > bn_len) {
      BIO_printf(out, " failed\n");
      goto builtin_err;
@ -268,16 +276,24 @@ int test_builtin(BIO *out) {

  ret = 1;
 builtin_err:
-  if (eckey)
+  if (eckey) {
    EC_KEY_free(eckey);
-  if (wrong_eckey)
+  }
+  if (order) {
+    BN_free(order);
+  }
+  if (wrong_eckey) {
    EC_KEY_free(wrong_eckey);
-  if (ecdsa_sig)
+  }
+  if (ecdsa_sig) {
    ECDSA_SIG_free(ecdsa_sig);
-  if (signature)
+  }
+  if (signature) {
    OPENSSL_free(signature);
-  if (raw_buf)
+  }
+  if (raw_buf) {
    OPENSSL_free(raw_buf);
+  }

  return ret;
 }
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@ -123,8 +123,8 @@ OPENSSL_EXPORT int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b);
 * in |group| that specifies the generator for the group. */
 OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);

-/* EC_GROUP_get_order sets |*order| to the order of |group| using |ctx|, if
- * it's not NULL. It returns one on success and zero otherwise. */
+/* EC_GROUP_get_order sets |*order| to the order of |group|, if it's not
+ * NULL. It returns one on success and zero otherwise. |ctx| is ignored. */
 OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order,
                                      BN_CTX *ctx);